adaptmc
play

AdaptMC A Control-Theoretic Approach for Achieving Resilience in - PowerPoint PPT Presentation

Mar 07, 2023 •173 likes •456 views

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns Embedded system ! 2 Mixed-criticality system C Each task has its Monitoring

  1. AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns

  2. Embedded system ! 2

  3. Mixed-criticality system C Each task has its Monitoring Monitoring B own criticality level System System (from A to D) Control Control System(s) System(s) A Mission Mgmt Mission Mgmt D System System Operator Mgmt Operator Mgmt System System ! 3

  4. Vestal model • Fixed number of distinct criticality levels are defined throughout the system LO and HI criticality • Each piece of code in the system is characterised by The criticality level (LO/HI) Two WCET parameter estimates • Prior to run-time the timing behaviour of all functionalities is validated according to the WCET parameter estimates ! 4

  5. What does happen at run-time if the WCET estimates are “wrong”?

  6. Goals of this paper • Shift the perspective from verification to resiliency What happens when a budget over-run occurs? • Analyse a control-based approach for ensuring run-time resiliency How to adapt the behaviour at run-time? • Provide hard real-time guarantees even with budget over- or under-runs Is it possible to provide such guarantees? ! 6

  7. Outline • AdaptMC : Control-based approach for run-time adaptation • Evaluation • Conclusion ! 7

  8. Definitions HI LO HI LO HI LO … Planned t = 0 time S H (1) S L (1) S H (2) S L (2) HI LO HI LO HI LO … Run-time t = 0 time Budget over-run Budget under-run ! 8

  9. Definitions and assumptions Tentative budget Q S H ( k + 1) = Q H ( k ) + ε H ( k ) S L ( k + 1) = Q L ( k ) + ε L ( k ) Disturbance ε Supply S • Assumptions 1. Executions rarely exceed the WCET values − ε H ≤ ε H ≤ ε H 2. When they do, it is by a “ small amount ” − ε L ≤ ε L ≤ 0 3. The “small amount” can be bounded ! 9

  10. AdaptMC: Control-based approach Compare it with Compute a ε H ( k ) ε L ( k ) a target desired tentative budget budget S H ( k ) Q H ( k ) Q H Mixed-critical AdaptMC system S L ( k ) Q L Q L ( k ) Measure the actual supply Control objectives - Meet the target desired budgets - Preserve the bandwidth of the HI and LO critical systems ! 10

  11. Deeper in AdaptMC • The controller adjusts the tentative budgets Q H ( k + 1) = Q H ( k ) + u H ( k ) Q L ( k + 1) = Q L ( k ) + u L ( k ) • Based on the actual supply and the target budget + K HL u H ( k ) = K HH ( Q H − S H ( k )) γ ( Q L − S L ( k )) u L ( k ) = γ K LH ( Q H − S H ( k + 1)) + K LL ( Q L − S L ( k )) γ = Q L • with Q H Design parameters ! 11

  12. Required properties 1. Compensation property 2. Stability of the closed-loop system 3. Bounding the resource supply ! 12

  13. Compensation property • A disturbance on the HI/LO-criticality server results in an opposite or null e ff ect on the value of the supply of the LO/HI-criticality server HI LO HI … Planned t = 0 time HI LO HI … Run-time t = 0 time OVER-RUN! ! 13

  14. Compensation property • A disturbance on the HI/LO-criticality server results in an opposite or null e ff ect on the value of the supply of the LO/HI-criticality server HI LO HI LO … Planned t = 0 time HI LO HI LO … Run-time t = 0 time COMPENSATE ! 13

  15. Stability K HL K LH K HH K LL ! 14

  16. <latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit> <latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit> <latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit> <latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit> Stability 1 K HL K LH = 0 K HL K LH = 0.01 0.9 K HL K LH = 0.02 0.8 K HL K LH = 0.05 K 5 K HL K LH = 0.1 0.7 K HL K LH = 0.2 0.6 K HL K LH = 0.3 K LL K 4 0.5 K HL K LH = 0.35 0.4 K 1 K i = { K HH , K HL , K LH , K LL } 0.3 K 3 0.2 K 1 = { 0 . 4 , 0 . 1 , 0 . 1 , 0 . 35 } K 2 K 2 = { 0 . 15 , 0 . 1 , 0 . 1 , 0 . 15 } 0.1 K 3 = { 0 . 25 , 0 . 1 , 0 . 1 , 0 . 25 } 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 K 4 = { 0 . 5 , 0 . 1 , 0 . 1 , 0 . 5 } K HH K 5 = { 0 . 75 , 0 . 1 , 0 . 1 , 0 . 75 } ! 15

