multicore for safety critical embedded systems challenges
play

Multicore for safety-critical embedded systems: challenges and - PowerPoint PPT Presentation

Multicore for safety-critical embedded systems: challenges and opportunities Giuseppe Lipari CRIStAL Universit de Lille Centre de Recherche en Informatique, Signal et Automatique de Lille June 23, 2016 Giuseppe Lipari (CRIStAL)


  1. WCET estimation Execution time of a task varies with The input The state of the system The processor architecture Interference from other threads How to compute By timing analysis (by using appropriate tools) we can obtain a (safe) upper bound, but sometimes too pessimistic By testing we can only obtain an unsafe lower bound Problem A wrong estimate may lead to a wrong Courtesy of Peter Puschner analysis Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 13 / 46

  2. Execution time variability: example Tasks can have variable execution times between different jobs while (cond) { if (a > 10) { // long computation } else { // short computation } a = getInput(); } We have two sources of variability: the value of variable a influences which computation is performed (long or short); the value of cond influences the number of times the loop body is executed. Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 14 / 46

  3. Impact of processor architecture With recent processor architectures, the difference between BCET and WCET became larger and larger Figure : Courtesy of AbsInt Impact of cache and shared resources Situation even worse on multi-core systems Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 15 / 46

  4. Impact of interference WCET Analysis it is difficult to estimate a tight upper bound of WCET when the task executes in isolation Preemption: preempting tasks could evict cache lines next time the task executes the data is not in the cache anymore while (i < 10) { data = getInput(); // ... // possible preemption function(data); // is data in cache ? } Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 16 / 46

  5. Impact of interference WCET Analysis it is difficult to estimate a tight upper bound of WCET when the task executes in isolation Preemption: preempting tasks could evict cache lines next time the task executes the data is not in the cache anymore while (i < 10) { data = getInput(); // ... // possible preemption function(data); // is data in cache ? } Some (partial) solution is available avoid (or limit) preemption → additional blocking time for higher priority tasks lock cache to some task try to minimise cache conflicts by properly placing tasks in memory Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 16 / 46

  6. Outline Introduction to RT Systemes 1 Resource Reservations 2 Hierarchical scheduling 3 Multiprocessor sharing of resources 4 Conclusions 5 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 17 / 46

  7. Resource Reservation Assign each task to a server a watchdog that monitors execution and enforces an execution budget A server S = ( Q , P ) Q : maximum execution budget P : minimim serving period U = Q / P : reserved bandwidth Different algorithms in the literature FP: Polling Server, Deferrable Server, Sporadic Server EDF: Dynamic Sporadic Server, Constant Bandwidth Server Implementations Sporadic Server is a POSIX standard (optional) CBS implemented in Linux (since 3.14), (available as SCHED_DEADLINE ) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 18 / 46

  8. Example Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) U = 0 , 983 < 1 ⇒ schedulable τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 19 / 46

  9. Misbehaving task Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) What happens if τ 1 executes for 2 for the first 3 instances ? τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 miss their deadlines They could be critical tasks, we need to protect them Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 20 / 46

  10. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  11. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  12. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  13. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  14. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  15. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  16. Example with CBS Consider τ 1 = ( 1 , 4 ) , τ 2 = ( 2 , 5 ) , τ 3 = ( 2 , 6 ) Assign τ 1 a server S 1 = ( 1 , 4 ) τ 1 τ 2 τ 3 0 2 4 6 8 10 12 14 16 18 20 τ 2 and τ 3 are not influenced Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 21 / 46

  17. CBS algorithm properties CBS takes care of other possible cases jobs arriving earlier (or later) than expected jobs executing more or less than expected server period can be different from task period Properties: Temporal isolation: no server misses its "scheduling deadlines" all server jobs execute the maximum budget before their scheduling deadlines Hard Schedulablity: if a task is assigned Q i ≥ C i and P i ≤ T i , then it will never miss its deadlines Thanks to this properties we can easily mix hard and soft real-time tasks simply by assigning the correct parameters (budget/periods) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 22 / 46

  18. CBS algorithm Two dynamic variables q : remaining budget (init to Q , decreases while executing) d : scheduling deadline Q = 4 , P = 12 P + t = d Active , Q = τ 1 q P / Q ) 0 2 4 6 8 10 12 14 16 t Idle Idle if q < ( d − t ) Q / P − d ( ≥ q when q = ( d − t ) Q / P i f Ahead Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 23 / 46

