1

Personal use of the material in this paper is permitted. However, permission to reprint or

republish this material for advertising or promotional purposes or for creating new works for resale

or redistribution, or to reuse any copyrighted component of this work in other works must be

obtained from the authors of this paper.

This paper has appeared in Real-Time System Journal.

An Optimal Value-Based Admission Policy and itsReflective Use in Real-Time Systems

ANDREA BONDAVALLI a.bondavalli@cnuce.cnr.it

CNUCE-CNR, Via Santa Maria 36, 56126 Pisa, Italy

FELICITA DI GIANDOMENICO digiandomenico@iei.pi.cnr.it

IEI-CNR, Via Santa Maria 46, 56126 Pisa, Italy

IVAN MURA mura@iet.unipi.it

Dept of Inf. Eng., University of Pisa, Via Diotisalvi 2, 56126 Pisa, Italy.

Abstract. This paper deals with planning system activities to support applications that have different contrasting

requirements including timing constraints on tasks execution and correctness requirements. Our approach is based on

a simple yet effective formulation of a value structure associated to the application tasks. Values are associated to

each relevant outcome thus accounting for successful executions as well as for those which violate the application

requirements. Moreover we assume degradable real time systems equipped with several execution techniques charac-

terised by different execution costs and different levels of fulfilment of requirements (and associated reward). We pro-

pose an admission algorithm to select the part of the offered load to be executed, should overload occur. For all the

admitted tasks the algorithm selects also the most suitable execution technique (among those available) to optimise

the expected cumulated reward. We show that the algorithm provides the best solution to the optimisation problem

resorting to the linear programming theory. Then we discuss the applicability of this result to systems operating in

dynamic environments. A planner component is defined, responsible to collect information on the current status of

the system and of its environment. The planner decides when a new ‘plan’ is required, and dynamically executes the

admission algorithm to properly tune the usage of system resources .

2

1 . Introduction

The use of very complex processing systems is becoming more and more common to manage and

control a variety of manufacturing, telecommunication, and automation systems. These processing

systems must be able to satisfy a number of requirements arising from the environment of the spe-

cific applications in order to attain an adequate quality of the delivered services. Thus their realisa-

tion always involves trade-offs, because, in general, services may have contrasting requirements

that can not be optimally satisfied at the same time. Devising the most adequate trade-offs when

dealing with contrasting requirements is a kind of problem known as Multiple-Criteria Decision

Making (Vincke 1992)

This can be a non-trivial task in general, and it is definitely difficult for systems that operate in a

dynamic environment and that must satisfy real-time requirements. Indeed, to improve their utility

and, even, to survive dynamic environments, those systems are required a high degree of flexibil-

ity. In case of overload the service must gracefully degrade and to this aim the system should be

capable of adaptively devising an effective use of its resources and also of rejecting a part of the in-

coming workload if needed. Moreover, to further increase flexibility, multiple implementations of

the same application task can be made available to the system, each of them providing a particular

level of fulfilment of application requirements, at a different cost in terms of resources and compu-

tation time. The system can adaptively select the ‘best’ one to be used for each particular task, de-

pending on the application requirements and on its current state.

Adaptivity and flexibility are particular aspects of a more general concept known as reflection,

which basically stands for the ability of a processing system to reason about its own current state

and that of its environment to achieve the most suitable tuning of its activities (Stankovic 1991;

Stankovic and Ramamrithan 1995). Completely static systems, which are not able to modify their

behaviour, require strong assumptions of constant workload and available resources. If the system

has been properly dimensioned during the design phase, and the assumptions are not violated, it

remains forever able to satisfy all the incoming requests. However, static systems are inadequate

for many real applications acting on partially unknown and changing environments; in this case re-

flective systems are hence to be considered, able to follow variations of the external environment

and of their internal state and adapt their behaviour on how system resources must be best used.

The main contribution we offer in this work is the definition of an admission algorithm, based

on the concept of value, which we prove is able to optimise the expected cumulated reward

achieved by the system. Several studies appeared in literature that deal with the decision-making

problem by using value; they show that the introduction of the concept of “task utility” in real-time

3

systems allows a good usage of system resources under a variety of adverse circumstances, as

transients overloads and degrading availability of computing resources. When the number of sys-

tem resources is sufficient to execute the whole workload with the most valuable execution alterna-

tive, the optimisation problem is trivial, but when this desirable situation is not met, through our

algorithm it is possible to choose which part of the workload has to be executed, and also the most

adequate execution technique (in the available set) for the execution of each task of the accepted

workload. For a given workload and a given system configuration, the decision making problem is

stated as the linear programming optimisation problem of maximising the expected cumulated re-

ward, and solved at a very low polynomial computational cost.

