EECS 223

Textbook
} Hard Real-Time Computing Systems: Predictable Scheduling
Algorithms and Applications, 2nd ed. or 3rd ed.
} By Giorgio C. Buttazzo
Grading:
} Midterm examination (30%): 2/14/2017, 2-3:20
} Final examination (40%): 3/16/2017, 2-3:20
} Homework or project (30%)
Office Hour
} M 3-5, EH 4205
Web Site: https://eee.uci.edu/17w/18630/index.html
Topics to Be Covered
} Intro to Real-time Systems
} Periodic Task Scheduling: RM, EDF, DM
} Aperiodic Task Scheduling
} Fixed-Priority Servers: Background, Polling, Deferrable, Sporadic
} Dynamic Priority Servers: Dynamic Sporadic, TBS, CBS
} Resource Access Protocols
} Priority Inversion
} Priority Inheritance, Priority Ceiling, Stack Resource Policy
} RTOS, Garbage Collection, Middleware
} Sensors and Actuators, Cyber-Physical Systems, IoT
 Introduction to
Real-Time Computer Systems
Lecture 1
What is a Real-Time System?
} The correctness of the system depends not only on the
logical result of the computation, but also on the time at
which the results are produced
} In other words, a computation must satisfy two aspects of
correctness: functional and temporal.
e.g. a homework must be submitted before the deadline;
a running car must be stopped in time;
} Examples:
} Industrial and automation system, medical instrument and
devices, military defense system, computer networking
system
} Smart Factory, Smart Car, Smart Home
 5

Real-time systems
} A service request (event) is typically associated with a real-
time computing constraint, or simply a timing constraint.
} Critical event has hard timing constraint, where the
consequence of a missed deadline is fatal (unacceptable)
} Non-critical event has soft timing constraint, where the
consequence of a missed deadline is undesirable but tolerable
} Real-time systems are those that can provide guaranteed
worst-case response times to critical events, as well as
acceptable average-case response times to noncritical events.
 6
Soft Real-Time Systems
Soft timing constraints are typically expressed in probabilistic
or statistical terms
 Hard Real-Time Systems
Hard timing constraints are typically expressed in
deterministic terms
 8

Related: Embedded systems

} An embedded system is an electronic system that is
designed to perform a dedicated function.
oftentimes embedded within a larger system

} Consumer electronics
} Industrial robots
} Command and control systems
} Medical equipment
} Automotive systems
Spectrum of Real-Time Systems
A real-time system is called a real-time embedded
system if it is designed to be embedded within some
larger system.
Issues on Earlier Real-Time Systems
} Many control applications with stringent time constraints were
implemented in special language, programming timers, writing
low-level drivers for device handling, and manipulating task and
interrupt priorities.
} Such real-time system may work well for a period of time, but
it could collapse in certain rare, but possible, situations.
} The consequences of a failure can sometimes be catastrophic
and may injure people or cause serious damages E.g.
} Space shuttle delay due to 1.5% probability transient overload;
} Patriot missiles miscalculation due to delay accumulation of 0.34 sec (or
687m, after 100 hours of operations)
http://sydney.edu.au/engineering/it/~alum/patriot_bug.html
http://autarkaw.wordpress.com/2008/06/02/round-off-errors-and-the-
patriot-missile/
Issues on Low-Level Programming
} Tedious programming. The implementation of large and complex
applications in assembly language is much more difficult than high-level
programming. Moreover, the efficiency of the code strongly depends on the
programmer's ability.
} Difficult code understanding. Clever hand-coding introduces additional
complexity and makes a program more difficult to comprehend.
} Difficult software maintainability. As the complexity of the program
increases, the modification of large assembly programs becomes difficult
even for the original programmer.
} Difficult verification of time constraints. Without the support of
specific tools and methodologies for code and schedulability analysis, the
verification of time constraints becomes practically impossible.
Limits of Current Real-time Systems (1)
} Multitasking has system calls for process
management (such as create, activate, terminate, delay,
suspend, and resume).
} Many of these primitives do not take time into account
and, even worse, introduce unbounded delays on tasks'
execution time that may cause hard tasks to miss their
deadlines in an unpredictable way.
Limits of Current Real-time Systems (2)
} Priority-based scheduling. When application tasks
have explicit time requirements, mapping timing
constraints into a set of priorities may not be simple,
especially in dynamic environments.
} One major problem comes from the fact that these
kernels have a limited number of priority levels
(typically 128 or 256), whereas task deadlines can vary
in a much wider range.
Limits of Current Real-time Systems (3)
} Support of an internal real-time clock. This is an
essential feature for any kernel that handles time-
critical activities that interact with the environment.
} Nevertheless, in most commercial kernels this is the
only mechanism for time management.
} In many cases, there are no primitives for explicitly
specifying timing constraints (such as deadlines) on
tasks, and there is no mechanism for automatic
activation of periodic tasks.
Limits of Current Real-time Systems (4)
} Mechanisms for process communication and
synchronization. Binary semaphores are used to
synchronize tasks and achieve mutual exclusion.
} However, if no access protocols are used to enter
critical sections, classical semaphores can cause a
number of undesirable phenomena, such as priority
inversion, chained blocking, and deadlock, which again
introduce unbounded delays on real-time activities.
Limits of Current Real-time Systems (5)
} Small kernel and fast context switch. This feature
reduces system overhead, thus improving the average
response time of the task set.
} However, a small average response time on the task set
does not provide any guarantee on the individual task
deadlines.
} On the other hand, a small kernel implies limited
functionality, which affects the predictability of the
system.
 17

