Achieving Isolation in Mixed-Criticality Industrial Edge Systems with Real-Time Containers Appendix

Real-time containers are a promising solution to reduce latencies in time-sensitive cloud systems. Recent efforts are emerging to extend their usage in industrial edge systems with mixed-criticality constraints. In these contexts, isolation becomes a major concern: a disturbance (such as timing faults or unexpected overloads) affecting a container must not impact the behavior of other containers deployed on the same hardware. In this paper, we propose a novel architectural solution to achieve isolation in real-time containers, based on real-time co-kernels, hierarchical scheduling, and time-division networking. The architecture has been implemented on Linux patched with the Xenomai co-kernel, extended with a new hierarchical scheduling policy, named SCHED_DS, and integrating the RTNet stack. Experimental results are promising in terms of overhead and latency compared to other Linux-based solutions. More importantly, the isolation of containers is guaranteed even in presence of severe co-located disturbances, such as faulty tasks (elapsing more time than declared) or high CPU, network, or I/O stress on the same machine

Analyzing the effect of gain time on soft task scheduling policies in real-time systems

In hard real-time systems, gain time is defined as the difference between the Worst Case Execution Time (WCET) of a hard task and its actual processor consumption at runtime. This paper presents the results of an empirical study about how the presence of a significant amount of gain time in a hard real-time system questions the advantages of using the most representative scheduling algorithms or policies for aperiodic or soft tasks in fixed-priority preemptive systems. The work presented here refines and complements many other studies in this research area in which such policies have been introduced and compared. This work has been performed by using the authors' testing framework for soft scheduling policies, which produces actual, synthetic, randomly generated applications, executes them in an instrumented Real-Time Operating System (RTOS), and finally processes this information to obtain several statistical outcomes. The results show that, in general, the presence of a significant amount of gain time reduces the performance benefit of the scheduling policies under study when compared to serving the soft tasks in background, which is considered the theoretical worst case. In some cases, this performance benefit is so small that the use of a specific scheduling policy for soft tasks is questionable. © 2012 IEEE.This work is partially funded by research projects PROMETEO/2008/051, CSD2007-022, and TIN2008-04446.Búrdalo Rapa, LA.; Terrasa Barrena, AM.; Espinosa Minguet, AR.; García Fornes, AM. (2012). Analyzing the effect of gain time on soft task scheduling policies in real-time systems. IEEE Transactions on Software Engineering. 38(6):1305-1318. https://doi.org/10.1109/TSE.2011.95S1305131838

