10/29/2019

Critical sections
1 2

global
wait(s) memory buffer wait(s)
write read
critical x = 3; int x; a = x+1;
Problems caused by section y = 5; int y; b = y+2; critical
section
mutual exclusion signal(s) c = x+y;
signal(s)

Using semaphores Using semaphores

 Make critical sections as short as possible. A possibility is to copy global variables into local variables:
task reader() {
int x, y; // these are global shared variables int i; // these are local variables
mutex s; // this is the semaphore to protect them float d, v[DIM];
task reader() { float a, b; // two new local variables
...
int i; // these are local variables
float d, v[DIM]; wait(s); // copy global vars critical
Can we shorten this critical section? a = x; b = y; // to local vars section
... signal(s); length
wait(s); d = sqrt(a*a + b*b); // make computation
d = sqrt(x*x + y*y); for (i=0; i++; i<DIM) { // using local vars
for (i=0; i++; i<DIM) { critical v[i] = i*(a + b);
v[i] = i*(x + y); section if (v[i] < a*b) v[i\] = a + b;
}
if (v[i] < x*y) v[i] = x + y; length wait(s); // copy local vars critical
} x = a; y = b; // to global vars section
signal(s); signal(s); length
... ...
} 3 } 4

Using semaphores How long is blocking time?

 Make critical sections as short as possible.
 Try to avoid nested critical sections.
1 2 P1 > P2

 Avoid making critical sections across loops or conditional
statements.
This code is very UNSAFE, since the
1
signal could never be executed, and 1 CS1
... CS2
wait(s); could be blocked forever! 2
results = x + y;
while (result > 0) {
v[i] = i*(x + y); It seems that the maximum blocking
if (v[i] < x*y) results = results - y;
else signal(s); time for 1 is equal to the length of the
} critical section (CS2) of 2, but …
}
5 6
 10/29/2019

Schedule with no conflicts Conflict on a critical section

priority priority B
1 1

2 2

3 3

7 8

Conflict on a critical section Priority Inversion

priority B A high priority task is blocked by a lower priority

task a for an unbounded interval of time
1

2 Solution
Introduce a concurrency control protocol for
3 accessing critical sections.

9 10

Protocol key aspects Rules for classical semaphores

Access Rule: Decides whether to block and when. The following rules are normally used for classical semaphores:

Access Rule (Decides whether to block and when):

Progress Rule: Decides how to execute inside a critical
section.  Enter a critical section if the resource is free, block if the
resource is locked.
Release Rule: Decides how to order the pending
requests of the blocked tasks. Progress Rule (Decides how to execute in a critical section):
 Execute the critical section with the nominal priority.
Other aspects
Analysis: estimates the worst-case blocking times. Release Rule (Decides how to order pending requests):
Implementation: finds the simplest way to encode the  Wake up the blocked task in FIFO order.
protocol rules.  Wake up the blocked task with the highest priority.
11 12
 10/29/2019

Resource Access Protocols Assumption

 Classical semaphores (No protocol) Critical sections are correctly accessed by tasks:

 Non Preemptive Protocol (NPP) wait(SA)

wait(SA)

 Highest Locker Priority (HLP) wait(SB)

wait(SB)
 Priority Inheritance Protocol (PIP)
signal(SA)

 Priority Ceiling Protocol (PCP) signal(SB)

signal(SB)

 Stack Resource Policy (SRP) signal(SA)

13 14

Non Preemptive Protocol Conflict on a critical section

(using classical semaphores)
Access Rule: A task never blocks at the entrance of a
critical section, but at its activation time. priority B
1
Progress Rule: Disable preemption when executing inside
a critical section.
2
Release Rule: At exit, enable preemption so that the
resource is assigned to the pending task 3
with the highest priority.

15 16

NPP: example NPP: implementation notes

Each task i must be assigned two priorities:
B  a nominal priority Pi (fixed) assigned by the application
priority
developer;
1
 a dynamic priority pi (initialized to Pi) used to schedule the
task and affected by the protocol.
2
Then, the protocol can be implemented by changing the
3 behavior of the wait and signal primitives:

wait(s): pi = max(P1, …, Pn)

signal(s): pi = Pi
17 18
 10/29/2019

NPP: pro & cons NPP: problem 1

Long critical sections delay all high priority tasks:
ADVANTAGES: simplicity and efficiency.
B1 B1 is useless:
 Semaphores queues are not needed, because tasks priority 1 cannot preempt,
never block on a wait(s). although it could!
1
 Each task can block at most on a single critical section.
 It prevents deadlocks and allows stack sharing. B2
 It is transparent to the programmer.
2

