Real-time Systems

Chapter 9:
Resource Access Protocol

Ngo Lam Trung

Dept. of Computer Engineering

NLT, SoICT, 2021

Contents
❑ Introduction

❑ The priority inversion phenomenon

❑ Solutions for priority inversion

NLT, SoICT, 2021

Resource constraint
❑ Resource
Any software structure that can be used by the process
to advance its execution
Ex: data structure, variables, main memory area, a file,
a piece of program, a set of registers of a peripheral
device

❑ Many shared resources do not allow

simultaneous access
→ require mutual exclusion

❑ Critical section
A piece of code under mutual exclusion constraints
Tasks entering critical section have to wait until no
other task is holding the resource
NLT, SoICT, 2021
 Waiting state caused by resource constraint

scheduling

activation Termination
READY RUN

preemption

Signal Wait
(free resource) (on busy resource)

WAITING

NLT, SoICT, 2021

 Example of blocking on exclusive resource
❑ Scheduling with preemption

preempts blocked

Higher priority
J1

Lower priority
J2

Locks resource Unlocks resource

normal execution critical section

Problem: the task with higher priority has to wait for the task with lower
priority
NLT, SoICT, 2021
 The priority inversion phenomenon
❑ J3 enters critical section first
❑ J1 is blocked, has to wait until J3 signal the resource
❑ J2 preempts J3 ➔ J1 has to wait for J2

J1 blocked
(priority inversion)
Highest-priority
job J1
unbounded execution time

Middle-priority
job J2

Lowest-priority
job J3
General code Critical section

NLT, SoICT, 2021

Problems
❑ The task with higher priority has to wait for the task with
lower priority
❑ Blocking time is unbounded → the system is not
predictable.
❑ Example of priority inversion: Mars Pathfinder 1997
CPU: RAD6000 20MHz ($200K-$300K)
OS: VxWork
Experienced CPU reset upon touching down on Mars,
debugging on Earth detected priority inversion, fixed by new
firmware upload.

NLT, SoICT, 2021

Problems
❑ Solutions
Non-preemptive Protocol
Highest Locker Priority Protocol
Priority Inheritance Protocol
Priority Ceiling Protocol
Stack Resource Policy

NLT, SoICT, 2021

Terminology & assumptions(1)
❑ Periodic task set  = {1, 2,…,n}
i = (Ci, Ti)
Relative deadline Di = Ti
❑ Resources R1,…,Rm
Each Rk is guarded by semaphore Sk

❑ Ji: a job of i
❑ Pi: nominal priority of i
❑ pi  Pi: active priority of i ( initially set to Pi)
❑ zi,j: j-th critical section of Ji
❑ di,j: duration of zi,j
❑ Si,j: the semaphore guarding zi,j
❑ Ri,j: the resource used in zi,j
❑ Notation zi,j zi,k means zi,j is entirely contained in zi,k.
NLT, SoICT, 2021
Terminology & assumptions (2)
❑ Assumptions
J1,…,Jn are listed in decreasing order of Pi
Jobs don’t suspend themselves.
The critical sections used by any task are properly nested.
zi,j zi,k or zi,k zi,j or zi,j zi,k=0

Critical sections are guarded by binary semaphores.

NLT, SoICT, 2021

The simplest: Non-preemptive Protocol
❑ Block all other tasks whenever a task enters a critical
section
❑ The dynamic priority of the running task is raised to the
highest level

Priority inversion avoided

NLT, SoICT, 2021

The simplest: Non-preemptive Protocol (NPP)
❑ Pros: simple
❑ Cons: unnecessary blocking

Unnecessary blocking

NLT, SoICT, 2021

Blocking time of Non-preemptive Protocol
❑ Given the task Ti, the set of critical sections that can
block Ti
𝛾𝑖 = {𝑍𝑗, 𝑘 | 𝑃𝑗 < 𝑃𝑖, 𝑘 = 1, . . . , 𝑚}
❑ The maximum blocking time is

𝐵𝑖 = max{𝑑𝑗, 𝑘 − 1 | 𝑍𝑗, 𝑘 ∈ 𝛾𝑖}.

➔ Duration of the longest critical section that can block Ti

NLT, SoICT, 2021

Highest Locker Priority Protocol (HLP)
❑ Improves NPP: raising the priority of the task entering a
critical section to the highest priority among the tasks
sharing that resource.
❑ When a task enters resource Rk, its dynamic priority is
raised to

❑ When the task exits the resource, its dynamic priority is

reset to the nominal value Pi
❑ Priority ceiling can be computed offline

NLT, SoICT, 2021

Highest Locker Priority Protocol
❑ Example

NLT, SoICT, 2021

HLP Blocking time
❑ The set of critical instants that can block task Ti
𝛾𝑖 = {𝑍𝑗, 𝑘 |(Pj < Pi) and C(Rk) ≥ Pi}
❑ Hence, maximum blocking time is

❑ Problem: what if critical section is access in only one

branch of a conditional statement?

