Professional Documents
Culture Documents
System
Antonio Sgorbissa
Reference Book:
Buttazzo, Giorgio C., Hard Real-time Computing
Systems: Predictable Scheduling Algorithms and
Applications, Springer-Verlag, 2009
Introduction
OR simply IGNORED
Introduction
Drawbacks:
In all the solutions above, efficiency and reliability depend on the skill
of the programmer;
the code is difficult to understand;
the code is hard to maintain;
it is difficult to verify in advance if temporal constraints will be met.
Introduction
Software testing is not sufficient to guarantee that the system
works correctly:
In control application, the execution flow heavily depends on the input
data;
More accurate design techniques are required, possibly including a
statical analysis of the code and mechanisms for explicitly handling
temporal constraints;
The system must be designed to work even when the worst possible
combination of events happen.
Introduction
The main requirement of a real-time system is not speed: living
organisms, unregarding their reaction speed, works in real-time
with respect to their environment;
The main requirement of a real-time system is rather
predictability, i.e., it must be capable of guaranteeing
that temporal constraints (which are consequence of the
environment itseld) are met;
The problem holds whatever the processor speed is: if we have
more processes concurrently executed, we must guarantee that
the temporal requirements of each process are met.
All these mechanisms improve performance «on average», but decrease predictability.
Introduction
DMA (Direct Memory Access) allows the system to transfer
data from the device to the memory. Since only one bus is
available, the DMA steals from the CPU a memory cycle (cycle
stealing). If both the DMA and the CPU make a contemporary
request, the DMA gets the highest priority.
The response time of a task can not be predictable.
Introduction
The Cache works as a “mediator” or a “buffer” between the
CPU and the RAM with the purpose of speeding-up execution.
In fact, it improves average performance, but the response time
of a process requiring some data become less predictable
because it depends on the fact that such data are available or not
in the cache.
In case of a cache fault, the time becomes longer because it is
necessary to access RAM and to copy the data from RAM to
Cache.
Solution 1: What about disabling cache?
Introduction
The interruptions generated by devices can delay control tasks
for an unpredictable amount of time.
In traditional operating systems, every interrupts is associated to
a driver: the details of the underlying hardware are encapsulated
into the driver. While the interrupt handler are executed, other
interruptions are usually disabled.
Solution 1: Disable interrupts, and get input data by polling devices
(polling is not very efficient);
Solution 2: Disable all interrupts but one: a dedicated process reads data
from all devices, and share results with other processes;
Solution 3: Minimize the work done by the driver: the only purpose of
the driver is to activate a process that reads data from devices.
Introduction
Memory paging techniques introduce unpredictability in case of
a page fault: the memory must be copied from the hard disk to
the RAM and vice versa.
Solution 1: It is possible to disable paged memory and use a static
partitioning of physical memory.
Scheduling
A task is a sequence of instructions that, in absence of other
activities, is continuously executed by the processors up to
completion.
A task that is potentially able to execute is said to be active;
The active tasks that are waiting for the availability of the processor
are said to be ready (they are in the ready queue);
A task that is currently using the processor is called in execution.
A task can be blocked since it is waiting for resources (waiting in the
waiting queue)
Scheduling
scheduling
ready execution
preemption
signal wait on
resource resource
blocked
free busy
Scheduling
The set of rules that determine the choice of the task
to be executed among the ready process is called
scheduling algorithm.
A preemptive system allows a task in execution to be
interrupted (preempted) in every instant and moved to
the head of the ready queue, in order to allow for the
execution of a different task.
Scheduling
Given a set of tasks J = {J1,…Jn) a scheduling is an
assignment of tasks to the processor versus time:
In a preemptive scheduling it is possible that a task is executed in
disjoint temporal intervals:
The instant in which the task in execution is preempted is called
context switch (it is necessary to save registers, stack, program
counter, etc.)
Non real-time Scheduling
Batch systems: First Come First Served, Shortest Job First
Time-sharing systems: used in a multi-user environment to
minimize the response time to user’s activity.
Round Robin: the CPU time is divided into equal parts between all
ready tasks.
Shortest Elapsed Time: the CPU privileges interactive tasks with a
small computation time (Linux scheduler adheres to this principle).
Non real-time scheduling
RR algorithm (intrinsically preemptive):
1. RR chooses the task at the head of the ready queue, it enables a timer
that will expire after a time quantum Q, and assigns the CPU to the
selected task.
2. If the tasks ends after the expiration of the timer, RR disables the
timer and executes a new ready task, as described in 1.