  17. Bounding the resource supply Idle Active intervals intervals S (1) Z (1) S (2) Z (2) S (3) Z (3) … t = 0 time I 0 I 1 I 2 sbf ( t ) n 0 + n − 1 S (3) σ ∑ σ S ( n ) = inf S ( k ) n 0 k = n 0 S (2) σ n 0 + n − 1 ∑ S (1) σ Z ( n ) = sup Z ( k ) σ n 0 t k = n 0 Z (1) Z (2) Z (3) σ σ σ ! 16

  18. Bounding the resource supply n 0 + n − 1 ∑ σ S ( n ) = inf S ( k ) n 0 k = n 0 n 0 + n − 1 ∑ σ Z ( n ) = sup Z ( k ) n 0 k = n 0 HI-Criticality LO-Criticality σ S ( n ) = nQ H − ε H 풩 HH ( n ) − ε L σ S ( n ) = nQ L − ε H 풩 LH ( n ) − ε L 2 ( ℐ HL ( n ) + 풩 HL ) 2 ( ℐ LL ( n ) + 풩 LL ) σ Z ( n ) = nQ L + ε H 풩 LH ( n ) + ε L σ Z ( n ) = nQ H + ε H 풩 HH ( n ) + ε L 2 ( ℐ LL ( n ) + 풩 LL ) 2 ( 풥 HL ( n ) + 풩 HL ) ∞ ∑ 풩 ij ( n ) = | g ij ( k ) − g ij ( k − n ) | k =0 with k { r i L ( k ) − r i L ( k − n ) } Proof and details in ℐ i L ( n ) = sup the paper k { r i L ( k − n ) − r i L ( k ) } 풥 i L ( n ) = sup ! 17

  19. Evaluation — sbf 100 100 K 1 K 1 hi -criticality lo -criticality K 2 K 2 K 3 K 3 sbf H ( t ) sbf L ( t ) K 4 K 4 50 50 K 5 K 5 0 0 0 50 100 150 200 0 50 100 150 200 t t K 1 maximises both the sbf ! 18

  20. Evaluation — Transient behaviour 1 ε H ε L 0 . 5 0 ε − 0 . 5 − 1 12 K 1 K 2 K 3 K 4 K 5 11 S H K 1 minimises the effect of the 10 transient behaviour 10 K 1 K 2 K 3 K 4 K 5 9 S L 8 7 0 10 20 30 40 50 60 70 80 90 100 k ! 19

  21. Baseline for comparison — PPA • Period-Preserving Approach (PPA) Simple approach When HI-criticality over-run, the LO-criticality server compensate by preserving the period S H ( k + 1) = Q H + ε H ( k ) S L ( k + 1) = max( P − S H ( k + 1),0) + ε L ( k ) • where P is the target period that needs to be maintained ! 20

  22. Comparative results AdaptMC PPA ε H ε L ε H ε L 2 ε 0 14 S H S L S H S L 12 10 S 8 6 0 . 8 S L /S H 0 . 6 0 . 4 0 20 40 60 80 100 0 20 40 60 80 100 k k

  23. Comparative results AdaptMC PPA ε H ε L ε H ε L Impulsive 2 disturbance ε 0 14 S H S L S H S L 12 10 S 8 6 0 . 8 S L /S H 0 . 6 0 . 4 0 20 40 60 80 100 0 20 40 60 80 100 k k

  24. Comparative results AdaptMC PPA ε H ε L ε H ε L Impulsive 2 disturbance ε 0 Constant disturbance 14 S H S L S H S L 12 10 S 8 6 0 . 8 S L /S H 0 . 6 0 . 4 0 20 40 60 80 100 0 20 40 60 80 100 k k

  25. Comparative results AdaptMC PPA ε H ε L ε H ε L Impulsive 2 disturbance ε 0 Constant disturbance 14 S H S L S H S L 12 Increasing 10 S disturbance 8 6 0 . 8 S L /S H 0 . 6 0 . 4 0 20 40 60 80 100 0 20 40 60 80 100 k k

  26. Conclusion and future work • Control-theoretic approach for run-time adaptation in mixed-critical systems Compensation property Stability conditions Supply bound functions • Future work Optimal gain calculation More criticality levels ! 22

Recommend

More recommend