The key concept on which our algorithm is based is represented by the “value” of a task, which

gives an assessment of the relative utility that each task has within the application. A very simple

structure of the value must be defined based on the system requirements associating a value to each

relevant outcome of a task thus accounting for the contrasting criteria which should guide the sys-

tem activities. Examples of relevant outcomes which should have an associated reward are success-

ful or erroneous executions for critical systems, or the different levels of accuracy obtained by al-

ternative algorithms e.g. in image processing systems.

Although our proposed admission policy has general validity and is applicable to a variety of

real-time systems with multi-criteria decisions to be taken, in order to make our discussion more

concrete, in this paper we focus on a specific class of system defining the reward structure appro-

priate for their requirements. We consider the interesting class of systems which must satisfy both

timeliness and dependability requirements (Laprie 1995) for which performability (Meyer 1980)

represents a suitable measure for the overall quality of the service provided.

Moreover, we show how this optimal algorithm can be used in systems operating in a dynamic

environment where resources unavailability and overload situations may occur. To this purpose,

we introduce a system component that we call “planner”, which is a “reflective” component re-

sponsible for monitoring the state of the system and performing the decision-making algorithm

thus devising the optimal trade-off among the application requirements. On the basis of the avail-

able information about the system and its environment, the planner runs the algorithm and selects

for execution the most relevant part of the workload.

This paper is articulated as follows. In Section 2 we recall some general definitions, review the

literature on the usage of the concept of value in real-time systems, and give a general characterisa-

tion of a value structure suitable to be effectively used in the considered context. Then we define

the class of systems we take into account in our study by detailing the assumptions made about

structure, workload and the simple characterisation of the value of a task we will be using. Section

3 defines the optimisation problem, introduces our optimal algorithm and provides some remarks

on it. In Section 4 we give a proof of optimality the algorithm solution , resorting to the duality

4

theory. Section 5 deals with the reflective use of the algorithm introducing a planner component,

discussing its tasks and the ways of dynamically using the optimality result provided by the algo-

rithm. Finally, some concluding remarks are given in Section 6.

2 . Basic concepts and system context

Real-time systems are those systems whose correct behaviour depends not only on the correctness

of the computation results, but also on the time the outcomes are produced. The specification of

real-time systems includes therefore timing information, to express timeliness constraints which in

general arise from the environment to be controlled. These time constraints are enforced through

the classic mechanism of the deadline, which is the latest point in time at which the execution of the

task must be completed. It can be expected that a damage is suffered by the system whenever a

deadline is violated. The relevancy of this damage is usually used as a discriminating aspect to

classify real-time systems. According to the classification given in (Burns and Audsley 1991), real-

time systems are classified as:

- hard real-time system, for which the damage for a deadline violation has a potential to be

catastrophic, that is the consequences are incommensurably greater than any benefit the system

could obtain with the timely execution of the task. Hard real-time systems must therefore fulfil

of all the time constraints of the application.

- soft real-time systems, for which the damages for deadline violations do not compromise the

integrity of the system, and hence it is comparable with the benefit obtained with the timely ex-

ecution.

It is worthwhile observing that in a complex real-time system not all the tasks performed are nec-

essarily a hard or a soft deadline. Typically, some do not have any deadline associated, some have

soft deadlines, and only a subset of critical computation events have a hard deadline. As we will

show in the following, the formulation of task value allows the characterisation of completely dif-

ferent kind of time constraints for the applications, ranging from non-critical activities that have no

time constraints up to hard real-time deadlines for critical tasks.

Real-time systems operating in critical environments should be able to guarantee not just the

timeliness of the computations performed but also their correctness (Malek 1995). To this end,

they must be able to cope with rare events and unexpected situations such as operational or design

(hardware or software) faults, that might otherwise yield to serious damages to the controlled envi-

ronment. Therefore, even under adverse circumstances the outcomes of the computations must

strictly comply with the application specification, in other words the service of the system must be

dependable. As defined in (Laprie 1995):

5

- dependability is that property of a system that allows reliance to be justifiable placed on the

service it delivers

Dependability constraints can be more or less stringent depending on the criticality level of the

functionality that the task implements. To satisfy these dependability requirements, specific meth-

ods must be used to avoid that faults turn out in erroneous computations. Among these methods

fault-tolerance techniques can be used to provide, by deploying redundancy, a service complying

with the specification in spite of faults (Laprie 1995). However, the introduction of redundancy

causes an increase in the system workload, a worsening of the performance, and hence may delay

the application tasks completion times. Systems with both timeliness and dependability require-

ments are thus an interesting class of system with contrasting requirements.

2.1. Previous work on value-based resource assignment

Many strategies have been proposed using the concept of task value to allow a good usage of sys-

tem resources under a variety of adverse circumstances. Some of them use values to implement an

admission policy, while other approaches adopt (explicitly or implicitly) a value-based scheduling.