TRAMMAS: Enhancing Communication in Multiagent Systems

Tesis por compendio[EN] Over the last years, multiagent systems have been proven to be a powerful and versatile paradigm, with a big potential when it comes to solving complex problems in dynamic and distributed environments, due to their flexible and adaptive behavior. This potential does not only come from the individual features of agents (such as autonomy, reactivity or reasoning power), but also to their capability to communicate, cooperate and coordinate in order to fulfill their goals. In fact, it is this social behavior what makes multiagent systems so powerful, much more than the individual capabilities of agents. The social behavior of multiagent systems is usually developed by means of high level abstractions, protocols and languages, which normally rely on (or at least, benefit from) agents being able to communicate and interact indirectly. However, in the development process, such high level concepts habitually become weakly supported, with mechanisms such as traditional messaging, massive broadcasting, blackboard systems or ad hoc solutions. This lack of an appropriate way to support indirect communication in actual multiagent systems compromises their potential. This PhD thesis proposes the use of event tracing as a flexible, effective and efficient support for indirect interaction and communication in multiagent systems. The main contribution of this thesis is TRAMMAS, a generic, abstract model for event tracing support in multiagent systems. The model allows all entities in the system to share their information as trace events, so that any other entity which require this information is able to receive it. Along with the model, the thesis also presents an abstract architecture, which redefines the model in terms of a set of tracing facilities that can be then easily incorporated to an actual multiagent platform. This architecture follows a service-oriented approach, so that the tracing facilities are provided in the same way than other traditional services offered by the platform. In this way, event tracing can be considered as an additional information provider for entities in the multiagent system, and as such, it can be integrated from the earliest stages of the development process.[ES] A lo largo de los últimos años, los sistemas multiagente han demostrado ser un paradigma potente y versátil, con un gran potencial a la hora de resolver problemas complejos en entornos dinámicos y distribuidos, gracias a su comportamiento flexible y adaptativo. Este potencial no es debido únicamente a las características individuales de los agentes (como son su autonomía, y su capacidades de reacción y de razonamiento), sino que también se debe a su capacidad de comunicación y cooperación a la hora de conseguir sus objetivos. De hecho, por encima de la capacidad individual de los agentes, es este comportamiento social el que dota de potencial a los sistemas multiagente. El comportamiento social de los sistemas multiagente suele desarrollarse empleando abstracciones, protocolos y lenguajes de alto nivel, los cuales, a su vez, se basan normalmente en la capacidad para comunicarse e interactuar de manera indirecta de los agentes (o como mínimo, se benefician en gran medida de dicha capacidad). Sin embargo, en el proceso de desarrollo software, estos conceptos de alto nivel son soportados habitualmente de manera débil, mediante mecanismos como la mensajería tradicional, la difusión masiva, o el uso de pizarras, o mediante soluciones totalmente ad hoc. Esta carencia de un soporte genérico y apropiado para la comunicación indirecta en los sistemas multiagente reales compromete su potencial. Esta tesis doctoral propone el uso del trazado de eventos como un soporte flexible, efectivo y eficiente para la comunicación indirecta en sistemas multiagente. La principal contribución de esta tesis es TRAMMAS, un modelo genérico y abstracto para dar soporte al trazado de eventos en sistemas multiagente. El modelo permite a cualquier entidad del sistema compartir su información en forma de eventos de traza, de tal manera que cualquier otra entidad que requiera esta información sea capaz de recibirla. Junto con el modelo, la tesis también presenta una arquitectura {abs}{trac}{ta}, que redefine el modelo como un conjunto de funcionalidades que pueden ser fácilmente incorporadas a una plataforma multiagente real. Esta arquitectura sigue un enfoque orientado a servicios, de modo que las funcionalidades de traza son ofrecidas por parte de la plataforma de manera similar a los servicios tradicionales. De esta forma, el trazado de eventos puede ser considerado como una fuente adicional de información para las entidades del sistema multiagente y, como tal, puede integrarse en el proceso de desarrollo software desde sus primeras etapas.[CA] Al llarg dels últims anys, els sistemes multiagent han demostrat ser un paradigma potent i versàtil, amb un gran potencial a l'hora de resoldre problemes complexes a entorns dinàmics i distribuïts, gràcies al seu comportament flexible i adaptatiu. Aquest potencial no és només degut a les característiques individuals dels agents (com són la seua autonomia, i les capacitats de reacció i raonament), sinó també a la seua capacitat de comunicació i cooperació a l'hora d'aconseguir els seus objectius. De fet, per damunt de la capacitat individual dels agents, es aquest comportament social el que dóna potencial als sistemes multiagent. El comportament social dels sistemes multiagent solen desenvolupar-se utilitzant abstraccions, protocols i llenguatges d'alt nivell, els quals, al seu torn, es basen normalment a la capacitat dels agents de comunicar-se i interactuar de manera indirecta (o com a mínim, es beneficien en gran mesura d'aquesta capacitat). Tanmateix, al procés de desenvolupament software, aquests conceptes d'alt nivell son suportats habitualment d'una manera dèbil, mitjançant mecanismes com la missatgeria tradicional, la difusió massiva o l'ús de pissarres, o mitjançant solucions totalment ad hoc. Aquesta carència d'un suport genèric i apropiat per a la comunicació indirecta als sistemes multiagent reals compromet el seu potencial. Aquesta tesi doctoral proposa l'ús del traçat d'esdeveniments com un suport flexible, efectiu i eficient per a la comunicació indirecta a sistemes multiagent. La principal contribució d'aquesta tesi és TRAMMAS, un model genèric i abstracte per a donar suport al traçat d'esdeveniments a sistemes multiagent. El model permet a qualsevol entitat del sistema compartir la seua informació amb la forma d'esdeveniments de traça, de tal forma que qualsevol altra entitat que necessite aquesta informació siga capaç de rebre-la. Junt amb el model, la tesi també presenta una arquitectura abstracta, que redefineix el model com un conjunt de funcionalitats que poden ser fàcilment incorporades a una plataforma multiagent real. Aquesta arquitectura segueix un enfoc orientat a serveis, de manera que les funcionalitats de traça són oferides per part de la plataforma de manera similar als serveis tradicionals. D'aquesta manera, el traçat d'esdeveniments pot ser considerat com una font addicional d'informació per a les entitats del sistema multiagent, i com a tal, pot integrar-se al procés de desenvolupament software des de les seues primeres etapes.Búrdalo Rapa, LA. (2016). TRAMMAS: Enhancing Communication in Multiagent Systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/61765TESISCompendi

