Worst-Case Scheduling of Software Tasks
-
Upload
lionel-briand -
Category
Software
-
view
216 -
download
2
description
Transcript of Worst-Case Scheduling of Software Tasks
CP 2014 Lyon, 10/09/1914
Worst-case Scheduling of Software Tasks A Constraint Optimization Model to Support Performance Testing
Stefano Di Alesio 1,2
Shiva Nejati 2
Lionel Briand 2
Arnaud Gotlieb 1
1 Certus Centre for Software V&V Simula Research Laboratory Norway
2 Interdisciplinary Centre for Reliability, Security and Trust (SnT) University of Luxembourg Luxembourg
We present a Constrained Optimization Model to support Performance Testing in RTES
Industrial Experience: Context, Process and Results
Stefano Di Alesio - 2/19
Performance Requirements vs. Real Time Embedded Systems (RTES)
Supporting Performance Testing: A novel application for COPs
RTES are typically safety-critical, and thus bound to meet strict Performance Requirements
Stefano Di Alesio - 3/19
Stefano Di Alesio - 4/19
Our case study is a monitoring application for fire/gas leaks detection in offshore platforms
Computing Hardware (Tri-core Processor)
Real Time Operating System (VxWorks)
Drivers (SW-HW Interface)
~100 Drivers * ~5 kLoC
Control Modules (Application Logic)
~5000 Modules * ~1 kLoC
Human Operators (Engineers)
External Hardware (Sensors + Actuators)
~500 devices
KM: Kongsberg Maritime FMS: Fire and gas Monitoring System
Stefano Di Alesio - 5/19
Drivers transfer data between external hardware (sensors and actuators) and control modules
PullData! Queue!IOBR!BoxIn! IOQW! IOQR! IOBW! BoxOut! PushData!
2.write! 3.check!
4.read!
5.trigger!
6.write! 7.check!
8.read!9.trigger!
10.write! 11.scan!
12.read!
External Hardware (Sensors + Actuators)
~500 devices
Control Modules (Application Logic)
~5000 Modules * ~1 kLoC
1.scan!
13.send!
Stefano Di Alesio - 6/19
PullData!
1.scan!
Queue!IOBR!BoxIn! IOQW! IOQR! IOBW! BoxOut! PushData!
2.write! 3.check!
4.read!
5.trigger!
6.write! 7.check!
8.read!9.trigger!
10.write! 11.scan!
12.read!13.send!
The FMS drivers have performance requirements on task deadlines, response time, and CPU usage
1) No task should miss its deadline
2) Response Time < 1 sec
3) CPU Usage < 20%
Stefano Di Alesio - 7/19
PullData!
1.scan!
Queue!IOBR!BoxIn! IOQW! IOQR! IOBW! BoxOut! PushData!
2.write! 3.check!
4.read!
5.trigger!
6.write! 7.check!
8.read!9.trigger!
10.write! 11.scan!
12.read!13.send!
Our goal is to identify worst-case scenarios w.r.t. deadline misses, response time, and CPU usage
The arrival times of check depend on the buffers status, which in turn depends on the environment
The main variable impacting deadline misses, response time, and CPU usage, are the arrival times of check
Stefano Di Alesio - 8/19
PullData!
1.scan!
Queue!IOBR!BoxIn! IOQW! IOQR! IOBW! BoxOut! PushData!
2.write! 3.check!
4.read!
5.trigger!
6.write! 7.check!
8.read!9.trigger!
10.write! 11.scan!
12.read!13.send!
Each worst-case scenario can characterize a test case in terms of the arrival times of check
Therefore, we need a strategy to search for the arrival times of check
The check signal can be manipulated during testing (e.g. simulating the environment)
πππππβπβ=ππ ππ!!πππππβπβ=ππ ππ!!πππππβπβ=ππ ππ!!
π πππ ππππ_ππππππ=π΅/π¨!!ππππππππ_ππππ=πππ ππ!!πππ_πππππ=ππ% !
