You are on page 1of 15

Top-level specification of scheduling-related requirements Exercise

Specifying Free-RTOS

Deepak DSouza

Department of Computer Science and Automation


Indian Institute of Science, Bangalore.

23 August 2011
Top-level specification of scheduling-related requirements Exercise

Outline

1 Top-level specification of scheduling-related requirements

2 Exercise
Top-level specification of scheduling-related requirements Exercise

Main functionality of RTOS

Implement its stated scheduling policy (fixed priority


pre-emptive scheduling).
Trap SWI interrupts
Find highest priority ready task to run.
Save context of yielding task.
Restore context of new task.
Trap timer IRQ interrupt
Update tickcount,
Check delayed tasks, and move to ready if required,
Switch context if required.
Provide APIs for:
Task creation, deletion, set priority, etc.
Inter-task communication through queues, semaphores, and
mutexes.
Heap memory management (malloc, free).
Top-level specification of scheduling-related requirements Exercise

Separate requirements: Scheduling-related and port-specific

Scheduling-related
Implement its stated scheduling policy (fixed priority
pre-emptive scheduling).
Provide APIs for:
Task creation, deletion, set priority, etc.
Inter-task communication through queues, semaphores, and
mutexes.
Handle timer event correctly
Update tickcount,
Check delayed tasks, and move to ready if required,
Port-specific
Trap SWI and timer interrupts correctly.
Perform context-switching (save and restore) correctly.
Provide correct enterCritical and exitCritical
implementation.
Other requirements
Ensure that APIs use critical sections when they have to.
Top-level specification of scheduling-related requirements Exercise

Verification strategy for scheduling-related functionality

Begin with a top-level specification of RTOS in Z.


Directed rational reconstruction of RTOS: carry out a series
of data refinements, directed towards the actual C
implementation of RTOS.
Along the way
find errors
suggest fixes
Finally obtain a verified version of RTOS, engineered as
originally intended by the developers.
Top-level specification of scheduling-related requirements Exercise

Top-level specification of scheduling-related requirements

Observation: RTOS essentially responds to API calls that come


from the currently running task (and also to tick interrupts).
Proposal: Specify behaviour of RTOS in terms of valid traces of
API calls.
This abstracts away from the application code.
Gives us a notion of behavioural equivalence between
sucessive refinements.
Top-level specification of scheduling-related requirements Exercise

Example: trace-based specification of a stack data structure

Consider events as hop, valuei pairs: Eg. hpush, 10i,


hpop, 20i.
Valid sequences of events:
init, hpush, 10i, hpop, 10i.
init, hpush, 10i, hpush, 20i hpop, 10i.
Invalid sequences of events:
init, hpush, 10i, hpop, 20i.
init, hpush, 10i, hpop, 10i, hpop, 10i.
We could specify the constraints on the valid sequences:
Must begin with init.
Every prefix must have push0 s pop 0 s.
Every pop has a matching push.
Values of pop and its matching push should be equal.
Top-level specification of scheduling-related requirements Exercise

Trace-based specification of RTOS

Consider events as htask, APIcalli pairs: Eg.


hmain, TaskCreate(task1 , 2)i, htask1 , TaskDelay (10)i.
Valid sequence of events:
hmain, TaskCreate(task1 , 2)i, hmain, TaskCreate(task2 , 3)i,
hmain, TaskStartScheduler i, htask2 , TaskDelay (2 )i, tick, tick.
Invalid sequence of events:
hmain, TaskCreate(task1 , 2)i, hmain, TaskCreate(task2 , 3)i,
hmain, TaskStartScheduler i, htask1 , TaskDelay (2 )i.
Top-level specification of scheduling-related requirements Exercise

Exercise: Write out event sequence of the application from


Example-1

Example-1 RTOS application


int main(void){
xTaskCreate(foo, "Task 1", 1000, NULL, 1, NULL);
xTaskCreate(bar, "Task 2", 1000, NULL, 2, NULL);
vTaskStartScheduler();
}

void foo(void* params){


for(;;);
}

void bar(void* params){


vTaskDelay(2);
}
Top-level specification of scheduling-related requirements Exercise

