Etap Tutorial v8

8/12/2019 Etap Tutorial v8

1/99

4/13/02 ETAPS 2002 1

A family of resource-bound process

algebras for modeling and analysis of

embedded systems

Insup Lee1, Oleg Sokolsky1,Anna Philippou2

1SDRL (Systems Design Research Lab)RTG (Real-Time Systems Group)

Department of Computer and Information Science

University of PennsylvaniaPhiladelphia, PA

2Department of Computer ScienceUniversity of Cyprus

Nicosia, CY


2/99

4/13/02 ETAPS 2002 2

Outline

Embedded systems

Resource-bound computation

Resource-bound process algebras

ACSR(Algebra of communicating shared resources) PACSR(Probabilistic ACSR)

P2ACSR(Probabilistic ACSR with power consumption) ACSR-VP(ACSR with Value-Passing)

Conclusions


3/99


4/99

4/13/02 ETAPS 2002 4

Properties of embedded systems

Adherence to safety-critical properties Meeting timing constraints

Satisfaction of resource constraints

Confinement of resource accesses

Supporting fault tolerance

Domain specific requirements Mobility

Software configuration


5/99

4/13/02 ETAPS 2002 5

Real-time Behaviors

Correctness and reliability of real-time systemsdepends on Functional correctness

Temporal correctness

Factors that affect temporal behavior are Synchronization and communication

Resource limitations and availability/failures

Scheduling algorithms

End-to-end temporal constraints An integrated framework to bridge the gap between

concurrency theory and real-time scheduling


6/99

4/13/02 ETAPS 2002 6

Scheduling Problems

Priority Assignment Problem Schedulability Analysis Problem

Soft timing/performance analysis (ProbabilisticPerformance Analysis)

End-to-end Design Problem Parametric Analysis

End-to-end constraints, intermediate timing constraints

Execution Synchronization Problem

Start-time Assignment Problem with Inter-jobTemporal Constraints

Fault tolerance: dealing with failures, overloads


7/99

4/13/02 ETAPS 2002 7

Scheduling Factors

Static priority vs dynamic priority Cyclic executive, RM (Rate Monotonic), EDF (Earliest

Deadline First)

Priority inversion problem

Independent tasks vs. dependent tasks Single processor vs. multiple processors

Communication delays


8/99

4/13/02 ETAPS 2002 8

Example: Simple Scheduling Problem

( period, [ e-, e+] ), where e-and e+are the lower and upper bound ofexecution time, respectively.

Goal is to find the priority of each job so that jobs are schedulable

Considering only worst case leads to scheduling anomaly

(12, [1,2])

(4, [2,3]) (12, [1,3])

(4, [1,2])

(4, [1,2])

J2,2

J3,1 J2,1

J1,1J1,2

CPU1 CPU2 CPU3


9/99

4/13/02 ETAPS 2002 9

Example (2)

LetJ1,1 J2,1andJ2,2 J3,1Consider worst case execution time for all jobs, i.e.,

Execution timeE1,1=2,E2,1= 3, E2,2 = 2,E3,1 = 3

(12, [1,2])

(4, [2,3]) (12, [1,3])

(4, [1,2])(4, [1,2])

J2,2

J3,1 J2,1

J1,1 J1,2CPU1

CPU2 CPU3

J1,1

J3,1

4 8 12

4 8 12

J2,1 J1,1 J2,1 J1,1

J3,1 J2,2 J3,1

CPU2

CPU1


10/99

4/13/02 ETAPS 2002 10

Example (3)

With same priorities, J1,1 J2,1andJ2,2 J3,1Let execution time E1,1= 1, E2,1 = 1, E2,2 = 2,E3,1 = 3

(12, [1,2])

(4, [2,3]) (12, [1,3])

(4, [1,2])(4, [1,2])

J2,2

J3,1 J2,1

J1,1J1,2

CPU1 CPU2 CPU3

So with the priority assignment of J1,1 J2,1andJ2,2 J3,1,jobs cannot be scheduled and scheduling problems are in general NP-hard

J1,1

J3,1

4 8 12

4 8 12

J2,1 J1,1 J1,1

J2,2

CPU2

CPU1

J3,1 missed its deadline


11/99

4/13/02 ETAPS 2002 11

End-to-end Design Problem

Given a task set with end-to-end constraints on inputs andoutputs Freshness from input X to output Y (F(Y|X)) constraints:

bound time from input X to output Y Correlation between input X1 and X2 (C(Y|X1,X2))

constraints: max time-skew between inputs to output Separation between output Y (u(Y) and l(Y)) constraints:separation between consecutive values on a single output Y

Derive scheduling for every task Periods, offsets, deadlines

priorities Meet the end-to-end requirements Subject to

Resource limitations, e.g., memory, power, weight, bandwidth


12/99

4/13/02 ETAPS 2002 12

Job1

s1 s1+e1

Job2

s2 s2+e2

[ 5,7 ] [ 3,4 ]

2514

1012

Start-time Assignment Problem with Inter-job Temporal Constraints

Goalis to statically determine the range of start times for each job

so that jobs are schedulable and all inter-job temporal constraints

are satisfied.