3. If the task does not end within the defined time quantum, when the
timer expires the task is moved to the end of the ready queue, and the
CPU is assigned to the task at the end of the queue, as described in 1.
scheduling
ready execution
preemption
signal resource wait on
free blocked resource busy
Non real-time scheduling
SETF algorithm (preemptive)
There are more queues that are internally handled using RR. Each queue
corresponds to a different time quantum.
If there are ready tasks in more than one queue, the queues with a
smaller time quantum are privileged.
The tasks in the i-th queue that do not end within the assigned time
quantum (presumably batch tasks) are moved to queue i+1, characterized
by a longer quantum and – therefore – lower priority.
Ci
Ji
ri si fi di
i
Di
Timing constraints
Tasks can be classified as periodic and aperiodic:
Periodic tasks: an infinite sequence of identical activities, each called an
“instance” of the task;
T is the period of the task: the arrival time rk+1 of the (k+1)-th instance
can be computed by adding T to the arrival time rk of the k-th instance.
T, C and D are assumed to be identical for each instance.
r ik ri k+1
Ji
kTi Ci di (k+1) Ti
Di
Ti
Timing constraints
Aperiodic tasks: an infinite sequence of identical activities, each called
an “instance” of the task;
each instance is characterized by an arrival time r;
T, C and D are assumed to be identical for each instance.
ri
Ji
Ci di
Di
Active tasks
scheduling
ready execution
preemption
signal wait on
resource free resource
blocked busy
Other constraints
Tasks can have precedence constraints:
Precedence relationships are expressed through a Directed Acyclic
Graph;
We say that A must precede B (A<B) if it exists a path on the graph
from A to B;
We say that A is an immediate predecessor of B if it exists an edge
directed from A to B.
Other constraints
Example: recognition through stereo vision:
Two tasks for sensor acquisition acq1 and acq2;
Two tasks for image processing edge1 and edge2;
One task for recognizing two-dimensional shapes 2d;
One task disp for computing stereo disparity;
One task H for determining the height of objects starting from the
disparity;
One task rcn that integrates shape and height and verifies the
correspondence of objects with those that have been stored in a
database.
Other constraints
acq1 acq2
edge1 edge2
disp 2d
rcn
Other constraints
Constraints on resources:
We call resource: a data structure, a memory area, a portion of
code. If it can be used by more than one task is said to be a
shared resource.
Mutually exclusive resources allow access to a single process at
a time.
A mutually exclusive portion of code is also called a critical
section: the synchronization is handled through semaphores,
i.e., using the wait and signal primitives.
Real-time scheduling
Given a set of n tasks J = {J1,..,Jn} of which the DAG and
shared resources are known, the real-time scheduling problem
consists in finding a feasible scheduling such that:
All task instances ends within their deadlines;
All precedence constraints are met;
All mutually exclusive resources are correctly accessed.
Static – Dynamic;
Off-line – On Line.
Real-time scheduling
Periodic tasks correspond to the major part of computation
activity:
Signal acquisition;
Filtering;
Sensor data processing;
Planning;
Driving actuators;
...and many other.
The activities above must be executed with a given periodicity
which is given by the application requirements.
Real-time scheduling
Example: controlling an automated vehicle equipped with
ultrasonic sensors for detecting obstacles:
V: vehicle speed;
Sb: breaking distance;
T: ultrasonic sensor sampling period;
D: maximum distance from obstacles detectable by sensors.
To avoid any collision it must hold (in a simplified model)
VT+Sb<D, which poses a constraint on the period T.
Periodic task scheduling
Periodic task scheduling (we release some constraints)
A1: the period is constant in time;
A2: execution time is constant in time;
A3: the relative deadline corresponds to the end of the period;
A4: all tasks are independent (no precedence constraints or shared
resources).
rik request time / arrival time of the k-th Instance of task i.
rik
Ji ri k+1= ri k+ Ti
kTi Ci (k+1) Ti= di
Ti=Di
Periodic task scheduling
For a set of periodic tasks T, we call utilization factor U the
ratio of time used by the CPU to schedule tasks.
Ci/Ti is the ratio of time used by the CPU for the i-th task.
U= Ci/Ti is the utilization factor, the ratio of time used to execute the
whole task set.
U can be increased by making the computation time Ci longer, or by
making periods Ti shorter.
The hyper-period is the least common multiple of all periods: scheduling is
identical for each hyper-period.
