On Time

1
On Time
2
Time and Order

• Temporal Order
• The continuum of Real Time (directed timeline)
• Infinite set Tof instances
• An ordered set
• Temporal Order If p and q are two instances then
  either pq or pltq or qltp (mutually exclusive
  relations)
• T is a dense set exists(q) pltq and qltr iff
  p ltr
• A section on the time line is duration
• An event takes place at an instant and has no
  duration

3

• Instants are totally ordered
• Events are partially ordered - simultaneous
  events have no ordering
• Can events be made totally ordered?

4
Causal Order

• What is the cause of an event e?
• Temporal order is a necessity but not sufficient
  condition of causal order
• e1) Somebody enters the room e2) Telephone
  starts ringing
• Case1 e1 lt e2 Case2 e2lte1
• Case 1 no causal order Case 2 Possible causal
  order
• Useful for diagnostics e.g. nuclear plant
• definitely ordered later relation helps
  exclusion of events in search of primary event

5
Clocks

• Physical clock counter physical oscillation
  mechanism to update the counter
• Physical oscillation period gt microtick
• Duration between microticks gtgranularity of the
  clock
• Identified by natural numbers 1,2,..n
• microtick I of clock k denoted by microtickki

6
A Reference Clock

• Used for adherence to standard
• Assumed to be not varying and is at a constant
  frequency with respect to other distributed
  sites.
• Usually of high frequency - granularity denoted
  by z
• For a clock of 1015 microticks the granularity
  is 1 femto second
• Cannot measure events of smaller granularity

7
Drift of a clock

• The drift of a physical clock k between
  microticks i and i1 is the frequency ratio
  between k and the reference clock z, at the
  instant i.
• drift(k,i) z(m_tick(k, i1) -
  z(m_tick(k,i)/n(k)
• difference between the granularity (duration of a
  granule) of a clock with the reference clock z
  divided by the nominal number of m_ticks of the
  reference clock
• perfect clock drift1
• drift rate drift -1 (typical 10-2 to 10-7
  sec/sec)

8
Time of reference clock
Drift error
Perfect clock
Good clock zone
Error in clock value /counter
Time of local clock
9
Clock Properties

• Offset between two clocks at a given microtick
  is the time difference between the respective
  microticks, measured in terms of the microticks
  of the reference clock.
• Precision of a set of clocks (at a given
  microtick) is the maximum offset between any two
  clocks in the set - high precision is maintained
  by internal synchronization
• Accuracy of a clock is the maximum drift w.r.t.
  the reference clock - maintained through external
  synchronization

10
More on Time (Distributed Clocks)
11
Global Time

• Local clocks (with their own oscillator) may not
  be synchronized
• Assume local clock ck ticks with granularity gk
• Assume for all local clocks
• z(m_tickji m_tickki lt pi (precision of
  clock system)
• Select a subset of microticks of each local clock
  for local implementation of global notion of
  time (macrotick or tick of local time)

12
Example of Global Time

• Macrotick 10 microticks (say)

z
k
j
f
e
Event e (f) at microtick 10.7 (10.9) of z
At macrotick 1(2) of k and macrotick
1(1) of j
13
Reasonableness Condition of Global Time

• A global time t is said to be reasonable if all
  local implementations of the global time satisfy
  the condition g gt pi, where g is the granularity
  of the global time
• Ensures that the synchronization error is bounded
  to less than one macrogranule.
• Global timestamps for a single event can differ
  by one tick (the best we can achieve)
• If two events differ by one tick it is not
  possible to decide the temporal order (since g gt
  pi and pi accounts for the accumulation of synch.
  error and digitization error.
• If the events differ by two tics it is possible
  to establish the temporal order

14
Notion of Interval Measurement

• An interval is delimited by two events, may be
  measured by two different clocks.
• Considering the synchronization and digitization
  errors, the sum of these two errors will be less
  than 2g because of reasonableness condition
• True duration dtrue is bounded by
• (d obs 2g) lt d true lt (d obs 2g), where d
  obs is the observed difference between the ticks
  corresponding to the start event and terminating
  event of the interval

15
Temporal Relations
16
Time representation Requirements

• Should allow representation of time points
  (instantaneous events)
• Should be able to represent events with durations
  (time intervals)
• Allow representation of convex (contiguous) and
  non-convex (containing gaps) events
• Should be able to represent periodic and sporadic
  events
• Should allow reasoning about various temporal
  orderings
• Should allow reasoning at different granularities
• Should support relative as well as absolute
  quantification