Exercise. Now for Example-2

RTOS application (Example-2)


int main(void){
xTaskCreate(vTask1,"Task1",configMINIMAL_STACK_SIZE,NULL,2,&xTask1Handle);
xTaskCreate(vTask2,"Task2",configMINIMAL_STACK_SIZE,NULL,4,&xTask2Handle);
vTaskStartScheduler();
}

void vTask1(void *pvParameters){


xQueueReceive(xQueue,&lGlobalData,0);
vTaskPrioritySet(NULL,0);
for(;;);
}

void vTask2(void *pvParameters){


long lData = 1;
xQueue = xQueueCreate(2,sizeof(long));
xQueueSendToBack(xQueue,&lData,0);
lData = 2;
xQueueSendToBack(xQueue,&lData,0);
lData = 3;
xQueueSendToBack(xQueue,&lData,1000);
vTaskPrioritySet(NULL,0);
for(;;);
}
Top-level specification of scheduling-related requirements Exercise

Solution for Example-2

Sequence of events generated:


hmain, TaskCreate(task1 , 2)i, hmain, TaskCreate(task2 , 4)i,
hmain, TaskStartScheduler i, htask2 , QueueCreate(Q1 , 3 )i,
htask2 , QueueSendToBack(Q1 , 1 )i,
htask2 , QueueSendToBack(Q1 , 2 )i,
htask2 , QueueSendToBack(Q1 , 2 )ib ,
htask1 , QueueReceive(Q1 , 1 )i,
htask2 , QueueSendToBack(Q1 , 2 )ie ,
htask2 , PrioritySet(task2 , 0 )i, htask1 , PrioritySet(task1 , 0 )i,
tick, tick.
Top-level specification of scheduling-related requirements Exercise

Problem with taskPrioritySet() function in RTOS

Problem found by Sumesh Divakaran while trying to understand


code in detail.
According to RTOS User Guide: When an unblocking event
occurs,
The task that is unblocked will always be the highest
priority task that is waiting for the event. If the
blocked tasks have equal priority, then the task that
has been waiting for the longest period will be
unblocked.
However, if taskPrioritySet is called on a blocked task, its new
priority is not considered while selecting the task to be
unblocked.
Top-level specification of scheduling-related requirements Exercise

Example to illustrate setpriority problem

RTOS application (Example-3)


int main(void){
xTaskCreate(vTask1,"Task1",configMINIMAL_STACK_SIZE,NULL,1,&xTask1Handle);
xTaskCreate(vTask2,"Task2",configMINIMAL_STACK_SIZE,NULL,2,&xTask2Handle);
xTaskCreate(vTask3,"Task3",configMINIMAL_STACK_SIZE,NULL,3,&xTask2Handle);
vTaskStartScheduler();
}

void vTask1(void *pvParameters){


long lData = 10;
xQueueSendToBack(xQueue,&lData,0);
for(;;);
}

void vTask2(void *pvParameters){


long lData = 20;
xQueueSendToBack(xQueue,&lData,0);
for(;;);
}

void vTask3(void *pvParameters){


long lData = 30;
xQueue = xQueueCreate(1,sizeof (long));
xQueueSendToBack(xQueue,&lData,0);
vTaskDelay(2);
vTaskPrioritySet(xTask1Handle,4);
xQueueReceive(xQueue,&lData,0);
vTaskPrioritySet(NULL,0);
for(;;);
}
Top-level specification of scheduling-related requirements Exercise

Sequence of events produced by Sumeshs application

Event sequence produced by test application


main, xTaskCreate(Task1,1)
main, xTaskCreate(Task2,2)
main, xTaskCreate(Task3,3)
Task3, xQueueCreate(xQueue,1)
Task3, xQueueSendToBack(xQueue,30)
Task3, vTaskDelay(2);

Task2, xQueueSendToBack(xQueue,20)_b;
Task1, xQueueSendToBack(xQueue,10)_b;

Task3, vTaskPrioritySet(Task1,4);
Task3, xQueueReceive(xQueue,30);
Task3, vTaskPrioritySet(Task3,0);

Task2, xQueueSendToBack(xQueue,20)_e;
Top-level specification of scheduling-related requirements Exercise

RTOS Abstract Model


TaskStartScheduler
RTOS APIs

running: ready: 0: TaskCreate


TaskDelete
1:
TaskDelay
2:
TaskPrioritySet
TaskYield()
delayed:
QueueCreate
queue1: QueueSendtoFront
QueueSendtoBack
waitingOnq1: QueueReceive
QueuePeek

MAX_SYSCALL_PRIORITY SemaphoreCreateBinary

SemaphoreCreateMutex

taskEnter_CRITICAL
portSWITCH_CONTEXT
Configuration

Hardware Interrupt
timer