Example: Start-time Problem


13/99

4/13/02 ETAPS 2002 13

Example: power-aware RT scheduling

Dynamic Voltage Scaling allows tradeoffs betweenperformance and power consumption

Problem is how to minimize power consumption whilemeeting timing constraints.

Example: three tasks with probabilistic executiontime distribution

Task Worst-case execution time Period

1 3 82 3 10

3 2 14


14/99

4/13/02 ETAPS 2002 14

Our approach and objectives

Design formalisms for real-time and embeddedsystems Resource-bound real-time process algebras

Executable specifications

Logic for specifying properties Design analysis techniques

Automated verification techniques

Parameterized end-to-end schedulability analysis

Toolset implementation


15/99

4/13/02 ETAPS 2002 15

Resource-bound computation

Computational systems are always constrained in theirbehaviors

Resources capture physical constraints

Resources should be supported as a first-class notion

in modeling and analysis Resource-bound computation is a general framework

of wide applicability


16/99


17/99

4/13/02 ETAPS 2002 17

Process Algebras

Process algebras are abstract and compositionalmethodologies for concurrent-system specificationand analysis.

Design methodology which systematically allows tobuild complex systems from smaller ones [Milner]


18/99

4/13/02 ETAPS 2002 18

Process Algebras

A process algebra consists of a set of operators and syntactic rules for constructing

processes a semantic mapping which assigns meaning or

interpretation to every process a notion of equivalence or partial order between

processes a set of algebraic laws that allow syntactic manipulation

of processes.

Ancestors CCS, CSP, ACP, focus on communication and concurrency


19/99

4/13/02 ETAPS 2002 19

Advantages of Process Algebra

A large system can be broken into simpler subsystems and thenproved correct in a modular fashion.

1 A hiding or restriction operator allows one to abstract awayunnecessary details.

2 Equality for the process algebra is also a congruence relation;and thus, allows the substitution of one component with anotherequal component in large systems.


20/99

4/13/02 ETAPS 2002 20

ACSR

ACSR (Algebra of Communicating Shared Resource) A real-time process algebra which features discrete

time, resources, and priorities

Timeouts, interrupts, and exception handling

Two types of actions: Instantaneous events

Timed actions


21/99

4/13/02 ETAPS 2002 21

Events

Eventsrepresent non-time consuming activities

events are instantaneous: crash

point-to-point synchronization


22/99

4/13/02 ETAPS 2002 22

Events

Events

have priorities:

have input and output capabilities

or

)p?,e(1

)p,!e(2

)10,job( 10

)p,e(1 )p,e( 2


23/99

4/13/02 ETAPS 2002 23

Actions

Actionsrepresent activities that take time require access to resources each resource usage has priority of access

each resource can be used at most once resources of actionA: idling action:

Examples:{(cpu,2}}, {(cpu1,3),(cpu2,4)},{(semaphore,5)}

2211 ,,, prprA

A


24/99

4/13/02 ETAPS 2002 24

Syntax for ACSR processes

Process terms

Process names

C

Pb

FPP

SRQP

PPPP

Pna

PA

NILP

I

a

t

|

|

\|][|

),,(|

||||

).,(|

:|

::

PCdef


25/99

4/13/02 ETAPS 2002 25

Constant and Nil

PCdef C is a constant that

represents the process

algebra expression P

P = NIL

P does nothing


26/99

4/13/02 ETAPS 2002 26

Prefix Operators

P performs timedaction A and then

behaves as Q

P = A:Q

P = (a,n).QP performs event

(a,n) and then

behaves as Q

EXAMPLE

Operator).1,hangup(:)}2,phone{(=Talk

Talk).1,pickup).(1,ring(=Operatordef


27/99

4/13/02 ETAPS 2002 27

Choice

P can choosenondeterministically

to behave like Q or R

P = Q+R

EXAMPLE

'').1,(

').1,(

CARgoright

CARgoleftCARdef


28/99

4/13/02 ETAPS 2002 28

Parallel Composition

Pis composed by Qand Rthat may synchronize on

events and must synchronize

on timed actions

P = Q || R

EXAMPLE

CallerOperatorConverse

CallerhangupphoneringCaller

Operatorhangup

phoneringOperator

def

def

def

||

).1,!(:)}3,').{(2,!(

).1?,(:

)}2,).{(1?,(


29/99

4/13/02 ETAPS 2002 29

Scope

Qmay execute for at mostttime units. If message ais

produced, control is delegated

to R, else control is delegated to

S. At any time Tmay interrupt.

)T,S,R(Q=P at

def

EXAMPLE

NIL!.finish+Run:)}1,run{(=Run

)rkBeepedToWo

GoToWork,

,eGoForCoffe(Run=Runner

def

finish

10

def


30/99

4/13/02 ETAPS 2002 30

Hiding/Restriction

P behaves just as Q butresources in I are no longer

visible to the environment

P = [Q]I

EXAMPLE

phone]Home[||PayPhone||Caller

P = Q\F

P behaves just as Q but

labels in F are no longervisible to the environment


31/99

4/13/02 ETAPS 2002 31

ACSR semantics

Gives an unambiguous meaning to language expressions.

Semantics is operational, given by a set of semanticrules.

Example of a labeled transition system:

P P P P PIC

0 1 2 3 4

N C gate, train gate, train...

{ } { }

ACSR

specification

Semantic

rules

Labeledtransition

system


32/99

4/13/02 ETAPS 2002 32

ACSR semantics

Two-level semantics: A collection of inference rules gives the unprioritized

transition relation

A preemptionrelation on actions and events disablessome of the transitions, giving a prioritizedtransitionrelation

PP

PP


33/99

4/13/02 ETAPS 2002 33

Unprioritized transition relation

PPpa pa

,:,ActI

PPA A

:ActT

Prefix operators

PQP

PP

ChoiceL

Choice

QPQP

PPpa

pa

||||,

,

ParIL

Parallel


34/99

4/13/02 ETAPS 2002 34

Unprioritized transition relation (II)

21

||||

21

21

AAQPQP

QQPPAA

AA

ParT

Resource-constrained execution

QPQP

QQPPpp

papa

||||

21

21

,

,!?,

ParCom

Priority-based communication

12 |0,][][ 21

1

AIrrAPP

PP

I

AA

I

A

CloseT

Resource closure


35/99

4/13/02 ETAPS 2002 35

Examples

Resource conflict

Processes must provide for preemption

Unprioritized transitions:

QrQ :)}2,{( NILQP ~||PrP :)}1,{(

PPrP ::)}1,{( QQrQ ::)}2,{(

QP||

QP || QP ||

)}1,{(r )}2,{(r


36/99

4/13/02 ETAPS 2002 36

Unprioritized transition relation (III)

)0(),,(),,( 1

tSRQPSRQP

PP at

Aa

t

A

ScopeCT

)0(),,(

),(

),(

t

QSRQP

PPna

t

na

ScopeE

)0,)((),,(),,(

tael

SRQPSRQP

PPa

t

ea

t

e

ScopeCI

)0(),,(

tRSRQP

RRa

t

ScopeT

)0(),,(

t

SSRQP

SSa

t

ScopeI


37/99

4/13/02 ETAPS 2002 37

Example

A SchedulerSchedSched :

).,.,().1,(_____

maxSchedrcSchedkillNILtc yt

(...):...(...):(...): 0

(tc,1)

1maxmax

yy

t

y

tSched

Sched

rc

Sched

rc kill

Sched


38/99

4/13/02 ETAPS 2002 38

Preemption relation

To take priorities into account in the semantics we

define the relation is preempted by :

)()(),( rrr

)()(),( rr

r

)}5,(),7,{()}5,(),3,{( 2121 rrrr

)()(

An action preempts action iff no lower priorities:

some higher priorities:

it contains fewer resources

e.g.

)1,()}4,{( r

An event preempts an action iff with non-zero priority preempts all

actions e.g.

)3,!()1,!( aa

An event preempts another event iff

same label, higher priority e.g.


39/99

4/13/02 ETAPS 2002 39

Prioritized transition relation

We define

when there is an unprioritized transition

there is no such that

Compositional

PP

PP

PP


40/99

4/13/02 ETAPS 2002 40

Example

Unprioritized and prioritized transitions:

PPrP ::)}1,{( QQrQ ::)}2,{(

QP||

QP || QP ||

)}1,{(r )}2,{(r

QP||

QP ||

)}2,{(r


41/99

4/13/02 ETAPS 2002 41

Example (cont.)

Resource closure enforces progress

}{|| rQP

}{|| rQP }{|| rQP

)}1,{(r )}2,{(r)}2,{(r

)}0,{(r

}{|| rQP

}{|| rQP


42/99

4/13/02 ETAPS 2002 42

This requirement was captured formally throughthe notion ofbisimulation, a binary relation on

the states of systems.