Stefano Di Alesio - 9/19
Several techniques have been used for solving similar problems, but each has its own weaknesses
Verification Testing!Schedulability
Theory!Model
Checking!Performance Engineering!
Genetic Algorithms!
Basis Mathematical Theory
System Modeling
Practice and Tools!
System Modeling
Background Queuing Theory Fixed-point Computation
Profiling, Benchmarking!
Meta-Heuristic Search
Key Features Theorems Graph-based, Symbolic
Dynamic Analysis!
Non-Complete Search
Weaknesses Assumptions,!Multi-Core
Complex Modeling
Non Systematic!
Low Effectiveness
SE!
CP!
Multi-core Priority Preemption Dependency Triggering
Job-shop schedulability analysis
Constrained Optimization Problem (COP)
Static Properties of Tasks (Constants)
Dynamic Properties of Tasks (Variables)
Performance Requirement (Objective Function)
OS Scheduler Behaviour (Constraints)
Search Heuristics
OS Scheduler Behaviour (Labeling Strategy)
Stefano Di Alesio - 10/19
We cast the search for the arrival times of the check signal leading to worst-case scenarios as a COP
The COP models a multi-core priority-driven preemptive scheduler with task triggering and dependencies
β’β―Observation Interval: π»=[π, π]!β’β―Number of cores: π=π β’β―Set of Tasks: π±={ πβπβ, πβπβ, πβπβ, πβπβ}
β’β―Priority of Tasks: ππ(πβπβ)=π β’β―Period of Tasks: ππ(πβπβ)=π β’β―Min/Max Inter-arrival time of Tasks: ππ(πβπβ)=π,ππ(πβπβ)=ππ
β’β―Duration of Tasks: π π(πβπβ)=π β’β―Deadline of Tasks: π π(πβπβ)=π β’β―Triggering Relation: ππ(πβπβ, πβπβ) β’β―Dependency Relation: π π( πβπβ, πβπβ) β’β―Number of Periodic Task Executions: ππ(π)=βππ/ππ(π)ββ, ππ(πβπβ)=βππ/πββ=π!!
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
Static Properties depend on the FMS design, and are modeled as Constants
Constants
Stefano Di Alesio - 11/19
Time is discretized in our analysis: we solve an IP over finite domains
Independent β’β―Number of Aperiodic Task Exec.: ππ(π) π [ππ/ππ(π)β, ππ/ππ(π)β], ππ(πβπβ) π [π,π], ππ(πβπβ)=π
β’β―Arrival time of Aperiodic Task Exec.: ππ(π, π) π π», ππ(πβπβ, π)=π, ππ(πβπβ,π)=π
β’β―Active time of Task Executions: ππ(π, π,π) π π», π π [π,π π(π)βπ], ππ(πβπβ, π,π)=π, ππ(πβπβ,π,π)=π
Dynamic Properties depend on the FMS runtime behavior, and are modeled as Variables (1/2)
Variables
ππ and ππ of Periodic Tasks Executions are constants: and ππ of Periodic Tasks Executions are constants: of Periodic Tasks Executions are constants: ππ(π)=βππ/ππ(π)ββ, ππ(πβπβ)= βππ/πββ=π ππ(π, π)=πβππ(π), ππ(πβπβ, π)=πβπ=π
Stefano Di Alesio - 12/19
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
Quantification over non-ground sets: π²=[π, πππβ¬πβ (ππ/ππ(π)β)β] βπβ π²βπββ πͺ(π)ββπβπ²β (π<ππ(π))βπͺ(π) βπβ π²βπβββπ¬(π)β=βπβπ²ββ(π<ππ(π))β π¬(πβ)
Dependent (1/2) β’β―Set of Aperiodic Task Executions: π²βπβ=[π, ππ(π)βπ], π²βπβπββ=[π]