Case Study: Radar System

Case Study: Radar System

18 X. Fan: Real-Time
Embedded Systems
Execution Time
} Execution time is not constant
} Load on the system
} Interrupts and exception handling
} Processor speed
} OS/middleware overheads
} Architecture: Cache, Pipeline, etc
} Execution time has a distribution
} We assume there is a maximum execution time
Worst-Case Task Execution Time
Task Timing Diagrams
Desirable Properties
1. Timeliness. Results have to be correct not only in their
value but also in time.
2. Design for peak load. Real-time systems must not collapse
when they are subject to peak-load conditions.
3. Predictability. To guarantee a minimum level of
performance, the system must be able to predict the
consequences of any scheduling decision.
4. Fault tolerance. Single hardware and software failures
should not cause the system to crash.
5. Maintainability. Possible system modifications are easy to
perform.
Real-time Tasks Models
} The term task is a design-time concept. Each task represents a unit of
concurrency.
} A task with real-time constraints is called a real-time task.
} A task can be executed multiple times. Each individual run to completion of
a task is called a job of that task.
} Periodic tasks: a periodic task can be executed repeatedly on a continuing
basis. The inter-arrival times between consecutive jobs are almost the same,
which is called its period.
} Sporadic tasks: a sporadic task is executed in response to external events
which occur at random instants of time. The inter-arrival times between
consecutive jobs may vary widely, and can be arbitrarily small (bursty
occurrence). Sporadic tasks have hard deadlines.
} Aperiodic tasks: an aperiodic task is also executed in response to external
events which may occur at random instants of time. The inter-arrival times
of aperiodic jobs may follow some probability distribution function.
Aperiodic tasks have either soft or no deadlines.
Model: Sampling Rate Decides Period
} Sampling rate
} An application specification (e.g. 30 frames/sec, 6000 RPM)
} Period
} How often a function is executed
} Relative deadline
} The deadline with respect to when the function is ready for
execution.
Periodic Job Scheduling
} Periodic Task Model
} parameters are known a priori
ready time deadline start finish preempt resume

period worst-case execution time

(or computation time)

n Predictability vs. Schedulability

n high predictability and flexibility

n easy-to-check schedulability condition

A timing diagram showing the design of
task schedule

27
Periodic Task vs. Job
} A periodic task is a stream of jobs (execution time,
period)
} T1= (3,10) = {J11 J12 J13 }
} The time each job is eligible for execution is:
} (0,10] (10,20] (20,30]
Periodic Tasks and Jobs
Deadline
} If a tasks period is 30 ms, and the relative
deadline is 10 ms, then the absolute deadlines are
10 ms, 40 ms, 70 ms

} The relative deadline cannot be less than the

computation, or execution time
} The deadline determines the response of the
system
Criticality
} A hard deadline must be completed, or a serious
consequence will follow
} Airplane instruments computing altitude
} Air-bags in cars
} A soft deadline may be missed
} How long are you willing to wait for someone for an appointment?
Value
} Most systems are a step function of value, with 1
for meeting the deadline and 0 for failure.

} Value of the success for a hard deadline is 0 or 1

Value (cont.)
} A soft deadline can have a range of values.
} Completing before the deadline may not be advantageous.
Study of Scheduling Algorithms
} Many process scheduling algorithms can be used by
an OS kernel
} FCFS, RR, EDF, Priority Driven
} A kernel runs a variety of applications, and the
performance of the scheduling algorithm depends on
the application
} Benchmark, Simulation
} Analysis- Queuing theory gives averages, but cant
guarantee a deadline
} Validation- find the worst-case response time
Optimality
} Validation is a test that returns true or false
} Optimality
} Create a set of tasks, and see which algorithm returns the
most number of trues
} If G1 passes S1={Si} and G2 passes S2={Si}, then G2 is
better that G1 if S2 S1.
Algorithm Classification (I)
} Preemptive. With preemptive algorithms, the running task
can be interrupted at any time to assign the processor to
another active task, according to a predefined scheduling policy.
} Non-preemptive.With non-preemptive algorithms, a task,
once started, is executed by the processor until completion. In
this case, all scheduling decisions are taken as a task terminates
its execution.
Preemptive Execution
} Preemptive execution: a job execution can be
preempted by other jobs
} The CPU is usually preemptive
} A resource such as a printer usually is not.
} Phase: the first time a task becomes ready
} Phase = 3:
Non-Preemptive Scheduling
} Non-preemptive scheduling is risky
} Like checkout lines in a supermarket, you may wait for a long
time if you dont know how long the person in front of you will
take
} J12 = (arrival=2, deadline=4, computation time = 1)
} J21 = (arrival=1.5, deadline=7, computation time=3)
Algorithm Classification (II)
} Static. Static algorithms are those in which scheduling
decisions arc based on fixed parameters, assigned to tasks
before their activation.
} Dynamic. Dynamic algorithms are those in which scheduling
decisions are based on dynamic parameters that may change
during system execution.
Algorithm Classification (III)
} Online.We say that a scheduling algorithm is used online if
scheduling decisions are taken at runtime every time a new
task enters the system or when a running task terminates.
} Offline.We say that a scheduling algorithm is used offline; if
it is executed on the entire task set before actual task
activation. The schedule generated in this way is stored in a
table and later executed by a dispatcher.
Algorithm Classification (IV)
} Optimal. An algorithm is said to be optimal if it minimizes
some cost function defined over the task set. When no cost
function is defined and the only concern is to achieve a feasible
schedule, then an algorithm is said to be optimal if it always
finds a feasible schedule whenever one exists
} Heuristic. An algorithm is said to be heuristic if it searches
for a feasible schedule using an objective function (heuristic
function). Heuristic algorithm do not guarantee to find the
optimal schedule, even if there exists one
Algorithm Classification (V):
1 Processor vs. Multiprocessor
} Migration: if a job is waiting for a resource and goes
back to the queue, when it comes time to run the job
again, it can go to any processor.
} Parallel execution: can parts of the job be executed
simultaneously?
} Typically, allow migration but not parallel execution
Worst-Case Response Time

The worst-case response time of a task is the maximum value

among the response times of all its jobs.
The worst case response time is different from worst case
execution time, which is calculated when the job is running
alone.
WCRT must be smaller than the relative deadline.
Round Robin Scheduler
} Given a set of tasks (jobs), all jobs are entered in a queue
} Jobs are executed for a fixed quantum then returned to the
queue
} Some jobs may be given more than one quantum (weighted
round robin)
} It guarantees fairness, not response time
} Admission control can be used to bound the response time
Cyclic Scheduling
} Cyclic scheduling is an approach to scheduling periodic
tasks according to a static schedule table pre-computed
off-line. The schedule table specifies exactly when each
job of a periodic
} When there is no periodic job ready, the processor can
take the time to execute aperiodic jobs.
Cyclic Scheduling
} Given a set of tasks (jobs), produce the schedule table
offline or before execution.
} Exhaustive search may be used to find optimal schedules
offline
} Online table construction is possible
} During run time, the schedule table is followed to
start and stop jobs
} The table length is the major cycle, which is divided into
frames
} Job executions are guaranteed
} Systems may be left idle if jobs finish earlier
Frame-based scheduling: an example
Scheduling Aperiodic Jobs
 EECS 223
Real-Time Computer Systems

Lecture 3
CPU Scheduling
A single scheduling algorithm is used to schedule all
tasks.