NLT, SoICT, 2021

Priority Inheritance Protocol
❑ Modify the priority of tasks in critical sections
❑ When a task blocks higher-priority tasks, it
temporarily inherits the highest priority of the
blocked tasks.
Prevents preemption of medium-priority tasks

NLT, SoICT, 2021

Protocol definition
❑ Jobs are scheduled based on their active priorities
❑ When the higher-priority job Jhigh is blocked on a
semaphore because the lower-priority job Jlow is in
execution of its critical section, the active priority phigh
of Jhigh is inherited to that of Jlow.
❑ The rest of the critical section of Jlow is executed with the
active priority phigh.
❑ In case the medium-priority job Jmedium activates, it cannot
preempt the execution of Jlow → Unbounded priority
inversion is avoided.
❑ Priority inheritance is transitive; if a job J3 blocks a job J2,
and J2 blocks a job J1, then J3 inherits the priority of J1
via J2.
NLT, SoICT, 2021
 Example
blocked

Highest-priority
job J1

Middle-priority
job J2
Blocked by
Lowest-priority PIP
job J3
P1
J3’s active
priority p3 P3

The active priority of

J1 is inherited.
Normal execution Critical section
NLT, SoICT, 2021
 Direct blocking & Push-through blocking

Direct blocking
Highest-priority
job J1

Middle-priority
job J2
Push-through
Lowest-priority blocking
job J3
P2
J3’s active
priority p3 P3

Normal
Critical section
execution
NLT, SoICT, 2021
PIP with nested critical sections
❑ When the blocking job Jk exits the critical section, the
blocked job with the highest priority is awakened.
❑ Jk replaces its active priority pk by nominal priority Pk if no
other jobs are blocked by Jk, or by the highest priority of
the tasks blocked by Jk

Transitive
priority
inheritance

NLT, SoICT, 2021

Properties
❑ Push-through blocking to job Ji occurs only if the
semaphore is accessed by a job Jlow with plow<pi and by a
job Jhigh with phigh that can be equal or higher than pi
❑ Transitive priority inheritance can occur only in the
presence of nested critical sections.
❑ If there are n lower-priority jobs that can block a job Ji,
then Ji can be blocked at most the duration of n critical
sections.
❑ If there are m distinct semaphores that can block a job Ji,
then Ji can be blocked for at most the duration of m
critical sections.

NLT, SoICT, 2021

Properties
❑ Under the priority inheritance protocol, a job J can be
blocked for at most the duration of min(n,m) critical
sections.
n is the number of lower-priority jobs that could block J
m is the number of distinct semaphores that can be used to
block J

➔ The maximum blocking time for any task J is bounded

NLT, SoICT, 2021

Remaining problem 1: Chained blocking

➔ J1 can be blocked several times

NLT, SoICT, 2021

Remaining problem (2): Deadlock

➔ Deadlock caused as J2 enters the nested critical session

NLT, SoICT, 2021

Priority Ceiling Protocol
❑ Extends the Priority Inheritance Protocol
❑ Assign each semaphore a ceiling priority, equal to the
priority of the highest-priority task that can lock it.
❑ Provided a critical section contains several semaphores,
a job J can enter the critical section only when its priority
is higher than all priority ceilings of the semaphores
already locked by other jobs.

NLT, SoICT, 2021

Protocol definition (1)
❑ Sk: an arbitrary semaphore
❑ C(Sk): priority ceiling of Sk

This value can be computed offline

❑ Ji: the job with the highest priority in ready queue

❑ Pi: the priority of Ji
❑ S*: semaphore with the highest priority ceiling among all
the semaphores currently locked by jobs other than Ji

NLT, SoICT, 2021

Protocol definition (2)
❑ When Ji is about to enter a critical section guarded by
semaphore Sk,
If PiC(S*)
- locking on Sk is denied, &
- Ji is blocked on semaphore S* by the job holding the lock on S*.
If Pi>C(S*)
- Ji locks on Sk and continue execution

❑ When Ji is blocked on a semaphore S,

The job Jk locking on S inherits the priority pi
Generally, a task inherits the highest priority of the jobs blocked
by it.

❑ When Jk exits a critical section & unlocks the semaphore,

If there are blocked jobs, then pk is the highest active priority of
the jobs blocked by Jk
Otherwise, pk is restored to Pk
NLT, SoICT, 2021
Example
❑ Ceiling blocking

NLT, SoICT, 2021

Ceiling blocking
❑ A task is blocked by the protocol because of the priority
ceiling condition
❑ Necessary to avoid chained blocking and deadlock

This will never happen with PCP

NLT, SoICT, 2021

Properties of the protocol (2)
❑ The Priority Ceiling Protocol prevents deadlocks.
❑ Under the Priority Ceiling Protocol, a job Ji can be
blocked for at most the duration of one critical section.

➔Reduce blocking time

➔Avoid unnecessary high-priority tasks blocking
➔Avoid deadlock

NLT, SoICT, 2021

Comparison

SRP (Stack Resource Protocol): for student’s further reading

NLT, SoICT, 2021