Dependent (2/2) β’β―Start/End time of Task Executions: ππ(π,π)=ππ(π,π,π), ππ(πβπβ,π)=π, ππ(π,π)=ππ(π,π,π π(π)βπ), ππ(πβπβ,π)=π
β’β―Preempted time of Task Executions: ππ(π, π,π)=ππ(π,π,π)βππ(π,π,πβπ), ππ(πβπβ, π,π)=π, ππ(πβπβ,π,π)=π
β’β―Waiting time of Task Executions: ππ(π, π)=ππ(π,π)βππ(π,π), ππ(πβπβ,π)=π, ππ(πβπβ, π)=π
β’β―Deadline of Task Executions: ππ (π,π)=ππ(π,π)+π π(π), ππ (πβπβ,π)=π+π=π
β’β―Deadline Miss of Task Executions: π π(π,π)=ππ(π,π)βππ (π,π), π π(πβπβ,π)=πβπ=βπ
β’β―System Load: ππ (π)= βπ,π,πββ(ππ(π,π,π)=π)β, ππ (π)=π, ππ (π)=π
Dynamic Properties depend on the FMS runtime behavior, and are modeled as Variables (2/2)
Variables
Stefano Di Alesio - 13/19
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
β’β―Deadline Misses: πβπ«π΄β=βπ,πββπβπ π(π,π)ββ, πβπ«π΄β= πββπβ+ πββπβ+ πββπβ+πββπβ+ πββπβ+ πββπβ β’β―Response Time: πβπΉπ»β= πππβ¬π,πβ (ππ(π,π))ββ πππβ¬π,πβ(ππ(π,π)), πβπΉπ»β=πβπ=π β’β―CPU Usage: πβπͺπΌβ= βπββ(ππ (π)>π)β/ππβ, πβπͺπΌβ=π.π
The Performance Requirements of the FMS are modeled as objective functions to maximize
Objective Function
Stefano Di Alesio - 14/19
πβπ«π΄β should properly reward scenarios with deadline misses [1] [1] L. Briand, Y. Labiche, and M. Shousha, βUsing genetic algorithms for early schedulability analysis and stress testing in real-time systemsβ, Genetic Programming and Evolvable Machines, vol. 7 no. 2, pp. 145-170, 2006
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
Temporal Ordering β’β―Triggered tasks arrive when their triggering task ends: ππ(πβπβ, πβπβ)βππ(πβπβ,π)=ππ(πβπβ,π) β’β―Dependent tasks cannot overlap: π π(πβπβ, πβπβ)βππ(πβπβ, πβπβ)<ππ(πβπβ, πβπβ) β¨ππ(πβπβ, πβπβ)<ππ(πβπβ, πβπβ)
Well-formedness β’β―A task cannot start before it has arrived: ππ(π,π)β€ππ(π,π)
β’β―A task cannot finish before it has completed: ππ(π,π)+π π(π)β€ππ(π,π)
β’β―Arrival times of aperiodic tasks are separated by min/max interarr. times: ππ(π,πβπ)+ππ(π)β€ππ(π,π)β€ππ(π,πβπ)+ππ(π)
The FMS scheduler is modeled through constraints among Static and Dynamic properties (1/2)
Constraints
Stefano Di Alesio - 15/19
Multicore β’β―The system load is always less than or equal to the number of cores: ππ (π)β€π
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
Scheduling Efficiency β’β―If a task is waiting, then either
β’β―There are no free cores, or β’β―A dependent task is active, or β’β―A dependent task is preempted
Priority-Driven Preemption β’β―If a task is preempted, then there are π higher priority tasks running higher priority tasks running
The FMS scheduler is modeled through constraints among Static and Dynamic properties (2/2)
Constraints
Stefano Di Alesio - 16/19
ππ(π,π,π)β π=βπβπβ: ππ(πβπβ)>ππ(π), πβπβ, πβπβ ββππ(π,π,πβπ)<ππ(πβπβ, πβπβ, πβπβ)<ππ(π,π,π)β!ππ(π,π)=ππ(π,π)+π π(π,π)+π π(π,π){ββ ππ(π,π)= π π(π,π)= π π(π,π)=ββ!
