dependable resource sharing for compositional real-time ... · resource sharing: a closer look 1...
TRANSCRIPT
![Page 1: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/1.jpg)
Dependable resource sharing forcompositional real-time systems
– Embedded Real-time Computing Systems and Applications (RTCSA) –
M.M.H.P. van den Heuvel - R.J. Bril - J.J. Lukkien
System Architecture and Networking (SAN)Department of Mathematics and Computer Science
Eindhoven University of TechnologyThe Netherlands
30 August 2011
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 1 / 22
![Page 2: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/2.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 2 / 22
![Page 3: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/3.jpg)
Why hierarchical scheduling: an example for automotive
Reduce the number of nodes
Trend: Fewer and more powerful nodes
Integration problem:temporal isolation between legacy applications on a single processor;applications may share more resources.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 3 / 22
![Page 4: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/4.jpg)
Why hierarchical scheduling: an example for automotive
Reduce the number of nodes
Trend: Fewer and more powerful nodes
Integration problem:temporal isolation between legacy applications on a single processor;applications may share more resources.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 3 / 22
![Page 5: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/5.jpg)
A Solution: Hierarchical Scheduling
GlobalScheduler
localscheduler
Component 0
localscheduler
Component 1
localscheduler
Component n. . .
R1 R2
component: server, set of tasks and local (task) scheduler
server: a budget allocated each period
Tasks, located in arbitrary components, may share logical resourcesi.e. deal with local and global priority inversion!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 4 / 22
![Page 6: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/6.jpg)
A Solution: Hierarchical Scheduling
GlobalScheduler
localscheduler
Component 0
localscheduler
Component 1
localscheduler
Component n. . .
R1 R2
component: server, set of tasks and local (task) scheduler
server: a budget allocated each period
Tasks, located in arbitrary components, may share logical resourcesi.e. deal with local and global priority inversion!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 4 / 22
![Page 7: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/7.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 5 / 22
![Page 8: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/8.jpg)
Resource sharing: a closer look
1 Access shared memory:
shared buffers;memory-mapped devices.
2 Operating-system services:
in-kernel: short non-preemptive critical sections;other services: mutually exclusive between resource users.
3 Global non-preemptive access to the processor (pseudo-resources):
reduce cache misses;less pipeline flushes.
Critical sections may be long w.r.t. WCETs!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 6 / 22
![Page 9: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/9.jpg)
Global resource sharing problem
Budget depletion during a critical section can lead toexcessive blocking times:
Ps Ps
Qs QsBs
Ps
Qs
Three SRP-based solutions for HSFs:
HSRP: React upon budget depletion while a resource is locked;i.e. allow to use an overrun budget;
BROE and SIRAP: Prevent budget depletion during resource access;i.e. before granting access, first check the remaining budget.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 7 / 22
![Page 10: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/10.jpg)
Global resource sharing problem
Budget depletion during a critical section can lead toexcessive blocking times:
Ps Ps
Qs QsBs
Ps
Qs
Three SRP-based solutions for HSFs:
HSRP: React upon budget depletion while a resource is locked;i.e. allow to use an overrun budget;
BROE and SIRAP: Prevent budget depletion during resource access;i.e. before granting access, first check the remaining budget.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 7 / 22
![Page 11: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/11.jpg)
Global resource sharing problem
Budget depletion during a critical section can lead toexcessive blocking times:
Ps Ps
Qs QsBs
Ps
Qs
Three SRP-based solutions for HSFs:
HSRP: React upon budget depletion while a resource is locked;i.e. allow to use an overrun budget;
BROE and SIRAP: Prevent budget depletion during resource access;i.e. before granting access, first check the remaining budget.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 7 / 22
![Page 12: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/12.jpg)
Temporal isolation stunned by overrun
When a task unwinds:
Legend: critical section normal execution budget arrival
C1
C2
C3
timetet0 t1
No longer a guarantee for:
overrun durations
blocking durations
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 8 / 22
![Page 13: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/13.jpg)
Sources of unpredictable interferences
Global effects of local SRP-based arbitration:
0 50 100
Task1
Task2
Task3
Idle
Legend:
active
holding mutex
preempted
What if Task 1 exceeds its WCET?
What if a Task 3 exceeds its critical-section length?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 9 / 22
![Page 14: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/14.jpg)
Sources of unpredictable interferences
Global effects of local SRP-based arbitration:
0 50 100
Task1
Task2
Task3
Idle
Legend:
active
holding mutex
preempted
What if Task 1 exceeds its WCET?
