Feedback Control Scheduling for Crane Control System

Oumair Naseer1, Akeel Shah2 , Atif Ali Khan3 1, 2, 3 School of Engineering, University of Warwick, Coventry, UK

1o.naseer@warwick.ac.uk, 2akeel.shah@warwick.ac.uk, 3atif.khan@warwick.ac.uk

Abstract—Feedback control theory has a long history. Real time computing systems integrated with feedback control theory are more robust against internal and external disturbances. Classical scheduling algorithms especially: Rate Monotonic and Early Deadline First cannot achieve the optimal possible Quality of Service (QoS) level that features real time constraints and requirements. In order to cope with the dynamic workloads and resource constraints, control scheduling co-design is very advantageous. Control scheduling co-design takes into account both the control techniques and the real time computing aspects simultaneously at design level. Unfortunately, over the past few years, there is no or a very small amount of work is done on the practical side. That’s why only a few real time systems, having feedback based control scheduling implemented, are actually deployed. This paper presents a case study of integrating feedback control scheduling algorithm for crane control systems to provide QoS in terms of system performance and resource utilization. This procedure is especially important for industrial automation.

Keywords-Feedback Control Scheduling; Embedded Control System; Control Scheduling Codesign; Crane Control and Automation Technologies.

I. INTRODUCTION Scheduling is a key lever in embedded control systems,

especially; crane control systems. It has been seen [1] that traditional scheduling algorithms i.e. Rate Monotonic (RM) and Early Deadline First (EDF) cannot provide the high system performance and resource utilization in disturbance and uncertain environment. Besides, all these classical scheduling algorithms are open loop [2] and build on the complete knowledge of execution time and deadline of the task set. While feedback control scheduling can serve as a scientific underpinning for embedded control systems. Control systems themselves constitute an important subclass of embedded computing systems [3]. Over the past few years, Hardware Software (Hw/Sw) co-design complexity of embedded system has increased. Due to the large number of real time constraints and requirements, several real time tasks have to compete for one embedded processor. Therefore the overall system performance not only depends on the control algorithm design but also rely on the efficient scheduling of the shared computing resources [4-5]. To fulfil real time requirements and constraints, feedback controller theory is integrated with real time computing systems. Feedback Control Scheduling (FCS) combines the control scheduling theory and real time

computing theory at design level [6, 29]. So that the available system resources can be optimally used and the overall system performance can be maximized. Basic idea behind feedback control scheduling is to treat the scheduling problem as a control problem. A feedback closed loop is introduced in embedded computing system which continuously monitors the CPU load [7]. Fig. 1 shows the basic architecture of control scheduling co-design where feedback control techniques i.e. fuzzy logic controller or neural network controller is integrated with embedded system scheduling algorithms i.e. rate monotonic or early deadline first.

Figure 1: Basic architecture of feedback based control scheduling co-design.

Traditionally hard real time systems are operated in closed environment and scheduler design is based on the worst case execution time (WCET) of the tasks [27]. But in recent years, real time systems are operated in open and uncertain environment, where the tasks execution time may suffer a large variation and uncertainty. A key challenge is to provide a real time guarantees that control tasks will meet their deadlines even if the timing constraint of the control tasks is not known a prior. With traditional WCET analysis, CPU suffers over-utilization in the presence of faults because the execution time of the task exceeds WCET. The need of the hour is to integrate feedback based control scheduling with traditional embedded system co-design [44] that can adjust scheduling parameters according to real time variation while still making real time

20th Annual IEEE International Conference and Workshops on the Engineering of Computer Based Systems (ECBS)

978-0-7695-4991-0/13 $26.00 © 2013 IEEE

DOI 10.1109/ECBS.2013.13

187

guarantees. To tackle these challenges feedback based scheduling control is an effective technique [24-26].

