Lecture Notes for 10/24/01
Embedded Software Architecture
1. Let T be a set of run-to-completion tasks {T1,…,Tn}
2. Let C be a set of conditions {C1,…,Cn}
3. Ti is runnable if Ci is true.
4. Execution of Ti makes Ci false (at the beginning of execution).
5. Worst Case Latency, Li, is the longest time from assertion of Ci to initiation of Ti.
6. Ri is the worst case run time of Ti assuming no interruptions.
6. The deadline, Di, is the longest allowable time from assertion of Ci to completion of Ti completes (for each instance of Ci becoming true).
7. A Scheduler determines which runnable task gets to run and for how long. The objective of a real time scheduler is to ensure that all deadlines are satisfied.
8. A system is “schedulable” if the chosen scheduling algorithm guarantees that all of the deadlines are always satisfied.
Round Robin Scheduling
while (1) {
if (C1) T1();
if (C2) T2();
…
if (Cn) Tn();
}
in this case:
Li = Sj¹i (Rj) at worst, Ti must wait for all other tasks to run at most once.
The deadlines are satisfied if
"i Di ³ Li + Ri = SiRi
Note :
"ij min Di = min Dj !!
One long running task can prevent all others from meeting their deadlines.
assuming that "j¹i,
Cj = false, and that no other tasks are running:
Li µ
n which is not very good if a very high
speed response is needed.
Alternative Extreme: Purely Interrupt Driven. This is equivalent to a priority based scheduling algorithm with no task preemption (no task can interrupt a running task). This scheduling algorithm is consistent with how most microprocessors handle multiple interrupt sources. After execution of an interrupt routine all the highest priority pending interrupt is handled first. It is not first come first serve.
Let Ti have a higher priority than Tj if i>j.
In general, if we know nothing about the frequency of interrupts at each priority level, we have to conclude that:
Li
= ¥
for all but Tn.
and Ln = max(Rj).
A frequent high priority task can starve all other lower priority tasks.
Since this is not a useful system, lets make the following assumption:
"i, 1/Fi > SjRj where fi is the frequency at which Ti becomes runnable. If the period of interrupts for any task is greater than the sum of the run times for all tasks, then we can find an upper bound on latency for each task. This constraint prevents starvation but does not guarantee satisfaction of deadlines.
Given this assumption, here is the schedulability analysis for this scenario:
Li = Rmax +Sj>i Rj this means that Ti only has to wait for the longest task of any priority plus each of the higher priority tasks to execute at most once before it gets a chance to execute. This is a slight improvement over the round robin algorithm.
Since Ti cannot be interrupted, the deadline constraint is:
"i, Di ³ Li + Ri same as in the round robin case since neither allows preemption, so
"i, Di ³ Rmax +Sj³i Rj
We still have not solved the problem of one bad (even low
priority) apple preventing all others from meeting their deadlines. This is why
even low priority interrupts must be short!
We now consider a hybrid architecture. Divide each task Ti into top and bottom halves.
Let a top half task be Ti an a bottom half task
be ti. Also, let the condition for Ti be Ci
and the condition for ti be ci, and so on.
The top half tasks are the critical time sensitive tasks. We will use
non-preemptive priority scheduling for these tasks. The lower priority bottom
halves will use preemptive round robin scheduling. Any bottom half can be
preempted (interrupted) by any top half.
The code for a top half looks like this:
void Ti() {
Ci = false;
<execute task>
if (necessary)
ci = true;
}
The schedulability analysis for the top half is the same as for the pure priority scheduling algorithm presented above because the existence of the bottom half routines has no effect on the schedulability of the top half routines, so
Li = Rmax + Sj>i Rj
"i,
Di ³
Rmax +Sj³i Rj
Homework 5 solution:
In the original HW5, ci was asserted every time Ti was executed. In the worst case, all Ti are running at their maximum frequency (minimum period). The problem is easy to solve if we make the assumption that "i, Pi ³ Si Ri+Si ri
Let P = Si Ri+Si ri
Assuming that ci is asserted at the end of Ti, the minimum guaranteed deadline for bottom half tasks is
di = P – (the best case time to completion for Ti)
The best case time to completion for Ti is when Li = 0, thus we get
di ³ (P – Ri) = (S j¹i Rj)+Si ri
Note that this is not a proof, just a conjecture.
It can be proved by induction:
Base Case: n = 1;
The min period of R1 is R1+r1, so t1 will get to complete once before c1 can be asserted twice.
Inductive Step:
Assuming true for n = i, prove that it is true for n = i+1.
Left as an exercise for the reader. The key is to use the inductive assumption to claim that, without task Ti+1, for any x, rx gets to complete before cx can be asserted twice. Then show that this condition holds when Ti+1 is added to back to the system.
More general case in which ci is not
asserted every time Ti is executed:
The latency for the bottom half follows round robin so we can start with:
"i di ³ li + ri = Si ri
Except that the bottom half tasks are interruptible by top half tasks. To account for this affect, we can divide the total time required to run the bottom half by the available computing resource. The available computing resource is 100% minus the utilization of the top half.
Here is the more complex schedulability analysis that arises if we drop the assumption that bottom half and top half tasks are run at the same frequency (it also drops the 1-1 mapping between top half and bottom half tasks):
Let U(x,y) be the utilization of the CPU by the top half over a period of time starting at time x and ending at time y.
Let ci becomes true at x and
Let y = ci+di.
Thus, the worst case time to complete a bottom half task is:
di ³ Si ri / 1-U(x,y)
where U(x,y) is the worst case utilization over the specified time period. In general, U(x,y) is only a probably distribution so we cannot provide a hard deadline. But, in the special case that (y-x) = n*LCM(Pi) = n*Pt, the wost case U(x,y) is always equal to the sum of the average worst case utilizations of all of the top half tasks (Ut). Since the average worst case utilization for each top half task is knowable, we can write:
M = Si ri
/ (1-Ut)
where M is the effective run time of the whole bottom
half under the assumption that U(x,y) == Ut
M’ = ciel(M/Pt). So the minimum deadline that guarantees Si ri units of work is
di ³ Pt * M’
By rounding up the number of Pt periods needed to complete the bottom half, we are making a pessimistic assumption about the utilization of the CPU during the fractional part of (y-x/Pt).
for example, if Si ri = 104, Pt = 10, Ut = .5 we get
104/.5 = 108
208/10 = 20.8
so we need ciel(20.8) = 21 Pt units to guarantee completion of the bottom half.
therefore our minimum guaranteed deadline is
10*21 = 210!
But, our average time to completion is guaranteed to be less than or equal to 204. We can call 204 our soft deadline. The actual distribution of U(x,y) will determine the probability that our soft deadline will be violated.
The key statement that is not proved here is that U(x,y) <= Ut when y-x = n*Pt. Does this relationship hold when the actual periods of the top halves vary such that there is no repeating pattern??
You should make sure that you understand the meaning of Ut --- the worst case average utilization of the top half tasks, and why this it is reasonable to know this number. Proof is left to the reader.