Resource Access Control (Part I)

1
Resource Access Control (Part I)

• The Mars Pathfinder Incident
• Resource Model
• Priority Inversion

2
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

3
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

4
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

5
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

6
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

7
Resource Access Control in Real-Time Systems

• Resources, Resource Access, and How Things Can Go
  Wrong The Mars Pathfinder Incident
• Resources, Critical Sections, Blocking
• Priority Inversion, Deadlocks
• Nonpreemptive Critical Sections
• Priority Inheritance Protocol
• Priority Ceiling Protocol
• Stack-Based Protocols

8
Mars Pathfinder Incident

• Landing on July 4, 1997
• experiences software glitches
• Pathfinder experiences repeated RESETs after
  starting gathering of meteorogical data.
• RESETs generated by watchdog process.
• Timing overruns caused by priority inversion.
• Resources
• research.microsoft.com/mbj/Mars_Pathfinder/Mars_
  Pathfinder.html

9
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
10
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
11
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
12
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
13
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
14
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
15
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
16
Priority Inversion on Mars Pathfinder
Task bc_sched detects overrun
blocks on mutex
becomes active
high priority
Task bc_dist
other tasks
Task ASI/MET
low priority
starts
gets preempted
locks mutex
17
Resource Access System Model

• Processor(s)
• m types of serially reusable resources R1, ...,
  Rm
• An execution of a job Ji requires
• a processor for ei units of time
• some resources for exclusive use
• Resources
• Serially Reusable Allocated to one job at a
  time. Once allocated, held by the job until no
  longer needed.
• Examples semaphores, locks, servers, ...
• Operations
• lock(Ri) -----ltcritical sectiongt------ unlock(Ri)
• Resources allocated non-preemptively
• Critical sections properly nested

18
Resource Access System Model

• Processor(s)
• m types of serially reusable resources R1, ...,
  Rm
• An execution of a job Ji requires
• a processor for ei units of time
• some resources for exclusive use
• Resources
• Serially Reusable Allocated to one job at a
  time. Once allocated, held by the job until no
  longer needed.
• Examples semaphores, locks, servers, ...
• Operations
• lock(Ri) -----ltcritical sectiongt------ unlock(Ri)
• Resources allocated non-preemptively
• Critical sections properly nested

19
Preemption of Tasks in their Critical Sections
Example
Zzzz!
lock(s)
unlock(s)
T1
T2
T3
lock(s)
unlock(s)

• Negative effect on schedulability and
  predictability.
• Traditional resource management algorithms fail
  (e.g. Bankers Algorithm). They decouple resource
  management decisions from scheduling decisions.

20
Unpredictability Scheduling Anomalies

• Example T1 (c12, e1 5, p1 8) T2 (4,
  7, 22) T3 (4, 6, 26)

0
5
10
15
20
25

• Shorten critical section of T3 T1 (c12, e1
  5, p1 8) T2 (4, 7, 22) T3 (2.5, 6,
  26)

0
5
10
15
20
25