Mixed Criticality Systems - A Review : (13th Edition, February 2022)

This review covers research on the topic of mixed criticality systems that has been published since Vestal’s 2007 paper. It covers the period up to end of 2021. The review is organised into the following topics: introduction and motivation, models, single processor analysis (including job-based, hard and soft tasks, fixed priority and EDF scheduling, shared resources and static and synchronous scheduling), multiprocessor analysis, related topics, realistic models, formal treatments, systems issues, industrial practice and research beyond mixed-criticality. A list of PhDs awarded for research relating to mixed-criticality systems is also included

Composition and synchronization of real-time components upon one processor

Many industrial systems have various hardware and software functions for controlling mechanics. If these functions act independently, as they do in legacy situations, their overall performance is not optimal. There is a trend towards optimizing the overall system performance and creating a synergy between the different functions in a system, which is achieved by replacing more and more dedicated, single-function hardware by software components running on programmable platforms. This increases the re-usability of the functions, but their synergy requires also that (parts of) the multiple software functions share the same embedded platform. In this work, we look at the composition of inter-dependent software functions on a shared platform from a timing perspective. We consider platforms comprised of one preemptive processor resource and, optionally, multiple non-preemptive resources. Each function is implemented by a set of tasks; the group of tasks of a function that executes on the same processor, along with its scheduler, is called a component. The tasks of a component typically have hard timing constraints. Fulfilling these timing constraints of a component requires analysis. Looking at a single function, co-operative scheduling of the tasks within a component has already proven to be a powerful tool to make the implementation of a function more predictable. For example, co-operative scheduling can accelerate the execution of a task (making it easier to satisfy timing constraints), it can reduce the cost of arbitrary preemptions (leading to more realistic execution-time estimates) and it can guarantee access to other resources without the need for arbitration by other protocols. Since timeliness is an important functional requirement, (re-)use of a component for composition and integration on a platform must deal with timing. To enable us to analyze and specify the timing requirements of a particular component in isolation from other components, we reserve and enforce the availability of all its specified resources during run-time. The real-time systems community has proposed hierarchical scheduling frameworks (HSFs) to implement this isolation between components. After admitting a component on a shared platform, a component in an HSF keeps meeting its timing constraints as long as it behaves as specified. If it violates its specification, it may be penalized, but other components are temporally isolated from the malignant effects. A component in an HSF is said to execute on a virtual platform with a dedicated processor at a speed proportional to its reserved processor supply. Three effects disturb this point of view. Firstly, processor time is supplied discontinuously. Secondly, the actual processor is faster. Thirdly, the HSF no longer guarantees the isolation of an individual component when two arbitrary components violate their specification during access to non-preemptive resources, even when access is arbitrated via well-defined real-time protocols. The scientific contributions of this work focus on these three issues. Our solutions to these issues cover the system design from component requirements to run-time allocation. Firstly, we present a novel scheduling method that enables us to integrate the component into an HSF. It guarantees that each integrated component executes its tasks exactly in the same order regardless of a continuous or a discontinuous supply of processor time. Using our method, the component executes on a virtual platform and it only experiences that the processor speed is different from the actual processor speed. As a result, we can focus on the traditional scheduling problem of meeting deadline constraints of tasks on a uni-processor platform. For such platforms, we show how scheduling tasks co-operatively within a component helps to meet the deadlines of this component. We compare the strength of these cooperative scheduling techniques to theoretically optimal schedulers. Secondly, we standardize the way of computing the resource requirements of a component, even in the presence of non-preemptive resources. We can therefore apply the same timing analysis to the components in an HSF as to the tasks inside, regardless of their scheduling or their protocol being used for non-preemptive resources. This increases the re-usability of the timing analysis of components. We also make non-preemptive resources transparent during the development cycle of a component, i.e., the developer of a component can be unaware of the actual protocol being used in an HSF. Components can therefore be unaware that access to non-preemptive resources requires arbitration. Finally, we complement the existing real-time protocols for arbitrating access to non-preemptive resources with mechanisms to confine temporal faults to those components in the HSF that share the same non-preemptive resources. We compare the overheads of sharing non-preemptive resources between components with and without mechanisms for confinement of temporal faults. We do this by means of experiments within an HSF-enabled real-time operating system

