priority inversion(2)

7/31/2019 Priority Inversion(2)

1/17

Priority Inversion

BAE5030

Advanced Embedded Systems

9/13/04


2/17

Priority Inversion

Its not a good thing

It can have disastrous results

Mars Pathfinder Therac-25

It can (and does) happen to the very best

of the best experts!


3/17

Priority Inversion

General DescriptionA low priority thread blocks a ready and willinghigh-priority thread indefinitely (Samek, p. 231)

The highest priority task is prevented from

running and completing a task on time The Dining Philosophers (Dijkstra)

5 philosophers are eating around a table

Spaghetti in the middle Takes 2 forks to eat slippery spaghetti

Fork between each philosopher


4/17

Dining Philosophers

Philosophers alternate periods of eating and

thinking

When a philosopher wants to eat, he tries toacquire 2 forks

If he is successful, he gets to eat for awhile, puts

down the forks and continues to think How do we make this happen continuously

without getting stuck? (resource allocation)

Cant all eat at once or think at once


5/17

Phil. C is the most important philosopher

but very thin Phil. B is a middle level philosopher Phil. A is an amateur, low-level philosopher, very portly

Scenario:

Phil C picks up a fork Phil B grabs the other fork beforePhil C can get to it.

In the meantime, Phil A picks up two forks and eats while Cand B are gridlocked

The group of philosophers are never blessed with the

important philosophy of Phil. C (because he starves to death)and have to settle for the inane and inaccurate philosophy ofportly Phil. A!

Thats priority inversion!!!


6/17

Priority Inversion

Illustration (memory allocation)


7/17

Solutions/preventions:

Semaphore: a protected variable and is a classicmethod for restricting access to shared resources

Mutex: mutually exclusive semaphore - allows multiplethreads to synchronize access to a shared resource

Priority inheritance mutex:A low priority task inherits the priority of any higher priority

task pending on a resource they share. Priority changes as soon as the high-priority task begins to

pend and ends when the resource is released.

Requires help from the operating system


8/17

Priority Inheritance


9/17

Priority ceiling mutex:Associates a priority with each resource

Scheduler transfers that priority to any task

that accesses the resource Priority assigned to the resource is the priority

of the highest-priority user, plus one.

When a task is finished with the resource,

priority returns to normal. Semaphores are not needed, tasks can share

resources simply by changing priorities



10/17

Priority Ceiling


11/17

If ceilings are chosen properly (not too high ortoo low)priority ceiling mutex is: faster

causes fewer context switches

much easier for static timing analysis

than priority inheritance mutex

Bulletproof: priority ceiling protocol (Sha, et al.)Combination of ceiling and inheritance



12/17

Mars Pathfinder

Bus manager tasks communicated through a

pipe along with a low-priority meteorological

science task.

Some medium priority tasks preempted the

low-priority science task and kept the high-

priority distribution manager waiting too long.


13/17

Another bus scheduler became active andchecked on the high-priority distribution

manager, noticed its task wasnt completeon time and caused a system reset.

The fix: Windriver (software people) had

left an inactive workaround in place. JPLhad to enable it remotely. (Barr,Embedded Systems Programming)

Mars Pathfinder


14/17

Therac-25

Computer-controlledradiation therapy machine

Severely overdosed 6

people causing 2 painfuldeaths

Intended dose: 100-200

rads Delivered dose: 13,000-

25,000 rads


15/17

The problem: If treatment data was submitted through the

console within 8 seconds, the unit could end

up partially set for xray treatment and partiallyset for electron treatment

Impossible to determine mode of operation atany given time

-Samek: bottom-up design process andthe problem still exists today only withsome concurrency patches included.

Therac-25


16/17

Summary: Priority Inversion

Important tasks miss deadlines becauseless important tasks are allowed to runinstead

The fix: Priority inheritance

Priority ceiling

Priority ceiling protocol IT COULD HAPPEN TO YOU (US)! BE

PREPARED.


17/17

Questions?

priority inversion(2)

Documents