II. RELATED WORK Feedback Control Early Deadline First (FC-EDF), a general

architecture for feedback based control real-time scheduling is presented in [8, 9]. Author describes a Proportional Integral and Derivative (PID) based feedback controller to control deadline miss ratio of tasks by adjusting CPU utilization and task periods. This algorithm is robust against load variation and I/O latencies. This approach is further enhanced in [10]. In [11], author applies control theory to reservation based feedback scheduler and provides a precise feedback based control scheduler model. A combinational feedback elastic scheduler is presented in [12] to estimate the CPU load for Linux environment. In [13], author uses the same scheme to allocate each thread a percentage of CPU cycles over a period of time. A feedback based adaptive scheduler is designed to assign automatically both proportion and period. A double loop feedback scheduler for distributed real time system is presented in [14]. The objective of this research work is to keep the deadline miss ratio to the desired value and achieve high CPU utilization. Similar approach is used in [15] by using Proportional Integral (PI) based feedback control scheduler. In order to cope with the time varying and non-linear nature of real time system a hybrid adaptive feedback control scheduler is presented in [16] for the soft real time embedded systems. A closed loop method for online adapting a fraction of assigned resource to the task requirement is presented in [17]. For real-time tasks [18] presents an approach to achieve the best allocation of CPU share resources for soft real time systems. Dynamic voltage scaling (DVS) for power aware real time computing systems, with the goal of reducing energy consumption while guaranteeing high system performance is presented in [19]. Author describes a formal feedback control algorithm for multimedia system. The objective of this work is to reduce multimedia decode power while maintaining a desired playback rate. For hard real time embedded systems a Feedback based DVS frame work is presented in [20]. In this work author combines feedback control theory and DVS approach to produce energy efficient scheduler for both static and dynamic workload. In [21], author describes a model predictive control framework to minimize power consumption while satisfying real time constraints and QoS requirements of a time varying workload. A control theoretical DVS that facilitates trade-offs between energy consumption and control performance through controlling the CPU utilization is presented in [22]. Feedback feed-forward scheduling of control tasks is presented in [35] but this work doesn’t talk about fault tolerance. Same approach is extended in [36]. Author used neural network controller to schedule multitasks for control systems. In [45], author presents a control-theoretic energy management for fault-tolerant hard real-time systems. Integration of fault tolerant schemes with feedback control scheduling for real time embedded systems is presented in [46, 47].

Practical application of feedback control theory is presented in [23, 28] for ORB middle-ware system, autonomous vehicle system [24] and network control system [25]. Resource management middle-ware framework Control-Ware and auto-

tune agent are developed in [26, 27]. To the best of our knowledge, none of these systems covers the characteristics of both safety critical and non-safety critical tasks in terms their periods and execution time while integrating FCS at software level.

III. FEEDBACK BASED CONTROL SCHEDULING ARCHITECTURE

Feedback scheduler controls the processor utilization at the desired utilization point by assigning task periods that optimizes the overall control performance. This approach is well suited for a "quasi-continuous" variation of the sampling periods [29] of real-time tasks under the control of a preemptive Real-Time Operating System (RTOS). Feedback scheduling is a dynamic approach allowing a better using of computing resources, in particular when the workload changes e.g. due to the activation of an admitted new task etc. Fig. 2 gives an overview of a feedback scheduler architecture where control inputs are the periods of tasks. Output is the measured CPU utilization. CPU activity is controlled according to the resource availability by adjusting scheduling parameters (i.e. periods) of the tasks both Safety Critical (SC) and non-Safety Critical (non-SC). An outer loop (the scheduling controller) adapts in real-time scheduling parameters from measurements taken on the computer’s activity, e.g. CPU load. FCS works periodically at a rate larger than the sampling periods of the both SC and non-SC tasks. System structure evolves along a discrete time scale upon occurrence of events, e.g. for new tasks admission or exception handling. All tasks are first en-queued in the submitted task queue by the task controller then based on the level of the Quality of control (QoC) controller [37] only those tasks are scheduled which are available in the accepted task queue.

Figure 2: Feedback control scheduling architecture.

The off-line iterative optimization is used to compute an adequate setting of periods, gains and latencies, resulting in a requested control performance according to the available computing resource and implementation constraints. The optimal control is achieved by computing the new task periods by the rescaling:

����� = ����

�� (1)

188

Where �� is the utilization set-point, ��� is the period of task at time , is the estimated CPU load and ����� is the new period of task � at time + 1. Priorities must be assigned to tasks according to their relative urgency and this ordering remains the same in the case of a dynamic scheduler. Dynamic priorities e.g. as used in EDF, only alter the interleaving of running tasks and will fail in adjusting the computing load w.r.t. the control requirements. In consequence, we have elected the tasks periods to be the main actuators of the system running on the top of a fixed priority scheduler. Processor load induced by a task is defined by = �

� Where � and ℎ are the execution time and period of the task respectively. Hence processor load induced by a task is estimated for each sampling period ℎ� of the scheduling controller, as:

��(���)�� = ����� + (1 − �) �(̅���)��ℎ(�)��

(2) Where ℎ is the sampling frequency currently assigned to

the task (i.e. at each sampling instant ( + 1)ℎ�) and � ̅is the mean of its measured job execution-time. � is a forgetting factor used to smooth the measure. ���� is the processor load induced by task at time and period ℎ� . Due to the execution time variation of the task in the presence of faults, estimated CPU load is defined as a function of task periods as:

�(���) = (1 − �)� − � � �̅�( ℎ�)��( ℎ�)

�

��� (3)

Where �� is the frequency of the task i. A single control task system is given in Fig. 3 where the estimated execution-times are used on-line to adapt the gain of the controller for the original CPU system (3) (this allows to compensate the variations of the job execution time).

Figure 3: Control scheme for CPU resources.

Where �̅ depends on the run-time environment (e.g. processor speed) a "normalized" linear model of the task � (i.e depend on the execution time), �� is used for the scheduling controller synthesis where �̅ is omitted and will be compensated by on-line gain-scheduling ( 1 �̅� ) as shown below.

��(�) = ��(�)�!(�) = �"#

�"# , � = 1,2, … , $ (4) With this control scheme, design of controller K can be

made any control methodology at hand i:e PID, Fuzzy logic or neural network control. In this paper we have used Fuzzy Logic controller.