Important Properties:
A single task queue.
Tasks may enter the queue at
any time.
Scheduler makes decision
when and who to use the
next CPU cycle
Clock Driven (Cyclic Executive)
} Given a set of tasks (jobs), produce the schedule table
offline or before execution.
} Exhaustive search may be used to find optimal schedules
offline
} Online table construction is possible
} During run time, the schedule table is followed to
start and stop jobs
} The table length is the major cycle, which is divided into
frames
} Job executions are guaranteed
} Systems may be left idle if jobs finish earlier
Queue Driven (Round Robin)
} Given a set of tasks (jobs), all jobs are entered in a queue
} Jobs are executed for a fixed quantum then returned to the
queue
} Some jobs may be given more than one quantum (weighted
round robin)
} It guarantees fairness, not response time
} Admission control can be used to bound the response time
Least Slack Time First (LST)
} LST = (Di Ci)t where Di is the relative deadline
} For each time-slice, compute the new slack time for each
task in the queue: ((Di t) Ci)t
} Slack of the task being executed is a constant. Slack for
the rest of the tasks decreases
Least Slack Time First (LST) cont.
} If 2 jobs have the same slack, (2,4), (2,4), at t =1, the
second task will preempt, and a racing condition will
begin.
} LST needs a time-slice to avoid system overhead
} LST cannot handle overloads
} If there are three jobs each with (2,4)
Aperiodic EDF

See the schedule when t = 2, 3, 6:

 EDF Optimality
} Given a set of tasks G = {T1}, Before
if G can meet all deadlines,
EDF can meet all deadlines
as well
} Dont consider context
switch time or system
overload, with infinite
priority labels. After
} Issues:
} Overloads
Priority Driven for Periodic Tasks: EDF & RM
} Preemptive Earliest Deadline First: we compare the
deadlines at run time
} Deadline of a job makes its priority
} The earlier the deadline, the higher the priority
} EDF has dynamic priorities
} Preemptive Rate Monotonic: we compare the periods at
run time
} Priority rate of a task = 1/period
} (1,3) > (2, 5) > (4, 20)
} RM has static priorities
The Optimality of Rate Monotonic
} RM is optimal among all fixed priority schedules
} If Algorithm G produces feasible S with period T1<T2 but priority
P2 > P1 ,
} RM will produce a feasible S
 RM Optimality Idea
} RM is optimal in systems with fixed priorities
} Suppose we have a schedule where:
T1 < T2 , but 2 is scheduled first, the opposite of RM
} This implies that C1 + C2 T1. But because T1 is less that T2,
C1 + C2 T2
} suppose T1 and T2 start at the same time

} If you can finish both in a shorter period, you can finish in the longer
} Need to show RM can schedule both 1 and 2
} Before T2 , RM need to schedule 2 and many 1
Moving the Phase of Tasks
But Ti and Tn may not start at the same time:
Rate Monotonic
} Critical instant
} Corollary 1: The highest load for a low priority job is when
all higher priority jobs arrive at the same time (phase=0).

} Corollary 2: Every low priority task, with phase=0, if its first

job can meet the deadline, then all its other jobs will as well.
} The most critical factor is the ceiling function in the following
formula

T2
C2 + C1
T1
Utilization of Periodic Task
} The utilization of a periodic task is defined as Ui = Ci /Ti
} Ci is the execution time, Ti is the period
} A task with 1/4 uses 0.25 system time
} A system with 4 tasks of Ui = 0.25 has a total utilization of 1
} No system can meet all tasks deadlines if the total
utilization is >1
Rate Monotonic Schedulability

} Can Rate Monotonic guarantee a schedule if the total

utilization is 1?
} See the following example
} Let 1 = 1.51 / 3, 2 = 2 / 5, total utilization is 0.903
} 1 has a higher priority than 2
 Rate Monotonic Schedulability (I)
Calculate the total execution time (C) for all jobs before a
deadline
} How much time is needed by
1) Itself Ci
2) All higher priority jobs Ci-1, Ci-2,

T2
C2 + C1
T1
RM Lower Bound Proof
} Assume we have two tasks, where T1 < T2.
} The total time we need to execute the tasks is
T2
c2 + c1 T2
T1
} Two possible cases depending c1 value in the last
period: T2 T2
c1 T2 T1 c1 T2 T1
T1 T1
RM Lower Bound Proof (Case 1)
T2
} Case 1: c1 T2 T1
T1
T2
} This implies c2 T2 c1
T1
} Calculating utilization U as C2/T2 + C1/T1 and substitution
yields
RM Lower Bound Proof (Case 1)

} U is C2/T2 + C1/T1, i.e.

1 T2 c1 1 1 T2
T2 c1 + = 1 + c1
T 2 T T
1 1
T T T
1 2 1

1 1 T2
} Note that is negative, so
T1 T2 T1

utilization U decreases as c1 increases

RM Lower Bound Proof (Case 2)

T2
} Case 2: c1 T2 T1
T1
} Now, utilization U = C2/T2 + C1/T1 is

T 2 T 1 c1 c1 T 1 T 2 1 1 T2
+ = + c1
T 1 T2 T2 T1 T2 T 1 T1 T2 T1

} Utilization increases as c1 increases

RM Lower Boundary Proof (Case 1+2)
} Conclusion: Boundary condition occurs at
T2
c1 = T2 T1
T1
T2
Let F = , C1 = T2 FT1 and C2 = F(T1 C1)
T1