Observational equivalenceis based on the idea

that two equivalent systems exhibit the same

behavior at their interfaces with the environment.

Two states arebisimilarif for each single

computational step of the one there exists anappropriate matching (multiple) step of the other,

leading to bisimilar states.

Aa

B

A

C

ED

C D

B

a

b c

cb

a

Bisimulation


43/99

4/13/02 ETAPS 2002 43

Prioritized strong equivalence

An equivalence relation is congruence when it ispreserved by all the operators of the language.

This implies that replacement of equivalentcomponents in any complex system leads to equivalent

behavior.

Strong bisimulation over is a congruencerelation with respect to the ACSR operators.

PP


44/99

4/13/02 ETAPS 2002 44

Equational Laws

Equational laws are a set of axioms on the syntacticlevel of the language that characterize theequivalence relation.

They may be used for manipulating complex systems

at the level of their syntactic (ACSR) description. There is a set of laws that is complete for finite state

ACSR processes:

...

)R||Q(||P=R||)Q||P(P+Q=Q+P

NIL=P+PP=NIL+P


45/99

4/13/02 ETAPS 2002 45

Fixed-priority scheduling in ACSR

A set ofItasks with periodspiand execution times ei,sharing the same CPU (resource cpu), where deadlineequals period: each task receives the start signal from the

scheduler and begins executing

in each step, the task uses the resource cpuor idlesif preempted

Priority of CPU access is based on the process index

Taski= (start?,0) . Pi,0+ : Taski i ={1,,I}Pi,j=j < ei ( : Pi,j+ {(cpu,i)} : Pi,j+1)

+j= eiTaski i ={1,,I}

j ={0, ei}


46/99

4/13/02 ETAPS 2002 46

Scheduling and checking deadlines

Each task is controlled by an actuator process(intuitively, a part of the scheduler) Starts execution of a task by sendingstart Keeps track of deadlines

a task can acceptstartonly after it completes execution inthe previous period

Actuatori= (starti!, i). Ai,0 i= {1,2}

Ai,k= k < pi: Ai,k+1

+ k = piActuatori i = {1,2}, k= {0,pi}Jobi= (Taski|Actuatori)\starti


47/99

4/13/02 ETAPS 2002 47

Rate-monotonic scheduling

Order the task processes according to their periods tasks with higher rates have higher indices and thus

higher priorities

Compose the task processes and analyze for deadlock

the collection of tasks is schedulable iffthere is nodeadlock

RM= (Job1||Jobn)[cpu]


48/99

4/13/02 ETAPS 2002 48

Dynamic-priority scheduling

Unlike fixed-priority scheduling, such as RM, thepriority of a task changes with time

Earliest Deadline First (EDF) scheduling: priority of atask increases as it nears its deadline:

i= dmax(pi t) dmax= max(p1,,pn) An EDF task:

Taski= (start?,0) . Pi,0,0+ : Taski, i ={1,,I}

Pi,j,t=j < ei ( : Pi,j,t+1+ {(cpu, dmax(pit))} : Pi,j+1,t+1)

+j= eiTaski i ={1,,I}j ={0, ei}

t ={0,pi}


49/99

4/13/02 ETAPS 2002 49

Probabilistic ACSR

for soft real-time scheduling

analysis


50/99

4/13/02 ETAPS 2002 50

PACSR (Probabilistic ACSR)

ACSR extension for probabilisticbehaviors. Objective :

formally describe behavioral variations in systems thatarise due to failures in physical devices.

Since failing devices are modeled by resources weassociate a failure probabilityp(r)with everyresource r at any time unit, ris down with probabilityp(r)or up

with probability 1-p(r)

failures are assumed to be independent


51/99

4/13/02 ETAPS 2002 51

Syntax for PACSR processes

Similar to ACSR

Process terms

Process names

Distinction: For all resources r we write for thefailed occurrence of resourcer. Thus, an action canspecify access to failed resources.

CPbFPPSRQP

PPPPPnaPANILP

I

a

t ||\|][|),,(|

||||).,(|:|::

PC

def

r


52/99


53/99

4/13/02 ETAPS 2002 53

PACSR Semantics

Semantics of a PACSR process is given in terms ofprobabilistic transition systems: some transitions arelabeled with probabilities and others withactions/events.

Labeled Concurrent Markov Chain (LCMC)

a

c

1/2

1/2

1/3

2/3

b

d


54/99

4/13/02 ETAPS 2002 54

PACSR Semantics

Configurations are pairs of the form (P,W),where P is a PACSR process, and W is a world capturing the state of resources as follows

A configuration (P,W)is characterized as Probabilistic, if Prequires resources whose state is not in W.