IV. PROBLEM STATEMENT The design methodology of embedded control systems are

based on the separation of concerns of control theory and real

time computing systems [4]. These concerns are based on the assumptions that a feedback controller can be viewed as a control tasks, characterized by three fixed parameters: a period, a computation time, and a deadline. Control tasks execute at a rate much higher than user-defined tasks. Because of the harsh environment under which embedded systems are normally deployed, faults can occur in the system (tasks) at any time. Due to which, it is very difficult to predict the execution time of control tasks. Current simulation tools especially Matlab\Simulink, TrueTime, Jitterbug and Ptolemy-II have their own limitations [30]. These tools don’t capture feedback control scheduling characteristics (task periods, CPU load and I/O latencies) in the integrated Hw/Sw co-design process [39-40]. Due to the lack of exact knowledge of task execution time over the targeted system, a lot of time is needed to draw conclusion between performance and stability. In this paper we will explore these challenges from practical perspective i.e. how feedback controller is integrated with the overall HW/SW co-design cycle? What kind of software modifications are required to facilitate dynamic task periods allocation? What kind of hardware modifications should be made to enable continuous CPU utilization monitoring? How feedback controller should be implemented with the current of-the-shelf RTOS scheduler? In the presence of faults, how execution time of control tasks varies? Will feedback scheduler be able to compensate the execution time variation in user-defined tasks while keeping the scheduling intact? What scheduling parameters should be measured offline (prior to scheduling)? What scheduling parameters should be measured online (dynamically while scheduling)?

V. CRANE CONROL SYSTEM ARCHITECTURE MODEL System architecture of crane control system constitutes a

distributed shared hardware platform with a network topology where every hardware node can communicate with every other node. Fig. 4 shows the high level model of the system architecture and resources elaborating the partitioning concepts.

Figure 4: System architecture model follows the integrated approach where

each core is divided into two parts. Part A executes SC tasks and Part B executes non-SC tasks. SC and non-SC tasks can execute at any hardware

node. It also describes the application execution environment

where nodes are connected through a network bus. Each node has two partitions. Partition A is dedicated for the safety critical jobs and partition B contains non-Safety critical jobs,

189

with shared processor running mixed criticality applications. Node resource consists of a CPU, I/O controller; sensors and actuators, RAM, ROM and a CPU utilization monitor. Every node in the system integrated architecture utilizes the same configuration.

Crane control system consists of two major parts; the Operator Control Unit (OCU) and the Machine Control Unit (MCU). Both OCU and MCU contain two microcontrollers (Master and Slave) Renesas M16C62p [31] which is the most popular microcontroller used in motor industry [32] for industrial automation. It also contains a built-in I2C for inter-processor communication [41-43]. Both OCU and MCU contain some safety critical and non-safety critical tasks. Safety critical tasks are replicated on two processors to ensure the correct execution of the task. Replication with Check-pointing is the fault tolerant scheme implemented in the crane control system. Replicas of the task depend upon its criticality and Safety Integrity Level (SIL) [33-34].

Table 1: Safety integrity levels (SIL).

SIL Criticality System failure Probability of

dangerous failure per hour

4 Safety critical Catastrophic failure 10"% − 10"&

3 Safety relevant Server failure 10"& − 10"'

2 Critical Major failure 10"' − 10"* 1 Non-critical Minor failure 10"* − 10"- 0 No dependability requirements

OCU and MCU communication is carried out through wireless transmission by a telegram. Each telegram is 32 byte information as shown in Fig. 5. A telegram is sent from OCU to MCU after every 1msec periodically. If no key is pressed on OCU, a short form of telegram called short telegram is transmitted. In short telegram all data bytes are zero which reduces transmission overhead and increases battery life. When MCU receives a correct telegram, it sends an acknowledgement (hand-shaking protocol) telegram back to OCU.

Figure 5: First two bytes contain the start sequence. Next two bytes contain

the telegram number and time information. Each telegram has 23 bytes of data information. Last five bytes contain the stop sequence and Cyclic Redundancy Check (CRC). Both controllers compare telegram bytes before transmission.

VI. FCS INTEGRATION WITH HW/SW CO-DESIGN Feedback control theory is analysed before the functional

description of the overall system in the design cycle. During feedback control theory integration, the most important step is the selection of the feedback controller and scheduling parameters. Selection of the feedback controller entirely depends on the system description. Fuzzy Logic controller is the feedback controller used in this paper. Input to the feedback controller is the periods of the control tasks which get updated

online whenever a new task is accepted. The value of the new task period is based on the current value of QoS level and CPU load (under-utilized or over-utilized). Output is the measured CPU utilization. On software side FCS is implemented on the top of RTOS with the objective to achieve high CPU utilization and resource management. On hardware side a continuous CPU utilization monitoring is provided as shown in Fig. 6.

