Beruflich Dokumente
Kultur Dokumente
Textbook
} Hard Real-Time Computing Systems: Predictable Scheduling
Algorithms and Applications, 2nd ed. or 3rd ed.
} By Giorgio C. Buttazzo
Grading:
} Midterm examination (30%): 2/14/2017, 2-3:20
} Final examination (40%): 3/16/2017, 2-3:20
} Homework or project (30%)
Office Hour
} M 3-5, EH 4205
Web Site: https://eee.uci.edu/17w/18630/index.html
Topics to Be Covered
} Intro to Real-time Systems
} Periodic Task Scheduling: RM, EDF, DM
} Aperiodic Task Scheduling
} Fixed-Priority Servers: Background, Polling, Deferrable, Sporadic
} Dynamic Priority Servers: Dynamic Sporadic, TBS, CBS
} Resource Access Protocols
} Priority Inversion
} Priority Inheritance, Priority Ceiling, Stack Resource Policy
} RTOS, Garbage Collection, Middleware
} Sensors and Actuators, Cyber-Physical Systems, IoT
Introduction to
Real-Time Computer Systems
Lecture 1
What is a Real-Time System?
} The correctness of the system depends not only on the
logical result of the computation, but also on the time at
which the results are produced
} In other words, a computation must satisfy two aspects of
correctness: functional and temporal.
e.g. a homework must be submitted before the deadline;
a running car must be stopped in time;
} Examples:
} Industrial and automation system, medical instrument and
devices, military defense system, computer networking
system
} Smart Factory, Smart Car, Smart Home
5
Real-time systems
} A service request (event) is typically associated with a real-
time computing constraint, or simply a timing constraint.
} Critical event has hard timing constraint, where the
consequence of a missed deadline is fatal (unacceptable)
} Non-critical event has soft timing constraint, where the
consequence of a missed deadline is undesirable but tolerable
} Real-time systems are those that can provide guaranteed
worst-case response times to critical events, as well as
acceptable average-case response times to noncritical events.
6
Soft Real-Time Systems
Soft timing constraints are typically expressed in probabilistic
or statistical terms
Hard Real-Time Systems
Hard timing constraints are typically expressed in
deterministic terms
8
} Consumer electronics
} Industrial robots
} Command and control systems
} Medical equipment
} Automotive systems
Spectrum of Real-Time Systems
A real-time system is called a real-time embedded
system if it is designed to be embedded within some
larger system.
Issues on Earlier Real-Time Systems
} Many control applications with stringent time constraints were
implemented in special language, programming timers, writing
low-level drivers for device handling, and manipulating task and
interrupt priorities.
} Such real-time system may work well for a period of time, but
it could collapse in certain rare, but possible, situations.
} The consequences of a failure can sometimes be catastrophic
and may injure people or cause serious damages E.g.
} Space shuttle delay due to 1.5% probability transient overload;
} Patriot missiles miscalculation due to delay accumulation of 0.34 sec (or
687m, after 100 hours of operations)
http://sydney.edu.au/engineering/it/~alum/patriot_bug.html
http://autarkaw.wordpress.com/2008/06/02/round-off-errors-and-the-
patriot-missile/
Issues on Low-Level Programming
} Tedious programming. The implementation of large and complex
applications in assembly language is much more difficult than high-level
programming. Moreover, the efficiency of the code strongly depends on the
programmer's ability.
} Difficult code understanding. Clever hand-coding introduces additional
complexity and makes a program more difficult to comprehend.
} Difficult software maintainability. As the complexity of the program
increases, the modification of large assembly programs becomes difficult
even for the original programmer.
} Difficult verification of time constraints. Without the support of
specific tools and methodologies for code and schedulability analysis, the
verification of time constraints becomes practically impossible.
Limits of Current Real-time Systems (1)
} Multitasking has system calls for process
management (such as create, activate, terminate, delay,
suspend, and resume).