Hyper-period
Periodic task scheduling
For a given task set and a given scheduling algorithm, it
Uub an upper bound Uub it is not
may be possible to comput
possible to increase U more than the upper bound;
In the previous case, Uub= Ci/Ti=2/3+1/5=13/15;
The processor is said to be fully utilized by the task set if an
increment (however small) of Ci makes the scheduling
unfeasible;
For a given algorithm, Ulub (lower upper bound) is the
minimum among all the possible utilization factors computed
over all possible task set fully using the processor.
The upper bound Ulub does not depend on the task set but only
on the chosen algorithm.
Periodic task scheduling
General schedulability theorem:
A set of periodic tasks is schedulable with algorithm A if
it holds
U i Ci / Ti U lub ( A)
Jn
Ji
Cn+2Ci
Jn
Ji
Cn+3Ci
Rate Monotonic
Proof of RM optimality (in a simplified case with two tasks).
Let us consider a set of two tasks J1 and J2 with T1 < T2. If we
assign priorities with a different algorithm than RM, we get:
P2 > P1;
the scheduling is feasible if it holds C1+C2 ≤ T1 (Acond).
T1
C1
J1
C2
J2
Rate Monotonic
If, instead, we use RM we must consider two different cases.
Consider the critical instant in which both J1 and J2 are ready:
C1
J1
FT1 T2
J2
T2 - FT1
Case 1) all requests of J1 are completed within the next request of J2,
that is, C1 ≤ T2-FT1, with F = floor(T2/T1);
The scheduling with RM is feasible if (F+1)C1+C2 ≤T2 (RMcond)
Rate Monotonic
The proof of RM optimality works as follows: we analyize the
schedulability conditions for the algorithm A different from RM,
and we check if – under the same conditions – the task set is
schedulable also with RM.
J1
FT1 T2
J2
C1
J1
FT1 T2
J2
Computation of Ulub for RM
The processor is fully utilized when C2 has its maximum allowed value,
which corresponds to the time not used by J1 within T2, that is when it
holds C1(F+1)+C2=T2 which implies C2=T2-C1(F+1)
The corresponding utilization factor turns out to be:
Remember that we want to find the minimum value for U (given that the
processor is fully utilized). The quantity between parentheses in the last
term is negative: and therefore the minimum value for U corresponds to
the maximum for C1, that is C1=T2-T1F.
C1
J1
FT1 T2
J2
Fully utilized!
Computation of Ulub for RM
Case 2) The execution of the last request of J1 within T2 overlaps with the
next request of J2, that is C1 ≥ T2-FT1
C1
J1
FT1 T2
J2
Computation of Ulub for RM
The processor is fully utilized when C2 has its maximum allowed value,
which corresponds to the time not used by J1 within FT1, that is when it
holds FC1+C2=FT1 which implis C2=(T1-C1)F
The corresponding utilization factor turns out to be:
Again, we want to find the minimum value for U given that the processor
is fully utilized. The quantity between parentheses in the last term is
positive, and therefore the minimum value for U corresponds to the
minimum for C1, that is when C1=T2-T1F.
J1
FT1 T2
J2
Computation of Ulub for RM
In case 2), by substituting C1=T2-T1F in the expression of U, we obtain
(the same result could be obtained in case 1)
By defining
A very important result: in real applications it often happens that there are
harmonic relationships among tasks
Computation of Ulub for RM
Schedulability theorems:
U < Ulub
For RM with n tasks it holds,
U lub n 21/ n 1
n 1,U lu b 1
n 2,U lu b 0.83
n 3,U lu b 0.78
n ,U lu b 0.69
Schedulability theorem
A task set is schedulable with EDF if and only if
U i Ci / Ti 1
r ik ri k+1
Ji
kTi Ci di (k+1) Ti
Di
Ti
Deadline Monotonic
We have released the constraint A3:
A1: the period is constant in time;
A2: execution time is constant in time;
A3: the relative deadline is constant for every period;
A4: all tasks are independent (no precedence constraints or shared
resources).
Deadline Monotonic
Every process is assigned a priority that is inversely
proportional to the relative deadline.
The schedulability test could be the same as RM by substituting
T with D.
C / D n2
i i i
1/ n
1
Jk
Fi(k)Tk Di
Ji Ti
Deadline Monotonic
The interference on Ji due to all higher priority tasks can be
computed as:
Jk k
Di Ti
Ji
The real interferences on Ji are Ii(j)=4Cj and Ii(k)=2(Ck);
According to the previous test it holds Ii(j)=Fi(j)Cj + Cj = 4Cj
and Ii(k)=Fi(k)Ck+Ck=3Ck.