Figure 6: Feedback Control Scheduling integration with Hw/Sw Co-design cycle. On software side feedback controller is implemented as control tasks

with task periods higher than user-defined tasks. On hardware side CPU utilization is monitored by measuring the CPU load.

FCS estimates the CPU state and the latencies introduced in the system. These latencies are introduced because of the I2C network delay or one task is waiting for some resource which is held by another task. FCS also depends upon the sampling interval of the safety critical task. CPU monitor processor calculates the actual CPU utilization and feedbacks the current utilization value to feedback scheduling controller. As mentioned, the fault tolerant scheme used in crane control system is replication with check-pointing. In replication, a task is replicated on another processor and during check-pointing a task is divided into n subtasks. Each task contains the fault detection, fault recovery and check-pointing overhead. The status of the SC task is saved at every check point to avoid execution overhead in the presence of fault. A fault can occur at any point in between two check points/sampling intervals. When a fault is detected, there are two options; either to roll back or to move forward. By saving the status of the task at each checkpoint, a lot re-execution time can be saved (re-execution of the task starts from the last accurate state). Fig. 7 shows the execution of the safety critical task with FCS using check pointing.

Figure 7: Each safety critical task is divided into n subtasks (T1_1.1 and T2_2.1). Each subtask represents a check point/sampling interval. These

subtasks are executed on two different hardware nodes (Node N_1 and Node N_2). During fault detection overhead, the states of the two subtasks are

compared for the possible faults. During fault recovery the execution of the task is rolled back to the last saved check point. During check-pointing

overhead the status of the task is saved in a stable storage.

190

To increase the performance of the system only SC tasks are replicated and non-SC tasks are scheduled in between SC tasks. Fig. 8 shows the task scheduling of both SC and non-SC tasks on the same hardware node.

Figure 8: Feedback Control Scheduling of SC and non-SC tasks. Only SC

tasks are replicated on two different hardware nodes whereas the non-SC tasks can execute at any hardware node available.

All tasks assigned to a particular processor are en-queued in the submitted tasks queue. Feedback controller monitors the CPU load and detects if CPU is under-utilized, then based on current level of QoS controller assigns task to the accepted tasks queue after modifying the task period. If CPU is over-utilized, then feedback controller updates the accepted task period such that the over-utilized condition is neutralized. The implementation of Fuzzy Logic controller with fixed priority preemptive Early Deadline First (EDF) scheduler is shown in Fig. 9.

Figure 9: Implementation of fuzzy logic controller with fixed priority preemptive EDF scheduler.

VII. FCS INTEGRATION WITH OCU OCU is a hand held unit with two microcontrollers

connected through an I2C bus network for inter-processor communication. OCU has eight three level push button keypad unit as shown in Fig. 10. Each button has three levels to control the speed of MCU (Crane). There is an emergency stop button to stop the MCU in case of any emergency. There is a RFID chip associated to each OCU. RFID chip contains the OCU address which is unique for every OCU. It also contains the information about the communication frequency bandwidth information. Available frequency bands are 334, 430, and 916 MHz. Radio Frequency (RF) modules is attached to each OCU to communicate with MCU. OCU is substantiated to safety standards EN954-1 and ISO EN13849 [32, 33].

Figure 10: Operator Control Unit (OCU) architecture.

Integration of FCS with OCU is done at Software level. The software architecture diagram of OCU is shown in Fig. 11. The application layer contains Feedback Scheduler Controller. FCS is implemented as a part of pre-emptive EDF scheduler. The job of the FCS scheduler is to schedule safety critical and non-safety critical tasks. These tasks are provided by the middle Layer (Data Link Layer).

Figure 11: Software architecture of OCU. Job of the middle layer is to

provide the tasks (safety critical and non-safety critical) to the application layer. Physical layer deals with the low level driver functions and provides

services to middle layer.

VIII. FCS INTEGRATION WITH MCU Like OCU, MCU also consists of two microcontrollers

master and slave. Both controllers are connected through I2C for inter-processor communication. RF module is used to transmit\receive telegram. MCU mainly consists of relays. There is a main relay associated to each MCU, which activates

191

when emergency stop button is pressed. MCU architecture is shown in Fig. 12.

Figure 12: Machine Control Unit (MCU) architecture. When main relay is

switched off MCU stops working but can receive telegrams.

MCU also contains a RFID (trans-key) which contains MCU address. MCU can only communicate to OCU, if both OCU and MCU have the same address and frequency channel. Frequency channels are stored in RF module. One OCU can communicate to multiple MCUs, only if all MCUs have the same frequency channel and multi-Address communication is activated. FCS integration with MCU is also done at the software level. The software architecture of MCU is shown in Fig. 13.

Figure 13: MCU software architecture. A connection between two different modules represents that one module requires the services of other module to

complete his own functionality.