C1
RM Bound for 2 Jobs
Value of U as a function of G
G U
G = T2 / T1 F
0
0.1 0.918182
0.2 0.866667 0.405 0.828487544
0.3 0.838462 0.41 0.828439716
0.4 0.828571 0.415 0.828427562
0.5 0.833333 0.42 0.828450704
0.425 0.828508772
0.6 0.85
0.43 0.828601399
0.7 0.876471
0.435 0.828728223
0.8 0.911111
0.44 0.828888889
0.9 0.952632
0.445 0.829083045
1 1
RM Theorem
Liu, C. L. and Layland, J., "Scheduling algorithms for multiprogramming
in a hard real-time environment", Journal of the ACM, 20(1): 46
61(1973)
} If n is the number of tasks, RM can find a feasible
1
schedule if ui n 2 n 1

} n=2, the value is 0.828427

1
lim n 2 1 = ln 2
} As n approaches infinity, n n


} ln 2 69.3%
RM Theorem
But
1

} If n is the number of tasks, and ui n 2 1 is not
n

satisfied, can RM can find a feasible schedule?
} The answer is maybe

} If the periods are always multiples, then RM can always

meet the deadline as long as the total utilization 1
} And most real-time systems using RM can meet all
deadlines with a total utilization of 80%.
Rate Monotonic Schedulability
} So, how about let us check the schedulability of the
lowest priority task?
T2
c2 + c1 T2
T1
} Question: Can we just check the lowest priority for the
first period?
} We know 3/7, 6/11, cant be scheduled.
} But 3/7, 6/11, and 1/77, the total execution for the lowest
priority:
} 1+3*11 + 6*7 = 76
} The answer is we need to check the schedulability of
every task.
RM Schedulability Condition
} Q: If ui ?, then RM can find a feasible schedule.
} 1/4, 2/5 requires ci = 4, so RM can schedule and meet the
deadline of 5.
} 2/4, 2/5 requires ci = 6 by time 5 which is after the
deadline, right?
System Schedulability for RM
} Let a system be 1.2/3, 3.6/7.
} The total time needed by t=7 is 3(1.2) + 3.6 = 7.2,
so we think it cant meet its deadline, but:

} But J21 completes on-time

Hyperbolic Bound
} For years, people have been fascinated by the RM bound
and try to improve it.
} Hyperbolic bound was found in 2001
Hyperbolic Bound vs LL Bound
Exact Time Analysis
} Calculate response (finish) times of all jobs in the 1st
period
} Start from the lowest priority (although its not necessary)
} Jn1 implies all jobs J11 J21 Jn-11 must finish
} t0 = en + e1 + e2 + + en-1
} But some other jobs may arrive again before t0
} So we need to add more jobs before Jn1 can finish
} This is done repeatedly
Exact Time Analysis

1
n 1
t0
t = en + i ei
i =1 P

n 1 1
2 t
t = en + i ei
i =1 P

}
} Repeat until tk = tk-1, then check to see if tk Pn
Example
} 1.2/3, 3.6/7
} t 0 = 1.2 + 3.6 = 4.8
} task 2 can never finish before 4.8
} 1 4.8 2 6
t = 3.6 + 1.2 = 6 t = 3.6 + 1.2 = 6
3 3
} t1 = t2, so the actual response time for J21 is 6.
} 6 7, so it is schedulable
Execution Times Implications

} In a system with two jobs, let 3P1 be slightly less than P2

} e1 + e1 = e1
} In order for the second job to meet its deadline, P2 = e2 + 3e1
+ 2e1
} Making e1 larger makes e2 drop 3 times as fast
RM Schedulability Checks
} Liu and Layland Bound: 0.69 or n(21/n 1)

} Hyperbolic bound: i(ui + 1) 2

T2
} Total execution time required: e2 + e1
T1
} Exact time analysis: Fixed point calculation
EDF Schedulability Bound
} An EDF schedule S has a job misses its deadline at t if
and only if ui > 1
} Suppose we have many different tasks
} Dont need to worry about tasks with ready times after Ti
and deadlines after Ti, since in EDF they wont compete for
CPU time.
EDF Proof

} How much execution time is needed, total for Ti ?

t i
ei
Pi
} For the rest of the tasks?
t j
ej P
j
EDF Proof

} If the deadline is missed at t,

t i t j
ei + e j > t i
Pi Pj

} Take away for convenience, and the floor function

t i t j
ei + e j
Pi P
j
n
tei t ei
+ ej t = t u i ui > 1
Pi Pj i =1 Pi
Testing if a system is schedulable
} Distinguish between a sufficient and a necessary
condition. Which is more restrictive?
sufficient necessary
EDF 1 1
RM 0.69 ?
1
} n 2 n 1 is pessimistic


Comparisons Between RM and EDF
} The main advantage of the fixed priority
approach is that it is simpler to implement.
} If the ready queue is implemented as a multi-level
queue with P priority levels (where P is the number of
different priorities), both task insertion and extraction
can be achieved in O(1).
} In a deadline driven scheduler, the best solution for
the ready queue is to implement it as a heap (i.e., a
balanced binary tree), where task management
requires an O(log n) complexity.
Schedulability Between RM and EDF
} In terms of schedulability analysis, an exact guarantee
test for RM requires a pseudopolynomial complexity,
even in the simple case of independent tasks with
relative deadlines equal to periods
} It can be performed in O(n) for EDF.
} In the general case in which deadlines can be less than
or equal to periods, the schedulability analysis becomes
pseudo-polynomial for both algorithms.
} Under fixed-priority assignments, the feasibility of the task set can
be tested using the response time analysis, whereas under
dynamic priority assignments it can be tested using the processor
demand criterion.
Processor Utilization of RM and EDF
} As for the processor utilization, EDF is able to exploit the
full processor bandwidth, whereas the RM algorithm can
only guarantee feasibility for task sets with utilization less
than 69%, in the worst case.
} In the average case, a statistical study performed by
Lehoczky, Sha, and Ding [LSD89] showed that for task
sets with randomly generated parameters the RM
algorithm is able to feasibly schedule task sets with a
processor utilization up to about 88%.
} However, this is only a statistical result and cannot be
taken as an absolute bound for performing a precise
guarantee test.
Another: Deadline Monotonic (DM)
} The Deadline Monotonic (DM) priority assignment
weakens the "period equals deadline" constraint.
} This algorithm was first proposed in 1982 by Leung and
Whitehead [LW82] as an extension of Rate Monotonic
where tasks can have a relative deadline less than their
period.
} According to the DM algorithm, each task is assigned a
static priority inversely proportional to its relative
deadline. As RM, DM is preemptive.
} Thus, at any instant, the task with the shortest relative
deadline is executed. Since relative deadlines are
constant, DM is a static priority assignment.
Processor Utilization of DM
} The Deadline-Monotonic priority assignment is optimal,
meaning that if any static priority scheduling algorithm
can schedule a set of tasks with deadlines unequal to
their periods, then DM will also schedule that task set.
} The feasibility of a set of tasks with deadlines unequal to
their periods could be guaranteed using the Rate-
Monotonic schedulability test, by reducing tasks' periods
to relative deadlines
Conclusion about RM, EDF and DM
} Fixed Priority vs Dynamic Priority
} Pessimistic vs Exact Analysis
} Simple vs Complex Analysis
} Implementation Simplicity
} Runtime Overheads
EDF in Multiprocessor System
} What is the maximum utilization for two processors using
EDF? ui 2?
} Let the set of jobs be (2/4, 2/4, 9/10)
EDF in Multiprocessor (cont.)
} In general, let T1 = 2/4, T2 = 2/4, T3 = (10-)/10, s.t.
lim u = 1
0
} If there are 3 processors, add another T4 = 2/4
} If there are 4 processors, add another T4 = 2/4
}
} EDF cannot guarantee a schedule if ui > 1
Global Scheduling
A single scheduling algorithm is used that schedules
all tasks.