Audsley Theorem
In order to define a necessary and sufficient condition it is
required to compute the exact interference. This is in principle
very complex, since it requires to simulate the whole scheduling
of the task set for a hyperperiod.
In 1990 Audsley proposes an algorithm:
tk instant when Ji could end its execution, in absence of interferences due
to higher priority tasks;
Iik interference on Ji due to higher priority tasks in the interval [0, tk]
Audsley Theorem
Ci Ti Di
Example
J1 1 4 3
J2 1 5 4
J3 2 6 5
J4 1 11 10
Consider J4. We initially assume that there is only one instance of every
higher priority task. The first instant t0 in which J4 could end is given by:
i
t0 C j 5
j1
But the real interference in [0 t0) can be computed as I40=5 and therefore,
since it holds I40+C4>t0, J4 cannot really end in t0;
The next time instant in which J4 can end is t1= I40+C4=6, but also in this
case the interference in [0 t1) turns out to be I41 =6 and I41+C4>t1, which
does not allow J4 to end in t1;
J4 can end when I4 n+C4 =tn.
Audsley Theorem
Audsley theorem
A task set J={J1,..,Jn} is schedulable with Deadline Monotonic if and
only if
𝐼𝑖−1
The same theorem provides necessary and sufficient conditions for RM.
Audsley Theorem
Audsley algorithm to guarantee the schedulability of a periodic
task set.
Guarantee(J)
Non-periodic tasks
In a realistic case we must schedule mixed sets composed of
periodic and aperiodic tasks. We assume to use RM for periodic
tasks.
It usually assumed that periodic tasks are hard real-time tasks,
whereas aperiodic tasks can either be hard, soft, or non real-
time.
Concerning hard real-time tasks we want to guarantee schedulability;
Concerning soft and non real-time tasks we want to minimize the
response time.
Non-periodic tasks
Aperiodic (hard real-time) tasks:
If we want to guarantee a priori the schedulability of every possible
instance, the only solution is to define a minimum interarrival time (mit),
i.e., a minimum time that must pass between the arrival time of two
subsequent instances. In this case the task is referred to as sporadic
instead of aperiodic;
Sporadic tasks are then considered as if they were periodic tasks, by
using the mit as the period of the task.
If we want to guarantee the schedulability of a single instance, we must
adopt an online test and – if necessary – to reject the task if it is not
schedulable.
Non-periodic tasks
Background scheduling
Non-periodic tasks
The aperiodic tasks can be scheduled in background (high response time:
possible risk of starvation).
Background scheduling can be adopted either when we use RM or EDF for
periodic tasks:
Aperiodic tasks are scheduled either with (non real-time) FCFS or with
EDF (remember that EDF is optimal also for non-periodic tasks);
Aperiodic tasks do not interfere with higher priority tasks, therefore the
schedulability tests for periodic tasks are not affected by aperiodic tasks;
The system works with two queues, one for real-time periodic tasks, the
other of non-periodic tasks.
High priority
CPU
Low priority (background)
Non-periodic tasks
An online test to verify if a task can be scheduled (sufficient
condition)
To compute the available CPU time it is possible to compute the hyper-
period H of periodic tasks (least common square of periods) and = (1-
U)H (the idle time for each hyper-period
An aperiodic instance with computation time Ci and deadline di can be
guaranteed if
𝐶𝑖
𝑡 + 𝑐𝑒𝑖𝑙 𝐻 ≤ 𝑑𝑖
Φ
t
=0.3
di
H H H H H
𝐶𝑖
𝑡 + 𝑐𝑒𝑖𝑙 𝐻 ≤ 𝑑𝑖
Φ
Non-periodic tasks
Sufficient condition for a set of task ordered with increasing deadline (j<i
if and only if dj<di) scheduled in background with EDF
Si
i 1,..., n it must hold t ceil H di
Si j 1 c j (t )
i
where (1 U )H
i
i 1,..., n it must hold j 1
c j (t) (t, d i )
H H H
n
i 1
Ci / Ti Cs / Ts U lub
If there are m sporadic tasks Jj that require to be guaranteed for all
possible instances, we must consider the worst case and assume that
their periods equal to the minimum interarrival time
i 1 Ci / Ti j 1 C j / Tj Cs / Ts Ulub
n m
Non-periodic tasks
Next we can guarantee a single instance of an aperiodic task Ja with
computational time Ca executed within the Polling Server.