PROBLEMS: 3
1. Tasks may block even if they do not use resources.
2. Since tasks are blocked at activation, blocking could be Priority assigned to i
pi = Pmax = max(P1, …, Pn)
unnecessary (pessimistic assumption). inside critical sections:
19 20

NPP: problem 2 Highest Locker Priority

A task could block even if not accessing a critical section:

1 2 1 blocks just in case ... Access Rule: A task never blocks at the entrance of a
critical section, but at its activation time.

test 1 Progress Rule: Inside resource R, a task executes at the

highest priority of the tasks that use R.
CS CS 2
Release Rule: At exit, the dynamic priority of the task is
p2 reset to its nominal priority Pi.
Pmax
P2

21 22

HLP: example HLP: implementation notes

2 is blocked, but  Each task i is assigned a nominal priority Pi and a
priority
1 can preempt dynamic priority pi.
1
B2  Each semaphore S is assigned a resource ceiling C(S):
2
C(S) = max { Pi | i uses S }
3 Then, the protocol can be implemented by changing the
p3 behavior of the wait and signal primitives:

P2 wait(S): pi = C(S)
P3 signal(S): p i = Pi
Priority assigned to i
inside a resource R: pi(R) = max { Pj | j uses R } Note: HLP is also known as Immediate Priority Ceiling (IPC).
23 24
 10/29/2019

HLP: pro & cons Priority Inheritance Protocol

ADVANTAGES: simplicity and efficiency.
 Semaphores queues are not needed, because tasks Access Rule: A task blocks at the entrance of a critical
never block on a wait(s). section if the resource is locked.

 Each task can block at most on a single critical section.

Progress Rule: Inside resource R, a task executes with the
 It prevents deadlocks. highest priority of the tasks blocked on R.
 It allows stack sharing.
Release Rule: At exit, the dynamic priority of the task is
PROBLEMS: reset to its nominal priority Pi.
 Since tasks are blocked at activation, blocking could be
unnecessary (same pessimism as for NPP).
 It is not transparent to programmers (due to ceilings).
25 26

PIP: example PIP: types of blocking

 Direct blocking
priority
direct blocking A task blocks on a locked semaphore
1
 Indirect blocking (Push-through blocking)
push-through blocking
2 A task blocks because a lower priority task inherited
a higher priority.
3 inherits the priority of 1
3
BLOCKING:
P1 a delay caused by lower priority tasks
P3

27 28

PIP: implementation notes Identifying blocking resources

Inside a resource R the dynamic priority pi is set as
Under PIP, a task i can be blocked on a semaphore
pi(R) = max { Ph | h blocked on R } Sk only if:
wait(s): if (s == 0) {
<suspend the calling task exe in the semaphore queue> 1. Sk is directly shared between i and lower priority
<find the task k that is locking the semaphore s> tasks (direct blocking)
pk = Pexe // priority inheritance
<call the scheduler>
} OR
else s = 0;

signal(s): if (there are blocked tasks) { 2. Sk is shared between tasks with priority lower
<awake the highest priority task in the semaphore queue> than i and tasks having priority higher than i
pexe = Pexe
<call the scheduler>
(push-through blocking).
}
else s = 1; 29 30
 10/29/2019

Identifying blocking resources Identifying blocking resources

Lemma 1: A task i can be blocked at most Lemma 2: A task i can be blocked at most
once by a lower priority task. once on a semaphore Sk.

If there are ni tasks with priority lower than i, If there are mi distinct semaphores that can block
then i can be blocked at most at most ni times, a task i, then i can be blocked at most mi times,
independently of the number of critical sections independently of the number of critical sections
that can block i. that can block i.

31 32

Bounding blocking times Example 1

A theorem follows from the previous lemmas: priority
1 A B C D
Theorem: i can be blocked at most for
the duration of i = min(ni,mi)
2 A C

critical sections. 3 B D

ni = number of tasks with priority less than i  1 can be blocked once by 2 (on A2 or C2) and
once by 3 (on B3 or D3)
mi = number of semaphores that can block i
 2 can be blocked once by 3 (on B3 or D3)
(either directly or indirectly).
 3 cannot be blocked
33 34

Example 1 Identifying blocking times

To derive a general analysis, we define the following notation:
Example in which 2 is blocked on B3 by push-through
Zik longest (external) critical section used by i protected by
priority semaphore Sk.

