AdaptMC A Control-Theoretic Approach for Achieving Resilience in - - PowerPoint PPT Presentation

adaptmc
SMART_READER_LITE
LIVE PREVIEW

AdaptMC A Control-Theoretic Approach for Achieving Resilience in - - PowerPoint PPT Presentation

Mar 07, 2023 173 likes •458 views

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns Embedded system ! 2 Mixed-criticality system C Each task has its Monitoring

slide-1
SLIDE 1

AdaptMC

A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns

slide-2
SLIDE 2

Embedded system

!2

slide-3
SLIDE 3

Mixed-criticality system

Monitoring System Control System(s) Operator Mgmt System Mission Mgmt System Monitoring System Control System(s) Operator Mgmt System Mission Mgmt System Each task has its

  • wn criticality level

(from A to D)

A B C D

!3

slide-4
SLIDE 4

Vestal model

  • Fixed number of distinct criticality levels are defined throughout the

system LO and HI criticality

  • Each piece of code in the system is characterised by

The criticality level (LO/HI) Two WCET parameter estimates

  • Prior to run-time the timing behaviour of all functionalities is validated

according to the WCET parameter estimates

!4

slide-5
SLIDE 5

What does happen at run-time if the WCET estimates are “wrong”?

slide-6
SLIDE 6

Goals of this paper

  • Shift the perspective from verification to resiliency

What happens when a budget over-run occurs?

  • Analyse a control-based approach for ensuring run-time resiliency

How to adapt the behaviour at run-time?

  • Provide hard real-time guarantees even with budget over- or under-runs

Is it possible to provide such guarantees?

!6

slide-7
SLIDE 7

Outline

  • AdaptMC: Control-based approach for run-time adaptation
  • Evaluation
  • Conclusion

!7

slide-8
SLIDE 8

Definitions

HI

t = 0

LO HI LO HI LO

… time Budget over-run

HI

t = 0

LO HI LO LO

SH(1) SL(1) SH(2) SL(2) … time

HI

Budget under-run Planned Run-time

!8

slide-9
SLIDE 9

Definitions and assumptions

  • Assumptions
  • 1. Executions rarely exceed the WCET values
  • 2. When they do, it is by a “small amount”
  • 3. The “small amount” can be bounded

Supply S Disturbance ε Tentative budget Q

SH(k + 1) = QH(k) + εH(k) SL(k + 1) = QL(k) + εL(k)

−εH ≤ εH ≤ εH −εL ≤ εL ≤ 0

!9

slide-10
SLIDE 10

AdaptMC: Control-based approach

Mixed-critical system

QH(k) QL(k)

AdaptMC

QH QL SH(k) SL(k)

Control objectives

  • Meet the target desired budgets
  • Preserve the bandwidth of the

HI and LO critical systems

Measure the actual supply

εH(k) εL(k)

Compare it with a target desired budget Compute a tentative budget

!10

slide-11
SLIDE 11

Deeper in AdaptMC

  • The controller adjusts the tentative budgets
  • Based on the actual supply and the target budget
  • with

QH(k + 1) = QH(k) + uH(k) QL(k + 1) = QL(k) + uL(k) uH(k) = KHH(QH − SH(k)) + KHL γ (QL − SL(k)) uL(k) = γKLH(QH − SH(k + 1)) +KLL(QL − SL(k))

γ = QL QH

Design parameters

!11

slide-12
SLIDE 12

Required properties

  • 1. Compensation property
  • 2. Stability of the closed-loop system
  • 3. Bounding the resource supply

!12

slide-13
SLIDE 13

Compensation property

  • A disturbance on the HI/LO-criticality server results in an opposite or null

effect on the value of the supply of the LO/HI-criticality server

t = 0

HI LO HI

… time t = 0

HI LO HI

… time Planned Run-time

OVER-RUN!

!13

slide-14
SLIDE 14

Compensation property

  • A disturbance on the HI/LO-criticality server results in an opposite or null

effect on the value of the supply of the LO/HI-criticality server

t = 0

HI LO HI LO

… time t = 0

HI LO HI LO

… time Planned Run-time

COMPENSATE

!13

slide-15
SLIDE 15

Stability

!14

KHLKLH KLL KHH

slide-16
SLIDE 16

Stability

1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

KHH KLL K1 K2 K3 K4 K5

KHLKLH = 0 KHLKLH = 0.01 KHLKLH = 0.02 KHLKLH = 0.05 KHLKLH = 0.1 KHLKLH = 0.2 KHLKLH = 0.3 KHLKLH = 0.35

!15

Ki = {KHH, KHL, KLH, KLL} K1 = {0.4, 0.1, 0.1, 0.35} K2 = {0.15, 0.1, 0.1, 0.15} K3 = {0.25, 0.1, 0.1, 0.25} K4 = {0.5, 0.1, 0.1, 0.5} K5 = {0.75, 0.1, 0.1, 0.75}

<latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit><latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit><latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit><latexit sha1_base64="2+jbsF2+/kOvjKLJ32pYro03CU=">ADenichZLdatswFMcVex9d9tG0uxwD0bBsYyVYaUJ2MyjbTaC56GBpC1EwsqykorJsJHkQjPsMe7bd7Ul2s4vJjmBeG8gBiT/n/I50dHSiTHBtguBXy/MfPHz0eO9J+mz5y/2OweHFzrNFWUzmopUXUVEM8ElmxluBLvKFCNJNhldPOlil9+Z0rzVH4z64wtErKSfMkpMdYVHrR+4IituCyI4CvJ4rLdwkx15SI4qwMOfwEcXEWFlhTxTPjdrMWDNacSorJpCyPdyDTnch09ylTewouMW73bqutWSeq6wz6w+Ogj9w6GW3gJjdwHBo1QLQFPHgoAkOtoBDBza5LdjIYeMmN96AmMn4X/DTjfoB7XB+wI50QXOzsPOTxynNE+YNFQrecoyMyiIMpwKljZxrlmGaE3ZMXmVkqSML0o6tEp4RvrieEyVXZJA2tvM6MgidbrJLJk9Rp9N1Y5t8XmuVl+XBRcZrlhkm4uWuYCmhRWcwhjrhg1Ym0FsX9ta4X0mihCjZ3Wqgno7pPvi4tBH9lOfh12Tz+7duyBV+AIvAMIjMEpmIBzMAO09dt7fW8t94f/8h/73/YoF7L5bwE/5k/AtMwxDr</latexit>
slide-17
SLIDE 17

Bounding the resource supply

t = 0 … time Z(1) Z(2) Z(3) S(1) S(2) S(3) Active intervals Idle intervals

I0 I1 I2 sbf(t) t σ

S(1)

σ

Z(1)

σ

S(2)

σ

Z(2)

σ

S(3)

σ

Z(3)

σS(n) = inf

n0 n0+n−1

k=n0

S(k) σZ(n) = sup

n0 n0+n−1

k=n0

Z(k)

!16

slide-18
SLIDE 18

Bounding the resource supply

σS(n) = inf

n0 n0+n−1

k=n0

S(k) σZ(n) = sup

n0 n0+n−1

k=n0

Z(k) HI-Criticality σS(n) = nQH − εH풩HH(n) − εL 2 (ℐHL(n) + 풩HL) σZ(n) = nQL + εH풩LH(n) + εL 2 (ℐLL(n) + 풩LL) LO-Criticality σS(n) = nQL − εH풩LH(n) − εL 2 (ℐLL(n) + 풩LL) σZ(n) = nQH + εH풩HH(n) + εL 2 (풥HL(n) + 풩HL) 풩ij(n) =

k=0

|gij(k) − gij(k − n)| ℐiL(n) = sup

k {riL(k) − riL(k − n)}

풥iL(n) = sup

k {riL(k − n) − riL(k)}

with

!17

Proof and details in the paper

slide-19
SLIDE 19

Evaluation — sbf

50 100 150 200 50 100 t sbfH(t)

hi-criticality

K1 K2 K3 K4 K5 50 100 150 200 50 100 t sbfL(t)

lo-criticality

K1 K2 K3 K4 K5

K1 maximises both the sbf

!18

slide-20
SLIDE 20

Evaluation — Transient behaviour

−1 −0.5 0.5 1 ε εH εL 10 11 12 SH K1 K2 K3 K4 K5 10 20 30 40 50 60 70 80 90 100 7 8 9 10 k SL K1 K2 K3 K4 K5

K1 minimises the effect of the transient behaviour

!19

slide-21
SLIDE 21

Baseline for comparison — PPA

  • Period-Preserving Approach (PPA)

Simple approach When HI-criticality over-run, the LO-criticality server compensate by preserving the period

  • where P is the target period that needs to be maintained

SH(k + 1) = QH + εH(k) SL(k + 1) = max(P − SH(k + 1),0) + εL(k)

!20

slide-22
SLIDE 22

Comparative results

2 ε

AdaptMC

εH εL

PPA

εH εL 6 8 10 12 14 S SH SL SH SL 20 40 60 80 100 0.4 0.6 0.8 k SL/SH 20 40 60 80 100 k

slide-23
SLIDE 23

Comparative results

2 ε

AdaptMC

εH εL

PPA

εH εL 6 8 10 12 14 S SH SL SH SL 20 40 60 80 100 0.4 0.6 0.8 k SL/SH 20 40 60 80 100 k

Impulsive disturbance

slide-24
SLIDE 24

Comparative results

2 ε

AdaptMC

εH εL

PPA

εH εL 6 8 10 12 14 S SH SL SH SL 20 40 60 80 100 0.4 0.6 0.8 k SL/SH 20 40 60 80 100 k

Impulsive disturbance Constant disturbance

slide-25
SLIDE 25

Comparative results

2 ε

AdaptMC

εH εL

PPA

εH εL 6 8 10 12 14 S SH SL SH SL 20 40 60 80 100 0.4 0.6 0.8 k SL/SH 20 40 60 80 100 k

Impulsive disturbance Constant disturbance Increasing disturbance

slide-26
SLIDE 26

Conclusion and future work

  • Control-theoretic approach for run-time adaptation in mixed-critical

systems Compensation property Stability conditions Supply bound functions

  • Future work

Optimal gain calculation More criticality levels

!22

slide-27
SLIDE 27

Questions, comments, remarks?

1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

KHH KLL K1 K2 K3 K4 K5

Mixed- critical system

QH(k) QL(k)

AdaptMC

QH QL SH(k) SL(k) εH(k) εL(k)

I0 I1 I2 sbf(t) t σ

S(1)

σ

Z(1)

σ

S(2)

σ

Z(2)

σ

S(3)

σ

Z(3)

Alessandro Papadopoulos alessandro.papadopoulos@mdh.se Code available: https://github.com/apapadopoulos/AdaptMC Artifact: http://drops.dagstuhl.de/opus/volltexte/2018/8969/