Example: ( {r1,1}:Q , {r2} )

Nondeterministic, if all resource information required by Pisin W.

Example: ( (a,1):NIL , )

WrWrrWrWrr ,and,


55/99

4/13/02 ETAPS 2002 55

PACSR semantics (II)

The semantics is given via a pair of transitionrelations: Probabilistic transition relation,

Nondeterministic transition relation,

Let imr(P) be resources that can be used in the firststep:

)(,'| ArPPr A

)',(),( WPWP ppr

),(),( WQWP


56/99

4/13/02 ETAPS 2002 56

Operational semantics

WAPWPA

A

)(

),(),:( ActT

The nondeterministic transition relationis taken from ACSR,with one exception:

),(),(

)(),()(,

2

)(

121

2 ZWPWP

ZZWWPZSP

pZpr

p

Wimr The probabilistic transition relation is as follows:

)},(),__,(),,

__(),

__,

__{(})

__,({ 2121212121 rrrrrrrrrrW

W(Z)is a set of all possible scenarios of resources; e.g.,


57/99

4/13/02 ETAPS 2002 57

Let , pr(r1) = and pr(r2) = 1/3.

Then imr(P) = {r1,r2} and W({r1,r2})={{r1,r2}, {r1,r2}, {r1,r2}, {r1,r2} }

Thus by the probabilistic transition relation

Example

}),{,(),(}),{,(),(

}),{,(),(}),{,(),(__

2

__

1

3/1__

21

3/1

2

__

1

6/1

21

6/1

rrPPrrPP

rrPPrrPP

pp

pp

QrrP :)}3,(),2,{(__

21

)},{,(

),(}),{,(}),{,(

}),{,(

__

2

__

1

)}3,(),2,{(__

212

__

1

21

__

21

rrP

QrrPrrP

rrPrr

and by the nondeterministic transition relation


58/99

4/13/02 ETAPS 2002 58

Example: A faulty channel

where pr(ch) = 0.99

}ch{\)FCh}.ch{+

FCh.!out:}ch.({in+

FCh:=FCh

ch

inout

),( FCh_____

out),( P

in

}){,( chP }){,( chP

0.99 0.01

),.(_____

FChout


59/99

4/13/02 ETAPS 2002 59

Model Checking

In order to analyze PACSR specifications we may wantto check whether a specification satisfies a propertywritten as a logical formula.

We use a probabilistic HMLwith an untiloperator

The until operator is parameterized with regularexpressions over event names.

Syntax

where is a regular expression over actions and {,}

'|'|'||:: fffffffttf t

pp


60/99

4/13/02 ETAPS 2002 60

The until operator

'| ffP t

q There is some execution with

probability q for which fholds until

fbecomes true within timetand

observable behavior from

EXAMPLE

truehangup}wait,talk{true20

01.0

*

the probability that within 20 time units

after any number of talk and wait actions

action hangup arises is 0.01


61/99


62/99

4/13/02 ETAPS 2002 62

Model Checking

Schedulersare used for resolving non-determinism. These arefunctions that given a computation ending in a nondeterministicstate choose the next transition to take place.

Given a scheduler of a system P, sets of states Aand B, and aregular expression , we may compute probabilities

So for example:

'| ffP t

q iff there is scheduler such that

q PrA(P B, , t, ) where A = { P | P |= f }, B = { P | P |= f }

PrA(P B, , t, ),the probability of reaching a state in B,passing only via states in A, via paths with observablecontent in , and within t time units


63/99

4/13/02 ETAPS 2002 63

Equivalence Relations

New notions of equivalence for the LCMC model taking accountboth action types and probabilities.

In particular two LCMCs are strongly bisimilarif

1. they reach sets of bisimilar states with the sameprobability, and

2. for each nondeterministic step of one there exists a step ofthe other leading to bisimilar states.

1s 2s

1t 2t 3t 4t

1u

3u2u

2v

1v

s u

v 1

a b ba

a

a b

b~ ~


64/99

4/13/02 ETAPS 2002 64

Equivalence Relations

There is a set of laws that completely axiomatizesstrong bisimulation for PACSR processes.

Other equivalence notions include weak bisimulation

which relates systems that have the same observablebehavior, that is, it ignores actions.


65/99

4/13/02 ETAPS 2002 65

A Telecommunication Application

Based on the specification of a switching systemconsidered in AJK97.

The system consists of a number of concurrentprocesses with real-time constraints.

Probabilistic behavior is present in the form of probabilistic arrival of alarms, and

uncertain execution times of processes.