What if a Task 3 exceeds its critical-section length?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 9 / 22
![Page 15: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/15.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 16: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/16.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 17: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/17.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 18: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/18.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 19: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/19.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 20: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/20.jpg)
Confine temporal faults
What if an interfering task exceeds its WCET?
A solution to prevent an increase of resource-holding times:
Disable local preemptions.
What if a task exceeds its critical-section length?
NO solution to prevent an increase of resource-holding times.
To prevent excessive overruns:
Modified SRP with enforced blocking durations.
It is now similar to the Immediate-PCP in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 10 / 22
![Page 21: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/21.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 11 / 22
![Page 22: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/22.jpg)
Global resource arbitration rules of B-HSTP
1 Use resource-access budgets (RAB) guarded by timers:1 Lock: replenish RAB with maximum critical-section length;2 Unlock: cancel timer;3 RAB depletion: mimic resource unlock and mark resource busy;
2 follow SRP as long as timing contracts are respected;
3 at most 1 task per component may access 1 resource at each time;
4 a component can keep at most 1 resource busy;5 when a component blocks on a busy resource:
suspend until next period.
A basic scheme to monitor and enforce blocking durations!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 12 / 22
![Page 23: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/23.jpg)
Global resource arbitration rules of B-HSTP
1 Use resource-access budgets (RAB) guarded by timers:1 Lock: replenish RAB with maximum critical-section length;2 Unlock: cancel timer;3 RAB depletion: mimic resource unlock and mark resource busy;
2 follow SRP as long as timing contracts are respected;
3 at most 1 task per component may access 1 resource at each time;
4 a component can keep at most 1 resource busy;5 when a component blocks on a busy resource:
suspend until next period.
A basic scheme to monitor and enforce blocking durations!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 12 / 22
![Page 24: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/24.jpg)
Global resource arbitration rules of B-HSTP
1 Use resource-access budgets (RAB) guarded by timers:1 Lock: replenish RAB with maximum critical-section length;2 Unlock: cancel timer;3 RAB depletion: mimic resource unlock and mark resource busy;
2 follow SRP as long as timing contracts are respected;
3 at most 1 task per component may access 1 resource at each time;
4 a component can keep at most 1 resource busy;5 when a component blocks on a busy resource:
suspend until next period.
A basic scheme to monitor and enforce blocking durations!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 12 / 22
![Page 25: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/25.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 13 / 22
![Page 26: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/26.jpg)
Depleting a resource-access budget (RAB)... and then?
Wait until a replenishment in the next component period:
any remaining normal budget is lost;
Legend: critical section normal execution task arrival
C1
C2
timetet1 t2
X2 X2
Use remaining budget?
Use remaining budget:
replenish the RAB with a self-donation.
Unresolved in:
D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 14 / 22
![Page 27: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/27.jpg)
Replenish the RAB with a self-donation
Allow for preemptions before RAB replenishment,i.e. avoid double blocking;
Problem-causing component may resolve the problem itself,before another component notices:
Legend:
critical section
normal execution
budget arrival
C1
C2
timet1
X2l
ε
X2l
X1l
B1
Repeat this until the entire normal budget is depleted;
SRP-based blocking for independent components.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 15 / 22
![Page 28: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/28.jpg)
Blocking on a busy resource... and then?
Wait until the malicious component reslves the problem;Re-try in each component period;Waiting does not resolve anything & budget is lost:
Legend: critical section normal execution task arrival
C1
C2
timetet1 t2
X2 X2
Self-suspension is not allowed!
X2
ε
Use a limited form of donations compared to BWI-based solutions:D. de Niz, L. Abeni, S. Saewong, and R. Rajkumar.
Resource sharing in reservation-based systems.In Real-Time Systems Symp., pages 171–180, Dec. 2001.
R. Santos, G. Lipari, and J. Santos.
Improving the schedulability of soft real-time open dynamic systems: The inheritor is actually a debtor.Journal of Systems and Software, 81:1093–1104, July 2008.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 16 / 22
![Page 29: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/29.jpg)
Replenish the RAB with a third-party donation
Allow for preemptions before RAB replenishment,i.e. avoid double blocking upon replenishment of the donatee:
C1
C2
C3
timetet1
X1l +X3l
Legend:
critical section
normal execution
budget arrival
donate budget
No transitive donations like in BWI;
No chained blocking;
Repeat this until the entire normal budget is depleted.
