Property-Based Modulable Timing Analysis and Optimization for Complex Cyber-Physical Real-Time Systems

The advanced development of embedded computing devices, accessible networks, and sensor devices has triggered the emergence of complex cyber-physical systems (CPS). A cyber-physical system continuously monitors and affects the physical environment which also interactively imposes the feedback to the information processing system. The applications of CPS include healthcare, automotive systems, aerospace, power grids, water distribution, disaster recovery, etc. Due to their intensive interaction with the physical world, in which time naturally progresses, timeliness is an essential requirement of correctness. Communication and computation of safety-critical tasks should be finished within a specified amount of time, called deadline. Otherwise, even if the results are correctly delivered from the functional perspective, the reaction of the CPS may be too late and results in a catastrophe.

One example is the release of an airbag in a vehicle, which only functions properly if the bag is filled with the correct amount of air in the correct time interval after a collision, even in the worst-case timing scenario. While in an entertainment gadget a delayed computation result is inconvenient, in the control of a vehicle it can be fatal. A modern society cannot adopt a technological advance when it is not safe.

To design a timing predictable and rigorous cyber-physical real-time system, two separate but co-related problems have to be considered:
1. how to design scheduling policies to feasibly schedule the tasks on the platform and system model, referred to as the scheduler design problem, and
2. how to validate the schedulability of a task system under a scheduling algorithm, referred to as the schedulability test problem, to ensure deterministic and/or probabilistic timing guarantees.


The goal of PropRT is to provide formal properties that can be used modularly to compose safe and tight analysis and optimization for the scheduler design and schedulability test problems. In fact, some properties already exist, but they were not properly stated in the literature due to historical reasons. One main reason is that these properties were not formulated with the goal of general applicability but for a specific problem. To successfully tackle complex cyber-physical real-time systems that
involve computation, parallelization, communication, and synchronization, new, mathematical, modulable, and fundamental properties for property-based (schedulability) timing analyses and scheduling optimizations are strongly needed. They should capture the pivotal properties of cyber-physical real-time systems, and thus enable mathematical and algorithmic research on the topic.

In many cyber-physical systems, a sequence of tasks is necessary to perform a certain functionality. The data dependency between such tasks is described by a cause-effect chain, e.g. from a sensor to an actuator, where the first task reads the sensor value (cause), the second task processes the data, and the third task produces an output for the actuator (an effect is triggered). Typical metrics are maximum reaction time (MRT) and maximum data age (MDA). The MRT is the maximum button to action delay, whilst the MDA is to quantify the data freshness as the longest time interval starting from the sampling of a value and ending at an actuation based on that sampled data. Due to their importance, various approaches of deriving safe MRT and/or MDA
have been provided. We presented the first compositional and general solution was presented in RTAS 2021. One essential ingredient to achieve compositional analysis is to cut the cause-effect chain into smaller (local) parts. Several extensions have been made to extend the flexibility and generality of the compositional analysis. Furthermore, in ECRTS 2023, we further show that MRT and MDA are basically equivalent by making only very few non-restrictive assumptions regarding tasks, communication, and
scheduling model. Our results apply for a large variety of system with very tight performance. This demonstrates the usefulness of property-based analysis and optimizations.

The usage of the critical instant theorem for probabilistic timing analysis can be traced back to 90's. In 2013, the critical instant theorem from the probabilistic perspectives was established. Since then, several techniques have been developed to tackle issues of intractability. Although the statements in the probabilistic response time analysis are seemingly correct by a sketched proof considering probabilistic execution time, the interval extension in the proof of the critical time zone in fact changes the response time distribution of job under analysis. Therefore, ignoring the probability of the feasibility of the interval extension may result in incorrect quantification of response time distribution. As a result, the synchronous release of all tasks does not necessarily generate the maximum interference and is thus not always a critical instant. Our result in RTSS 2022 demonstrates a counterexample and provides two methods.

To efficiently exploit the potential parallelism, the directed-acyclic-graph (DAG) task model has been widely used for scheduling tasks in multicore platforms. In our publication in IEEE Transactions on Computers for "Parallel Path Progression DAG Scheduling" in 2023, we study the hierarchical real-time scheduling problem of sporadic DAG tasks in by a parallel path progression scheduling property, which allows to quantify the parallel execution of a user-chosen collection of complete paths in the response time analysis. This novel approach can utilize a large number of cores on demand and also significantly improves the response time analyses for parallel DAG tasks for highly parallel DAG structures. This demonstrates the possibility to establish simple properties that can be used for a complex execution model under a simple hierarchical scheduling paradigm.

PropRT itself is a unique concept to study properties that are compositional, composable, and general to be applied for analyzing and optimizing complex cyber-physical systems (CPS). Several property-based analyses and optimizations have been developed. They have been applied in scenarios to demonstrate their generality and effectiveness. Specifically, most of them are breakthroughs both for property-based approaches and the problems under study. The explorations of the probabilistic properties have been biased towards the use of the critical instant theorem. Our result in RTSS 202 invalidates such an observation. This breakthrough gives the implication that the probabilistic scenarios can be very different from the deterministic scenarios. This results in a breakthrough of rethinking the link of these scenarios with the needs of more robustness reasoning process. The equivalence of the maximum data age and the maximum reaction time for the end-to-end analysis is proven based on a universal description. This provides a unique view of two seemingly different metrics, described purely based on mathematical properties. This would not be possible without the concept of PropRT.

We expect to deliver a systematic view of property-based timing analysis until the end of the project.