} Many of these primitives do not take time into account
and, even worse, introduce unbounded delays on tasks'
execution time that may cause hard tasks to miss their
deadlines in an unpredictable way.
Limits of Current Real-time Systems (2)
} Priority-based scheduling. When application tasks
have explicit time requirements, mapping timing
constraints into a set of priorities may not be simple,
especially in dynamic environments.
} One major problem comes from the fact that these
kernels have a limited number of priority levels
(typically 128 or 256), whereas task deadlines can vary
in a much wider range.
Limits of Current Real-time Systems (3)
} Support of an internal real-time clock. This is an
essential feature for any kernel that handles time-
critical activities that interact with the environment.
} Nevertheless, in most commercial kernels this is the
only mechanism for time management.
} In many cases, there are no primitives for explicitly
specifying timing constraints (such as deadlines) on
tasks, and there is no mechanism for automatic
activation of periodic tasks.
Limits of Current Real-time Systems (4)
} Mechanisms for process communication and
synchronization. Binary semaphores are used to
synchronize tasks and achieve mutual exclusion.
} However, if no access protocols are used to enter
critical sections, classical semaphores can cause a
number of undesirable phenomena, such as priority
inversion, chained blocking, and deadlock, which again
introduce unbounded delays on real-time activities.
Limits of Current Real-time Systems (5)
} Small kernel and fast context switch. This feature
reduces system overhead, thus improving the average
response time of the task set.
} However, a small average response time on the task set
does not provide any guarantee on the individual task
deadlines.
} On the other hand, a small kernel implies limited
functionality, which affects the predictability of the
system.
17
18 X. Fan: Real-Time
Embedded Systems
Execution Time
} Execution time is not constant
} Load on the system
} Interrupts and exception handling
} Processor speed
} OS/middleware overheads
} Architecture: Cache, Pipeline, etc
} Execution time has a distribution
} We assume there is a maximum execution time
Worst-Case Task Execution Time
Task Timing Diagrams
Desirable Properties
1. Timeliness. Results have to be correct not only in their
value but also in time.
2. Design for peak load. Real-time systems must not collapse
when they are subject to peak-load conditions.
3. Predictability. To guarantee a minimum level of
performance, the system must be able to predict the
consequences of any scheduling decision.
4. Fault tolerance. Single hardware and software failures
should not cause the system to crash.
5. Maintainability. Possible system modifications are easy to
perform.
Real-time Tasks Models
} The term task is a design-time concept. Each task represents a unit of
concurrency.
} A task with real-time constraints is called a real-time task.
} A task can be executed multiple times. Each individual run to completion of
a task is called a job of that task.
} Periodic tasks: a periodic task can be executed repeatedly on a continuing
basis. The inter-arrival times between consecutive jobs are almost the same,
which is called its period.
} Sporadic tasks: a sporadic task is executed in response to external events
which occur at random instants of time. The inter-arrival times between
consecutive jobs may vary widely, and can be arbitrarily small (bursty
occurrence). Sporadic tasks have hard deadlines.
} Aperiodic tasks: an aperiodic task is also executed in response to external
events which may occur at random instants of time. The inter-arrival times
of aperiodic jobs may follow some probability distribution function.
Aperiodic tasks have either soft or no deadlines.
Model: Sampling Rate Decides Period
} Sampling rate
} An application specification (e.g. 30 frames/sec, 6000 RPM)
} Period
} How often a function is executed
} Relative deadline
} The deadline with respect to when the function is ready for
execution.
Periodic Job Scheduling
} Periodic Task Model
} parameters are known a priori
ready time deadline start finish preempt resume
27
Periodic Task vs. Job
} A periodic task is a stream of jobs (execution time,
period)
} T1= (3,10) = {J11 J12 J13 }
} The time each job is eligible for execution is:
} (0,10] (10,20] (20,30]
Periodic Tasks and Jobs
Deadline
} If a tasks period is 30 ms, and the relative
deadline is 10 ms, then the absolute deadlines are
10 ms, 40 ms, 70 ms
Lecture 3
CPU Scheduling
A single scheduling algorithm is used to schedule all
tasks.