Important Differences:
A single task queue.
Tasks may migrate among the
processors.
Multiprocessor Scheduling: Partitioning
Partition tasks so that each task always runs on the same
processor.

Steps:
1. Assign tasks to processors.
2. Schedule tasks on each
processor using uniprocessor
algorithms.
Early Results on Partitioning
} (Take early to mean pre-1990 or so.)
} The problem of assigning tasks to processors is
equivalent to bin packing.
} Processors are bins of size 1.0.
} Each task to be packed has a size equal to its utilization.
} Either demand- or utilization-based tests can be used to
determine if a task fits on a processor.
Early Results on Partitioning
} Bin packing is NP-hard in the strong sense.
} Implications:
} Optimal partitioning, even in pseudo-polynomial time, is not possible.
} As a result, heuristics are usually used instead.
} Dhall and Liu [1978] showed, with rate-monotonic per-
processor scheduling:
} Number of required processors using the next-fit heuristic, is 2.4 to
2.67 times optimal.
} Using first-fit, its between 2.0 and 2.23 times optimal.
} Not really useful for obtaining a schedulability test.
Partitioning Approaches
A Basic Limitation

Theorem: No partitioned-based scheduling

algorithm can successfully schedule all task systems
with U() B on M processors, where B > (M+1).

Proof:
!!
Consider the task system
consisting of M + 1 tasks
(1 + , 2) with 0. 1 2 M
 Early Results on Global Scheduling
Dhall Effect [1978]: For any M 2, there exist task
sets with utilization 1.0 that global EDF and RM
cannot schedule.

Consider M tasks with exec. time 2 and period 1.0,

and one task with exec. time 1.0 and period 1 + ,
where 0.
2
Main Problem: 1
Have both very light and heavy tasks. 2
..
.
M !!
0 1 1+
 Introduction to
Real-Time Computer Systems
Sporadic Servers
Sporadic and Aperiodic

} A periodic task arrives in fixed time interval

} An aperiodic job is not periodic
} An aperiodic job has no deadline, but we often want to
minimize the response time
} What is sporadic?
} A sporadic job has a well-defined maximum workload
} Can be off-line guaranteed for successful execution
} Has a defined (exec. time, minimum inter-arrival time)
Scheduling Scheme

} Want to reject the sporadic job before we start

execution if it cannot be serviced.
Background Scheduling Algorithm
} When the processor is free and there are no real-
time jobs to schedule, then schedule an aperiodic
job using FCFS
} The major advantage of background scheduling is its
simplicity
} However, we may not minimize the response time
Aperiodic Scheduling Idea

} periodic
} aperiodic
} If we have 1 periodic job, 1/4
} If we make the periodic job wait, the response time is 1.
} Since periodic is pass/fail, there is no benefit to running it first
} Should schedule aperidoic first to let it finish earlier
} But we cant let aperiodic jobs run first all the time, or we may miss a
deadline
Polling Server Algorithm
} The average response time of aperiodic tasks can be
improved with respect to background scheduling through
the use of a server, I.e., set up a periodic task whose
purpose is to serve aperiodic requests as early as
possible.
} Like any periodic task, a server is characterized by a
period Ts and a computation time Cs, called server
capacity.
} In general, the server is scheduled with the same
algorithm used for periodic tasks and, once active,
serves aperiodic requests within the limit of its server
capacity.
Aperiodic Polling Server
} In every period, you allow aperiodic jobs time to execute.
At runtime, poll the queued server
Polling Server Replenishment
} If no aperiodic requests are pending, PS suspends
itself until the beginning of its next period, and the
time originally allocated for aperiodic service is not
preserved but is used by periodic tasks
} Note that if an aperiodic request arrives just after
the server has suspended, it must wait until the
beginning of the next polling period, when the server
capacity is replenished at its full value.
} Schedulability condition:
ui + us Schedulability-bound(n+1)
Polling Server Algorithm
Aperiodic Jobs Response Time using
PS
} After an aperiodic jobs arrival (needs Ca) :
1. It has to wait for next server period
2. It can use only the fixed capacity of each period Ca/Cs
3. It may need to wait until the end of the last period to
finish
4. Total delay is (1+ Ca/Cs )Ts
 Deferrable Server
} Deferrable Server
preserves its capacity in
every period if no
aperiodic job uses it
immediately
} At end of period, the
capacity is replenished
to the full
High Priority Deferrable Server
Example on DS Issue
} DS may compete with lower priority jobs unfairly, causing
them to miss deadlines.
} For example, DS = (2, 4), Periodic Task = (2, 5)
} Aperiodic job arrival (with C = 2), [0, 2, 10, 12, 16]
} Periodic task would miss deadline at t = 15.