1 A B C D
ik worst-case duration of Zik
i set of the longest critical sections used by i for each
P1
semaphore Sk: i = { Zik | Sk used by i }
2 A C
ij set of critical sections used by j that can block i

3 B D
i set of critical sections that can block i
i maximum number of critical sections that can block i
Bi worst-case blocking time for i
35 36
 10/29/2019

Identifying blocking times For the other protocols

C.S. of j that can block i
for direct blocking:
 ijdir   i   j  ijNPP  {Z jk | ( Z jk   j ) AND ( Pj  Pi )}
i 1
C.S. of j that can block i
 ijpt   { h   j }  ijHLP  {Z jk | ( Z jk   j ) AND ( Pj  Pi ) AND (C ( S k )  Pi )}
for push-through blocking:
h 1
i
C.S. of j that can block i  ijPIP   { h   j }
h 1
i
 ij   dir
ij  pt
ij   { h   j }
h 1
n

n
C.S. that can block i  i    ij
j i 1
C.S. that can block i  i    ij
j i 1
37 38

Identifying blocking time Bi Example 2

Consider the following application:
1. Identify the set ij for all lower priority tasks
2. Identify the set i A 2 D

3. Compute i IN 1 B 4 OUT

4. Compute Bi as the highest sum of the i durations C 3 E

ik of Zik  i priority
Ci Ti
1 A B C (Ri)
NOTE: 3 4 5 1 15 60
2 A A B D 2 30 100
The i critical sections selected from i 3 20 150
3 6 11 5
 must belong to different tasks (for Lemma 1); 3 4 40 200
C E
 must refer to different semaphores (for Lemma 2); 10 8
4 B D E
39 40
12 14 10

Example 2 Identification of 1
1 A B C Ci Ti A B C D E
3 4 5
B1 1 15 60 3 4 5  
2 A A B D From the task code 2 30 100 6 11  5 
3 6 11 5 we can derive the
3 C E following table: 3 20 150   10  8
10 8 4 40 200  12  14 10
4 B D E
12 14 10
1 = {A2, B2, C3, B4}
Ci Ti A B C D E
1 15 60 3 4 5    1 can only experience direct blocking because it is
2 30 100 6 11  5  the highest priority task.
3 20 150   10  8
4 40 200  12  14 10
41 42
 10/29/2019

Identification of 2 Identification of 3
Ci Ti A B C D E Ci Ti A B C D E
1 15 60 3 4 5   1 15 60 3 4 5  
B2 2 30 100 6 11  5  2 30 100 6 11  5 
3 20 150   10  8 B3 3 20 150   10  8
4 40 200  12  14 10 4 40 200  12  14 10

1 = {A2, B2, C3, B4} 1 = {A2, B2, C3, B4}

2 = {C3, B4, D4} 2 = {C3, B4, D4}
 2 can be blocked directly by B4 and D4, and  3 can be blocked 3 = {B4, D4, E4}
indirectly by C3 and B4. directly by E4 and
indirectly by B4 and D4
43 44

Identification of 4 Identification of i
Ci Ti A B C D E Ci Ti A B C D E i ni mi i
1 15 60 3 4 5   1 15 60 3 4 5   {A2, B2, C3, B4} 3 3 3
2 30 100 6 11  5  2 30 100 6 11  5  {C3, B4, D4} 2 3 2
3 20 150   10  8 3 20 150   10  8 {B4, D4, E4} 1 3 1
B4 4 40 200  12  14 10 4 40 200  12  14 10 {} 0 0 0

1 = {A2, B2, C3, B4} i = min(ni, mi)

2 = {C3, B4, D4}
number of tasks with number of semaphores
3 = {B4, D4, E4} that can block i (either
priority less than i
4 = {} directly or indirectly).
45 46

Identification of Bi PIP: pro & cons

Ci Ti A B C D E i i Bi ADVANTAGES:
1 15 60 3 4 5   {A2, B2, C3, B4} 3 28
2  It removes the pessimisms of NPP and HLP (a task is
30 100 6 11  5  {C3, B4, D4} 2 24
blocked only when really needed).
3 20 150   10  8 {B4, D4, E4} 1 14
4 40 200  12  14 10 {} 0 0  It is transparent to the programmer.

NOTES
PROBLEMS:
 For 1, if we select B2, we cannot select B4, because
 More complex to implement (especially to support
each semaphore can block only once (Lemma 2).
nested critical sections).
 For 2, we cannot select B4 and D4, because each task
 It is prone to chained blocking.
can block only once (Lemma 1).
 It does not avoid deadlocks.
47 48
 10/29/2019

PIP: Chained blocking Priority Ceiling Protocol

priority A4 B3 C2 Access Rule: A task can access a resource only if it
A, B, C 1 A B C passes the PCP access test.