Important Properties:
A single task queue.
Tasks may enter the queue at
any time.
Scheduler makes decision
when and who to use the
next CPU cycle
Clock Driven (Cyclic Executive)
} Given a set of tasks (jobs), produce the schedule table
offline or before execution.
} Exhaustive search may be used to find optimal schedules
offline
} Online table construction is possible
} During run time, the schedule table is followed to
start and stop jobs
} The table length is the major cycle, which is divided into
frames
} Job executions are guaranteed
} Systems may be left idle if jobs finish earlier
Queue Driven (Round Robin)
} Given a set of tasks (jobs), all jobs are entered in a queue
} Jobs are executed for a fixed quantum then returned to the
queue
} Some jobs may be given more than one quantum (weighted
round robin)
} It guarantees fairness, not response time
} Admission control can be used to bound the response time
Least Slack Time First (LST)
} LST = (Di Ci)t where Di is the relative deadline
} For each time-slice, compute the new slack time for each
task in the queue: ((Di t) Ci)t
} Slack of the task being executed is a constant. Slack for
the rest of the tasks decreases
Least Slack Time First (LST) cont.
} If 2 jobs have the same slack, (2,4), (2,4), at t =1, the
second task will preempt, and a racing condition will
begin.
} LST needs a time-slice to avoid system overhead
} LST cannot handle overloads
} If there are three jobs each with (2,4)
Aperiodic EDF
} If you can finish both in a shorter period, you can finish in the longer
} Need to show RM can schedule both 1 and 2
} Before T2 , RM need to schedule 2 and many 1
Moving the Phase of Tasks
But Ti and Tn may not start at the same time:
Rate Monotonic
} Critical instant
} Corollary 1: The highest load for a low priority job is when
all higher priority jobs arrive at the same time (phase=0).
T2
C2 + C1
T1
Utilization of Periodic Task
} The utilization of a periodic task is defined as Ui = Ci /Ti
} Ci is the execution time, Ti is the period
} A task with 1/4 uses 0.25 system time
} A system with 4 tasks of Ui = 0.25 has a total utilization of 1
} No system can meet all tasks deadlines if the total
utilization is >1
Rate Monotonic Schedulability
T2
C2 + C1
T1
RM Lower Bound Proof
} Assume we have two tasks, where T1 < T2.
} The total time we need to execute the tasks is
T2
c2 + c1 T2
T1
} Two possible cases depending c1 value in the last
period: T2 T2
c1 T2 T1 c1 T2 T1
T1 T1
RM Lower Bound Proof (Case 1)
T2
} Case 1: c1 T2 T1
T1
T2
} This implies c2 T2 c1
T1
} Calculating utilization U as C2/T2 + C1/T1 and substitution
yields
RM Lower Bound Proof (Case 1)
1 1 T2
} Note that is negative, so
T1 T2 T1
T2
} Case 2: c1 T2 T1
T1
} Now, utilization U = C2/T2 + C1/T1 is
T 2 T 1 c1 c1 T 1 T 2 1 1 T2
+ = + c1
T 1 T2 T2 T1 T2 T 1 T1 T2 T1
C1
RM Bound for 2 Jobs
Value of U as a function of G
G U
G = T2 / T1 F
0
0.1 0.918182
0.2 0.866667 0.405 0.828487544
0.3 0.838462 0.41 0.828439716
0.4 0.828571 0.415 0.828427562
0.5 0.833333 0.42 0.828450704
0.425 0.828508772
0.6 0.85
0.43 0.828601399
0.7 0.876471
0.435 0.828728223
0.8 0.911111
0.44 0.828888889
0.9 0.952632
0.445 0.829083045
1 1
RM Theorem
Liu, C. L. and Layland, J., "Scheduling algorithms for multiprogramming
in a hard real-time environment", Journal of the ACM, 20(1): 46
61(1973)
} If n is the number of tasks, RM can find a feasible
1
schedule if ui n 2 n 1
1
n 1
t0
t = en + i ei
i =1 P
n 1 1
2 t
t = en + i ei
i =1 P
}
} Repeat until tk = tk-1, then check to see if tk Pn
Example
} 1.2/3, 3.6/7
} t 0 = 1.2 + 3.6 = 4.8
} task 2 can never finish before 4.8
} 1 4.8 2 6
t = 3.6 + 1.2 = 6 t = 3.6 + 1.2 = 6
3 3
} t1 = t2, so the actual response time for J21 is 6.