  19. CBS algorithm Two dynamic variables q : remaining budget (init to Q , decreases while executing) d : scheduling deadline Q = 4 , P = 12 P P + + t t = = d d Active Active , , Q Q = = τ 1 q q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 23 / 46

  20. CBS algorithm Two dynamic variables q : remaining budget (init to Q , decreases while executing) d : scheduling deadline Q = 4 , P = 12 P + t = d Active Active , Q = τ 1 q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead t = 4: q ← 2 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 23 / 46

  21. CBS algorithm Two dynamic variables q : remaining budget (init to Q , decreases while executing) d : scheduling deadline Q = 4 , P = 12 q = Q , d = t + P Active τ 1 P / Q ) 0 2 4 6 8 10 12 14 16 t Idle if q < ( d − t ) Q / P if q < ( d − t ) Q / P − d ( ≥ when q = ( d − t ) Q / P q i f t = 0: q ← 4, d ← 12 Ahead Ahead t = 4: q ← 2 t = 7: q ← 1 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 23 / 46

  22. CBS algorithm Two dynamic variables q : remaining budget (init to Q , decreases while executing) d : scheduling deadline Q = 4 , P = 12 P + t = d Active , Q = τ 1 q P / Q ) 0 2 4 6 8 10 12 14 16 t Idle Idle if q < ( d − t ) Q / P − d ( ≥ q when q = ( d − t ) Q / P when q = ( d − t ) Q / P i f t = 0: q ← 4, d ← 12 Ahead t = 4: q ← 2 t = 7: q ← 1 t = 9: zero lag time Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 23 / 46

  23. CBS algorithm: early arrival Q = 4 , P = 12 P + t = d Active , Q = τ 1 q P / Q ) 0 2 4 6 8 10 12 14 16 t Idle Idle if q < ( d − t ) Q / P − d ( ≥ q when q = ( d − t ) Q / P f i Ahead Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  24. CBS algorithm: early arrival Q = 4 , P = 12 P P + + t t = = d d Active Active , Q , Q = = τ 1 q q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  25. CBS algorithm: early arrival Q = 4 , P = 12 P + t = d Active Active , Q = τ 1 q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead t = 2: q ← 2 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  26. CBS algorithm: early arrival Q = 4 , P = 12 q = Q , d = t + P Active τ 1 P / Q ) 0 2 4 6 8 10 12 14 16 t Idle if q < ( d − t ) Q / P if q < ( d − t ) Q / P − d ( ≥ q when q = ( d − t ) Q / P f i t = 0: q ← 4, d ← 12 Ahead Ahead t = 2: q ← 2 t = 5: q ← 1 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  27. CBS algorithm: early arrival Q = 4 , P = 12 P + t = d Active Active , Q = τ 1 q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead t = 2: q ← 2 t = 5: q ← 1 t = 8 < 9: reuse the same q = 1 and d = 12 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  28. CBS algorithm: early arrival Q = 4 , P = 12 P + t = d Active Active , Q = τ 1 q if q ≥ ( d − t ) Q / P 0 2 4 6 8 10 12 14 16 Idle if q < ( d − t ) Q / P when q = ( d − t ) Q / P t = 0: q ← 4, d ← 12 Ahead t = 2: q ← 2 t = 5: q ← 1 t = 8 < 9: reuse the same q = 1 and d = 12 t = 9: q = 0, so q ← 4 and d ← 24 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 24 / 46

  29. Analysis Setting the budget the Hard Schedulability Property tells us that, to meet all deadlines, Q i ≥ C i and P i ≤ T i If we allow some deadline to be missed, we can set the budget between the average value and the worst case value of the execution time We need some sort of probabilistic characterization of the execution time Probability of deadline miss For a periodic task, given the stochastic process of the execution time, the probability of missing a deadline can be computed under different conditions Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 25 / 46

  30. Probability of finishing time When the budget is exhausted, the CBS will postpone the deadline by P i If the exceeding job is allowed to continue its execution, it will consume budget of future instances Future instance may also miss their deadlines Markov chain model [Abeni and Buttazzo, 1999] if the execution time is a IID stochastic variable, we can build a Markov Chain to compute the probability of finishing within P i , 2 P i , . . . , kP i , . . . Refinement [Palopoli, Fontanelli, Abeni, Villalba Frias, 2015] Efficient numerical methods Closed form solution Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 26 / 46