Sufficient condition:
Let Fa=floor (Ca/Cs) the number of complete Server periods that
are necessary to schedule Ja;
In the worst case (i.e., if Ja makes request immediately after the
beginning of the Server period) the execution of Ja starts after Ts
(i.e., at the following period) and terminates after (Fa+1)Ts;
Therefore it must hold, in the worst case
Or
(Fa 2)Ts Da
Non-periodic tasks
In order to have necessary and sufficient conditions, it is
necessary to exactly compute the completion time of the
aperiodic task in the last Server period.
To this purpose, we must assume that the Server has the maximum
priority, and therefore the minimum period Ts ≤ mini(Ti)).
Non-periodic tasks
Fa=floor(Ca/Cs)
Ga=floor(ra/Ts) è is the integer number of Server periods up to ra,
The start time of Ja is (Ga+1)Ts (in the worst case)
CsFa is the Server capacity used by Ja in Fa Server periods
The residual computation time in the last period is Ra=(Ca-FaCs)
The actual completion time of Ja is fa=(Ga+1)Ts + FaTs+Ra
The task can be guaranteed if and only if (necessary and
sufficient conditions)
(Fa Ga 1)Ts Ra d a
Non-periodic tasks
As already discussed, the maximum delay in the execution of the
aperiodic task happens when Ja makes request an instant after the
beginning of the Server period.
Without loosing generality we can imagine that the Server starts
at t=0 and that ra=0+;
In this case the aperiodic task is schedulable if its maximum
delay is lower than its relative deadline Da=da-ra, that is if and
only if
(Fa 1)Ts Ra Da
Notice the difference with the case that the Polling Server HAS
NOT the maximum priority
(Fa 2)Ts Da
Non-periodic tasks
The schedulability test can be extended to a set of aperiodic tasks
ordered with increasing deadline and scheduled with EDF
Suppose that, at time t, a new aperiodic task Jh with deadline dh
makes a request;
the overall computation time Sh required in the interval [t, dh] is
given by the sum of the residual computation times ci(t) of all
aperiodic tasks Ji with deadline di ≤ dh (including Jh itself)
It is necessary to consider the case that the request of Jh arrives
while another aperiodic task is being executed by the Server. In
this case, a part h=cs(t) of Sh can be immediately executed (i.e.,
without waiting for the next period of the server).
Non-periodic tasks
A set of aperiodic tasks is guaranteed at time t if and only if
Non-periodic tasks
The Deferrable Server has a period Ts and a computation time Cs, referred to
as Server Capacity.
At regular intervals, the Server is activated to execute aperiodic tasks.
In absence of pending requets, the residual capacity is preserved (and
then restored to its maximum value at the beginning of the next period).
An aperiodic task which arrives while the server is active will be served
immediately (if the server is not busy with other requests and/or there is
residual capacity left).
It is scheduled as a periodic task with RM (usually with maximum
priority, i.e., minimum period)
Non-periodic tasks
The Deferrable Server violates hypotheses A1,…,A4 of periodic tasks, in
particular, it is no more true that a ready task is immediately executed as
long as there are no tasks with higher priority (since the Deferrable
Server can decide to execute later in its period, if there are no pending
requests at the beginning of the period).
This has an impact on the Ulub computation, that must be updated as
follows:
Real-time communication
Mechanisms for task communication
Access to shared resources (semaphores and mutex)
Sockets
Message queues
Sockets (if they are “stream sockets”) are handled as a FIFO queue. For
“datagram sockets” there is no guarantee on the order of arrival of
packets.
Cons for Real-time
The time requested to read all messages in the queue can vary if the
producer and the consumer do not have the same period.
Pros for Real-Time
Writing and reading can be non-blocking procedures (i.e., they do not
put additional constraint on the schedulability of tasks).
Real-time communication
Message queues
They can be described as a linked list in the kernel address space.
A task can send messages to the queue or receive messages from the
queue.
The mechanism can be of a publish/subscribe type:
Tasks can subscribe to messages of a given type;
Task can publish messages of a given type;
All tasks are guaranteed to receive all the messages of a subscribed type.
A queue is normally handled using a FIFO policy; however, it is possible
to use different policies (getting older messages, or only messages of a
given type).
Cons for Real-time
The time requested to read all messages in the queue can vary if the
producer and the consumer do not have the same period.
Pros for Real-Time
Writing and reading can be non-blocking procedures (i.e., they do not put
additional constraint on the schedulability of tasks).