} 6 7, so it is schedulable
Execution Times Implications
Important Differences:
A single task queue.
Tasks may migrate among the
processors.
Multiprocessor Scheduling: Partitioning
Partition tasks so that each task always runs on the same
processor.
Steps:
1. Assign tasks to processors.
2. Schedule tasks on each
processor using uniprocessor
algorithms.
Early Results on Partitioning
} (Take early to mean pre-1990 or so.)
} The problem of assigning tasks to processors is
equivalent to bin packing.
} Processors are bins of size 1.0.
} Each task to be packed has a size equal to its utilization.
} Either demand- or utilization-based tests can be used to
determine if a task fits on a processor.
Early Results on Partitioning
} Bin packing is NP-hard in the strong sense.
} Implications:
} Optimal partitioning, even in pseudo-polynomial time, is not possible.
} As a result, heuristics are usually used instead.
} Dhall and Liu [1978] showed, with rate-monotonic per-
processor scheduling:
} Number of required processors using the next-fit heuristic, is 2.4 to
2.67 times optimal.
} Using first-fit, its between 2.0 and 2.23 times optimal.
} Not really useful for obtaining a schedulability test.
Partitioning Approaches
A Basic Limitation
Proof:
!!
Consider the task system
consisting of M + 1 tasks
(1 + , 2) with 0. 1 2 M
Early Results on Global Scheduling
Dhall Effect [1978]: For any M 2, there exist task
sets with utilization 1.0 that global EDF and RM
cannot schedule.
} periodic
} aperiodic
} If we have 1 periodic job, 1/4
} If we make the periodic job wait, the response time is 1.
} Since periodic is pass/fail, there is no benefit to running it first
} Should schedule aperidoic first to let it finish earlier
} But we cant let aperiodic jobs run first all the time, or we may miss a
deadline
Polling Server Algorithm
} The average response time of aperiodic tasks can be
improved with respect to background scheduling through
the use of a server, I.e., set up a periodic task whose
purpose is to serve aperiodic requests as early as
possible.
} Like any periodic task, a server is characterized by a
period Ts and a computation time Cs, called server
capacity.
} In general, the server is scheduled with the same
algorithm used for periodic tasks and, once active,
serves aperiodic requests within the limit of its server
capacity.
Aperiodic Polling Server
} In every period, you allow aperiodic jobs time to execute.
At runtime, poll the queued server
Polling Server Replenishment
} If no aperiodic requests are pending, PS suspends
itself until the beginning of its next period, and the
time originally allocated for aperiodic service is not
preserved but is used by periodic tasks
} Note that if an aperiodic request arrives just after
the server has suspended, it must wait until the
beginning of the next polling period, when the server
capacity is replenished at its full value.
} Schedulability condition:
ui + us Schedulability-bound(n+1)
Polling Server Algorithm
Aperiodic Jobs Response Time using
PS
} After an aperiodic jobs arrival (needs Ca) :
1. It has to wait for next server period
2. It can use only the fixed capacity of each period Ca/Cs
3. It may need to wait until the end of the last period to
finish
4. Total delay is (1+ Ca/Cs )Ts
Deferrable Server
} Deferrable Server
preserves its capacity in
every period if no
aperiodic job uses it
immediately
} At end of period, the
capacity is replenished
to the full
High Priority Deferrable Server
Example on DS Issue
} DS may compete with lower priority jobs unfairly, causing
them to miss deadlines.