Scheduling analysis of fixed priority hard real-time systems with multiframe tasks

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

EXTENSIONES AL LENGUAJE ADA Y A LOS SERVICIOS POSIX PARA PLANIFICACIÓN EN SISTEMAS DE TIEMPO REAL ESTRICTO

Esta tesis se ha centrado en el estudio de las políticas basadas en la extracción de holgura y en la asignación dual de prioridades, ambas orientadas a dar servicio a tareas aperiódicas en sistemas real estricto. Estas políticas constituyen una interesante alternativa a las políticas basadas en servidores de carga aperiódicas y han sido ampliamente estudiadas en numerosos trabajos. No obstante, la posibilidad de ser aplicables en la práctica todavía no había sido evaluada en detalle, y éste ha sido el principal objetivo de esta tesis. En este trabajo, ambas políticas son revisadas en profundidad. En el caso de la política basada en la extracción de holgura, algunas de sus principales debilidades han sido corregidas. En particular, se muestra que es posible compartir recursos entre tareas críticas y aperiódicas de una forma sencilla y eficiente, utilizando para ello los mismos protocolos de herencia de prioridad que pueden aplicarse en sistemas en los que sólo existen tareas críticas. La aplicabilidad de estas políticas ha sido valorada incorporándolas en los dos entornos más relevantes hoy en día para la programación de sistemas de tiempo real estricto, el lenguaje de programación Ada y los servicios POSIX. Con este fin se han definido nuevas interfaces para ambas políticas en estos entornos, coherentes con sus principios de diseño y con los servicios que actualmente ofrecen. El diseño de estas interfaces ha supuesto una adaptación de ambas políticas buscando, en todo momento, un equilibrio entre prestaciones y eficiencia. Como parte de este diseño, estas interfaces han sido implementadas en el sistema operativo MaRTE OS. El proceso de implementación ha servido para validar las distintas alternativas qu ehan sido consideradas. Un aspecto importante de una política de planificación en su eficiencia, por lo que este aspecto ha sido evaluado en detalle. Se ha caracterizado de forma analítica el efectoABSTRACT: This thesis is centered on the study of slack stealing and dual priority scheduling policies, both oriented to serve aperiodic tasks in hard real-time systems. These polices, largely studied in previous work, constitute an interesting alternative to policies based on aperiodic servers. However, the possibility of actually being put into practice had not been yet exhaustively evaluated. This has been the main objective of this thesis. Both policies are profoundly revised in this dissertation. In the case of the slack stealing policy, some of its weaknesses have been solved. In particular, this thesis shows that it is possible to share resources between hard and aperiodic tasks in a simple and efficient manner. This can be done by using the same priority inheritance protocols which are used in systems comprising hard tasks only. The applicability of these scheduling policies has been evaluated by means of their incorporation into the two most relevant hard real-time programming environments in use nowadays, the Ada programming language and the POSIX set of services. In order to fulfill this purpose, new interfaces for both policies have been defined in these two environments. These interfaces have been designed in order to be coherent with the environments¿ design principles and the services they currently support. This design has involved the adaptation of the original scheduling policies, trying to optimize the balance between performance and efficiency. As a part of this design, both interfaces have been implemented in the MaRTE OS operating system. These implementations have been useful for validating the different alternatives which have been considered throughout the design process. Since efficiency is an important aspect of any scheduling policy, this aspect has been extremely evaluated in this work. The effect of the implementation of both policies to the task response times has been analytically characterized. This effect has also been quantified, and then the efficiency of both policies has been compared with the fixed-priority preemptive scheduling policy, which is the one normally used in hard real-time systems. The results of this comparative study show that, although the overhead introduced by any VIII ABSTRACT of the two new policies is significant, this overhead lies in a reasonable range. The recently approved POSIX trace services have also been studied in this thesis. The necessity of having some analysis and measurement tools available for the efficiency studies carried out in this thesis led to the incorporation of these services into MaRTE OS. Related to this, a new POSIX/Ada interface for the trace services has also been proposed. In addition, the problem of obtaining temporal metrics of the system from the information of the traces has also been covered.Espinosa Minguet, AR. (2003). EXTENSIONES AL LENGUAJE ADA Y A LOS SERVICIOS POSIX PARA PLANIFICACIÓN EN SISTEMAS DE TIEMPO REAL ESTRICTO [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/1774