Even if the simplest possible value structure is always assumed, with only one value associated to

each task, the obtained results show that the value information represents an useful means to en-

sure a graceful degrading of the quality of the service in various scenarios.

In his Ph.D. thesis Locke proposed the Best-Effort algorithm (Locke 1986) that shows an inter-

esting application of the value to implement an acceptance test. The Best-Effort basically behaves

as the Earliest Deadline First scheduler (Liu and Layland 1973) when the system is underloaded.

However, when the set of tasks can not be scheduled, the Best-Effort scheduler chooses for the

execution the subset of the tasks that maximise the value of the computation per unit of time (the

so-called value-density). By extensive simulations, this algorithm has been shown to outperform

(in terms of the total value of the executed tasks) various simpler scheduling algorithms, such as

the Shortest Processing Time First, the Earliest Deadline First and the Least Slack Time First.

However, the Best-Effort algorithm has a complexity of O(n2) for a population of n tasks, which

strongly limits its applicability. Locke also proposed (Locke 1986) the Value-Density algorithm

that implements a greedy scheduling algorithm. Tasks are ordered for the execution on the basis of

their value-density. In that work Locke showed that executing tasks according to the value-density

ordering is optimal from the viewpoint of the overall utility of the executed workload.

The same value-density approach of the Best-Effort scheduler has been applied in several con-

texts. The Simplified-Rolling-Horizon (SRH) scheduling developed by Morton and Pentico in the

field of operation research (Morton and Pentico 1993) is quite similar to the Best-Effort. Whenever

there is a task which can not be executed while satisfying its time constraints, one or more task

6

must be removed. The SRH considers for each job the ratio between the value and the partial

makespan. The partial makespan is defined as the sum of all computation times of the jobs plus all

idle times of the system, from the current time up to the job which can not be executed. The task

with the smallest ratio between value and required computation time is removed from the set. In the

field of Local Area Networks, an algorithm called Dynamic Priority has been proposed by Nassehi

and Tobagi (Nassehi and Tobagi 1987) to schedule message transmissions. This scheduling algo-

rithm uses the concept of urgency, which is obtained integrating the value function of a message

over the time. The urgency measure accounts for sharp changes of the message future value, and is

divided by the remaining transmission time of the message, to obtain a value-density-like informa-

tion which is used as a priority information. Ronen and Pollack in (Ronen, Mosse’ et al. 1996)

adapted the three algorithms Best-Effort, SRH and Dynamic Priority to the deliberation scheduling

problem which comes from the area of Artificial Intelligence. Their simulations show that the

value-density approach is a promising one for the problem under study.

Stankovic and Buttazzo in (Buttazzo and Stankovic 1993) proposed the Robust Earliest Deadline

(RED) algorithm to increase the performance of on-line scheduling algorithms under overload

conditions. For each task, their model considers two distinct parameters: the value, which reflects

the importance of the task, and the deadline tolerance, which is the amount of time a task can be

late still being its execution worthy for the system. When overload occurs, the RED algorithm tries

to maximise the total values of the executed workload, by removing tasks which have smallest

value. The removed tasks are held in a reject queue. Moreover, when a spare capacity becomes

available in the system because a task requires less that its worst case execution time, some tasks in

the reject queue can be reaccepted for the execution, provided that their deadline tolerance ensures a

positive laxity. The RED algorithm has complexity O(n) at each scheduling point, and its effec-

tiveness has been investigated through simulation, showing that it allows to achieve a nearly opti-

mal quality of the service in almost all the considered scenarios.

In (Davis, Punnekkat et al. 1995) an admission policy based on the Adaptive Value-Density

Threshold (AVDT) is defined, which approximates the operation of the Best-Effort strategy with a

considerable gain in efficiency. The key idea is that of decreasing the complexity of the Best-Effort

by avoiding the computation of the value-density information for each task. In more details, the

AVDT defines a threshold value-density on the basis of the tasks already admitted in the system.

The threshold is defined on the basis of the values of the tasks already accepted in the system, and

any request of execution that does meet at least this level of value is immediately rejected.

A similar value-based admission policy has been defined by Bestavros and Nagy (Bestavros and

Nagy 1996) for real-time database systems. Their Value-Adaptable-Fit (VAF) admission policy

considers an estimate of the profit that would be obtained by the system if a transaction is accepted,

and weights this profit by the potential loss which can be suffered by the previously admitted

7

transactions as a result of such an admission. Moreover, this weighted profit is compared with a

threshold value taking trace of the current profit level to decide whether an incoming transaction

should be admitted or not. Simulation results show that the VAF admission policy is able to

achieve quite a good cumulated value under overload conditions.

