Uppaal, and Scheduling, and Resource Access Protocols

1
Uppaal, andScheduling, and Resource Access
Protocols

• CS 5270 Lecture 3

2
Assignment 1

• Eight questions
• Some reading may be required
• Hand in Feb 16

3
Last week

• Some system examples
• Time triggered architectures
• Requirements for hard RT systems
• Functional
• Temporal
• Dependability/safety
• Clocks
• The design challenge(not done)

4
This week

• The design challenge.
• Uppaal
• Scheduling overview
• Scheduling algorithms
• RMS Rate Monotonic Scheduling
• EDF Earliest Deadline First
• Resource Access overview (if time)

5
Uppaal Website
6
Uppaal License
7
Uppaal Download
8
Uppaal Download
9
Uppaal Instructions
10
Uppaal Extract/unzip
11
Uppaal Click on Jar file
12
Uppaal The application
13
Uppaal Help
14
Uppaal Load up demo
15
Uppaal Look at TTS
16
Uppaal Simulation
17
Uppaal Simulation
18
Uppaal Simulation
19
Uppaal Verification
20
Scheduling
21
Non-preemptive scheduling
22
Preemptive scheduling
23
Scheduling terms

• Feasible a schedule is termed feasible if all
  tasks can be completed within the constraints
  specified
• Schedulable a task set is schedulable if a
  particular scheduling algorithm produces a
  feasible schedule

24
Constraints for scheduling

• Timing (deadlines for tasks)
• Precedence (which task comes first)
• Resource (shared access)
• Hard and Soft constraints

25
Deadlines
Each task runs for time Cj, and must complete
before a deadline
26
Periodic tasks
27
Precedence between tasks
28
Resource Access Protocols

• Multiple tasks.
• Uniprocessor
• Shared resources.
• Need proper protocols for accessing shared
  resources.
• Resource access protocols.
• Avoid priority inversion!

29
Resource constraints

• Critical resource constraints
• Mutual exclusion
• Critical sections

30
Critical sections
31
Critical Section

• Critical section
• A piece of code belonging to task executed under
  mutual exclusion constraints.
• Mutual exclusion enforced by semaphores.
• wait(s)
• Blocked if s 0.
• signal(s)
• s is set to 1 when signal(s) executes.

32
Structure of Critical Sections.
33
Wait State

• A task waiting for an exclusive resource is
  blocked on that resource.
• Tasks blocked on the same resource are kept in a
  wait queue associated with the semaphore
  protecting the resource.
• A task in the running state executing wait(s) on
  a locked semaphore (s 0) enters the waiting
  state.
• When a task currently using the resource executes
  signal(s), the semaphore is released.
• When a task leaves its waiting state (because the
  semaphore has been released) it goes into the
  ready state

34
Task access to resources
35
Blocking via Exclusive Resource
J1 has higher priority than J2. Preemption is in
play. Only one processor available.
36
Scheduling algorithms - RMS
37
A Classic Policy

• Rate Monotonic Scheduling.
• Task set J1, J2, , Jn
• Each task is periodic. T1, T2,.., Tn
• ?i 0 for each i.
• Di Ti for each i.
• Each task runs for time Ci
• Pre-emption allowed, only one processor, no
  precedence constraints, no shared resources.

38
RMS

• The RMS algorithm
• Assign a static priority to the tasks according
  to their periods.
• Priority of a task does not change during
  execution.
• Tasks with shorter periods have higher
  priorities.
• Preemption policy
• If Ti is executing and Tj arrives which has
  higher priority (shorter period), then preempt Ti
  and start executing Tj.

39
RMS Example
Duration
Period
(3, 2)
(5, 1)
Ti
Ci
40
RMS Example
(3, 1)
(5, 2)
41
RMS Results

• RMS is optimal.
• If a set of of periodic tasks (satisfying the
  assumptions set out previously) is not
  schedulable under RMS then no static priority
  algorithm can schedule this set of tasks.
• RMS requires very little run time processing.

42
Schedulability
43
Process Utilization Factor

• Task set T1, T2, , Tn
• Process Utilization Factor
• ? Ci / Ti
• C1 / T1 C2 / T2 Cn / Tn
• If this factor is GREATER than 1 then the task
  set can not be scheduled.
• Why?
• If UF 1 it may be RMS-schedulable.

44
RMS Schedulability

• Task set T1, T2, , Tn
• If UF ? Ulub then it is guaranteed to be
  schedulable.
• Ulub - The least upper bound of processor
• utility.
• For RMS, Ulub n( 21/n 1)

45
Process Utilization Factor

• Task set T1, T2, , Tn
• If UF ? Ulub then it is guaranteed to be
  schedulable.
• But if UF is greater than Ulub and not greater
  than 1, we must check explicitly whether the task
  set is RMS-schedulable.

46
RMS Schedulability
n Ulub
1 1.000
2 0.828
3 0.780
4 0.757
5 0.743
6 0.735
7 0.729
? ? 0.690

This is only a sufficient criterion! This
criterion may fail and yet an RMS may exist.
47
RMS Example (Guaranteed)
UF 0.33 0.40 0.73 Ulub 0. 828
(3, 1)
(UFUlub)
(5, 2)
48
RMS Example (still schedulable)
UF 0.66 0.20 0.86 Ulub 0. 828
(3, 2)
(UFgtUlub)
(5, 1)
49
Scheduling algorithms - EDF
50
EDF

• Earliest Deadline First.
• Tasks with earlier deadlines will have higher
  priorities.
• Applies to both periodic and aperiodic tasks.
• EDF is optimal for dynamic priority algorithms.
• A set of periodic tasks is schedulable with EDF
  iff the utilization factor is not greater
• than 1.