[Try to show the schedule yourself]

Priority Exchange
} One way to avoid the DS problem is to lower the
priority of the aperiodic server capacity
} The capacity can be used if it doesnt affect other lower
priority jobs
} But which priority should we place the unused capacity?
} The capacity should be degraded to a lower priority,
if no aperiodic requests are pending
} Let the person behind you go first if you are not ready at
the supermarket checkout
} The exchange continues until the end of the period
Priority Exchange Examples
} The least upper bound of the processor utilization factor
in the presence of PE is calculated by assuming that PE
is the highest-priority task in the system.
Sporadic Server Overview
} Background Server gives aperiodic jobs the lowest priority
and response time.
} Sporadic Server assigns higher priorities to sporadic jobs
} A sporadic server is a special server process which has a queue
and a fixed execution periodic budget: e.g. Tk (2,7)
} If we always have aperiodic jobs waiting to be executed, its just
like a periodic job
Sporadic Server: Motivation
} If we dont have an aperiodic job to execute, we can
either
} Idle (discard the budget): wasted
} Keep utilization, or density, but lower its priority (priority
exchange): complex
} Keep the budget: need to avoid overflow
} Dont join the ready queue until you get an aperiodic job
Sporadic Server

} A server can maintain the max utilization (density)

} Ex: Out of every 7 time units, SS can use at most 2
} Budget Replenishment: How much should be replenished?
} If we start execution at 6, then get a new job at 7, cant execute both
jobs, or the density will be too high in the interval (6,13)
} Sporadic server (ps, es) does not demand more
processor time than a periodic task with the same
parameters in any time interval.
Sporadic Server
Sporadic Server

} Need to determine when to replenish the budget,

and by how much
Sporadic Server
} Definitions
Sporadic Server:
Replenishment Rule
Sporadic Server Example
} Periodic Tasks = (1,5) (4, 15) SS = (5, 10)
POSIX standard
} The Sporadic Server scheme is too complicated for most
OS to implement.
} There is an easier way, which POSIX standard employs.
} POSIX has a real-time profile P1003.4 that is to support
real-time applications.
} Dont expect people to implement a sporadic server due to
complexity
} PSS POSIX Sporadic Server
} Defines a service period / budget
} Every priority level has a ready queue
POSIX Sporadic Server Implementation
} A sporadic server assigns a limited amount of CPU
capacity to handle events, has a replenishment period, a
budget, and two priorities
} The server runs at a high priority when it has some
budget left and a low one when its budget is exhausted
} When a server runs at the high priority, the amount of
execution time it consumes is subtracted from its budget
} The amount of budget consumed is replenished at the
time the server was activated plus the replenishment
period
} When its budget reaches zero, the server's priority is set
to the low value
POSIX standard

} Every time an aperiodic job is added to the queue, if

there is non-zero budget, the job records the time as
the current activation time
} Not the same as tA if the system runs at a higher priority
before the job comes
} The job will be executed if it becomes the highest
priority
} When the job is removed from the queue (finished or
budget used up) the replenishment time is set to the
current activation time + Ps
 Replenishment Policy

replenishment

replenishment period

initial
budget

time

activation time
(work available for server)

28
 Bandwidth Preservation

replenishment

replenishment period

initial
budget

time

activation time
(work available for server)

29
Slack Stealing Aperiodic Scheduling
} Compute the slack when an aperiodic job arrives, and
decide which to do next.
} slack is the amount of free time in the system.
} If an aperiodic job is important and we want to give it a
better priority
 Slack Stealing Example
} If no aperiodic
requests are pending,
periodic tasks are
normally scheduled by
RM.

} Slack Stealer steals all

the available slack
from periodic tasks
and uses it to execute
aperiodic requests as
soon as possible.
Comparison of Fixed-Priority Servers
EDF + Aperiodic Jobs
} Under the EDF system, we want to be able to
execute aperiodic jobs
} Suppose we have three periodic tasks, 1.1/3, 1/4, 2/18,
and an aperiodic server of 2/7
} If an AP job arrives at 4.8, can we make its deadline?
} Can we schedule it using RM?
Weighted Round Robin

} EDF has some similarities to Round Robin

} In regular Round Robin:

1 1 1 1 1 1 1 1 1 1 1

1 2 3 4 5 6 7 8 9 1 2

} In a Weighted Round Robin:

1 1 2 2 2 3 4 4 5 6

} Everyone has a different weight, but we still rotate

through everyone wi
} Your share of the system is ui =
wi
GPS Generalized Processor Sharing
} Everyone has the same period, and individual jobs have
different timeslots
} S = ui
u i

} Let J1=3, J2=5, J3=6, J4=2

2/ 16 3 / 16 5 / 16 6/ 16
WFQ Weighted Fair Queuing
} Each channel of a 10 Mbps cable is given a different rate
} The finish time for each channel will be different.
} 6/16 channel will finish first

30/16 MBps 10k packet

50/16 MBps 10k packet

10 MBps
60/16 MBps 10k packet
20/16 MBps 10k packet
WFQ
} Packets are still sent in an EDF fashion.
} Finish times for each channel are 1/rate:
} 5.3, 10., 15.9 1
} 3.2, 6.4, 9.6, 12.8 2
} 2.6, 5.2, 7.8, 10.4 3
} 8, 16, 24, 32 4