Application layer consists of the main module and the Feedback Control Scheduler. FCS is implemented as a part of Real Time Operating System and schedule tasks based upon their priority. CPU utilization is the most important scheduling parameter. Middle layer consists of RFID decoder. Job of RFID decoder is to translate trans-key which contains the address of the particular MCU and RF channel number. RF channel module contains the information of all the available channels over which a specified OCU can communicate with MCU. Telegram Decoder, decodes the received telegram and extracts the data bits. Based on the information of the data received from OCU, relay controller sets the status of the corresponding relay as activate if data bit is 1 and de-activate if the data bit is 0. There is a master relay controller module, this relay is activated whenever a fault is activated in the system or the emergency stop button is pressed on OCU. Error handler module controls the state of the MCU; in case of hardware failure a fault is activated in the system which consequently results in an error. A status Led is used to represent the status

of the system in error mode. Every error has a certain status Led blink sequence. In case of hardware failure status Led blinks 10 times. Third layer consists of I2C for inter-processor communication. Both master and slave controllers decode their own telegram received from RF module. Both controllers compare their decoded telegram using I2C bus before activating the corresponding relay. Main relay is activated if both controllers decoded the same telegram. A software timer is used to synchronize OCU and MCU. If there is no activity monitored in past five minutes, then main relay is automatically de-activated and OCU sends zero data bytes telegrams (telegrams in which all data bytes are zeros) to save battery life and RF transmission overhead.

IX. EXPERIMENTAL SETUP Implementation of both OCU and MCU is done using C

language in High-performance Embedded Workshop [HEW]. Both OCU and MCU uses time triggered architecture based on the software timer which depends upon the micro-controller’s clock. Fuzzy logic based feedback control scheduler is first modelled in Matlab/Simulink [30] and timing characteristics are analysed using TrueTime and Jitterbug. After investigating the stability of the feedback controller, C code is generated which is then integrated with OCU/MCU’s code. The entire code is written according to the Motor Industrial Standards MISRA C [33].

The purpose of experiment 1 is to check the robustness/stability (execution variation of SC and non-SC tasks) of the Crane control system. This experiment also verifies that the feedback control scheduler successfully schedules all the tasks assigned to a processor and no deadline of the task is missed. For this experiment, 4 safety critical tasks used in Telegram building module are used. As mentioned earlier, Master controller and Salve controller construct their independent telegrams. These telegrams are then compared by both controllers using I2C bus network. Each task used in Telegram building module is further divided in to 3 subtasks for Fault tolerance (Check points). At each check point, Master controller sends the status to slave controller. Slave controller compares the status variables, if there is a fault in the system the execution of the same sub-task at Master and Slave controller starts from the last saved check point. Apart from 4 SC tasks, there are 10 non safety critical tasks assigned to master controller and 15 non safety critical tasks assigned to the Slave controller. CPU utilization for master is set to 0.925 (estimated value) and Slave CPU utilization is set to 0.912 (estimated value). It is important that the execution of all SC tasks must be completed on or before their deadlines. Also, it is the responsibility of the Slave controller to transmit the telegram once it is built correctly.

The purpose of experiment 2 is to investigate the trade-offs of using closed loop Feedback control based scheduler. The performance of the system is compared against open loop EDF scheduler. For this purpose, four periodic SC tasks are considered. Task T1 scans the keypad associated to OCU and this task contains 18 lines of code and if executed independently would be completed in 29 clock cycles. Task T2 and T3 are associated to telegram building and contains 22 and 15 lines of code respectively and requires 28 and 19 Clock

192

cycles respectively to execute. Finally, task T4 is associated to inter-processor communication (I2C read/write) and requires 15 Clock cycles to complete under ideal circumstances. The stability of the system is investigated by introducing faults in the system at the software level (using test scripts) both in user-defined tasks and in control tasks (Feedback based scheduler tasks). These faults will eventually increase the execution time of the tasks. Also if a task is in search for a resource which is occupied by another task then that particular task may miss its deadline and the system may become unstable because SC task should meet its deadline.

X. RESULTS Table 2 shows the CPU utilization for both Master and

Slave controllers. It is noticed that Slave controller is slightly more utilized that the master controller because the number of tasks to be scheduled on the Slave controller is more than the master controller. Also, it is seen that the estimation error g (the ratio between the actual execution time monitored by CPU utilization monitor and the estimated execution time) is 0.36 which shows that the tasks deviates 36% from its estimated value for the master controller. And for the Slave controller g = 0.45, which suggests that the tasks on slave controller deviates 45% of their estimated value. The aggregate error for master controller is 0.012 and for the slave controller is 0.019.

Table 2: Experiment-1 is performed to test the robustness of the system.

SC Tasks

Non SC

Tasks

CPU Type

CPU Utilization

Aggregate Error

Execution Deviation

g 4 10 Master 0.9213 0.021 0.36 (36%)

4 15 Slave 0.9256 0.019 0.45(45%)

Fig. 12 shows the execution variation of the task on Master controller. At sampling interval 300th there is an execution overhead of g =1.68 i.e. 168% which suggest that a SC task is deviated 168% from its estimated execution time but still that task able to complete its execution before WCET. At sampling intervals 700th and 800th master CPU is under-utilized and g=0.36 i.e. the task completed its execution early than its estimated execution time. The execution variation for master controller is from g=0.36-1.68.

