rtns scheduling analysis under fault bursts
play

RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frdric - PowerPoint PPT Presentation

Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frdric Boniol, David Doose 5 November 2010 RTNS: Scheduling Analysis under Fault Bursts 1 / 25


  1. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frédéric Boniol, David Doose 5 November 2010 RTNS: Scheduling Analysis under Fault Bursts 1 / 25

  2. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Context (1/3) e S r a o f w t e r A u r t c c e h i t e r H a w a r d Different Layers of Protection Hardware Layer Architecture Layer Software Layer RTNS: Scheduling Analysis under Fault Bursts 2 / 25

  3. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Context (2/3) e S r o a w f t e r A u r t c c h e i t e r H a a w r d Fault Tolerance Mechanisms Hardware Layer Shield Location Architecture Layer Duplication et triplication of critical equipments Software Layer Robust data model Method based on code execution or re-execution RTNS: Scheduling Analysis under Fault Bursts 3 / 25

  4. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Context (3/3) Real-Time System Overview A set of tasks with hard temporal constraints A scheduler to assign task to processors Some Relevant Questions Assign priority to tasks Manage shared ressources Manage fault tolerance mechanisms Schedulability Analysis Prove a priori the respect of all temporal constraints RTNS: Scheduling Analysis under Fault Bursts 4 / 25

  5. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Plan of this Presentation Problematic Coupling Scheduling Analysis and Fault Tolerance Guidelines Definition of a fault model Definition of the scheduler behaviour when an error occurs Schedulability Analysis RTNS: Scheduling Analysis under Fault Bursts 5 / 25

  6. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Fault Burst Model 1 Fault Features Fault Burst Model Example Detection, Correction and Strategies 2 Error-Detection and Error-Correction Error Recovery Strategies Scheduling Analysis 3 Background Worst Case Response Time Equation Evaluation of Recovery Term F i Performance 4 RTNS: Scheduling Analysis under Fault Bursts 6 / 25

  7. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Fault Features Origins of Faults Inner faults Bad design or implementation Electromagnetic Compatibility : Power supply and computer Environmental faults Sensors masked by an outer object Electromagnetic fields (radar waves), space rays Consequences on Real-Time Systems Permanent ⇒ Spatial Redundancy Transient ⇒ Temporal Redundancy Temporal Distributions Pseudo-periodic fault Fault bursts RTNS: Scheduling Analysis under Fault Bursts 8 / 25

  8. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Fault Burst Model ∆ F ∆ F T F T F Burst Definition ∆ F = time interval during which there are potential faults Inner temporal distribution of faults unknown No fault outside a burst T F = minimum time interval between two fault burst starts Example of Phenomenon Aircraft through an electromagnetic field generated by radar waves RTNS: Scheduling Analysis under Fault Bursts 9 / 25

  9. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions An Illustrated Example Case of Rotative Air Radar [1, 2] For a fly-by or over ground aircraft : Elapsed time between two swept : few seconds Exposure time : tenth of seconds Worst case for a slow aircraft : 15 swepts (2 seconds between swepts) 100 ms of exposure time by swept RTCA and EUROCAE Guide to Certification Of Aircraft in a High Intensity Radiated Field (HIRF) Environment ED 107 - ARP 5583 , 2001. RTCA and EUROCAE Environmental Conditions and Testprocedures for Airborne Equipment ED 14E - DO 160E , 2005. RTNS: Scheduling Analysis under Fault Bursts 10 / 25

  10. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Error-Detection and Error-Correction Detection Mechanisms Use of acceptance tests, checksums, timer watchdogs etc... Instant of detection : At the end of task Checkpoints (splitted tasks) Correction Method Re-execution of code Full or partial re-execution of the erroneous task Alternative tasks, recovery blocks Exception Handlers Assumption : Re-execution of the task corrects all errors RTNS: Scheduling Analysis under Fault Bursts 12 / 25

  11. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Error Recovery Strategies At Task Level Tactic = error-detection + error-correction At System Level At error detection, different actions : Manage preempted tasks Anticipate potential undetected errors Strategies Definition of scheduler behaviour towards preempted tasks Remark Error recovery strategies infer fault tolerance RTNS: Scheduling Analysis under Fault Bursts 13 / 25