3 2 3 1 2 3 4 2 3 1
WFQ
} The sequence yields a density queue
} Now, instead of keeping track of the period, we define the
share and deadline.
} A similar idea applies to the Total Bandwidth Server
Total Bandwidth Server
} Utilization Us,
} Initially, es = 0, d = 0
} If an aperiodic job arrives with e at t
} Assign job with d = max (t, d) + e/us and cs = e
} If aperiodic jobs have different execution times, their
deadlines will be different
} An aperiodic jobs of (1,7) that arrives at 4.8 has until 11.8 to
complete
} An aperiodic jobs of (2,7) that arrives at 4.8 has until 18.8 to
complete
Total Bandwidth Server Example
qTwo periodic tasks (3,6), (2,8).
q Up = 0.5 + 0.25 = 0.75
qTBS with utilization Us = 1 - Up = 0.25.
qThe first aperiodic (e1=1) arrives at t = 3
q deadline d1 = r1 + e1/Us = 3 + 1/0.25 = 7.
qThe second (e2=2) arrives at time t = 9
q deadline d2 = r2 + e2/Us = 17
Issues with TBS
} The server will grant all budget as requested
} If an aperiodic job asks for more time, its deadline will
be farther off and the job will be less responsive
} Or if a job uses more time than it thinks it needs, other
jobs will be delayed and may miss deadline
} So, a job needs to know how much time it needs
} If a job doesnt ask for enough time, it wont complete
} Too much, and the job isnt as responsive
Constant Bandwidth Server
} Constant Bandwidth Server (CBS) tries to correct
this problem.
} Idea: you shouldnt be penalized for wanting more
execution time
} In RM and EDF, priority is based on period.
} Want a fixed priority and EDF, with a fixed share
Constant Bandwidth Server
} We still want to preserve the utilization percentage
of periodic and sporadic tasks
} If (Qs, Ps) is the budget and period of the sporadic job for
the server, respectively, then Qs / Ps gives the utilization
} Every time you get the same budget, Qs
} If e > Qs, go back to waiting until you have more budget
Constant Bandwidth Server
} server S is defined by us = Qs / Ps
} Initially, ds=0, cs=0
} Ji arrives at t to S
} If server S is busy, Ji is placed on Ss queue (FIFO)
} If server S is free
} if cs (ds - t)us, then ds= t +Ps , cs = Qs
} else use ds, cs as is
Constant Bandwidth Server
} cs is decreased by the amount used by any aperiodic
job
} Wherever cs=0 and there is a job waiting/unfinished,
} Set cs = Qs, ds = ds + Ps
} Budget is replenished and deadline is updated
CBS Example

4 3
 Introduction to
Real-Time Computer Systems
Lecture 8
Sharing Resources

} Many real-time tasks

must access resources
(data, devices, files, etc.)
that are shared among
them.
} The resources are locked
for integrity before usage.
} Low priority job may lock
it first.
Mars Rover Priority Inversion
} Priority Inversion on Mars
http://research.microsoft.com/en-
us/um/people/mbj/mars_pathfinder/
http://research.microsoft.com/en-
us/um/people/mbj/mars_pathfinder/Authoritative_Accoun
t.html
} YouTube
http://www.youtube.com/watch?v=lyx7kARrGeM
} Detailed Technical Description
http://retis.sssup.it/~marko/2009/mars_explorer.pdf
Priority Inversion, 1st case
} Assumption: Whoever locks a file for performing a
write, no one else should be able to access the file.
} Suppose J1 and J2 modify the same file.
} J1 has a higher priority than J2.
} J1 will be delayed by J2 , between t1 and t2
Priority Inversion, 2nd case
} J1must wait for J3 to release the lock before it can
continue.
} Normally, J1 is taking out of system contention. If the system
then finds the next highest priority job and its not J3
Priority Inversion, Problem Model
} Assumptions
} We know what resources will be used by each job
} Each resource has only one copy
} We dont know exactly when resources are locked
} There is a maximum length of time that resources are locked
} Problem
} Given a set of real-time jobs with all above parameters, can
they be scheduled to meet deadline using RM or EDF?
Priority Inversion Solution I: NPP
} Non-Preemptive Protocol: When you lock a resource, you
become the highest priority in the scheduler.
} Similar to the OS Kernel mode.

} Still delays J1, but not as much (no middle priority job can
execute)
} Simple, but causes unnecessary delay
Highest Locker Protocol (HLP)
} A semaphore is given an active priority" when it is
created; the programmer should choose the highest
priority of any thread that may attempt to lock the
semaphore .
} As soon as a thread enters synchronized code, its
(active) priority is raised to the semaphores priority.
} If, through programming error, a thread has a higher base
priority than the ceiling of the semaphore it is attempting
to enter, then an exception is thrown.
Highest Locker Protocol (HLP)
} On leaving the semaphore, the thread has its active
priority reset. In simple cases it will set to the
thread's previous active priority, but under some
circumstances (e.g. a dynamic change to the thread's
base priority while it was in the semaphore) a
different value is possible
} Benefit: A high priority job will not be affected by
those critical sections shared only by low priority
jobs.
Priority Inheritance Protocol (PIP)

} Whenever a job J2 locks a resource,

} Takes note of it but doesnt change priority.
} When another task J1 requests the locked resource, J2
inherits (increases) to J1s priority if J2 was lower.
} J1 goes to the ready queue.
} When J2 has unlocked the resource, it resumes the normal
priority.
Example of PIP
Two Kinds of Blocking
Two Kinds of Blocking
} Direct blocking. It occurs when a high-priority job
tries to acquire a resource already held by a lower-
priority job.
} Direct blocking is necessary to ensure the consistency of
the shared resources .
} Push-through blocking. It occurs when a medium-
priority job is blocked by a lower-priority job that
has inherited a higher priority from a job it directly
blocks.
} Push-through blocking is to avoid unbounded priority
inversion.
Priority Inheritance Blocking Time

} Whenever a high priority job wants a resource

locked by a lower priority job, the lower priority
job gains the priority of the higher priority job as
long as the higher priority job is waiting.
} The high priority job only needs to wait for one
additional blocking time.
} So, we need to know the maximum time any lower
priority job will hold a lock on the resource.
 Blocking Properties
} Lemma 7.1 A semaphore Sk can cause push-through blocking to job Ji, only if Sk is
accessed both by a job with priority lower than Pi and by a job that has or can
inherit a priority equal to or higher than Pi.
} Lemma 7.3 If there are n lower-priority jobs that can block a job Ji, then Ji can be
blocked for at most the duration of n critical sections (one for each of the n lower
priority jobs), regardless of the number of semaphores used by Ji
} A job can block another if it is inside a critical section. Once out, it cant enter another since it
no longer has a high priority.
} Lemma 7.4 If there are m distinct semaphores that can block a job Ji, then Ji can be
blocked for at most the duration of m critical sections, one for each of the m
semaphores.
} A nested critical section uses the outer most duration since it is the longest.
} Theorem 7.1 (Sha-Rajkumar-Lehoczky) Under the Priority Inheritance
Protocol, a job J can be blocked for at most the duration of min(n, m) critical
sections, where n is the number of lower-priority jobs that could block J and m is
the number of distinct semaphores that can be used to block J.
Finding the Blocking Time
} For each semaphore Sk we define a ceiling C(Sk) to be the
priority of the highest priority task that may use it:
Finding the Blocking Time
Calculating Blocking Time
Nested Critical Sections
PIP Problems
} If we allow multiple blockings, we need the Bi for each
resource.
} PIP does not prevent deadlock
Priority Ceiling Protocol
} Fixed priority scheduling
} Uses priority inheritance
} For each resource Si define its priority ceiling (Si) =
max priority of all jobs which may lock Si
} System Priority Ceiling at t, (t )= max (Si) of all
locked resources
PCP Rules
} Suppose J wants to lock a resource R at time t
} If R is held by some other job JL
} J is blocked and JL should inherit the priority of J
} If the resource is free,
} and if Js priority is higher than (t ) , then J can lock the
resource
} If Js priority is not higher than (t ), but if J is holding the
resource Rm with (t )= (Rm), then J still can lock it
} Else, block
PCP Example
PCP
} PCP avoids transitive blocking.
} In the earlier deadlock example, JH will be blocked since the
system priority ceiling will be H when JL locks R1