51
An Example

• T1, T2
• T1 ( 5, 2)
• T2 (7, 4)
• UF 0.4 0.57 0.97

52
An RMS Schedule?
Time-Overflow
53
The Example

• UF 0.4 0.57 0.97
• Guaranteed to be schedulable under EDF!

54
An EDF Schedule
55
Priority inversion
56
Priority Inversion.
J1
J2
J3
0 1 2 3 4
5 6 7
J1 gt J2 gt J3 3, 6 priority inversion
period. J1 waits for the execution of J2 and the
critical section of J3
57
Priority Inversion

• The Mars pathfinder Mission in 1997 ran into
  serious problem.
• The spacecraft began experiencing total system
  resets with loss of data each time.
• It turned out to be due to priority inversion.
• See the web page and the links there in the IVLE
  area!

58
Avoiding Priority inversion

• Disallow preemption during the execution of a
  critical section.
• Works only if critical sections are short.
• Might unneccesarily block higher priority
  processes that do not even use any shared
  resources!
• Resource access protocols
• Priority inheritance protocol.
• Priority ceiling protocol.

59
Resource access - PIP
60
Priority Inheritance Protocol

• Tasks have nominal and active priorities.
• Nominal priority
• assigned by the scheduling algorithm (RMS,
  EDF,..)
• Active priority
• assigned by the protocol dynamically- to avoid
  priority inversion.

61
Priority Inheritance Protocol

• Basic idea
• When Ji blocks higher-priority tasks, then its
  active priority is set to the highest of the
  priorities of the tasks it blocks.
• Ji inherits -temporarily the highest priority
  of the blocked tasks.
• This prevents medium priority tasks from
  preempting Ji and prolonging the blocking
  duration of the higher priority tasks.

62
Priority Inheritance Protocol

• The Protocol
• Jobs are scheduled based on their active
  priorities.
• If Ji tries to enter a critical section and the
  corresponding resource is being held by Jj then
  Ji is blocked it is said to be blocked by Jj.
• When a job is blocked on a semaphore, it
  transmits its active priority to the job that
  holds the semaphore in general, a task inherits
  the highest priority of the jobs blocked by it.

63
Priority Inheritance Protocol

• The Protocol
• When Jk exits a critical section, it unlocks the
  semaphore the job with the highest priority that
  is blocked on the semaphore, if any, is awakened.
  The priority of Jk is set to the highest priority
  of the job it is currently blocking. If none, its
  priority is set to its nominal one.

64
Example
65
Nested Critical Sections
66
Priority Inheritance Protocol

• Good news
• If there are m distinct semaphores that can
  block a job J then J can be blocked for at most
  the duration of at most one critical section, one
  for each of the semaphores.
• It can never be as long as the WCET of a lower
  priority task.

67
Priority Inheritance Protocol

• Bad news
• Chained Blocking
• J can get blocked on n critical sections held by
  n distinct lower priority jobs.
• Deadlocks.

68
Resource access - PCP
69
Chained Blocking
70
Deadlock
71
Priority Ceiling Protocol

• Extension of the Priority Inheritance Protocol.
• Avoids chained blocking and deadlocks.
• Basic Idea
• A task is not allowed to enter a critical section
  if there are already locked semaphores which
  could block it eventually (due to a sub-critical
  section nested within the entering critical
  section).
• Hence, once a task enters a critical section, it
  can not be blocked by lower priority tasks till
  its completion.

72
Priority Ceiling Protocol

• The Protocol
• Each semaphore S is assigned a priority ceiling
  C(S). It is the priority of the highest priority
  task that can lock S. This is a static value.
• Suppose J is currently running and it wants to
  lock the semaphore S. J is allowed to lock S only
  if the priority of J is strictly higher than the
  priority ceiling C(S) of the semaphore S where
• S is the semaphore with the highest priority
  ceiling among all the semaphores which are
  currently locked by jobs other than J.
• In this case, J is said to blocked by the
  semaphore S (and the job currently holding S).

73
Priority Ceiling Protocol

• The Protocol
• When J gets blocked by S then the priority of J
  is transmitted to the job that currently holds
  S.
• When J leaves a critical section guarded by S
  then it unlocks S and the highest priority job,
  if any, which is blocked by S is awakened.
• The priority of J is set to the highest priority
  of the job that is blocked by some semaphore that
  J is still holding. If none, the priority of J
  is set to be its nominal one.

74
Example
75
Example
C (S0) P0 C(S1) P0 C(S2) P1
76
Example
C (S0) ? C(S1) ? C(S2) ?
77
Example _at_ t2
t2 J1 can not lock S2. Currently J2 is holding
S2 and C(S2) P1 and the current priority of J1
is also P1.
78
Example _at_ t5
t5 J0 can not lock S0. Currently J2 is holding
S2 and S1 and C(S1) P0 and the current priority
of J0 is also P0. The (inherited) priority of J2
is now P0.
79
Example _at_ t6
t6 J2 unlocks S1. It awakens J0. But J2s
(inherited) priority is now only P1 while P0 gt
C(S2) P1. So J0 preempts J2 and runs to
completion.
80
Example _at_ t7
t7 J2 resumes execution with priority P1.
81
Example _at_ t8
t8 J2 unlocks S2 and goes back to its nominal
priority P2. So J1 preempts J0 and runs to
completion.
82
Two Key Properties

• Under priority ceiling protocol, a job can be
  blocked for at most the duration of one critical
  section.
• The priority ceiling protocol prevents deadlocks.