Real-Time Systems Group University of Pennsylvania 5/24/2001 Resource-bound family of real-time process algebras Oleg Sokolsky, Insup Lee Real-Time Systems.

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Resource-bound family of real-time process algebras

Oleg Sokolsky, Insup LeeReal-Time Systems GroupUniversity of Pennsylvania

Joint work with Richard Gerber, Duncan Clarke, Hanène Ben-Abdallah, Anna Philippou, Hee-Hwan

Kwak, Jin-Young Choi, and many, many others

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Outline

• Resource-bound computation• Process-algebraic modeling

– ACSR– PACSR

• Future extensions– domain-specific formalisms– resource equivalences and preorders

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Resource-bound computation

• Computational systems are always constrained in their behavior

• Resources capture physical constraints• Resources should be used as a primitive

notion in modeling and analysis• Resource-bound computation is a general

framework of wide applicability

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Domain-specific extensions

• Different problem domains need different treatments– different nature of resources– different kinds of communication– different kinds of analysis

• Provide for variations within the general framework of resource-bound computation

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Resources

• Resources capture constraints on executions• Resources can be

– Serially reusable: • processors, memory, communication channels

– Consumable • power

• Resource capacities– Single-capacity resources– Multiple-capacity resources– Time-sliced, etc.

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Events

• Events represent communication– events are instantaneous – point-to-point communication across

channels– prioritized access to channels– input and output events

)?,( 1pe ),!( 2pe

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Actions

• Actions represent computation– actions take time– require access to resources– each resource has priority of access

– each resource can be used at most once– resources of action A: – idling action

2211 ,,, prprA

A

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Computation model

• A specification is composed of processes • Processes evolve by performing events and

actions

1P

3P2P

2,cpu 2,cpu

1,!done

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Syntax for ACSR processes

• Process terms

• Process names

C

Pb

FP

P

SRQP

PP

PP

Pna

PA

NILP

I

at

|

|

\|

][|

),,(|

|||

|

).,(|

:|

::

PCdef

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

ACSR semantics

• Two-level semantics:– A collection of inference rules gives

unprioritized transition relation

– A preemption relation on actions and events disables some of the transitions, giving a prioritized transition relation

PP

PP

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Unprioritized transition relation

• Prefix operators

• Choice

• Parallel

PPA A

: ActT PPpa pa

,:,

ActI

PQP

PP

ChoiceL

QPQP

PPpa

pa

|||| ,

,

ParIL

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Unprioritized transition relation (II)

• Resource-constrained execution

• Priority-based communication

• Resource reservation

21 ||||

21

21

AAQPQP

QQPPAA

AA

ParT

QPQP

QQPPpp

papa

||||

21

21

,

,!?,

ParCom

12 |0, ][][ 21

1

AIrrAPP

PP

IAA

I

A

CloseT

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Preemption relation

is preempted by :• action preempts action

– no lower priorities:– some higher priorities:–

• event preempts event– same label, higher priority

• event preempts action with non-zero priority preempts all

actions

)()(),( rrr )()(),( rrr

)}5,(),7,{()}5,(),3,{( 2121 rrrr

)3,!()1,!( aa

)}4,{()1,( r

)()(

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Prioritized transition relation

• We define

when:– there is an unprioritized transition

– there is no such that

PP

PP

PP

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Example

• Resource conflict:

• Processes must provide for preemption

• Unprioritized and prioritized transitions:

PPrP ::)}1,{(

QrQ :)}2,{( NILQP ~||PrP :)}1,{(

QQrQ ::)}2,{(

QP ||

QP || QP ||

)}1,{(r )}2,{(r

QP ||

QP ||

)}2,{(r

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Example (cont.)

• Resource reservation enforces progress

}{|| rQP

}{|| rQP }{|| rQP

)}1,{(r )}2,{(r )}2,{(r

)}0,{(r

}{|| rQP

}{|| rQP

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

ACSR analysis techniques

• Prioritized strong and weak bisimulation• Reachability analysis and deadlock

detection– schedulability analysis

• A collection of periodic tasks and the scheduler are encoded as ACSR processes

• Schedulable iff deadlock free

• Parametric analysis with ACSR-VP– Which combinations of task parameters

yield schedulable systems

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

PACSR

• ACSR extension for fault-tolerant systems• Consider physical failures

– occur in components modeled by resources

• Associate a failure probability pr with every resource r– at any time unit, r is down with

probability pr or up with probability

– failures are independent

rp1

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Resource failures and recoveries

• An action containing resource r cannot be taken when r is failed

• Failed resources: • Recoveries are modeled by using failed

resources in actions

NILPAArr :)( failed, is

recnormal PrPr :)}1,{(:)}1,{(

)(1)( , rrr pp

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

PACSR semantics

• A world W is a set of resources such that

• Immediate resources of a process imr(P), resources that can be used in the first step

• Configuration: a process within a world (P,W)– Nondeterministic configurations: W contains all

resources from imr(P) or their complements– Probabilistic configurations: otherwise

WrWrr ,

)(,'| ArPPr A

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

PACSR semantics (II)

• PACSR semantics gives a transition relation over configurations

• Nondeterministic transition relation is taken from ACSR, with one exception:

• Probabilistic transition relation

WAPWPA A

)(

),(),:( ActT

),(),(

)(),()(,

2)(

121

2 ZWPWP

ZZWWPZSP

prZp

p

Wimr

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

PACSR analysis techniques

• Probabilistic weak bisimulation• Probabilistic reachability and deadlock

detection– compute the probability of reaching an

event• Long-term averages computation

– compute performance properties such as task throughput or average latency

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Future work: other domains

• Power-sensitive applications– associate power consumption measure with

every resource usage– provide for different levels of power

consumption

• Possible technical approach:– multi-capacity resources: r:n– multiple occurrences in actions:– power consumption increases with each

occurrence

)}2,(),1,{( rr

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

New resource equivalences

• Two processes can have the same functional behavior but with different patterns of resource use

• For example:• Resource equivalence relation:

– along every path, processes exhibit• the same I/O behavior• consume the same resources

• Reason about tradeoffs

PrrPrr :)}1,(),1,{(:)}1,{(:)}1,{(

5/24/2001

Real-Time Systems GroupUniversity of Pennsylvania

Conslusions

• Resource-bound specification formalisms proved useful is several problem domains

• Extensions to other domains will make the approach more widely applicable

• Easily accommodate other kinds of constraints (size,weight, etc.)