} For example, DS = (2, 4), Periodic Task = (2, 5)
} Aperiodic job arrival (with C = 2), [0, 2, 10, 12, 16]
} Periodic task would miss deadline at t = 15.
replenishment
replenishment period
initial
budget
time
activation time
(work available for server)
28
Bandwidth Preservation
replenishment
replenishment period
initial
budget
time
activation time
(work available for server)
29
Slack Stealing Aperiodic Scheduling
} Compute the slack when an aperiodic job arrives, and
decide which to do next.
} slack is the amount of free time in the system.
} If an aperiodic job is important and we want to give it a
better priority
Slack Stealing Example
} If no aperiodic
requests are pending,
periodic tasks are
normally scheduled by
RM.
1 1 1 1 1 1 1 1 1 1 1
1 2 3 4 5 6 7 8 9 1 2
2/ 16 3 / 16 5 / 16 6/ 16
WFQ Weighted Fair Queuing
} Each channel of a 10 Mbps cable is given a different rate
} The finish time for each channel will be different.
} 6/16 channel will finish first
3 2 3 1 2 3 4 2 3 1
WFQ
} The sequence yields a density queue
} Now, instead of keeping track of the period, we define the
share and deadline.
} A similar idea applies to the Total Bandwidth Server
Total Bandwidth Server
} Utilization Us,
} Initially, es = 0, d = 0
} If an aperiodic job arrives with e at t
} Assign job with d = max (t, d) + e/us and cs = e
} If aperiodic jobs have different execution times, their
deadlines will be different
} An aperiodic jobs of (1,7) that arrives at 4.8 has until 11.8 to
complete
} An aperiodic jobs of (2,7) that arrives at 4.8 has until 18.8 to
complete
Total Bandwidth Server Example
qTwo periodic tasks (3,6), (2,8).
q Up = 0.5 + 0.25 = 0.75
qTBS with utilization Us = 1 - Up = 0.25.
qThe first aperiodic (e1=1) arrives at t = 3
q deadline d1 = r1 + e1/Us = 3 + 1/0.25 = 7.
qThe second (e2=2) arrives at time t = 9
q deadline d2 = r2 + e2/Us = 17
Issues with TBS
} The server will grant all budget as requested
} If an aperiodic job asks for more time, its deadline will
be farther off and the job will be less responsive
} Or if a job uses more time than it thinks it needs, other
jobs will be delayed and may miss deadline
} So, a job needs to know how much time it needs
} If a job doesnt ask for enough time, it wont complete
} Too much, and the job isnt as responsive
Constant Bandwidth Server
} Constant Bandwidth Server (CBS) tries to correct
this problem.
} Idea: you shouldnt be penalized for wanting more
execution time
} In RM and EDF, priority is based on period.
} Want a fixed priority and EDF, with a fixed share
Constant Bandwidth Server
} We still want to preserve the utilization percentage
of periodic and sporadic tasks
} If (Qs, Ps) is the budget and period of the sporadic job for
the server, respectively, then Qs / Ps gives the utilization
} Every time you get the same budget, Qs
} If e > Qs, go back to waiting until you have more budget
Constant Bandwidth Server
} server S is defined by us = Qs / Ps
} Initially, ds=0, cs=0
} Ji arrives at t to S
} If server S is busy, Ji is placed on Ss queue (FIFO)
} If server S is free
} if cs (ds - t)us, then ds= t +Ps , cs = Qs
} else use ds, cs as is
Constant Bandwidth Server
} cs is decreased by the amount used by any aperiodic
job
} Wherever cs=0 and there is a job waiting/unfinished,
} Set cs = Qs, ds = ds + Ps
} Budget is replenished and deadline is updated
CBS Example
4 3
Introduction to
Real-Time Computer Systems
Lecture 8
Sharing Resources
} Still delays J1, but not as much (no middle priority job can
execute)
} Simple, but causes unnecessary delay
Highest Locker Protocol (HLP)
} A semaphore is given an active priority" when it is
created; the programmer should choose the highest
priority of any thread that may attempt to lock the
semaphore .
