1. Towards a Contract-based Fault-tolerant Scheduling Framework for Distributed Real-time Systems Abhilash Thekkilakattil, Huseyin Aysan and Sasikumar Punnekkat Mälardalen Real-Time Research Centre, Mälardalen University, Sweden

2. Introduction Complexity of real-time systems Component Based Software engineering 5 86 538 Reliability Requirements Contracts for real-time components Enable correct composition of components Ensure correctness by construction Pervasiveness of real-time Systems

3. Improving Reliability of Real-time Systems Zonal and functional hazard analyses Checks if the redundancies indeed exist Ensures that independent components are not affected by common causes Provides input to the design e.g., separation and segregation of components Zonal analysis for software systems Improves the reliability of software components Removes failures on independent components due to common causes Inputs to the design e.g., allocation Transient errors: most widespread cause of failure Solution: re-execute the failed component Taken from toonpool.com

4. Problem Allocation and scheduling of real-time components on a distributed platform Satisfy the re-execution requirements of critical components Satisfy the distribution requirements of critical components Maximize service to the non-critical components Fulfill real-time requirements ComponentTime Period (T i ) Worst Case Execution Time (C i ) Re-executions required ( R i ) No. of re-executions required on a different node (m i ) Criticality A10221C B5211C C5100N D 600N

5. Task allocation problem: an NP hard problem We use known optimization methods: achieve efficient allocation Satisfying the reliability requirements: an NP hard problem We simplify by introducing Feasibility Windows Feasibility Windows: temporal intervals for task executions Fault Tolerant Feasibility Windows for critical components Fault Aware Feasibility Windows for non-critical components Contracts for fault-tolerance Contract: task parameters which provide the required guarantees Offline contracts: offline guarantees for critical components Online contracts: maximize service to non-critical components Overview of the Solution

6. Method Allocate the components on the minimum number of processors Derive Fault Tolerant Feasibility Windows for critical components Derive Fault Aware Feasibility Windows for non critical components Derive contractual parameters to ensure that the executions are within the derived windows

7. Minimum size of a window of a component=WCET of the component Guarantees feasible execution of the component Feasibility windows of the same component are disjoint in time Ensure timely execution in order to enable the re-execution To preserve the order of execution of the component and its re- executions While allocation the processor utilization demand during any interval should not exceed the size of the interval to avoid overloads New method to deal with offsets Derived from the classical feasibility analysis by Baruah et. al Optimization Formulation

8. Example A2BB B1 A1 DDBB AB1 A1 A CC CC FT_FW(A2) FT_FW(B) FT_FW(A)FT_FW(A1) FT_FW(B1) FA_FW(C) Worst Case Maximum fault occurrence Node1 1058 6 53 8 Node2 53 10 5 8 86 Better than Worst Case Less than maximum fault occurrence Node1 Node2 DD ComponentTime Period (T i ) Worst Case Execution Time (C i ) Re-executions required ( R i ) No. of re-executions required on a different node (m i ) Criticality A10221C B5211C C5100N D 600N

9. Conclusions We have proposed a methodology for the allocation and scheduling of components with mixed criticalities which: Guarantees the re-execution requirements for the critical components: offline contracts Maximize the service to non-critical components: online contracts Scheduler independent Allocation on the minimum number of processors Future work includes Feasibility of real-time components with offsets: complexity reduction Optimality

10. ?