cs5270 lecture 31 uppaal, and scheduling, and resource access protocols cs 5270 lecture 3

CS5270 Lecture 3 1

Uppaal, andScheduling,

and Resource Access Protocols

CS 5270 Lecture 3

CS5270 Lecture 3 2

Assignment 1…

• Eight questions

• Some reading may be required…

• Hand in Feb 16

CS5270 Lecture 3 3

Last week…

• Some system examples

• Time triggered architectures

• Requirements for hard RT systems– Functional– Temporal– Dependability/safety

• Clocks

• The design challenge…(not done…)

CS5270 Lecture 3 4

This week…

• The design challenge.

• Uppaal

• Scheduling overview

• Scheduling algorithms– RMS – Rate Monotonic Scheduling– EDF – Earliest Deadline First

• Resource Access overview (if time)

CS5270 Lecture 3 5

Uppaal: Website…

CS5270 Lecture 3 6

Uppaal: License…

CS5270 Lecture 3 7

Uppaal: Download…

CS5270 Lecture 3 8

Uppaal: Download…

CS5270 Lecture 3 9

Uppaal: Instructions…

CS5270 Lecture 3 10

Uppaal: Extract/unzip…

CS5270 Lecture 3 11

Uppaal: Click on Jar file…

CS5270 Lecture 3 12

Uppaal: The application…

CS5270 Lecture 3 13

Uppaal: Help…

CS5270 Lecture 3 14

Uppaal: Load up demo…

CS5270 Lecture 3 15

Uppaal: Look at TTS…

CS5270 Lecture 3 16

Uppaal: Simulation…

CS5270 Lecture 3 17


CS5270 Lecture 3 18


CS5270 Lecture 3 19

Uppaal: Verification…

CS5270 Lecture 3 20

Scheduling

CS5270 Lecture 3 21

Non-preemptive scheduling

CS5270 Lecture 3 22

Preemptive scheduling

CS5270 Lecture 3 23

Scheduling terms

• Feasible – a schedule is termed feasible if all tasks can be completed within the constraints specified

• Schedulable – a task set is schedulable if a particular scheduling algorithm produces a feasible schedule

CS5270 Lecture 3 24

Constraints for scheduling

• Timing (deadlines for tasks)• Precedence (which task comes first)• Resource (shared access)• Hard and Soft constraints

CS5270 Lecture 3 25

Deadlines

Each task runs for time Cj, and must complete before a deadline

CS5270 Lecture 3 26

Periodic tasks

CS5270 Lecture 3 27

Precedence between tasks

CS5270 Lecture 3 28

Resource Access Protocols

• Multiple tasks.

• Uniprocessor

• Shared resources.– Need proper protocols for accessing shared

resources.– Resource access protocols.

• Avoid priority inversion!

CS5270 Lecture 3 29

Resource constraints

• Critical resource constraints• Mutual exclusion• Critical sections

CS5270 Lecture 3 30

Critical sections

CS5270 Lecture 3 31

Critical Section

• Critical section:– A piece of code belonging to task executed

under mutual exclusion constraints.

• Mutual exclusion enforced by semaphores.– wait(s)

Blocked if s = 0.

– signal(s) s is set to 1 when signal(s) executes.

CS5270 Lecture 3 32

Structure of Critical Sections.

CS5270 Lecture 3 33

Wait State

• A task waiting for an exclusive resource is blocked on that resource.

• Tasks blocked on the same resource are kept in a wait queue associated with the semaphore protecting the resource.

• A task in the running state executing wait(s) on a locked semaphore (s = 0) enters the waiting state.

• When a task currently using the resource executes signal(s), the semaphore is released.

• When a task leaves its waiting state (because the semaphore has been released) it goes into the ready state:

CS5270 Lecture 3 34

Task access to resources

35

Blocking via Exclusive Resource

J1 has higher priority than J2.

Preemption is in play.

Only one processor available.

CS5270 Lecture 3 36

Scheduling algorithms - RMS

CS5270 Lecture 3 37

A Classic Policy

• Rate Monotonic Scheduling.– Task set : {J1, J2, …, Jn}

– Each task is periodic. T1, T2,.., Tn

– i = 0 for each i.

– Di = Ti for each i.

– Each task runs for time Ci

– Pre-emption allowed, only one processor, no precedence constraints, no shared resources.

CS5270 Lecture 3 38

RMS

• The RMS algorithm:– Assign a static priority to the tasks according

to their periods. Priority of a task does not change during

execution.