  31. Stopping and skipping If the budget is exhausted we can Continue executing all jobs 1 Kill the executing job 2 Skip the next job 3 Solution 2. is more difficult to implement must leave data structures in a consistent state must unlock semaphores before exiting may need to roll-back some operation (time consuming) Solution 3. is not always desirable the data is produced late and may not be useful Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 27 / 46

  32. Skipping next job Here is a periodic POSIX thread in Linux, implementing solution 3. void *thread_code( void *arg) { struct per_data *ps = ( struct per_data *) arg; struct timespec next, now; clock_gettime(CLOCK_REALTIME, &next); while (1) { // Wait until next period timespec_add_us(&next, ps->period_us); clock_nanosleep(CLOCK_REALTIME, TIMER_ABSTIME, &next, NULL); // Job execution // Check deadline miss clock_gettime(CLOCK_REALTIME, &now); while (timespec_cmp(&now, &next) > 0) { // Skip jobs timespec_add_us(&next, ps->dline_us); } } return NULL; } Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 28 / 46

  33. Outline Introduction to RT Systemes 1 Resource Reservations 2 Hierarchical scheduling 3 Multiprocessor sharing of resources 4 Conclusions 5 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 29 / 46

  34. Hierarchical systems Similar techniques are used for timing partition of applications (group of tasks) Application A1 Application A2 Application A3 T7 T1 T3 T5 T2 T4 T6 Local Local Local Scheduler Scheduler Scheduler EDF RM POSIX Server S3 Server S1 Server S2 Global Scheduler Used mainly in IMA (Integrated Modular Avionics – ARINC 653) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 30 / 46

  35. Hierarchical scheduling Two levels of scheduling A global scheduler selects the components to execute, regardless of their internal structure When a component is selected by the global scheduler, a local scheduler decides which of the tasks is executing Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 31 / 46

  36. Hierarchical scheduling Two levels of scheduling A global scheduler selects the components to execute, regardless of their internal structure When a component is selected by the global scheduler, a local scheduler decides which of the tasks is executing Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 31 / 46

  37. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  38. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  39. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  40. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  41. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  42. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  43. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  44. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  45. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  46. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  47. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  48. Hierarchical scheduling - example A(2,4) B(3,6) τ A 1 ( 2 , 8 ) τ A 2 ( 2 , 12 ) τ B 1 ( 2 , 9 ) τ B 2 ( 3 , 16 ) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 32 / 46

  49. Outline Introduction to RT Systemes 1 Resource Reservations 2 Hierarchical scheduling 3 Multiprocessor sharing of resources 4 Conclusions 5 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 33 / 46

  50. Shared data Until now, we have considered only independent tasks a task never blocks or suspends it can only be suspended when it finishes its istance (job) However, in reality, many tasks exchange data through shared memory Example Consider as an example three periodic tasks that exchange data Conflicts on concurrent access could make the data structures inconsistent. Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 34 / 46

  51. Shared resources and critical sections The shared data structure is called resource; A piece of code accessing the data structure is called critical section; Two or more critical sections on the same resource must be executed in mutual exclusion Therefore, each data structure should be protected by a mutual exclusion mechanism; here we will study what happens when resources are protected by mutual exclusion semaphores. The resource and the corresponding mutex semaphore will be denoted by symbol S j Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 35 / 46

  52. Priority inversion A blocking condition happens when a high priority tasks wants to access a resource that is held by a lower priority task. Consider the following example, where p 1 > p 2 . L(S) U(S) τ 1 S L(S) U(S) τ 2 S S 0 2 4 6 8 10 12 14 16 18 20 22 24 From time 4 to 7, task τ 1 is blocked by a lower priority task τ 2 ; this is a priority inversion . Priority inversion is not avoidable; in fact, τ 1 must wait for τ 2 to leave the critical section. However, in some cases, the priority inversion could be too large. Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 36 / 46

  53. The middle priority task Consider the following example, with p 1 > p 2 > p 3 τ 1 L(S) U(S) S τ 2 τ 3 L(S) U(S) S S S 0 2 4 6 8 10 12 14 16 18 20 22 24 The middle priority task delays the high priority task too much! Well-known problem since the ’90s (Mars Pathfinder problem) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 37 / 46

  54. Priority Inheritance Protocol First solution: While the low priority task blocks an higher priority task, it inherits the priority of the higher priority task; L(S) U(S) τ 1 S τ 2 L(S) U(S) τ 3 S S S 0 2 4 6 8 10 12 14 16 18 20 22 24 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 38 / 46