17
Temporal Relations

• Two binary relations ta lt tß or its inverse tßltta
• OR ta tß
• A convex time interval ltt?,t?gt t t? lt t
  ltt?
• A duration of a convex time interval ltt?, t?gt is
  a measure ltt?, t?gt t? - t?
• A non-convex time interval is a subset of
  disjoint convex intervals

18
Convex Interval Relations

• Let A and B be two convex time intervals, such
  that ltt?A, t?Agt and ltt?B,t?Bgt
• Equal (AB)
• (t?At?B) ? (t?At?B)
• Precede (A lt B)
• t?A lt t?B
• Meet( A?B)or Met_by (B?A)
• t?A t?B

19

• Overlap(A?B)
• t?A lt t?Blt t?Altt?B
• Start (A?B)
• t?Bt?Alt t?Altt?B
• During (AltltB)
• t?B lt t?A lt t?A lt t?B
• End(A?B)
• t?Blt t?A lt t?B t?A

20
Duration of Actions

• Actual duration (Actual execution time)
  dact(a,x) Given an input data set x , the number
  of time units acc. to a ref. clock between the
  start of a and end of a.
• Minimal duration min (dact(a) quantified over
  all x
• Worst Case Execution Time (WCET) dwcet(a) is the
  max. time that an action a may take given the
  stated load, fault hypothesis, quantified over
  all possible input data
• Jitter dwcet(a) - dmin(a)

21

• Frequency of activation Maximum number of
  activations of a task (or action) per unit time.
  Every computational/ communication resource has a
  finite capacity. To meet temporal obligations,
  such frequency must be controlled.
• Deadline of a task (action) The time duration
  between the arrival of the stimuli requesting the
  action and the time of completion of the action.
• Task A sequential execution thread
• S-Task No synchronization point within the task
• cannot be blocked within the body of the task
• execution time can be determined in isolation
• Premption can occur

22

• C-Task contains blocking synchronization
  statements (such as wait) within the task body.
• WCET is therefore a global issue.

23
Temporal Obligations in a Client Server Model

• Three temporal parameters
• RESP The max. response time that is expected
  (and tolerated) by the client - mentioned in the
  specification
• WCET of the server - that is determined by the
  implementation of the server and the associated
  load
• MINT The min. time between two successive
  requests by the client.
• WCET is in SOC of Server
• MINT is in SOC of Client

24

• For hard real time systems WCET lt RESP must be
  guaranteed assuming the client respects MINT
• To have WCET ltlt RESP gt oversized server
• not a realistic assumption for embedded systems
• For WCETRESP careful analysis of temporal
  properties is required
• We depend on the clients not generating too
  frequent interrupts.(Not is SOC of server)

Network Interface
Controlled Object
Node
Network
Process Interface
25
Temporal control versus Logical control

• Rolling Mill example
• when (p1ltp2) (p2 ltp3) then everything ok else
  raise alarm
• Functionally okay - temporally?
• Multiple S-Tasks
• a) Time diff. Between occurrence of alarm cond.
  and triggering of the alarm (GUI)?
• b) when to activate pressure measurement? At what
  time difference should the three pressures be
  measured?
• When statement buries the timing information
  but only establishes logical information.

26

• Logical control deals with the control flow
  within a task that is determined by the program
  structure and a particular input data
• Temporal control is concerned with the points in
  time when a task must be activated (or blocked)
• In an S-Task the only temporal control is to
  decide when a task is to be activated.
• In a C-Task logical control is intermingled with
  temporal control e.g. wait statement can delay
  the execution until a condition outside the task
  is satisfied

27
Event Triggered and Time Triggered Systems

• A temporal control signal may arise from two
  sources
• a) from a considerable state change -- an event
  trigger
• b) from the progression of real time whenever a
  real time clock reaches a preset value -- a time
  trigger
• Elevator controller example
• Event triggered Every press at the button causes
  an interrupt - activates the rescheduling task
• Time triggered Every press sets a local memory
  element at the sampling time the memory elements
  are scanned and rescheduling is done
• Time triggered gt more predictable
• Event triggered gt more flexible

28
Interrupts (Event Trigger)

• Asynchronous hardware supported request
• Context switch overheads WCAO (W.C. Admin. O/H)