Figure 14: Master and Slave CPU utilizations for Experiment-1.

For slave controller, at sampling inter 300th g=2.1 which means the task deviates 210% from its estimates time. However the tasks are still able to complete before its WCET. At sampling interval 700th and 800th g=0.45 which suggest slave CPU is under-utilized and the task is able to complete its execution before 45% the estimated deadline. All tasks on Master and Slave controllers are able to complete their execution before WCET, so the Feedback based control scheduler’s integration is stable.

Fig. 15 shows the result of experiment-2 (scheduling of four tasks T1–T4) using Open loop Early Deadline First scheduling. At time step 3.25 μsec, when task T4 is first time introduced, the execution of the task is suspended by the scheduler till time step 4.0 μsec. At time 4.08 μsec task T4 gets a chance to execute. Also, from time steps 3.50–4.0 a fluctuation in the CPU utilization wave form is observed which clearly shows the instability of the scheduler. When actual CPU utilization exceeds the desired set point, this means a task is taking too much time to execute (because the fault introduced in the system has increases the completion time of the task.) as in the case of task T4 at time step 3.25 μsec. When actual CPU utilization is below the desired set point, this means task has completed its execution before its estimated completion time as happened at time step 3.625 μsec. Task T2 has completed its execution before estimated time.

Figure 15: Scheduling of four tasks (T1-T4) using open loop EDF scheduler. A high level means task gets a chance to execute. A low level means task has

completed its execution and is terminated. A middle level means, the execution of the task has been suspended.

Fig. 16 shows the execution of the same four tasks (T1-T4) using the closed loop feedback based control scheduler. At time step 3.25 μsec when task T4 is introduced for the first time, the feedback based control scheduler gets activated and instead of suspending the task execution, the task period is updated such that task T4 gets a chance to execute as soon as it is introduced. Also from time steps 3.50-4.0 μsec, CPU utilization waveform is much more stable, showing the stability of the FCS in the presence of faults.

193

Figure 16: Scheduling of four tasks (T1-T4) using closed loop FCS. At time

step 3.25 when Task T4 is introduced feedback based control scheduler activates and schedules task T4 immediately.

Table 3 shows the accumulated cost for the four tasks under ideal condition in which all resources required for the task to complete its execution are available as soon as the task is introduced; all four tasks have completed their execution in 91 μsec. With Open loop EDF scheduler the execution time of the same four task increases to 141 μsec. But in case of closed loop FCS, the execution of the task is just 106 μsec which is very close to the ideal case, shows the efficiency of feedback based control scheduler.

Table 3: Accumulated cost for four Tasks.

Scheduling Algorithm T1 T2 T3 T4 � .

Ideal 29 28 19 15 91 Open loop EDF 39 40 32 30 141

Feedback Control Scheduler 31 32 24 19 106

XI. CONCLUSION AND FUTURE WORK In this paper, (control theory) feedback control scheduling

algorithm is integrated with Crane Control System. It is seen that, in order to provide QoS (CPU utilization and resource management) under uncertain environment and internal/external execution variation. FCS is more efficient than classical open loop scheduling algorithms. FCS integrated crane control system is robust against the execution variation of tasks even in the presence of faults up till g=0.7 i.e.700%. This integrated system provides the desired CPU utilization while making sure that all tasks will complete their deadlines at or before their WCET. However, the stability of the system depends on the integrated fault tolerance scheme. With replication and check pointing, system designer have to make trade-offs between the checkpoints assigned to Safety Critical tasks and the degree of replication. Exceeding execution time of the task beyond threshold (700%) system will no longer remain stable. Also introducing fewer checkpoints implies larger re-execution overhead in the presence of faults.

This paper shows the application of control theory (Feedback control technology) to embedded computing systems. CPU utilization model used in this paper has some limitations. Initially, CPU model suffers under-utilization which clearly shows the CPU modelling error. FCS is implemented at the top of RTOS, so it is the responsibility of Operating System to provide scheduling services Application Program Interface (API). Fuzzy Logic based controller is used in this paper, however an adaptive neural network controller may prove more beneficial against tolerating transient faults. Crane control system uses check-pointing with replication as Fault tolerant scheme, this scheme heavily depends on the bandwidth utilization of the network bus. With the increase in the bandwidth latency of the bus network, the SC tasks may miss their deadlines, so Feedback control scheduler takes network stability into account as well.

XII. REFERENCES [1] Sha, L., T. Abdelzaher, K.-E. Årzén, T. Baker, A. Burns, G. Buttazzo,

M. Caccamo, A. Cervin, J. Lehoczky, A. Mok, “Real-time scheduling theory: A historical perspective”, Real-time Systems, Vol.28, pp.101-155, 2004.

[2] C. Lu, J.A. Stankovic, G. Tao, S.H. Son, “Feedback control real-time scheduling: framework, modeling, and algorithms”, Real-time Systems, Vol.23, No.1/2, pp. 85-126, 2002.