  55. Resource reservation and semaphores Two problems arise when using CBS with priority inheritance What to do if the budget is exhausted within a critical section? What happens to the budget of a blocked task? Blocking inside a critical section τ 1 τ 2 L(S) S 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 39 / 46

  56. Resource reservation and semaphores Two problems arise when using CBS with priority inheritance What to do if the budget is exhausted within a critical section? What happens to the budget of a blocked task? Blocking inside a critical section τ 1 q = 0 τ 2 L(S) S 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 39 / 46

  57. Resource reservation and semaphores Two problems arise when using CBS with priority inheritance What to do if the budget is exhausted within a critical section? What happens to the budget of a blocked task? Blocking inside a critical section τ 1 L(S) τ 2 L(S) S 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 39 / 46

  58. Resource reservation and semaphores Two problems arise when using CBS with priority inheritance What to do if the budget is exhausted within a critical section? What happens to the budget of a blocked task? Blocking inside a critical section τ 1 L(S) τ 2 L(S) S 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 39 / 46

  59. Resource reservation and semaphores Two problems arise when using CBS with priority inheritance What to do if the budget is exhausted within a critical section? What happens to the budget of a blocked task? Blocking inside a critical section τ 1 L(S) U(S) S τ 2 L(S) U(S) S S 0 2 4 6 8 10 12 14 16 18 20 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 39 / 46

  60. Solutions 1 Check budget before entering the critical section, check if there is enough budget to complete Needs to know the length of the critical sections to work Used by Algorithm BROE [Bertogna et Baruah] 2 Overrun budget if the budget is exhausted while in a critical section, the job is allowed to continue need to know the length of the critical sections for the analysis and admission control Used by Algorithm SIRAP [Benham et al.] 3 Inherit budget/deadline When a task blocks another task, it inherits its budget/deadline pair needs to know the length of the critical sections for the analysis (but not for admission control) Used by Algorithm BWI [Lipari et al.] Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 40 / 46

  61. Bandwidth Inheritance In the previous case: τ 1 L(S) τ 2 S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  62. Bandwidth Inheritance In the previous case: τ 1 q = 0 L(S) τ 2 S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  63. Bandwidth Inheritance In the previous case: L(S) τ 1 L(S) τ 2 S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  64. Bandwidth Inheritance In the previous case: L(S) τ 1 inheritance L(S) τ 2 S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  65. Bandwidth Inheritance In the previous case: L(S) τ 1 inheritance L(S) U(S) τ 2 S S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  66. Bandwidth Inheritance In the previous case: L(S) U(S) τ 1 S L(S) U(S) τ 2 S S 0 2 4 6 8 10 12 14 16 Task τ 2 inherits the deadline and the budget (so the server ) of task τ 1 Therefore, it consumes the budget of the other server (rather than its own) Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 41 / 46

  67. Multiprocessor extension On single-processors, when a task blocks, the lock-owner is not running On multi-processors, when a task blocks the lock-owner may be running on another core. In this case, the blocking task starts to spin , i.e. it actively waits for the lock-owner to release the resource the lock-owner may be suspended on a different core. In this case, a migration occurs, and the lock owner executes in the server (and hence in the core) of the blocked task We only consider FIFO blocking queues Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 42 / 46

  68. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A S B S C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  69. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A S B B S C C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  70. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A S B BB L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  71. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A A S B BBB L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  72. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A A L( R 1 ) S B BBB L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  73. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . S A A A L( R 1 ) S B BBB C 1 L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  74. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . L( R 1 ) S A A A L( R 1 ) S B BBB C 1 L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  75. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . L( R 1 ) S A A A L( R 1 ) U( R 1 ) S B BBB C 1 C 1 L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  76. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . L( R 1 ) S A A A L( R 1 ) U( R 1 ) U( R 1 ) S B BBB C 1 C 1 B 1 L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

  77. Example 3 tasks, τ A , τ B , τ C , executed on 2 processors, that access only Semaphore R 1 . L( R 1 ) U( R 1 ) S A A A A 1 L( R 1 ) U( R 1 ) U( R 1 ) S B BBB C 1 C 1 B 1 B L( R 1 ) S C C 1 C C 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Giuseppe Lipari (CRIStAL) Multicore for safety-critical embedded systems: challenges and opportunities June 23, 2016 43 / 46

Recommend


More recommend