66/99


67/99

4/13/02 ETAPS 2002 67

PACSR Specification

IFBPAH

ASSchedBEnvSys

\\\)||||

||:||||(0 The system in its

initial state: a parallel

composition of all the

components

ii

iiiiii

ini

QNILaQ

QPrPrP

PEnv

::

)||(:}{:}{__

__1

The environment provides

probabilistic alarms: at the

failure of any of resources

rian alarm is sent viachannel a

The System

The environment


68/99

4/13/02 ETAPS 2002 68

PACSR Specification

Background Process

The Scheduler

}\{\).:}{':}({'

:).,,(').0,(

_____

___

rBPrcrBPrBP

BPBPkillNILNILBPtcBP h

).,.,().1,(_____

maxSchedrcSchedkillNILtc yt

SchedSched :

The background process

competes for processortime managed by the

scheduler. Its duration is

geometrically distributed.


69/99

4/13/02 ETAPS 2002 69

The buffer

The Alarm Samper and the Alarm Handler

nnnjnjnin

iiijijjiii

BoutBBdNILoverflowinB

BoutBBdBinB

BBinB

.:...

.:..

:.

____

1

____

11

010

PACSR Specification

AHrcdAHNILrcASinaAS

AHAHtcAHASAStcAS

AHAHoutAHASASAS

i

iptA

i

Aii

inii

p

..:.:''..''

:).2,(':'').2,('

:.):(||'

____)(

_____

____

)(

f


70/99

4/13/02 ETAPS 2002 70

Two configurations

Consider two versions of the system:S1with Possibility of 1 alarm per time unit,

Buffer size of 3

Capability of processing 2 alarms per time unit, andS2with Possibility of 2 alarms per time unit

Buffer size of 6

Capability of processing 4 alarms per time unit Comparison criterion:What is the probability of

overflow in the alarm buffer?


71/99

2


72/99

4/13/02 ETAPS 2002 72

P2ACSRA power-aware extension of PACSR

A unified framework for modeling and analyzing power-aware

real-time systems. We associate a further attribute to resource usage, that of

power consumption.

The syntax remains the same, except that actions are tuples of

the form (r,p,c),whereris the resource,pis thepriority leveland cthepower consumptionof the resource usage.

EXAMPLE

2

1

:)}3,1,{(

+:)}0,1,{(

Callcellphone

Callphone

P2ACSR


73/99

4/13/02 ETAPS 2002 73

P2ACSR

Semantics is given similarly to PACSR, as a LCMC. We can use various techniques to perform various

analyses on P2ACSR models including: Model checking

We may express temporal logic properties involvingpower consumption bounds and check that they aresatisfied by P2ACSR processes.

Probabilistic bounds on power consumptionWe may compute the probability that power

consumption exceeds certain limits. Average power consumption

We may compute the average power consumption duringintervals of interest.

D i V lt S li


74/99

4/13/02 ETAPS 2002 74

Dynamic Voltage Scaling

Dynamic voltage scalingis a technique proposed formaking energy savings by dynamically altering thepower consumed by a processor.

Lower frequency execution implies longer processing

of tasks.

This may lead to violation of real-time constraints.

[Pillai and Shin 01] propose extensions to real-time

scheduling algorithms to make use of dynamic voltagescaling.


75/99

P A R l Ti S h d li


76/99

4/13/02 ETAPS 2002 76

Power-Aware Real-Time Scheduling

The algorithm of [Pillai and Shin] takes advantage of thepossibility of early termination of a task by then executing thenext task at the lowest possible frequency.

Specifically, on every release or completion of a task it re-computes the sum

where is the computation time of the last execution of

task i or ciif task i has just been released. Based on this value it decides the lowest frequency that is

consistent with the current effective utilization.

n

last

n

last

pc

pc +...+=

1

1

last

ic

P A R l Ti S h d li


77/99

4/13/02 ETAPS 2002 77

Taski= (starti?,0) . (releasei!, i). Execi,0,0+ : Taski i ={1,,I}

Execi,e,t= e < ci

((fast? , i) ( : Execi,e,t+1

+ {(cpu, dmax(pit)),(cont,1)} : Execi,e+1,t+1

+ {(cpu, dmax(pit)), (cont,1)} : (endi,e+1!,i). Taski)

+ (slow? , i) ( : Execi,e,t+1

+ {(cpu, dmax(pit)),(cont,1)} :

({(cpu, dmax(pit)),(cont,1)} : Execi,e+1,t+2

+ {(cpu, dmax(pit)), (cont,1)} : (endi,e+1!,i). Taski)

+ e = ciTaski


First we extend the model of a task with the ability of executing

slower or faster. It responds to messages fastand slow. In theslow mode a computation step takes twice as long, i.e two timeunits. It also signals its releasewhen execution commences andits completiontime when it completes.