Time quanta where π tasks with higher priority are active tasks with higher priority are active Time quanta where tasks depending on j are active Time quanta where tasks depending on j are preempted
0123456789
πππππππ!
ππ!! ππ!! πβπβ! πππ!! πβπβ!
ππππ!
ππππ!
ππππ!
ππ,π π and π π are defined and π π are defined are defined as sums of boolean variables: ππ(π,π, πβπβ, πβπβ, πβπβ)=ππ(π,π)β€ππ(πβπβ, πβπβ, πβπβ)<ππ(π,π)
Stefano Di Alesio - 17/19
Our work originates from the interaction we had with Kongsberg Maritime over several months
1. Can the input data of our COP (constants) be provided with reasonable effort? [2]
[2] Nejati, S., Di Alesio, S., Sabetzadeh, M., Briand, L.: Modeling and analysis of CPU usage in safety-critical embedded systems to support stress testing. In: Model Driven Engineering Languages and Systems, pp. 759β775. Springer (2012)
~25 man-hours
2. Can one use the output data of our COP (variables) to derive test cases?
Efficiency: time needed to generate test cases
Effectiveness: revealing power of worst-case scenarios
COP Constants
Variables
Objective Function
Constraints Search Heuristics
Stefano Di Alesio - 18/19
We run our COP model for 5 hours recording every incumbent, one run for each objective function π»=πππ, π ππ=ππππ, π=π ~600 variables, 1 million constraints in IBM ILOG CPLEX CP Solver
1. Worst deadline miss: PushData, by 10 ms in three executions
2. Highest response time: 1200 ms 3. Highest CPU Usage: 32%
In summary, we showed how Constrained Optimization can support Performance Testing
The COP models the System Scheduler, Tasks, and Perf. Reqs.
The COP finds arrival times leading to worst-case scenarios β test cases
Stefano Di Alesio - 19/19
Questions?
We were able to generate test cases violating Perf. Reqs. in few minutes
Stefano Di Alesio - 20/19
We developed a search heuristic to minimize backtracking during the branch and bound search
ββ ππ(πβπβ, πβπβ, πβπβ)β[π,π] ππ(πβπβ, πβπβ, πβπβ)β[π,π]β
ββ ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)β[π,π]β
ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)β[π,π]
π=π ππ(πβπβ)>ππ(πβπβ) ππ(πβπβ, πβπβ)=ππ(πβπβ, πβπβ)
Heuristic: First, assign the lowest value (π) to ππ for the highest priority task ) to ππ for the highest priority task for the highest priority task
ββ ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)=πβ
ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)=π
ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)=π
ββ ππ(πβπβ, πβπβ, πβπβ)β[π,π] ππ(πβπβ, πβπβ, πβπβ)β[π,π]β ββ ππ(πβπβ, πβπβ, πβπβ)β[π,π] ππ(πβπβ, πβπβ, πβπβ)=πβ
ββ ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)=πβ
ππ(πβπβ, πβπβ, πβπβ)=π ππ(πβπβ, πβπβ, πβπβ)=π
Stefano Di Alesio - 21/19
Our case study is a monitoring application for fire/gas leaks detection in offshore platforms
Computing Hardware (Tri-core Processor)
Real Time Operating System (VxWorks)
Drivers (SW-HW Interface)
~100 Drivers * ~5 kLoC
Control Modules (Application Logic)
~5000 Modules * ~1 kLoC
Human Operators (Engineers)
External Hardware (Sensors + Actuators)
~500 devices
KM: Kongsberg Maritime FMS: Fire and gas Monitoring System
Stefano Di Alesio - 22/19
Drivers transfer data between external hardware (sensors and actuators) and control modules
PullData! Queue!IOBR!BoxIn! IOQW! IOQR! IOBW! BoxOut! PushData!
2.write! 3.check!
4.read!
5.trigger!
6.write! 7.check!
8.read!9.trigger!
10.write! 11.scan!
12.read!
External Hardware (Sensors + Actuators)
~500 devices
Control Modules (Application Logic)
~5000 Modules * ~1 kLoC
1.scan!
13.send!