[3] J. P. Loyall, “Emerging Trends in Adaptive Middleware and Its Application to Distributed Real-Time Embedded Systems”, Lecture Notes in Computer Science (LNCS), Vol. 2855, pp.20-34, 2003.

[4] K.-E. Årzén and A. Cervin, “Control and Embedded Computing: Survey of Research Directions”, Proc. 16th IFAC World Congress, Prague, Czech Republic, 2005.

[5] Feng Xia, Zhi Wang, and Youxian Sun, “Integrated Computation, Communication and control: Towards Next Revolution in Information Technology”, LNCS, Vol. 3356, pp.117-125, 2004.

[6] K.E. Årzén, B. Bernhardsson, J. Eker, A. Cervin, K. Nilsson, P. Persson, and L. Sha, Integrated control and scheduling. Technical Report ISRN LUTFD2/TFRT7586SE. Lund Institute of Technology, Sweden, 1999.

[7] J. L. Hellerstein, “Challenges in Control Engineering of Computing Systems”, Proc. IEEE ACC, Massachusetts, July 2004, pp.1970-1979.

[8] J. A. Stankovic, C. Lu, S. H. Son, G. Tao, “The Case for Feedback Control Real-Time Scheduling”, Proc. 11th ECRTS, York, UK, pp.11-20, 1999.

[9] Lu. C., J. Stankovic, G. Tao, and S.H. Son, “Design and evaluation of a feedback contol EDF scheduling algorithm”, Proc. 20th IEEE RTSS, pp. 56-67, 1999.

[10] Lu, C., J. Stankovic, T. Abdelzaher, G. Tao, S. Son, M. Marley, “Performance specifications and metrics for adaptive real-time systems”, Proc. 21st IEEE RTSS, pp. 13-23, 2000.

[11] Abeni, L., Palopoli, L., Lipari, G., Walpole, J., “Analysis of a Reservation- Based Feedback Scheduler”, Proc. 23rd IEEE RTSS, Austin, Texas, pp. 71-80, 2002.

[12] T. Cucinotta, L. Palopoli, L. Marzario, G. Lipari, L. Abeni, “Adaptive reservations in a Linux environment”, Proc. 10th IEEE RTAS, Toronto, Canada, pp. 238-245, 2004.

[13] Buttazzo, G., and Abeni, L., “Adaptive workload management through elastic scheduling”, Real-time Systems, Vol. 23, No.1/2, pp. 7-24, 2002.

[14] D. Steere, A. Goel, J. Gruenberg, D. McNamee, C. Pu, and J. Walpole, “A feedback-driven proportion allocator for realrate scheduling”, Proc. 3rd USENIX OSDI, Louisiana, USA, pp. 145-158, Feb. 1999.

[15] S. Lin and G. Manimaran, “Double-loop Feedback-based Scheduling Approach for Distributed Real-Time Systems”, Lecture Notes in Computer Science, Vol. 2913, pp.268-278, 2003.

[16] D. R. Sahoo, S. Swaminathan, R. A1-Omari, M. V. Salapaka, G. Manimaran, A.K. Somani, “Feedback Control for Real-time Scheduling”, Proc. IEEE ACC, 2002.

194

[17] Wei, L., and Yu, H., “Research on a soft real-time scheduling algorithm based on hybrid adaptive control archtecture”, Proc. IEEE ACC, Denver, USA, pp. 4022-4027, 2003.

[18] L. Abeni, L. Palopoli, G. Buttazzo, “On Adaptive Control Techniques in Real-Time Resource Allocation”, Proc. ECRTS, Sweden, 2000.

[19] D. Lawrence, J. Guan, S. Mehta, L. Welch, “Adaptive Scheduling via Feedback Control for Dynamic Real-Time Systems”, Proc. 20th IEEE Int. Performance, Computing, and Communications Conf., Arizona, 2001.

[20] M. Amirijoo, J. Hansson, S. Gunnarsson, and S. H. Son, “Enhancing Feedback Control Scheduling Performance by On-line Quantification and Suppression of Measurement Disturbance”, Proc. 11th IEEE RTAS, California, USA, 2005.

[21] Y. Lu, A. Saxena, and T. F. Abdelzaher, “Differentiated caching services: A control-theoretic approach”, Proc. IEEE ICDCS, Apr. 2001.

[22] L. Sha, X. Liu, Y. Lu, and T. Abdelzaher, “Queueing model based network server performance control”, IEEE RTSS, 2002.

[23] C. Lu, X. Wang, C. Gill, “Feedback Control Real-Time Scheduling in ORB Middleware”, Proc. IEEE RTAS, Washington DC, 2003.

[24] S. Lin, G. Manimaran, B. Steward, “Feedback-based real-time scheduling in autonomous vehicle systems”, Proc. 10th IEEE RTAS, Toronto, Canada, pp.316-323., 2004

[25] Feng Xia, Shanbin Li, and Youxian Sun, “Neural Network Based Feedback Scheduler for Networked Control System with Flexible Workload”, LNCS, Vol. 3611, pp. 237-246., 2005

[26] Zhang, R., Lu, C., Abdelzaher, T., and Stankovic, J.A., “ControlWare: a middleware architecture for feedback contorl of software performance”, Proc. IEEE ICDCS, Vienna, Austria, pp. 301-310, 2002.