– Tasks with shorter periods have higher priorities.

– Preemption policy: If Ti is executing and Tj arrives which has higher

priority (shorter period), then preempt Ti and start executing Tj.

CS5270 Lecture 3 39

RMS Example

(3, 2)

(5, 1)

Period Duration

Ti Ci

CS5270 Lecture 3 40

RMS Example

(3, 1)

(5, 2)

CS5270 Lecture 3 41

RMS Results

• RMS is optimal.– If a set of of periodic tasks (satisfying the

assumptions set out previously) is not schedulable under RMS then no static priority algorithm can schedule this set of tasks.

• RMS requires very little run time processing.

CS5270 Lecture 3 42

Schedulability

CS5270 Lecture 3 43

Process Utilization Factor

• Task set = {T1, T2, …, Tn}

• Process Utilization Factor– Ci / Ti

– C1 / T1 + C2 / T2 + … Cn / Tn

• If this factor is GREATER than 1 then the task set can not be scheduled.– Why?

• If UF ≤ 1 it may be RMS-schedulable.

CS5270 Lecture 3 44

RMS Schedulability

• Task set = {T1, T2, …, Tn}

• If UF Ulub then it is guaranteed to be schedulable.

• Ulub - The least upper bound of processor

utility.

• For RMS, Ulub = n( 21/n – 1)

CS5270 Lecture 3 45

Process Utilization Factor

• Task set = {T1, T2, …, Tn}

• If UF Ulub then it is guaranteed to be schedulable.

• But if UF is greater than Ulub and not greater than 1, we must check explicitly whether the task set is RMS-schedulable.

46

RMS Schedulability

n Ulub

1

1.000

2 0.828

3 0.780

4 0.757

5 0.743

6 0.735

7 0.729

0.690

This is only a sufficient criterion!

This criterion may fail and yet an RMS may exist.

CS5270 Lecture 3 47

RMS Example (Guaranteed)

(3, 1)

(5, 2)

UF = 0.33 + 0.40 = 0.73

Ulub = 0. 828(UF≤Ulub)

CS5270 Lecture 3 48

RMS Example (still schedulable)

(3, 2)

(5, 1)

UF = 0.66 + 0.20 = 0.86

Ulub = 0. 828(UF>Ulub)

CS5270 Lecture 3 49

Scheduling algorithms - EDF

CS5270 Lecture 3 50

EDF

• Earliest Deadline First.– Tasks with earlier deadlines will have higher

priorities.– Applies to both periodic and aperiodic tasks.– EDF is optimal for dynamic priority algorithms.– A set of periodic tasks is schedulable with

EDF iff the utilization factor is not greater

than 1.

CS5270 Lecture 3 51

An Example

• {T1, T2}

• T1 = ( 5, 2)

• T2 = (7, 4)

• UF = 0.4 + 0.57 = 0.97

CS5270 Lecture 3 52

An RMS Schedule?

Time-Overflow

CS5270 Lecture 3 53

The Example

• UF = 0.4 + 0.57 = 0.97

• Guaranteed to be schedulable under EDF!

CS5270 Lecture 3 54

An EDF Schedule

CS5270 Lecture 3 55

Priority inversion

CS5270 Lecture 3 56

Priority Inversion.

0 1 2 3 4 5 6 7

J1 > J2 > J3

[3, 6] priority inversion period. J1 waits for the execution of J2 and the critical section of J3

J1

J2

J3

CS5270 Lecture 3 57

Priority Inversion

• The Mars pathfinder Mission in 1997 ran into serious problem.

• The spacecraft began experiencing total system resets with loss of data each time.

• It turned out to be due to priority inversion.

• See the web page and the links there in the IVLE area!

CS5270 Lecture 3 58

Avoiding Priority inversion

• Disallow preemption during the execution of a critical section.– Works only if critical sections are short.– Might unneccesarily block higher priority

processes that do not even use any shared resources!

• Resource access protocols:– Priority inheritance protocol.– Priority ceiling protocol.

CS5270 Lecture 3 59

Resource access - PIP

CS5270 Lecture 3 60

Priority Inheritance Protocol

• Tasks have nominal and active priorities.– Nominal priority:

assigned by the scheduling algorithm (RMS, EDF,..)

– Active priority assigned by the protocol –dynamically- to avoid

priority inversion.

CS5270 Lecture 3 61


• Basic idea :– When Ji blocks higher-priority tasks, then its

active priority is set to the highest of the priorities of the tasks it blocks.

