Scheduling Transient Overload with the TAFT Scheduler

Nearly all known real-time scheduling approaches rely on the knowledge of Worst Case Execution Times (WCETs) for all tasks of the system. This is a severe restriction, as with today’s complex systems it becomes increasingly more expensive to determine WCET by applying analytical methods and the computed results often turn out to be a very pessimistic upper bound for the observed execution time. Moreover, in many complex real-time applications that consist of heterogeneous components it is virtually impossible to compute WCETs at all. Also, more and more research is undertaken to enable real-time systems to cope at least with transient overload [Ber01, Ric01]. Transient overload occurs, whenever the system needs more computing resource than available in order to be able to complete all tasks before their deadline. With the classic concept of WCETs, transient overload can be avoided by an appropriate acceptance test that the scheduler uses to check schedulabilty before a task set is admitted to execution. However, even in the world of hard real-time systems with known WCETs it has turned out, that sometimes the overall load imposed by the environment can be higher that expected (either because of wrong design assumptions or dynamic changes in the system or its environment). If this happens, it is unacceptable for a safety-critical system to fail completely. Instead some kind of graceful degradation is desirable, where the system tries to ensure the timely execution of at least the most important tasks. In both cases, unknown WCETs and transient overload, the assumption that all parameters of a system are known apriori does not hold any more. This lead us to the idea of using estimated execution times that are based on statistics and system monitoring instead of fixed WCETs. However, this also means that these estimated execution times can turn out to be wrong for some (longer-lasting) task instances and a scheduler that has based its decisions on these wrong assumptions has to deal with this situation. One approach to achieve this is to trade optimal timeliness for functionality, a well-known strategy in fault tolerance. A timing fault occurs whenever the actual execution time of a task is greater than expected, either caused by a wrong timing estimate or by transient overload. The TAFT (Time-Aware Fault-Tolerant) scheduling [Net01] is able to handle these kinds of timing faults in a way such that deadlines are still met. This presentation first sketches TAFT scheduling. Then, it discusses a scheduling scheme and an execution environment that makes use of a combination of Earliest Deadline scheduling strategies to implement TAFT. This scheme allows for a simple acceptance test and achieves a small scheduling overhead at run-time. Finally, simulation results are presented that show the achieved real-time behavior with an increased acceptance rate, a higher throughput, and a graceful degradation in transient overload situations compared to standard schedulers.