C 2 C Progress Rule: Inside resource R, a task executes with the

highest priority of the tasks blocked on R.
B 3 B

Release Rule: At exit, the dynamic priority of the task is

A 4 A reset to its nominal priority Pi.

NOTE: 1 can be blocked at most once NOTE: PCP can be viewed as PIP + access test
for each lower priority task.
49 50

Avoiding chained blocking Resource Ceilings

priority A4 B3 C2 To keep track of resource usage by high-priority tasks,
each resource is assigned a resource ceiling:
1 A B C

2 C
C(sk) = max { Pi | i uses sk }

3 B
Then a task i can enter a critical section only if its
priority is higher than the maximum ceiling of the
4 A locked semaphores:

To avoid multiple blocking of 1 we must prevent 3 and 2 to PCP access test

enter their critical sections (even if they are free), because a
Pi > max { C(sk) : sk locked by tasks  i }
low priority task (4) is holding a resource used by 1.
51 52

PCP: example PCP: properties

A sA C(sA) = P1 Theorem 1
priority B sB C(sB) = P1
Under PCP, a task can block at most on a single
critical section.
1 A B

ceiling blocking
2 B
Theorem 2

PCP prevents chained blocking.

3 A

t1
Theorem 3
t1: 2 is blocked by the PCP, since P2 < C(sA) PCP prevents deadlocks.

53 54
 10/29/2019

Typical deadlock PCP: deadlock avoidance

It can only occur with nested critical sections: It can only occur with nested critical sections:
C(SA) = P1
1 2 P 1 > P2 1 2 P 1 > P2 C(SB) = P1
blocked blocked by PCP
1 1
A B A B
blocked
B A 2 B A 2

55 56

PCP: pro & cons Questions

ADVANTAGES: 1. If a task uses several critical sections, can it be

 It limits blocking to the length of a single critical section.
blocked on the second one?
 It avoids deadlocks when using nested critical sections.
2. Each task has a nominal priority (Pi) and a
dynamic priority (pi  Pi) changed by the protocol
PROBLEMS: to prevent priority inversion. If i blocks because
 It is complex to implement (like PIP).
Pi  max {C(sk) : sk locked by tasks  i}
 It can create unnecessary blocking (it is pessimistic like
HLP). can it be that
 It is not transparent to the programmer: resource pi > max {C(sk) : sk locked by tasks  i} ?
ceilings must be specified in the source code.
57 58

Analysis under shared resources Analysis under RM

1. Select a scheduling algorithm to manage tasks preemption

and a protocol for accessing shared resources. by HP tasks
i
2. Compute the maximum blocking time Bi for
each task. blocking by
LP tasks
3. Perform the guarantee test including the
blocking terms.
Ci  Bi
 
i 1
Ck
i T
k 1

Ti
 i 21 /i  1
k

59 60
 10/29/2019

Hyperbolic Bound Response Time Analysis

preemption i 1
Ri
by HP tasks Ri  Ci  Bi   Ck
i k 1 Tk
blocking by
LP tasks Iterative solution:

iterate while
i 1
 Ck   C  Bi  Ri0  Ci  Bi
i    1  i  1  2 i 1 ( s 1)
Ris  Ri( s 1)
k 1  Tk   Ti  R
Ri( s )  Ci  Bi   i
Ck
k 1 Tk
61 62

Resource Sharing under EDF Stack Resource Policy

The protocols analyzed so far have been originally This protocol satisfies the same PCP properties:
developed for fixed priority scheduling schemes.  it avoids unbounded priority inversion;
However:
 it prevents deadlocks and chained blocking;
 NPP can also be used under EDF
 each task can be blocked at most once.
 PIP has been extended under EDF by Spuri (1997).
In addition:
 PCP has been extended under EDF by Chen-Lin (1990)
 It allows using multi-unit resources;
 In 1990, Baker proposed a new access protocol, called
 it can be used under fixed and dynamic priorities;
Stack Resource Policy (SRP) that works both under fixed
priorities and EDF.  it allows tasks to share the same stack space.