Access to shared resources
It is necessary to modify the schedulability test;
Binary semaphores for mutual exclusion.
Problem: priority inversion
A high priority task is blocked by a low priority task for an indefinite
time;
If the low priority task enters into the mutual exclusion region the first,
the high priority task is blocked;
The blocking time can become longer because of medium priority tasks
that preempt the low priority task (even if the medium priority tasks do
not access the mutual exclusion region).
In addition, there are well-known problems, such as deadlocks.
Access to shared resources
The blocking time of J1 is unpredictable!
P(S1)
J1
P(S1)
J2
J3
P(S1) V(S1)
Access to shared resources
It can be solved by forbidding preemption inside critical region.
But it is reasonable only in the case of “short” critical regions.
A more sound and efficient solution is to regulate the access to
shared resources through dedicated access protocols..
Access to shared resources
Priority Inheritance protocols
A task is referred to as blocked when it is waiting for the execution
of a lower priority task;
Tasks do not spontaneously suspend themselves before they finish;
Every task has a nominal fixed priority, assigned at the activation
time (i.e., we are using RM or DM)
Tasks with the same priority are served using a FCFS (First Come
First Served) policy;
Task J1, .., Jn are ordered with decreasing nominal priorities;
Critical sections can be nested;
We assume binary semaphores.
Access to shared resources
When a task J1 is blocked at the entrance of a critical region, it
passes its priority to the task J2 that has blocked it. J2 inherits
the highest priority among all tasks that it is blocking.
When leaving the critical region, J2 is restored to its nominal
priority value.
Priority inheritance is transitive: if J3 blocks J2, which blocks J1,
J3 gets the priority of J1.
There are two blocking types: direct and indirect blocking.
Access to shared resources
Direct blocking Prio(J3)=Prio(J1)
P(S1) V(S1)
J1
J2
J3
P(S1) V(S1)
J1
J2
P(S1) P(S2) V(S2) V(S1)
Access to shared resources
Properties of Priority Inheritance (2)
If there are m semaphores that can block J0, than J0 can be blocked – at
maximum – m times.
Since semaphores are binary (mutexes), only one lower task priority task
Ji can be inside a critical sections that block J0.
Once Ji exits from the critical seJction, it cannot block J0 anymore.
i
If there are m busy semaphores, each of them can block J0 only once.
Access to shared resources
Putting (1) and (2) together, we obtain that a task Ji can be blocked (at
maximum) for the duration of bi=min(n,m) critical sections.
To make an estimate of the blocking time Bi in the worst case, we can
choose the bi sections with longest duration.
This values will be used for the schedulability analysis.
Access to shared resources
Example
J1(T1=4,C1=1, z1,1 with d1,1=0.1, z1,2 with d1,2=0.2, z1,3 with d1,3=0.1);
J2(T2=6,C2=2, z2,1 with d2,1=0.2);
J3(T3=8,C3=2, z3,1 with d3,1=0.1, z3,2 with d3,2=0.1).
S1 regulates access to z1,1 and z2,1
S2 regulates access to z1,2 and z3,1
S3 regulates access to z1,3 and z3,2
there are at maximum m=2 semaphores that can block it;
the task can be blocked at maximum for 1 critical sections, B =0.1;
2
Let us consider J2
It can never be blocked! A task can be blocked only by lower priority
tasks, otherwise we say that it is preempted.
It can happen that m<n when there are a number of low priority tasks
which use the same semaphore!
Access to shared resources
Problems:
It does not prevent from deadlock.
Code of J1 Code of J2
P(S1) P(S2)
P(S2) P(S1)
V(S2) V(S1)
V(S1) V(S2)
Access to shared resources
Problems:
It can cause “blocking in cascade” (J1 is blocked for n
critical sections)
J3
P(S1) V(S1)
Z1 Z2
Access to shared resources
Priority Ceiling (solves the problem of deadlocks and blocking in
cascade)
Offline, every semaphore S is assigned a priority ceiling c(S),
corresponding to the highest priority among all tasks that can use
that semaphore.
At time t, let J1 be the task with highest priority among the ready
tasks.
Let S* be the semaphore with the highest priority ceiling among all
semaphore that have been taken by other tasks Ji different from J1,
and let c(S*) be its ceiling.
In order to enter a critical section protected by S, J must have a
1
priority higher than c(S*), otherwise J1 is blocked on S* by the
task that holds S*.