} Wait for any resource that has a higher priority ceiling than
you
PCP Properties
} Lemma 7.6 If a job Jk is preempted within a critical section Za by a
job Ji that enters a critical section Zb, then, under the Priority Ceiling
Protocol, Jk cannot inherit a priority higher than or equal to that of
job Ji until Ji completes.
} The maximum blocking time Bi of job Ji can be computed as
the duration of the longest critical section among those
belonging to tasks with priority lower than Pi and guarded by a
semaphore with ceiling higher than or equal to Pi .
} If Dj,k denotes the duration of the longest critical section of
task Ti among those guarded by semaphore Sk,
PCP Schedulability
} Using the same example as PIP,
PIP vs PCP
} Priority Ceiling Protocol is more restricted than Priority
Inheritance Protocol

} To lock a resource:
} In PIP Check if a resource is locked
} In PCP Check if job priority is higher than the current
system resource priority to lock a resource.
PIP vs PCP Blocking Time
} PIP blocking time is 1 per resource or job if you do not
allow nesting.
} Nested: If you want a resource (A) with someone who has it
locked, and they lock (B) as well, need to consider everyone
who can lock (B)
} PCP blocking time is 1 (the longest critical section).
PCP Advantages
} PCP is good for static applications where you know
what the system may do.
} But some systems are open on resource accesses.
} If you cannot predict the behavior, you cannot control the
worst case timing.
} Enqueue and Dequeue are log n, everything else n.
(Not so bad)
} PCP does prevent deadlock.
Stack Resource Policy (SRP)
} The Stack Resource Policy (SRP) is a technique proposed by
Baker [Bak91] for accessing shared resources.
} It extends the Priority Ceiling Protocol (PCP) in three
essential points:
1. It allows the use of multi-unit resources.
2. It supports dynamic priority scheduling.
3. It allows the sharing of runtime stack-based resources.
} Different from PCP, but produces the same final schedule.
Stack Resource Policy
} From a scheduling point of view, the essential difference
between the PCP and the SRP is on the time at which a task is
blocked.
} Under the PCP a task is blocked at the time it makes its first
resource request, under SRP a task is blocked at the time it
attempts to preempt. I.e. When a job is ready to start
execution, check before you start.
} This early blocking slightly reduces concurrency but saves
unnecessary context switches, simplifies the implementation of
the protocol, and allows the sharing of runtime stack
resources.
Preemption Level
} Besides a priority Pi, a task Ti is also characterized by a
preemption level i. The preemption level is a static parameter,
assigned to a task at its creation time and associated with all
instances of that task.
} The essential property of preemption levels is that a job Ja can
preempt another job Jb only if a > b.
} If Ja arrives after Jb and Ja has higher priority than Jb, then Ja
must have a higher preemption level than Jb.
} Under EDF scheduling, the condition is satisfied if preemption
levels are ordered inversely with respect to the order of
relative deadlines.
Preemption Level
Resource Ceiling
} The current ceiling of R is defined to be

} where nR denotes the number of units of R that are currently

available and R(J) denotes the maximum requirement of job J
for R
} In other words, if all units of R are available, then CR = 0.
However, if the units of R that are currently available cannot
satisfy the requirement of one or more jobs, then CR is equal to
the highest preemption level of those jobs that could be
blocked on R.
Resource Ceiling
Units of resources: #R1=3, #R2=1, #R3=3
 SRP
} The key idea of the SRP is that, when a job needs a resource that is not
available, it is blocked at the time it attempts to preempt, rather than later.
} Moreover, to prevent multiple priority inversions, a job is not allowed to start
until the resources currently available are sufficient to meet the maximum
requirement of every job that could preempt it.
SRP
} Before a job starts, check if
preemption level > system ceiling
} If yes, start; otherwise block
} During execution, if you want to lock a resource, update
the system ceiling with the resources ceiling.
} Has minimum memory requirements
} If unlock, go back to old Sys_PC
SRP Example
SRP Example
Blocking Time in SRP
} The maximum blocking time that a job can
experience with the SRP is the same as that can be
experienced with the Priority Ceiling Protocol.
Comparison of Protocols
} Highest Locker Protocol has certain desirable properties it
has good worst-case priority inversion control, it handles
nested locks well, and can avoid deadlock in some cases.

} Priority inheritance can occasionally lead to poorer worst-

case behavior when there are nested locks, and does not
avoid deadlocks.
} However, most performance-critical applications and real-
time operating systems minimize their use of nested locks,
and there are other mechanisms to avoid deadlock when
nesting cannot be avoided.
Comparison of Protocols
} Priority inheritance can be implemented so that there is no
penalty when locks are not contended.
} This, in addition to the fact that many extra context
switches are avoided, and medium-priority tasks are not
preempted unnecessarily, leads to excellent average
performance.

} In contrast, Highest Locker Protocol will pay the cost of

changing a threads priority twice regardless of whether there is
contention for the lock or not, resulting in higher overhead
and many unnecessary context switches and blocking in
unrelated tasks.
Comparison of Resource Sharing Protocols
Transparency means whether some existing codes need to be changed.
http://www.rtsj.org/specjavadoc/javax/realtime/MonitorControl.html