100
CPU capacity
CPU capacity needed for interrupt housekeeping
CPU capacity available for application sw
Int. Freq.
1/WCAO
29
Trigger Task

• Control remains within the system
• Periodic time triggered task
• Overhead The period of the trigger task must be
  less than the laxity (difference between deadline
  and execution time)
• If the laxity is too small (lt 1 msec.) then the
  overhead can be too high

30
Response Time Calculation
31
Polled Loops

• One event (external device sets flag)
• If response time gt arrival time of events then
  the cycle time to poll will have to be
  considered.
• Worst case for the nth event n(fP) where f is
  the flag checking time and P is the proc. Time
  of an event (neglecting flag setting time)

Set flag (ns)
Check Flag (?sec)
Process Flag (msec ??)
32
Interrupt Driven Systems
Process interrupt

• Int. latency
• (ns)
• RiLiCsSiAi
• The schedule time Si is negligible when the
  interrupt is scheduled by an interrupt controller
  handling multiple interrupts.
• Cs can be computed as computing the timing of any
  application code

Context switch
Schedule
?sec
Millisec.
?sec
33
Interrupt Latency

• Latency between the arrival of interrupt and when
  the CPU begins reacting to it.
• When higher priority task preempts a lower
  priority task the latency can be computed as
• Li LP max LI, LD where LP is the
  propagation delay of the interrupt signal
  (nanosec to microsec.)
• LI is the longest completion time of an
  instruction in the interrupted process and LD is
  the max. time the interrupts are kept disabled by
  the lower priority routine.

34
Interrupt Latency (contd.)

• When lower priority routine attempts to interrupt
• the interrupt will be processed only after
  all the higher priority interrupts have been
  processed.
• So LI LH, where LH is the time taken to process
  all higher priority interrupts.
• Computation of LH is very difficult in view of
  the fact that these can also be preempted.
• So we try for bounded response time

35
Time Loading and Measurement

• The execution time of the various modules and the
  overall system time loading needs to be known
  before implementation (even for hardware
  selection)
• Logic Analyzer detailed timing available but
  the sw must be fully coded and the hw must also
  be available
• Instruction Counting Trace the longest path
  through the code (pre-final), count the
  instruction types in that path and add their
  execution times

36
Time loading (contd.)

• For any periodic system the total task execution
  time divided by the cycle time for that module
  gives the time loading for that task.
• For sporadic or mixed systems, the maximum task
  execution rates (if known) are to be used.
• Total time loading is obtained by adding all the
  time loadings of the individual tasks.
• If T is time loading, Ti is the cycle time for
  task i, and Ai is the actual execution time, then
• for n tasks we have T?ni1 Ai/Ti

37
Computation of Time loading
Cycle time 5 ms
Time loading 0.5/510
Execution time 0.5 m.sec
5
10
15
Time in m.sec
Cycle time40ms
Cycle time 10m.sed
38
Instruction Execution Time Simulators

• Besides the instruction cycle time, the memory
  access time and wait states also contribute to
  the instruction execution time
• Hence often simulators are used with
• InputsI) CPU type II) Memory speed III)
  Instr.Mix
• Output total instruction time and throughput
• Short sections of code can be timed by reading
  the system clock before and after execution
• For short codes (few microsecs.) it is better to
  execute them several thousand times and divide
  the instruction time by the total time spent.
  Takes care of the errors due to granularity of
  the clock.

39
Non-deterministic factors

• Cache effects For WCET assume all memory
  references to be misses. What about conflict
  misses?
• Pipeline effects Instruction execution time is
  changed. WCET assume that at every possible
  opportunity the pipeline has to be flushed?
• DMA Cycle stealing occuring at every
  opportunity?
• Rational approximations of effects are possible
  tighter the bound, better it is.

40
Timing Constraints in Real Time Systems
41

• Maximum No more than t amt. Of time can elapse
  between two events
• Minimum No less than t amt. Of time may elapse
  between two events
• Durational An event must occur for t amt.
• Issues Are they meaningful? Required? For user
  specified behavior? For system performance?
• What syntactic and semantic constructs are
  needed?
• What features are needed for validation?

