Fault Recovery Mechanisms in Utility Accrual Real Time Scheduling Algorithm

In this paper, we proposed two recovery solutions over the existing error-free utility accrual scheduling algorithm known as General Utility Accrual Scheduling algorithm (or GUS) (Peng Li, 2004). A robust fault recovery algorithm called Backward Recovery GUS (or BRGUS) works by adapting the time redundancy model i.e., by re-executing the affected task after its transient error period is over. The BRGUS is compared with a less complicated recovery algorithm named as Abortion Recovery GUS (or ARGUS) that simply aborts all faulty tasks. Our main objectives are (1) to maximize the total accrued utility and (2) to ensure correctness of the executed tasks on best effort basis and achieve the fault free tasks as much as possible. Our simulation results reveal that BRGUS outperforms the ARGUS algorithm with higher accrued utility and less abortion ratio, making it more suitable and efficient in adaptive real time system.


Introduction
A real time system is a system where the time at which events occur is important.In adaptive real time system, the deadline misses and delays during overloads are tolerable and do not have great consequences.The definition of deadline constraints in existing deadline based scheduling algorithms such as Earliest Deadline First (or EDF) is limited in expressiveness by its singular metrics.A clear distinction has been made between the urgency and the important of a task by Jensen and it is known as time/utility functions (or TUFs) (Jensen, 1985;Locke, 1986).As illustrated in Figure 1, the urgency is measured as a deadline on X-axis and importance is captured by utility in Y-axis.A task's time constraint expresses the utility for completing a task as a function of when the task is completed.As shown in Figure .1,completion of a task within its initial time and termination time will accrued some utility or zero utility otherwise.We specify the deadline constraint of a task a binary value, downward step shaped TUF as shown in Figure 1.
The scheduling optimality criteria are based on maximizing accrued utility from those tasks.These criteria are named as Utility Accrual (or UA) (Wu, 2004).A closer look at the UA algorithms in (Ravindran, 2005;Edward, 2007) indicates that only the Aborted-Assured Utility Accrual (or AUA) and Handler-Assured Utility Accrual (or HUA) algorithms consider fault in its scheduling decision.These algorithms consider the abortion and released handler for all task failures.To the best of our knowledge, none of the prior works in UA scheduling domains consider time redundancy in their fault recovery design model.In this paper, we apply the time redundancy model for fault recovery in UA scheduling domain.

Fault
The term error and fault are often used as synonym.However, the definition in (Sasikumar, 1997) is appropriate in the context of problems analyzed in this study.A fault is a defect in component or design of a system.Fault can be categorized as permanent and transient.Permanent faults include hardware breakdowns, connection disruption as well as design errors.A transient fault category is when an error disappear shortly after it appearance.These types of faults are caused by software design error or environmental variations.We focused on transient faults since previous studies in (Sasikumar, 1997;George, 2003) have indicated that majority of faults observed during the lifetime of a system are caused by transient faults.

Fault Recovery
Almost every fault recovery mechanism relies on some form of redundancy.Space redundancy is employed by extra hardware and software component that is introduced in the system only for fault recovery purposes (Mejia, 1994).A less expensive approach is via the use of time redundancy, which is based on repeating the computation and typically does not require a large amount of extra resources (Sasikumar, 1997).This paper focused on time redundancy paradigm, since it is suitable for non-distributed and uniprocessor environment.
Two main approaches for fault recovery are backward and forward recovery technique.In forward recovery technique, the system does not roll back to its previous safe state and it allows for another available resource to perform recovery.This technique works well in distributed system environment whereas extra resources are widely available.In contrast, the backward technique attempts to take the system back to its previous safe state and then proceeds to re-execute the affected task (Sasikumar, 1997).

Task Model
During the lifetime of a task, it may request one or more resources.As shown in Figure 2, a task specifies duration to hold the requested resource in holdtime.We apply the Jensen's TUFs (Jensen, 1985;Locke, 1986) to define the time constraints of a task.Each task has an initial time and a termination time.If the termination time of a task is reached and the task has not completed its execution, it will then be aborted.Aborting a task will change the task state from Normal to Abort mode.Completion of task before the deadline in Normal mode accrues some uniform utility and accrues zero utility otherwise.Following (Peng Li, 2004), our proposed algorithm measures the metric called Potential Utility Density (or PUD) that was originally developed in (Jensen, 1985).The PUD of a task measures the amount of utility that can be gained per unit time by executing the task.Thus, executing task in Abort mode will accrues zero PUD and accrued zero utility to the system.