If a task J blocks higher priority tasks, it inherits the highest
i
priorities among the blocked tasks (as in the case of priority
inheritance).
Inheritance is transitive.
Access to shared resources
Example
The task J0 accesses in sequence to the critical sections Z0 and Z1,
protected by S0 and S1.
J1 accesses to Z2, protected by S2
J2 accesses to Z2 and make a nested access to Z1.
C(S0) = C(S1) = priority of J0
C(s2) = priority of J1
Access to shared resources
C(S0) = C(S1) = priorità di J0 P(S0)
C(S2) = priorità di J1 Prio(J2)=
Prio(J0) V(S0) P(S1) V(S1)
J0
P(S2)
Prio(J2)=
Prio(J1) V(S2)
J1
Z2 Z0 Z1
Access to shared resources
Timeline:
t0: J2 executes and enters z2, by taking S2
t1: J1 becomes ready and executes by interrupting J2
t2, J1 tries to enter z2, but is blocked on S2. J2 takes the CPU back
by inheriting the priority of J1 (direct blocking).
t3: J2 enters z1. It can do that, because, no other semaphore is taken
by other tasks.
t4: J0 becomes ready, and it starts executing by interrupting J2.
t5: J0 tries to enter z0. However, it is blocked, since its priority p0 is
not greater than c(S1) = p0. J2 continues to execute with priority p0
(ceiling blocking).
Access to shared resources
t6: J2 exits from z1, it releases S1 and it goes back to the older
priority p1. At this time, J0 wakes up and it interrupts J2 because
p0> c(S2)=p1. J0 executes by entering the critical sections z0 and z1
in sequence.
t7: J0 ends and J2 restarts executing in the critical section Z2 with
priority p1.
t8: J2 exits from z2 and goes back to its nominal priority p2. J1
wakes up and interrupts J2 by accessing z2.
t9: J1 ends. J2 completes its execution.
Access to shared resources
Bi is the maximum blocking time of Ji, that is the longest critical section
belonging to the set *i
If we want to consider shared resources with Priority Inheritance, we must
apply the same formulas, by properly updating the value of Bi as described
in the previous slides.
Real-Time communication
Problem: real-time communication for a set of processors
connected on a communication bus:
A set of tasks Ji is executed on CPUi (also referred to as a “nodei”);
Each task Jik produces messages mik either periodically or aperiodically;
Node4 Node5
Real-Time communication
The CAN (Controller Area Network) is a broadcast digital bus
designed to operate at speeds from 20kb/s to 1Mb/s:
It has become a standard de facto for automotive control;
The CAN protocol works using a collision detection and resolution
scheme
the message to be transmitted among all competing messages at the n
1 11 6 0-64 16 2 7 3
start identifier control data checksum ACK ED IS
Real-Time communication
In the following we distinguish between
Bit slot: a slot for transmitting a bit on the bus, whose temporal length
depends on the length of the bus and the speed of the signal as discussed
before;
Packet slot: a slot for transmitting a whole packet
All nodes having a message to send can content for the channel transmitting
the identifier bits (which include the priority) during the arbitration slots,
one bit for each slot starting from the most significant.
Real-Time communication
Suppose, for example, that collisions among the identifier bits are solved
with a logical AND.
If different messages are written on the bus at the same time, the result
on the bus is the lowest bit written.
Remember that we are assuming that highest priorities correspond to
lower identifiers.
Node 1 0 1
Node 2 0 0
Node 3 0 0
BUS 0 0
Real-Time communication
If a node reads its priority bits on the channel without any change,this means
that it is the winner of the contention and gets the rights to transmit.
If one of its bits appears changed when read from the bus, this means there is
a higher priority contending message and it withdraws.
Node 1 withdraws
Node 1 0 1
Node 2 0 0 1 0 0 1 1 0
Node 3 0 0 1 1
Node 3 withdraws
BUS 0 0 1 0 0 1 1 0
Real-Time communication
Bus scheduling problems arise when periodic tasks with hard
deadlines must communicate over a bus: this creates a periodic
communication with a hard deadline.
The problem has a strong similarity to the processor scheduling
problem
The resource to be scheduled is the BUS;
The tasks are the messages which must be sent, each having a hard
deadline.
Has we have discussed, the natural protocol for this situation is
a slotted contention protocol: each node desiring to transmit will
contend at a certaing priority level.
The problem is to assign the priorities in such a way that all the
individual message deadlines are met.