A different class of works has appeared in literature with the aim of quantifying the benefit

which can be expected by the use of value-based scheduling in real-time systems subject to over-

loads. These works establish upper-bounds on the value achievable by on-line schedulers with re-

spect to the value which can be achieved by the clairvoyant scheduler. Baruah, Koren et. al.in

(Baruah, Koren et al. 1992) introduced the concept of competitive factor to compare the worst case

performance of an on-line scheduling algorithm with all competing algorithm, including the ideally

optimal one, that is the clairvoyant scheduler. An on-line scheduling algorithm is said to have a

competitive factor of r if it is guaranteed to achieve a cumulative value at least r times the cumula-

tive value provided by the clairvoyant scheduler. They show that no on-line scheduling algorithm

can have a competitive factor greater than 0.25 if the system experiences overload situations. This

bound was obtained under the assumption that the value of a task is equal to its computation time.

A scheduling algorithm able to achieve such competitive factor has been provided by the authors,

thus proving that the bound is tight. The competitive factor 1/ (1+ k)2 has been proved to be the

upper-bound for any on-line scheduling algorithm when the set of tasks has arbitrary values,

where k denotes the ratio between the largest and the smallest value in the set. The algorithm

Dover proposed by Koren and Shasha in (Koren and Shasha 1995) is able to achieve this bound

for all k . The above results are obtained under very pessimistic assumptions, where the deadlines

of the tasks may be arbitrarily tight (that is tasks have no slack at all) and no a priori knowledge of

the expected workload is available. Therefore, these discouraging results have only a theoretical

validity and more research is needed to obtain bounds on the basis of a reasonable knowledge of

the task set. A first result in this direction has been provided by Baruah and Haritsa in (Baruah and

Haritsa 1997) with the scheduling algorithm ROBUST. They assumed that the value of a task is

equal to the required computation time, and that task have a minimal guaranteed slack. The slack

factor f�

of a task is defined as the time interval deadline minus ready time divided by the computa-

tion time. The ROBUST algorithm has been proved able to achieve a competitive value of

( f − 1) / f for any slack factor f�

. For instance, if for each task in the set the time window be-

tween ready time and deadline is at least twice the computation time, that is the slack factor is

f = 2, then the ROBUST can guarantee a cumulated value which is 0.5 times that provided by a

clairvoyant scheduler.

With respect to these studies, in this work we intend to define a different way of exploiting the

value information: based on the value of the tasks and on other information available on the task

set, as estimated arrival rates and worst case computation times, we define an admission policy. As

8

in the works of Davis (Davis, Punnekkat et al. 1995) and Bestavros (Bestavros and Nagy 1996),

the admission policy represents a means to avoid overload and at the same time to optimise the

quality of the executed workload. However, our admission policy is intended to be used as a

planning activity at a system level while the scheduling is performed locally at each computing re-

source. As also Ronen and Pollack observe in (Ronen, Mosse’ et al. 1996), at this high level the

filtering of the workload can be dynamically enhanced to include a number of factors which are not

typically addressed at the scheduling level, as the changes in the workload and in the resource

availability.

2.2. General value characterisation

Let us discuss which are the aspects of interest for a value information to be used in a real-time

environment. Let T be a set of tasks instances the system may be required to execute, and let V be

a real-valued function, that takes as argument an element of the set 2T and returns an assessment of

the utility of the tasks in the set. We can think of such a function V as a mean to compare two dif-

ferent choices in the execution of system activities, by simply considering the ordering (partial or

total) which is introduced by the binary relation “more useful” defined as follows:

Σ1 more useful than Σ2 ⇔ V Σ1 ( ) > V Σ2 ( ), Σ1 ,Σ2 ∈ 2T

However, it is immediate to realise that such a value function suffers of relevant problems from a

practical viewpoint because in principle it requires the evaluation of function V for each possible

distinct set in 2T . As supported by the work of Tokuda et al. (Tokuda, Wendorf et al. 1987) and

Wendorf (Wendorf 1988), an accurate evaluation of the value of a computation is too time consum-

ing to be feasible on-line for real-time systems. On the other hand, an off-line computation of the

set V Σ i( ), ∀ Σ i ∈ 2T{ } is not in general of practical interest because of the large amount of space

that should be needed to store these values.

In order to obtain a simpler value function we hence restrict our attention to the particular class of

“additive” value functions, also called cardinal value functions (Krantz, Luce et al. 1971), defined

as follows:

Definition: The real-valued function V with domain 2T is a cardinal value function if and

only if V Σ1 ∪ Σ2( )=V Σ1( ) + V Σ2( ) for each Σ1,Σ2 ∈ 2T .

While dealing with cardinal value functions the only points of the domain 2T for which the func-

tion must be explicitly defined are represented by the sets containing a single element, that is the

sets formed by only one task.

Although the simplification introduced by a cardinal value function may lead to a rough estima-

tion of the total utility of a set of tasks, we shall observe that many aspects of interest of the system

behaviour are captured. Though it is interesting and of primary importance, here we do not address