42
Maximum timing constraints

• S-S combination max time between occurrence of
  two stimuli . Ex. after the first digit is
  dialled, second digit must be dialled no later
  than 20 sec.
• S-R combination The caller shall get the dial
  tone no later than 2sec. after lifting the
  receiver
• R-S comb. max. time between response and next
  stimulus. E.g. After receiving the dial tone,
  next digit should be dialled within 30 sec.
• R-R com. max. time between two responses, e.g.
  after connection the caller shall receive the
  ringback tone no later than the callee receiving
  the ring tone.

43
SDL and RTRL allow the use of timerconstruct
DIAL AGAIN
TIMER ALARM/ DIAL TONE
FIRST DIGIT/ START TIMER (20)
AWAIT SECOND DIGIT
AWAIT FIRST DIGIT
SECOND DIGIT/ SILENCE
AWAIT NEXT DIGIT
Use of timer in a behavioral requirement
44
FEATURE local_to_local_call TIMERS collect_di
git_timer (20) -- the user has 20 seconds to
dial each digit of a phone number REQUIREMENT
S digit_collection INSTATE await_first_digit T
RANSITION (first_digit) START
collect_digit_timer NEWSTATE
await_second_digit END TRANSITION INSTATE
await_second_digit TRANSITION (second_digit
) SEND silence TO calling party NEWSTATE
await_next_digit (collect_digit_timer.alarm)
SEND dial_tone TO calling party NEW
STATE dial_again END TRANSITION
Modeling a behavioral constraint in RTRL
45
S-R and R-R constraints are requirements of the
systems performance The construct Latency has
been used in RTRL to this end
INSTATE idle TRANSITION (caller_off_hook) LA
TENCY 2 SEND dial_tone NEWSTATE
await_first_digit END TRANSITION
How to use Latency for R-R?
Constraining system performance in RTRL
46
OFFHOOK/START TIMER (30)
FIRST DIGIT
SECOND DIGIT
AWAIT FIRST DIGIT
AWAIT SECOND DIGIT
AWAIT THIRD DIGIT
AWAIT SEVENTH DIGIT
ALARM REORDER TONE
ALARM REORDER TONE
ALARM REORDER TONE
SEVENTH DIGIT RINGTONE
DAIL AGAIN
ALARM REORDER TONE
START TIMER
DIALING COMPLETE
A maximum timing constraint on several events
Caller should dial 7 digits within 30 sec.
47
Specification of Minimum Time Constraints

• S-S A min. of 0.5 sec. must elapse between
  dialling of two digits
• S-R after the users dials 0, wait 15 sec. to see
  if the user himself completes the call, without
  operator assistance.
• R-S where the system may be busy serving
  requests from several ports
• R-R Where the user needs some time to act upon a
  result/response

48
AWAIT NEXT DIGIT
SECOND DIGIT/ SILENCE
TIMER ALARM
FIRST DIGIT
HANDLE
START TIMER (O.5)
DIGIT
AWAIT CALLER ONHOOK
SECOND DIGIT BEEPING
The specification of a minimum timing constraint
on system users
49
INSTATE await_second_digit TRANSITION / dialin
g_timer is assumed to have started in state
handle_digit / (dialing_timer_alarm) TRANSITI
ON (second_digit) SEND silence to
calling_party NEWSTATE
await_next_digit (collect_digit_timer.alarm)
SEND dial_tone TO calling_party NEWS
TATE dial_again ENDTRANSITION (second_digit)
SEND beeping NEWSTATE await_caller_on_hook
ENDTRANSITION
Combing maximum and minimum timing constraints
RTRL
50
Durational Time Constraints

• Two responses r1 and r2 should be heard within 60
  sec. after a stimulus s1 and r2 should be delayed
  at least 15 sec. after r1 and should occur no
  later than 30sec. after r1. Also, r1 and r2 last
  for 3 and 4 sec. respectively.
• Automatic Test Executor (ATE) attempts to acheive
  this as

51
CAUSE S1 / r2 SHOULD END NO LATER THAN 64
(604) SECONDS / SET INTERRUPT 1 TO 64
SECONDS / OBSERVE r1 for SECONDS / VERIFY r1
(3) SET INTERRUPT 2 TO 34 SECONDS /r2 SHOULD
END NO SOONER THAN 11(15-4) SECONDS / SET ALARM
1 TO 11 SECONDS REPEAT UNTIL ALARM 1 ON VERIFY
NOT r1 END VERIFY r2 (4) CANCEL INTERRUPT
2 CANCEL INTERRUPT 1