Supporting flexible real-time communication on distributed systems

Supporting Flexible Real-Time

Com-muni ation on Distributed Systems

Fieldbus

Application Software

Network

Controller

System Requirements Database

Synchronous

Requirements

Asynchronous

Requirements

System Config

& Status

EC-Schedule

Register

Admission

Control

Scheduler

Dispatcher

Application

Interface

Version4

Supporting Flexible Real-Time

Communi ation on Distributed Systems

Dissertação apresentada à Universidade de Aveiro para

umprimento dos requisitos ne essários à obtenção do grau

deDoutor emEngenhariaEle troté ni a,realizadasoba

ori-entação ientí a do Prof. Doutor Luís Miguel Pinho de

Almeida,ProfessorAuxiliardoDepartamentodeEngenharia

Ele tróni a e Tele omuni ações da Universidade de Aveiro e

o-orientação do Prof. Doutor José Alberto Gouveia F

on-se a, Professor Asso iado do Departamento de Engenharia

Ele tróni a e Tele omuni açõesda Universidadede Aveiro.

Dissertation submitted to the University of Aveiro in

fulll-ment of the requirements for the degree of Doutor em

En-genhariaEle troté ni a,under thesupervisionofLuísMiguel

Pinho de Almeida, Professor Auxiliar at the Departamento

deEle tróni ae Tele omuni ações oftheUniversityofAveiro

and o-supervisionof JoséAlbertoGouveiaFonse a,

Profes-sor Asso iado at the Departamento de Ele tróni a e T

ReitoradaUniversidadedeAveiro

Prof. Doutor Paulo Jorge EstevesVeríssimo

ProfessorCatedráti odaFa uldadedeCiên iasdaUniversidadedeLisboa

Prof. Doutor José AlbertoGouveia Fonse a

ProfessorAsso iado daUniversidadedeAveiro

Prof. Doutor Luís MiguelPinhode Almeida

ProfessorAuxiliardaUniversidadedeAveiro

Prof. Doutor Eduardo Manuelde Médi isTovar

ProfessorCoordenadordoInstitutoSuperiordeEngenhariadoPorto

Prof. Doutor Josep MariaFuertes Armengol

ProfessorCatedráti odaUniversidadedeCatalunya,Espanha

Prof. Doutor Giorgio Buttazzo

A todas elas expresso o meu profundo e sin ero

agrade- imento. Todavia, devido ao seu espe ial envolvimento,

gostariade agrade er emparti ular:

a Luís Miguel Pinho de Almeida, Professor na

Universi-dade de Aveiro, por ter desempenhado exemplarmente o

seu papel, primeiro omo o-orientador e posteriormente

omo orientador ientí o prin ipal. Para além de ter

ex- edidolargamentetudooqueéexigívelàfunçãode

orienta-dor,quer emtermos té ni os quer ientí os, onseguindo

reunir todasas ondições para que ostrabalhos pudessem

de orrerdamelhorforma,nãopossotambémdeixarde

re-alçar o humanismo que pauta todas assuas a ções, o que

propi iaum ambiente ondetrabalhoesatisfaçãopessoalse

onjugamharmoniosamente. Pelagrandeamizade

demons-trada,peloapoioin ondi ional prestadonosmomentos

di-fí eise pelomodoexemplar omo exer eua suafunção de

orientação, o meusin ero eprofundoagrade imento.

aJoséAlbertoGouveiaFonse a,ProfessornaUniversidade

deAveiro,emprimeiro lugarpor meterlançado este

desa-o, e em segundo lugar pelo modo irrepreensível om que

desempenhou o seu papel, quer omo orientador ientí o

prin ipalnafaseini ialdostrabalhos,quermaistarde omo

o-orientador. Para além da sua inestimável ontribuição

emtermosté ni ose ientí osparaarealizaçãodeste

tra-balho, o seu empenho foi também de isivo na riação das

ondições ne essárias à sua realização. Não posso deixar

também de realçar o seu ará ter profundamente

huma-nista, o que faz om que trabalhar om ele seja sempre

fonte de enorme satisfaçãopessoal. Pelagrande amizadee

onançademonstradadehálongosanosaestaparte, pelo

in ondi ionalapoioprestado emtodososmomentose pelo

modo exemplar omo exer eu a sua função de orientação,

tese desdeo seu iní io. Para além da sua relevante ontribuição

em termos ientí os, também me propor ionou um estágio no

Laboratório de Sistemas de Tempo-Real (Retis Lab) da S uola

Superiore S. Anna, Pisa,Itália, que mepermitiu não sórealizar

avançossigni ativosnumafaseimportantedaimplementaçãode

um dos proto olos riados no âmbito desta tese, omo também

adquirir valiosos onhe imentos na área de sistemas operativos

detempo-real.