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 17 / 22
![Page 30: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/30.jpg)
Full SRP-compliance for independent components
Legend: critical section normal execution budget arrival
C4
C5
C6
timete t1 t2
donate budget
C1
C2
C3
X2l X6l . . . X6l
resource ceiling (RCl)
C7
X4l
X4l
Only resource-sharing components (red) have a shared problem!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 18 / 22
![Page 31: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/31.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 19 / 22
![Page 32: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/32.jpg)
HSTP complements the existing protocols
Overrun:also donate the overrun budget, Xsl ,i.e. it is meant to complete a critical section!
Self-blocking:do not donate when there is insufficient budget,because this may cause unnecessary deadline misses:
Legend:self-blocking
normal execution
budget arrivalC1
timet0
budget deadline
P1
tdkt′dk+1
tdk+1
P1
P1
Q1Qrem
1 (tb)
tatb
Optionally: SIRAP allows to give away the remaining budget,i.e. it is accounted for as idled time anyway!
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 20 / 22
![Page 33: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/33.jpg)
Outline
1 Introduction
2 Inter-component resource sharing
3 B-HSTP: Basic Hierarchical Synchronization with Temporal Protection
4 HSTP: Self-donations and third-party donations
5 HSTP: Budget overruns versus self-blocking
6 Conclusions
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 21 / 22
![Page 34: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/34.jpg)
Conclusions
We presented HSTP:1 A basic scheme to monitor and enforce blocking durations;2 SRP-compliant blocking for independent components;
3 In malicious situations:resource-sharing components have a shared problem;problem-causing component tries to resolve it using self-donations;blocking components may provide help, i.e. third-party donations.
4 Complements existing protocols:use an overrun budget for donations whenever it becomes available;adhere to the self-blocking conditions whenever applicable;
Open problem:
how to allocate budgets in the presence of misbehaving components?how to account for donations?
Questions . . . ?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 22 / 22
![Page 35: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/35.jpg)
Conclusions
We presented HSTP:1 A basic scheme to monitor and enforce blocking durations;2 SRP-compliant blocking for independent components;3 In malicious situations:
resource-sharing components have a shared problem;problem-causing component tries to resolve it using self-donations;blocking components may provide help, i.e. third-party donations.
4 Complements existing protocols:use an overrun budget for donations whenever it becomes available;adhere to the self-blocking conditions whenever applicable;
Open problem:
how to allocate budgets in the presence of misbehaving components?how to account for donations?
Questions . . . ?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 22 / 22
![Page 36: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/36.jpg)
Conclusions
We presented HSTP:1 A basic scheme to monitor and enforce blocking durations;2 SRP-compliant blocking for independent components;3 In malicious situations:
resource-sharing components have a shared problem;problem-causing component tries to resolve it using self-donations;blocking components may provide help, i.e. third-party donations.
4 Complements existing protocols:use an overrun budget for donations whenever it becomes available;adhere to the self-blocking conditions whenever applicable;
Open problem:
how to allocate budgets in the presence of misbehaving components?how to account for donations?
Questions . . . ?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 22 / 22
![Page 37: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/37.jpg)
Conclusions
We presented HSTP:1 A basic scheme to monitor and enforce blocking durations;2 SRP-compliant blocking for independent components;3 In malicious situations:
resource-sharing components have a shared problem;problem-causing component tries to resolve it using self-donations;blocking components may provide help, i.e. third-party donations.
4 Complements existing protocols:use an overrun budget for donations whenever it becomes available;adhere to the self-blocking conditions whenever applicable;
Open problem:
how to allocate budgets in the presence of misbehaving components?how to account for donations?
Questions . . . ?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 22 / 22
![Page 38: Dependable resource sharing for compositional real-time ... · Resource sharing: a closer look 1 Access shared memory: shared bu ers; memory-mapped devices. 2 Operating-system services:](https://reader036.vdocument.in/reader036/viewer/2022081600/6041d60133cc8f26747f1772/html5/thumbnails/38.jpg)
Conclusions
We presented HSTP:1 A basic scheme to monitor and enforce blocking durations;2 SRP-compliant blocking for independent components;3 In malicious situations:
resource-sharing components have a shared problem;problem-causing component tries to resolve it using self-donations;blocking components may provide help, i.e. third-party donations.
4 Complements existing protocols:use an overrun budget for donations whenever it becomes available;adhere to the self-blocking conditions whenever applicable;
Open problem:
how to allocate budgets in the presence of misbehaving components?how to account for donations?
Questions . . . ?
Martijn van den Heuvel (TU/e, SAN) Dependable resource sharing in HSFs 30 August 2011 22 / 22