78/99

P A R l Ti S h d li


79/99

4/13/02 ETAPS 2002 79

SetNew decides the lowest frequency to the current effectiveutilization and sends the appropriate signal

SetNewe1,e2,e3 = e1/p1+ e2/p2+ e3/p3 < (fdown!,4). Scalee1,e2,e3

+e1/p1+ e2/p2+ e3/p3 (fup!,4). Scalee1,e2,e3

DVSfastand DVSslowdescribe the processor operating in the highand low frequency, respectively

DVSfast ={(power,1,pwfast)}:DVSfast+ (fast!,1).DVSfast

+(fdown?,0).DVSslow+ (fup?,0).DVSfast

DVSslow ={(power,1,pwslow)}:DVSslow+ (slow!,1).DVSslow

+(fdown?,0).DVSslow+ (fup?,0).DVSfast



80/99

C t k


81/99

4/13/02 ETAPS 2002 81

Current work

Logical characterization of probabilistic weakbisimulation

Ordering relations for comparing power consumptionof protocols

Prototype toolset (underway), extend with Model checking

Long-term averages computation

compute performance properties such as task throughput or

average latency


82/99

4/13/02 ETAPS 2002 82

ACSR-VP

for design synthesis and

parametric analysis

E l A St t ti A i t P bl


83/99

4/13/02 ETAPS 2002 83

Example: A Start-time Assignment Problem

Start-time Assignment Problem with Inter-job TemporalConstraints

The order of execution of job is not known Goal is to statically determine the range of start times for each

job so that jobs are schedulable and all inter-job temporalconstraints are satisfied.

Job1

s1 s1+e1Job2

s2 s2+e2

[ 4,7 ] [ 3,4 ]

2514

1012


84/99


85/99

Symbolic Bisimulation (Informal Description)


86/99

4/13/02 ETAPS 2002 86

P(x) =(x< 0) (b!x,1).nil+ (x0)(a!x+1,1).nil Q(y) = (a!y,1).nil

P(x)x 0(a!x+1,1)

I d

x < 0

(b!x,1)

I d

Q(y)true

(a!y,1)

I d

Symbolic Bisimulation (Informal Description)

XPQ(x,y) = (x< 0false)(x0(truex+1 = y))(true(x0 y = x+1))

x 0 x+1=y


87/99

ACSR VP approach


88/99

4/13/02 ETAPS 2002 88

ACSR-VP approach

Provides a formal framework for modeling real-time systems, especiallyfor real-time scheduling problems such as

Priority Assignment Problem

Execution Synchronization Problem Start-time assignment problem

Period assignment problem

Deals with unknown parameters in the problems rather than yes/noanswer (i.e., parametric approach )

Provides a fully automatic method for the analysis of real-timescheduling problems

Takes advantages of existing techniquessuch as integer programming

and BDD

Overview of General Approach


89/99

4/13/02 ETAPS 2002 89

Overview of General Approach

Constraint Logic Programming or Theorem Prover

Solution Space (Ranges of Free Variables)

System Described

in ACSR-VP

Non-blocking Process

in ACSR-VP

Symbolic Weak Bisimulation

Predicate Equations with Free Variables

SGA SGA

Example: Start time Assignment Problem


90/99

4/13/02 ETAPS 2002 90

Example: Start-time Assignment Problem

Start-time Assignment Problem with Inter-job TemporalConstraints

Goal is to statically determine the range of start times for eachjob so that jobs are schedulable and all inter-job temporalconstraints are satisfied.

Job1

s1 s1+e1Job2

s2 s2+e2

[ 4,7 ] [ 3,4 ]

2514

1012

Modeling With ACSR VP


91/99

4/13/02 ETAPS 2002 91

Jobi(t,s) = ( t < s ): Jobi(t+1,s)+ ( t = s ) (Start!,1).Jobi (0,t,s)

Modeling With ACSR-VP

The following fragments of ACSR-VP describe the start time assignment

problem with inter-job temporal constraints

Jobi(e,t,s) = ( e < ei-) {(cpu,1)}: Jobi(e+1,t+1,s)

+ ( e = ei-) Jobi (e,t,s)

Jobi(e,t,s) = ( e < ei+) {(cpu,1)}: Jobi(e+1,t+1,s)

+ ( e ei+) (F in ished!,1).I dle

Constraint(t) = (start?,1).Constraint1(t) + : Constraint(t+1)Constraint1(t) = (F in ished?,1).Constraint2(t) + : Constraint1(t+1)