  12. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Focused Error Recovery Strategies End Detection/Full Re-execution/Simple Strategy End Detection τ 1 Full Re-execution of the faulty task τ 2 Correction of the erroneous task τ 3 Ex : Erronated data on a sensor End Detection/Full Re-execution/Multiple Strategy End Detection τ 1 Full Reexecution Correction ot the erroneous task τ 2 Preventive correction of preempted tasks τ 3 Ex : Corrupted shared data RTNS: Scheduling Analysis under Fault Bursts 14 / 25

  13. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Computational Model T i T i D i r i , 1 r i , 2 R i = r i , 0 d i , 0 d i , 1 C i C i Task Features WCET : C i , Deadline : D i , , Period : T i Deadline less than or equal to period : D i ≤ T i independent,periodic distinct priority System Features uniprocessor fixed priority assignement fault free scheduler RTNS: Scheduling Analysis under Fault Bursts 16 / 25

  14. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Evaluation of Task Set Feasibility Validation Techniques Upper bound to the processor utilisation Worst Case Response Time Model Checking (multiprocessor) Workload Worst Case Response Time (Completion time - release date) task in the worst case schedulable task τ i : WCRT ≤ D i task set feasible : ∀ i , τ i schedulable RTNS: Scheduling Analysis under Fault Bursts 17 / 25

  15. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Worst Case Response Time Equation τ 1 Task Release Error Detection τ 2 Re-execution Faulty Instance τ 3 Task Instance R 3 I ∆ F ∆ F I ∆ F + F 3 + F 3 3 3 Computation of the Worst Case Response Time R ∆ F i R ∆ F R ∆ F R ∆ F R ∆ F = = R i = R i +∆ F = R i i i i (1) R i : Free fault WCRT ∆ F : Duration of the fault burst Interference due to the highest priority tasks after the fb end ∆ F & ’ − ( R i + ∆ F ) R ∆ F X i I = C j (2) I T j hp ( i ) F i : Additional temporal cost due to the error recovery strategies RTNS: Scheduling Analysis under Fault Bursts 18 / 25

  16. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Evaluation of Recovery Term F i Computation of F i for the ED/FR/S strategy τ 1 τ 2 τ 3 R 3 ∆ F I ∆ F + F 3 3 X F i = 2 × C j + 2 × C i (3) hp ( i ) Computation of the F i for the ED/FR/M Strategy τ 1 τ 2 τ 3 ∆ F I ∆ F R 3 + F 3 3 0 1 k = j X A + C i F i = max @ C j + C k (4) j ∈ hp ( i ) k = i − 1 RTNS: Scheduling Analysis under Fault Bursts 19 / 25

  17. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Example ∆ F = 100 R ∆ F R ∆ F P T C D S M2 R 1 300 10 300 10 20 130 20 130 2 500 50 500 60 120 290 70 240 3 800 150 800 210 420 800 260 630 Descritpion 3-task set with D i = T i scheduler : Rate Monotonic Benefits Efficiency of strategies : significative reduction of WCRT (25%) Unvailibility of the system : T F = 800, ∆ F = 100 ⇒ 12 , 5 % First impression Multiple strategy better than simple RTNS: Scheduling Analysis under Fault Bursts 21 / 25

  18. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Simulation (1/2) τ 1 τ 2 R 2 ∆ F I ∆ F + F 2 2 τ 1 τ 2 ∆ F R 2 I ∆ F + F 2 2 Qualitative explanation of the benefits "Temporal Economy" ⇒ reduction of necessary error-detections In practice, temporal additional cost (preventive re-executions) But effective approach for the validation of RTS RTNS: Scheduling Analysis under Fault Bursts 22 / 25

  19. Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions Simulation (2/2) Description ED/FR/S Schedulable Task Sets ED/FR/M2 10-task sets 1000 1000 task sets for a given range of processor utilisation 500 variation of the fault burst Fault Burst Duration 0 Comparison of Strategies : U = 0.5 [1] 0 Simple : ∆ F = 3 % of the longuest period 300 250 0.5 200 Multiple : ∆ F = 14 % of the l.p 150 100 50 0 Processor Utilisation M. Pandya and M. Malek Minimum achievable utilization for fault-tolerant processing of periodic tasks IEEE Transactions on Computers , 47(10) :1102–1112, 1998. RTNS: Scheduling Analysis under Fault Bursts 23 / 25

Recommend


More recommend