– Ji inherits -temporarily – the highest priority of the blocked tasks.

– This prevents medium priority tasks from preempting Ji and prolonging the blocking duration of the higher priority tasks.

CS5270 Lecture 3 62


The Protocol:• Jobs are scheduled based on their active

priorities.• If Ji tries to enter a critical section and the

corresponding resource is being held by Jj then Ji is blocked; it is said to be blocked by J j.

• When a job is blocked on a semaphore, it transmits its active priority to the job that holds the semaphore; in general, a task inherits the highest priority of the jobs blocked by it.

CS5270 Lecture 3 63


The Protocol:• When Jk exits a critical section, it unlocks

the semaphore; the job with the highest priority that is blocked on the semaphore, if any, is awakened. The priority of Jk is set to the highest priority of the job it is currently blocking. If none, its priority is set to its nominal one.

CS5270 Lecture 3 64

Example

CS5270 Lecture 3 65

Nested Critical Sections

CS5270 Lecture 3 66


• Good news:– If there are m distinct semaphores that can

block a job J then J can be blocked for at most the duration of at most one critical section, one for each of the semaphores.

– It can never be as long as the WCET of a lower priority task.

CS5270 Lecture 3 67


• Bad news:

• Chained Blocking:– J can get blocked on n critical sections held

by n distinct lower priority jobs.

• Deadlocks.

CS5270 Lecture 3 68

Resource access - PCP

CS5270 Lecture 3 69

Chained Blocking

CS5270 Lecture 3 70

Deadlock

CS5270 Lecture 3 71

Priority Ceiling Protocol

• Extension of the Priority Inheritance Protocol.• Avoids chained blocking and deadlocks.• Basic Idea:

– A task is not allowed to enter a critical section if there are already locked semaphores which could block it eventually (due to a sub-critical section nested within the entering critical section).

– Hence, once a task enters a critical section, it can not be blocked by lower priority tasks till its completion.

CS5270 Lecture 3 72


• The Protocol:• Each semaphore S is assigned a priority ceiling C(S). It

is the priority of the highest priority task that can lock S. This is a static value.

• Suppose J is currently running and it wants to lock the semaphore S. J is allowed to lock S only if the priority of J is strictly higher than the priority ceiling C(S’) of the semaphore S’ where:– S’ is the semaphore with the highest priority ceiling among all

the semaphores which are currently locked by jobs other than J.

– In this case, J is said to blocked by the semaphore S’ (and the job currently holding S’).

CS5270 Lecture 3 73


The Protocol:• When J gets blocked by S’ then the priority of J

is transmitted to the job that currently holds S’.• When J’ leaves a critical section guarded by S’

then it unlocks S’ and the highest priority job, if any, which is blocked by S’ is awakened.

• The priority of J’ is set to the highest priority of the job that is blocked by some semaphore that J’ is still holding. If none, the priority of J’ is set to be its nominal one.

CS5270 Lecture 3 74

Example

CS5270 Lecture 3 75

C (S0) = P0 C(S1) = P0 C(S2) = P1

Example

CS5270 Lecture 3 76

C (S0) = ? C(S1) = ? C(S2) = ?

Example

CS5270 Lecture 3 77

Example @ t2

t2 : J1 can not lock S2. Currently J2 is holding S2 and C(S2) = P1 and the current priority of J1 is also P1.

CS5270 Lecture 3 78

Example @ t5

t5 : J0 can not lock S0. Currently J2 is holding S2 and S1 and C(S1) = P0 and the current priority of J0 is also P0. The (inherited) priority of J2 is now P0.

CS5270 Lecture 3 79

Example @ t6

t6 : J2 unlocks S1. It awakens J0. But J2’s (inherited) priority is now only P1 while P0 > C(S2) = P1. So J0 preempts J2 and runs to completion.

CS5270 Lecture 3 80

Example @ t7

t7 : J2 resumes execution with priority P1.

CS5270 Lecture 3 81

Example @ t8

t8 : J2 unlocks S2 and goes back to its nominal priority P2. So J1 preempts J0 and runs to completion.

CS5270 Lecture 3 82

Two Key Properties

• Under priority ceiling protocol, a job can be blocked for at most the duration of one critical section.

• The priority ceiling protocol prevents deadlocks.

cs5270 lecture 31 uppaal, and scheduling, and resource access protocols cs 5270 lecture 3

Documents