63 64

Stack Resource Policy Preemption level

Each resource Rk is characterized by: i  1/Di
 a maximum number of units Nk  Note that, under EDF, a task i can preempt k only if
i > k (that is, if Di < Dk)
 a current number of available units nk

Each task i is characterized by: RM: pi  1/Ti

 A priority pi (static or dynamic), e.g.: DM: pi  1/Di
 A preemption level: i  1/Di EDF: pi  1/di  No preemption can occur if i  k (that is, if Di  Dk):

 A set of resource requirements:

Rk i(Rk) specifies how many
units of Rk are used by i
65 66
 10/29/2019

Resource ceiling Ceiling property

Each resource Rk is assigned a dynamic ceiling
CR(nk) = max {0, i : n(Rk) < i(Rk)}
equal to the highest preemption level of the tasks
that may block on Rk:
Lemma
CR(nk) = max {0, i : n(Rk) < i(Rk)}
If i > CR(nk) then there exist enough units of R

1. to satisfy the requirements of i

NOTE: CR(nk) increases only when a resource is locked 2. to satisfy the requirements of all tasks that
CR(nk) decreases only when a resource is released can make preemption on i

67 68

Stack Resource Policy Computing Resource Ceilings

Finally, a system ceiling is defined as: NR
1 A(3)
RA 3
s = max { CR(nk) } RB
2 A(1) B(1)
2
3 B(2)
SRP preemption rule
Di i A B
A ready task i can preempt the executing
1 10 3 3 0
task exe if and only if
2 15 2 1 1
pi > pexe and i > s 3 20 1 0 2

69 70

Computing Resource Ceilings SRP: example

1 A(3)
NR CR(3) CR(2) CR(1) CR(0)
NR Di i A B 2 A(1) B(1) RA 3 0 3 3 3
3 RB
RA 3 1 10 3 3 0
B(2) 2 - 0 1 2

RB 2 2 15 2 1 1 1 A

3 20 1 0 2 2 A B

CR(3) CR(2) CR(1) CR(0)

3 B B

RA 1
0 3 3 3 s 2
3
RB - 0 1 2

A task blocks when attempting to preempt

71 72
 10/29/2019

PCP: example SRP: properties

1 A(3) sA C(sA) = P1 Theorem 1
2 A(1) B(1)
3 B(2) sB C(sB) = P2 Under SRP, each task can be blocked at most on a
single critical section.
1 A
Consider the following scenario where 1 blocks on two:
2
P2
A B
1 A B

3 B B B
2 A
P1 p3
P2
P3
3 B B
t*
This is not possible, because 2 could not preempt 3
A task is blocked when accessing a resource because, at time t*, 2 < s
73 74

SRP: properties SRP: properties

Theorem 2 Theorem 3
If i > s then i will never block once started. SRP prevents deadlocks.

Proof
Since s = max{CR(nk)}, then there are enough Proof
resources to satisfy the requirements of i and those From Theorem 2, if a task can never block once
of all tasks that can preempt i . started, then no deadlock can occur.

Question
If a task can never block once started, can we get
rid of the wait / signal primitives?
75 76

SRP: deadlock avoidance Schedulability analysis under EDF

1 > 2 When Di = Ti
1 2 A task set is schedulable if
blocked by SRP
1 i 1
Ck Ci  Bi
A B i T 
Ti
 1
2 k 1 k
B A
s
1 Bi can be computed as under PCP and refers to the
2 length of longest critical section that can block i.

77 78
 10/29/2019

Schedulability analysis under EDF Stack sharing

When Di  Ti Each task normally uses a private stack for
A task set is schedulable if U < 1 and L  D • saving context (register values)
• managing functions
n
L  Tk  Dk
B ( L)  
k 1 Tk
Ck  L • storing local variables

PUSH
where: B(L) = max { jh | (Dj > L) and (Dh  L) } stack pointer

D = { dk | dk  max (Dmax , min(H, L*)) } POP

n
Dmax = max (D1, …, Dn)  (T  D )U
i i i
stack
H = lcm(T1, …, Tn) L*  i 1
1U 79 80

Stack sharing Stack sharing

Why stack cannot be normally shared? Why stack can be shared under SRP?

Suppose tasks share a resource: A

big problems
blocked SP1
SP1 1 SP2
1
SP2
SP2 2
2
stack
stack

81 82

Saving stack memory Comparison

To really save stack size, we should use a block. trans‐ dlock stack impl
Prot prio. pessim. i
small number of preemption levels. instant parent avoid. sharing .
on
NPP any high 1 arrival YES YES YES easy
100 tasks
stack size = 1 Mb on
10 Kb stack per task HLP fixed medium 1 arrival NO YES YES easy
min on
PIP fixed low (ni, mi) access YES NO NO hard
10 preemption levels
stack size = 100 Kb on
PCP fixed low 1 access NO YES NO hard
10 tasks per group
stack saving = 90 % on
SRP any medium 1 arrival NO YES YES easy

83 84