System(s1,,sn) = (Job1(0,s1)|||| Jobn(0,sn)||Constraint(0))\{Star t,F inished}

Constraint2(t) = ( t 12 ) Constraint3(t,0)Constraint3(t) =

Predicate Equations


92/99

4/13/02 ETAPS 2002 92

X0( t, s1, s2) = ( t 5 t < s2) X1( t+1, s1, s2)( t 5 t = s1) X2( 0, t+5, s2)( ( t 5 t < s1 X1( t+1, s1, s2) )( t < 5 t = s1X2( 0, t+5, s2) ) )

X1( t, s1, s2) = X2

X2( e, s1, s2) = X1

Predicate Equations

The following fragments of predicate equations are generatedfrom the symbolic weak bisimulation algorithm with the infiniteidle process

To get the values ofs1ands2, we can ask

a query X0( 0,s1,s2)

Solution Space


93/99

4/13/02 ETAPS 2002 93

Solution Space

The solutions to the predicate equations can beobtained using linear/integer programmingtechniques,constraint logic programmingtechniques, or a theoremprover.

The solutions for the previous exampleare:

Start time S1

Start time S2

3 4 4 5 5

14 14 15 14 15

5

16

An Automatic Approach


94/99

4/13/02 ETAPS 2002 94

An Automatic Approach The disadvantage of symbolic weak bisimulationis that it requires to add

new edges into SGA. This will increase the size of predicate equations The disadvantage of CLPis that there is no guarantee that it terminates

Reachability Analysis: Finding a condition that makes a systemschedulable is equivalent to finding a condition that guarantees there isalways a cycle in an SGA regardless of a path taken No need to add new edges

Restricted ACSR-VP Give syntactic restriction to identify a decidable subset of ACSR-VP

Control Variable : in finite range; Values can be changed Data Variable : could be in infinite range; Values cannot be changed

P(x:0..100,y) = (x10) :Q(x+3, y)

Generate a boolean expression or boolean equations (i.e., no need to use CLP)

Conclusions: resources


95/99

4/13/02 ETAPS 2002 95

Conclusions: resources

We have presented a family of resource-boundprocess-algebraic formalisms the notion of a resourceplays central role

Abstractions of physical resources

Resource sharing: coordination and synchronization

Resource consumption takes time: real-time behavior

Resource failures: probabilistic behavior

Sample application domain: analysis of schedulingproblems Other domains: protocol analysis, rapid prototyping

Conclusions: analysis techniques


96/99

4/13/02 ETAPS 2002 96

Conclusions: analysis techniques

Analysis of safety properties by means of deadlockdetection

Conformance analysis by means of equivalence andpreorder checking

Probabilistic analysis techniques: Model checking Resource utilization

Parametric analysis in ACSR-VP

Extensions


97/99

4/13/02 ETAPS 2002 97

Extensions

Presented: serially reusable resources with accessconstraints

Other typesof resources: Consumable resources: each resource use depletes

resource stock Multi-capacity resources: allow simultaneous access by alimited number of processes

Other kinds of resource constraints: non-functional constraints such as memory, power

consumption, weight, etc.


98/99


99/99

Q&A

Date post:	03-Jun-2018
Category:	Documents
Author:	sumit-verma
View:	240 times
Download:	1 times

Etap Tutorial v8

Documents

ETAP CASE-0175

eTap AXS HRD Caliper/Hose Replacement/ Electronic ... · SRAM eTap AXS Hydraulic Brake Systems 5 SRAM eTap AXS Hydraulic Brake Systems We recommend that you have your SRAM eTap AXS

Readme etap

TUTORIAL MASTER CAM V8 X7 POCKET

ETAP PowerStation 4

ETAP Results

Tutorial ETAP 5.0

Dear athletes and cycling enthusiasts,2.etap Alanya-Antalya ve 3.etap Fethiye-Marmaris 4.etap olan Marmaris-Selçuk, Meryem Ana Selçuk’tan 5.etap Manisa’da tamamlanacak. 6. ve

ETAP 16 Billboard

Etap Simulation

Cable Systems - ETAP

Etap Guide

Etap Final Ppt

etap DEMO GUIDE

Tutorial Mplab Ide v8 by Ronaldo

Etap 32s - Aukena · 2019-07-03 · Etap 32s - Aukena Page 1 of 16 Etap 32s - Aukena Make: Etap-Yachting Price: €69.500,- Model: Etap 32S Hull: GRP Condition: used Year: 2005 Raising

ETAP PowerStation 4 - ISI Academy Eng Courses/ETab/Tutorial... · Operation Technology, Inc. 10-6 ETAP PowerStation 4.0 . AC-DC Elements UPS Vdc This field displays the DC voltage

ETAP 16 Readme