Fault Definition
In our fault model we assumed that the system have error containment capabilities to prevent the propagation of a specific error to other tasks.The transient faults in a request can be effectively overcome by re-execution of the request in the affected task.A request is suspended temporarily to model the transient error defects.Figure 3 shows the procedures to detect and simulate the transient error in the system.The fault occurrences and its duration follow the exponential distribution as detailed in Table 1.We further assumed that no error occurred during the fault recovery process.

The Fault Recovery Algorithms
Figure 4 shows a description of Backward Recovery GUS (or BRGUS) and Abortion Recovery GUS (or ARGUS) for error recovery.The recovery process follows three stages and is described as follows: 1) The transient erroneous period of the erroneous task, Trec is over.
After the transient error is over, the task needs to release the resource before executing the recovery algorithm in stage 2.

2) Executes the fault recovery algorithm, either ARGUS or BRGUS
In BRGUS, after the erroneous period of a request is over, the time taken to re-execute the request (i.e., holdtime) is measured.The system is rolled back to its previous safe state (i.e., before error occurred) and then proceeds to re-execute the affected task (Sasikumar, 1997).A request is eligible for re-execution if the holdtime of the request does not exceed the remaining execution time of a task.Otherwise, the task will be aborted since re-executing the task will finally result in abortion later during termination time.The AbortTime is the time taken for the task to abort the resource.Our proposed recovery algorithm works in a best-effort basis, in the sense that a task is simply aborted if it does not have enough time to be re-executed or continue re-execution otherwise.In ARGUS, all faulty tasks are simply aborted and no error recovery performed (Edward, 2007).
3) Check the availability of the requested resource.
If the related resource is available, the requesting task continues its re-execution or abortion procedure directly.On the other hand, if the resource is busy and currently being used by other task, the requesting task has to wait for the resource in the unordered task list (or utlist).

Simulation Model
We developed a discrete event simulator to verify the performance of our proposed algorithm.We used experiment settings that are similar to those in (Peng Li, 2004) for comparison purpose.Figure 5 shows the entities involved in the simulation model.It consists of a stream of 1000 tasks that are exponentially generated, an unordered task list (or utlist) and a set of active resources.The requests from tasks are queued in the unordered task list before it can use the resources.The scheduling algorithm decides which request to be executed by calculating the PUD of the request.The tasks are assumed to be independent of each other.The events defined in the simulation model are the arrival of a task, the completion of a task, a resource request, a resource release, the arrival of termination time of a task, the arrival of fault in a request and the arrival of a fault recovery in a request.Table 1 summarized the details task settings used in our model.

Performance Metric
The Accrued Utility Ratio (or AUR) metric defined in (Jensen, 1985) has been used in many algorithms stated in (Locke, 1986;Wu, 2004;Peng Li, 2004;Ravindran, 2005;Edward, 2007) and can be considered as standard metric in UA scheduling domain.AUR is defined as the ratio of accrued aggregate utility to the maximum possibly attained utility.The Abortion Ratio (or AR) is the ratio of aborted task to the total of task in the system.The Average Response Time (or ART) measures the time taken for a task to complete its execution.

Results and Analysis
Figure 6 shows the AUR results under an increasing load.The error-free in GUS is the upper limit of our proposed recovery algorithms.We observed that BRGUS algorithm accrued higher utility compared to ARGUS for the entire load range.Clearly, the attempt to re-execute the faulty tasks significantly improved the accrued utility in BRGUS.Since aborted tasks produced zero utility, this caused ARGUS to accrue lower utility.Figure 7 plots the success ratio of BRGUS and ARGUS under an increasing error rate.We observed that the number of successfully executed tasks decreases as the error rate and load is higher.Figure 8 verifies our speculation, proving that the abortion ratio in BRGUS is lower than in ARGUS, which ultimately leads to higher utility accrued.
Figure 9 shows the ART effects of the proposed algorithms.Although BRGUS accumulates higher ART compared to ARGUS, it is always lower than its execution time (i.e., 0.5seconds).This is identified as BRGUS tradeoff, whereby the extra time taken is the time overhead incurred for re-execution of the faulty tasks during recovery process.The more tasks get re-executed, the higher utility that BRGUS is able to accrue back to the system

Conclusion
This paper presents quantitative results of a best effort UA real time scheduling algorithm called BRGUS that applied time redundancy paradigm for fault recovery.Simulation studies shows that the BRGUS achieved higher accrued utility with smaller abortion ratio, conforming to our design objectives.Future work includes implementing in real time operating system (RTOS) to observe the actual behavior of BRGUS algorithm.

Table 1 .
Improved Energy Efficiency.Proceeding of the 2 nd IEEE/ACM/IFIP International Conference of Hardware/Software Codesign and System Synthesis, 55-60 Simulation Parameters