} As soon as a thread enters synchronized code, its
(active) priority is raised to the semaphores priority.
} If, through programming error, a thread has a higher base
priority than the ceiling of the semaphore it is attempting
to enter, then an exception is thrown.
Highest Locker Protocol (HLP)
} On leaving the semaphore, the thread has its active
priority reset. In simple cases it will set to the
thread's previous active priority, but under some
circumstances (e.g. a dynamic change to the thread's
base priority while it was in the semaphore) a
different value is possible
} Benefit: A high priority job will not be affected by
those critical sections shared only by low priority
jobs.
Priority Inheritance Protocol (PIP)
} Wait for any resource that has a higher priority ceiling than
you
PCP Properties
} Lemma 7.6 If a job Jk is preempted within a critical section Za by a
job Ji that enters a critical section Zb, then, under the Priority Ceiling
Protocol, Jk cannot inherit a priority higher than or equal to that of
job Ji until Ji completes.
} The maximum blocking time Bi of job Ji can be computed as
the duration of the longest critical section among those
belonging to tasks with priority lower than Pi and guarded by a
semaphore with ceiling higher than or equal to Pi .
} If Dj,k denotes the duration of the longest critical section of
task Ti among those guarded by semaphore Sk,
PCP Schedulability
} Using the same example as PIP,
PIP vs PCP
} Priority Ceiling Protocol is more restricted than Priority
Inheritance Protocol
} To lock a resource:
} In PIP Check if a resource is locked
} In PCP Check if job priority is higher than the current
system resource priority to lock a resource.
PIP vs PCP Blocking Time
} PIP blocking time is 1 per resource or job if you do not
allow nesting.
} Nested: If you want a resource (A) with someone who has it
locked, and they lock (B) as well, need to consider everyone
who can lock (B)
} PCP blocking time is 1 (the longest critical section).
PCP Advantages
} PCP is good for static applications where you know
what the system may do.
} But some systems are open on resource accesses.
} If you cannot predict the behavior, you cannot control the
worst case timing.
} Enqueue and Dequeue are log n, everything else n.
(Not so bad)
} PCP does prevent deadlock.
Stack Resource Policy (SRP)
} The Stack Resource Policy (SRP) is a technique proposed by
Baker [Bak91] for accessing shared resources.
} It extends the Priority Ceiling Protocol (PCP) in three
essential points:
1. It allows the use of multi-unit resources.
2. It supports dynamic priority scheduling.
3. It allows the sharing of runtime stack-based resources.
} Different from PCP, but produces the same final schedule.
Stack Resource Policy
} From a scheduling point of view, the essential difference
between the PCP and the SRP is on the time at which a task is
blocked.
} Under the PCP a task is blocked at the time it makes its first
resource request, under SRP a task is blocked at the time it
attempts to preempt. I.e. When a job is ready to start
execution, check before you start.
} This early blocking slightly reduces concurrency but saves
unnecessary context switches, simplifies the implementation of
the protocol, and allows the sharing of runtime stack
resources.
Preemption Level
} Besides a priority Pi, a task Ti is also characterized by a
preemption level i. The preemption level is a static parameter,
assigned to a task at its creation time and associated with all
instances of that task.
} The essential property of preemption levels is that a job Ja can
preempt another job Jb only if a > b.
} If Ja arrives after Jb and Ja has higher priority than Jb, then Ja
must have a higher preemption level than Jb.
} Under EDF scheduling, the condition is satisfied if preemption
levels are ordered inversely with respect to the order of
relative deadlines.
Preemption Level
Resource Ceiling
} The current ceiling of R is defined to be