Real-Time communication
Specifically, nodes produce
periodic messages m={m1... mn}
with mj=(Cj,Tj),
Where Cj is the “transmission time” and Tj is the period
(corresponding to the Relative Deadline in RM)
“transmission time” corresponds to the “computational time” in processor
scheduling
“transmission time” corresponds t a given number of packets, each being
composed of a fixed number of bits
Real-Time communication
There are three important issues that distinguish the bus
scheduling problem from the processor scheduling problem:
Task preemption;
Buffering.
U lu b (n) n 1/ i
2n1
Let G= min Gi
If there is only one period per priority level, then G=1.
In the case that G=1, Ulub always converged to ln2.
Otherwise, it holds
R(G) 1/ 2 G 1
U lub (G) , R(G) ln(2G) 1 G
G 0 G 1/ 2
The upper bound above reduces to the usual result when G=1.
Real-Time communication
The effect of multiple buffering.
Up to now we have investigated scheduling bounds when message packets are
single buffered: we now investigate the effect of multiple buffering.
When B=1, the deadline of the message is the initiation time of the next
messge;
When B=2, the deadline becomes the initiation time of the third message.
Handling time
The most common solution is to have an internal timing reference: the
timer interrupts the activity of the CPU with a given frequency, and it
executes the scheduling algorithm (that chooses a task to be executed);
The smallest time interval recognized by the kernel is referred to as tick
or system quantum (10ms, 1ms, and so on)
If Q is the temporal quantum and n is the number of ticks stored in a
variable, the time from the system initialization is nQ.
Design problems
Another possible solutions is that the scheduling algorithm is executed
only in three cases
When a task terminates its execution (e.g., the scheduling algorithm
is called explicitly by the task itself);
When a task becomes ready for the next period (e.g., the scheduling
algorithm is called upon expiration of a timer, that has been set by
the task itself after the previous execution);
When a task is blocked on resources, or it releases resources.
Design problems
Overhead in case of a periodic timer
We consider here how to handle the internal kernel mechanisms (task
queuing, context switch, updating internal data structures, sending
messages, interrupt serving);
A fundamental factor is the timer interrupt routine, that is executed with
a frequency corresponding to the temporal resolution of the system.
If Q is the temporal quantum and is the computational time of the
associated routine, the overhead can be computed as Ut= /Q , and the
effective utilization factor that is available for tasks is
Ueff Ulub Ut Ulub / Q Ulub Q / Ulub / Q
This poses constraints on the system quantum, which must be higer than
/Ulub otherwise we would have negative values.
Design problems
For example, by considering EDF with =0.1 ms
If Q = 10 ms, Ueff = 0.99
If Q = 1 ms, Ueff = 0.9
If Q = 0.2ms, Ueff = 0.5
The schedulability test becomes (sufficient conditions)
Ci
U
n
i 1
U eff
Ti
Design problems
Ueff(Q) (=0,1ms)
1,20
1,00
0,80
0,60
0,40
0,20
0,00
-0,20
-0,40
Design problems
The system quantum Q must be decided when designing the Operating
System
Small values improve reactivity;
Big values reduce overhead.
An example: up to kernel 2.4.xx, the system quantum of Linux was 10ms
on i386 and 1ms on alpha. This mean that we can have an error of 10ms
when taking scheduling decisions.
When the system call “nanosleep” was requested to suspend a task for
a time longer than 10ms, the CPU chooses another task for execution
(but the accuracy is in the order of tens of milliseconds)
When the system call “nanosleep” was requested to suspend a task for
a time shorter than 10ms, it uses busy waiting (i.e., the CPU does not
choose another task for execution, but the accuracy is in the order of
microseconds).
Design problems
Manual page of nanosleep (Kernel 2.4.xx).
Design problems
With the kernel 2.6.xxx the system quantum is 1ms, but still the accuracy is in the
order of few milliseconds (when nanosleep does not work in busy waiting)
Different research groups are developing alternative systems based on high
precision timers (http://lwn.net/Articles/151793/)
The real-time extensions of Linux (RTLinux, RTAI, etc.) are based on a different
principle.
Design problems
Le commutazioni di contesto espliciti (ad esempio quando un processo si
blocca su un mutex) sono già contati nella durata delle sezioni critiche.
I cambi di contesto dovuti alla preemption possono essere addebitati ai
processi che la causano o a quelli che la subiscono.
Nel primo caso, è molto semplice perché un processo può eseguire
preemption solo una volta nel corso di ogni periodo. Si calcola
Ci i
U tot T
i i