[27] Diao, Y., Hellerstein, J.L., Parekh, S., and Bigus, J.P., “Managing web server performance with autotune agents”, IBM Systems Journal, Vol. 42, No. 1, pp. 136-149, 2003

[28] Hellerstein, J.L., Diao, Y., Parekh, S., and Tilbury, D.M., Feedback Control of Computing Systems. New York: Wiley, 2004.

[29] Feng Xia and Youxian Sun, Control Scheduling codesign, A prespective on integrating control and computing, Dynamics of Continuous, Discrete and Impulsive Systems - Series B, vol. 13, no. S1, pp. 1352-1358, 2006.

[30] D. Henriksson, O. Redell, J. El-Khoury, M. Törngren, and K.-E. Årzén, Tools for Real-Time Control Systems Co-Design - A Survey. Technical report ISSN 0280-5316, Lund Institute of Technology, 2005.

[31] Renesas M16C, family for microcontrollers Platform: Http://www.renesas.com/media/products/.../m16c/M16C_Family_Catalog.pdf

[32] D. Smith, K. Simpson, "Safety Critical Systems Handbook - A Straightforward Guide to Functional Safety, IEC 61508 (2010 Edition) and Related Standards" (3rd Edition, ISBN 978-0-08-096781-3, 270 Pages),2010.

[33] M. Punch, "Functional Safety for the Mining Industry – An Integrated Approach Using AS(IEC)61508, AS(IEC)62061 and AS4024.1." (1st Edition, ISBN 978-0-9807660-0-4, in A4 paperback, 150 pages) 2011.

[34] International Electrotechnical Commission, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Sys- tems (IEC 61508), International Electrotechnical Commission, http://www.iec.ch/, Accessed 22 August 2008.

[35] Cervin, A., Eker, J., Bernhardsson, B., Årzén, K.-E., “Feedback- Feedforward Scheduling of Control Tasks”, Real-Time Systems, Vol. 23, No.1, pp. 25-53, 2002.

[36] Feng Xia, Youxian Sun, “Neural Network Based Feedback Scheduling of Multitasking Control Systems”, Lecture Notes in Artificial Intelligence (LNAI), Vol. 3682, pp.193-199, 2005.

[37] Feng Xia, Liping Liu, and Youxian Sun: Flexible Quality-of-Control Management in Embedded Systems Using Fuzzy Feedback Scheduling, LNAI, Vol. 3642, pp. 624-633, 2005.

[38] Feng Xia and Youxian Sun, “An Enhanced Dynamic Voltage Scaling Scheme for Energy-Efficient Embedded Real-Time Control Systems”, Lecture Notes in Computer Science, Proc. ICCSA’06, May. 2006.

[39] D. Henriksson, O. Redell, J. El-Khoury, M. Törngren, and K.-E. Årzén, Tools for Real-Time Control Systems Co-Design - A Survey. Technical report ISSN 0280-5316, Lund Institute of Technology, 2005.

[40] J. P. Hespanha, P. Naghshtabrizi, and Y. Xu, “Survey of recent results in networked control systems,” Proc. of IEEE, vol. 95, no. 1, pp. 138–62, Jan. 2007.

[41] P. Naghshtabrizi, “Delay impulsive systems: A framework for modeling networked control systems,” Ph.D. dissertation, University of California at Santa Barbara, Sep. 2007.

[42] Jianguo Yao and Xue Liu, Mingxuan Yuan, Zonghua Gu, Online Adaptive Utilization Control for Real-Time Embedded Multiprocessor Systems, ACM, 2008.

[43] Payam Naghshtabrizi and Jo˜ao P. Hespanha. Analysis of Distributed Control Systems with Shared Communication and Computation Resources, American Control Conference, 2009.

[44] Daniel Simon, NeCS-INRIA and Alexandre Seuret NeCS-CNRS Peter Hokayem and John Lygeros, Eduardo Camacho, State of the art in control/computing co-design. The Joint Laboratory for Petascale Computing (JLPC). 2010.

[45] Ali Sharif Ahmadian, Mahdieh Hosseingholi, and Alireza Ejlali, A Control-Theoretic Energy Management for Fault-Tolerant Hard Real-Time Systems, Real-Time Systems Symposium (RTSS), 2011.

[46] Oumair Naseer, Atif Ali Khan, Online adaptive fault tolerant based feedback control scheduling algorithm for multiprocessor embedded systems, Internationl journal of embedded systems and application (IJESA), 2012.

[47] Oumair Naseer, Arshad jhumka, Atif Ali Khan, Dependability driven feedback control scheduling for real time embedded systems, The 2012 International Conference on Embedded Systems and Applications (ESA'12). 2012.

195