ao grupo de Sistemas Ele tróni os Distribuídos, no seio do qual

fui a olhido e pro edi ao desenvolvimento deste trabalho. Em

parti ular agradeço aPedroFonse a, Alexandre Mota eErnesto

Martins não só pelas profí uas dis ussões té ni as e ientí as,

queinequivo amente enrique eram estetrabalho, omo também

pela amizade e onsideração demonstradas ao longo deste

pe-ríodo. Gostariaaindadeagrade eraJoaquimFerreira, omquem

olaborei frequentemente na realização de trabalhos efe tuados

no âmbito desta tese. Para além da mútua amizade, as

dis us-sõesté ni ase ientí astambémmar aramindelevelmente esta

tese.

aoLaboratóriodeSistemasdeTempo-Real(RetisLab)daS uola

Superiore S.Anna,Pisa,Itália,quemea olheuparaarealização

de formação omplementar em sistemas operativos tempo-real,

que permitiu realizar avanços signi ativos relativamente à

im-plementação de um dosproto olos riadosno âmbito destatese.

Emparti ularagradeçoaPaoloGaieaGiuseppeLipari,pelo

em-penhoquetiveramempropor ionar-menãosótodasas ondições

té ni ase logísti aspara a realização daformação, mastambém

pelagrandeamizadee ompanheirismoquedemonstraram, oque

tornousimultaneamente agradáveleproveitosaaestadaemPisa.

a todos os familiares, olegas e amigos pela amizade, apoio e

en orajamento quesempremededi aram,o que ontribuiu

de i-sivamentepara ultrapassarrapidamente osinevitáveismaus

mo-mentos. Sem eles este per urso teria sido ertamente bem mais

árduo. Em parti ular agradeço àCristina e à Soa pela (quase)

innita pa iên ia que tiveram para omigo, e pelos sa rifí ios, a

disseminados, obrindo apli ações que vão desde automação e

ontrolo de pro essos industriais à avióni a, robóti a e ontrolo

automóvel. Muitasdestasapli açõesin luema tividades om

a-ra terísti as de tempo-real, i.e., a tividades que têm de ser

exe- utadasdurantejanelastemporaisbemdenidas. Pelasua

natu-rezadistribuída, estessistemas ompreendemmúltiplasunidades

de pro essamento asquais, apesarde autónomas, ne essitam de

omuni ar entre si para assegurar o ontrolo global do sistema.

Assim,a tro a dedadosentrenodosen ontra-setambémsujeita

a restrições temporais, donde o sistema de omuni ação tem de

garantir que esta o orre de a ordo om as restrições temporais

requeridaspela apli ação.

Muitas apli ações de DCCS são omplexas e heterogéneas,

in- luindo diferentes onjuntos de a tividades, asquais exibem

di-ferentes propriedades e requisitos. Por exemplo, en ontram-se

frequentemente a tividades periódi as, resultando por exemplo

de ontroladores operando em malha fe hada, e a tividades

es-porádi as resultantes de eventos que o orrem em instantes

im-previsíveis no ambiente a ontrolar. Todavia, a importân ia e

tiposderequisitos temporaisdestasa tividades são

independen-tes da natureza da sua a tivação. Por outro lado, em sistemas

DCCS a exibilidade tem vindo a res er de importân ia, em

resultado quer da ne essidade de reduzir ustos de instalação,

onguração e manutenção, quer do uso deste tipo de sistemas

emapli ações emergentes, omo manufa tura ágil (exible

man-ufa turing), bases de dados de tempo-real om número variável

de lientes, robóti amóvelemambientesnãoestruturadose

on-troloautomáti ode tráfego,quetêmdelidar omambientesque

sãoinerentemente dinâmi os.

Apli ações exibindo este grau de omplexidade e dinamismo

re-querem sistemas suportando serviçosa tivados quer pela

passa-gemdotempo(time-triggered)querporeventos(event-triggered)

omgarantiastemporaiseaomesmotempoexibindoexibilidade

opera ional, suportando alterações dinâmi as às ara terísti as

sitos. Em sistemas eminentemente time-triggered, os serviços

event-triggered nãoexistemousãoimplementadosdeumaforma

ine iente, enquanto emsistemaseminentemente event-triggered

algumas das propriedades mais interessantes exibidas pelos

sis-temas time-triggered são perdidas. Por outro lado exibilidade

e garantias temporais têm sido onsideradas omo propriedades

onituosas; sistemas que providen iam serviços om garantias

temporais frequentemente requerem a espe i ação estáti a dos

requisitosde omuni ação,enquantosistemasquesuportam

alte-raçõesdinâmi as aosrequisitos de omuni ação usualmente não

forne emgarantias temporais.

O paradigma de omuni ação apresentado nesta tese,

denomi-nado Flexible Time-Triggered ommuni ation (FTT), on entra

osrequisitos de omuni ação e o es alonamento de tráfego num

úni o nodo e utiliza uma té ni a para distribuição do

es alona-mento denominada master/multi-slave. Esta ara teriza-se por

onsumir pou a largura de banda e por ser independente do

al-goritmo de es alonamento utilizado. Esta arquite tura fa ilita

não só a implementação de es alonamento on-line, suportando

portanto alteraçõesaosrequisitosde omuni açãodurante o

fun- ionamento do sistema, omo também a implementação on-line

de ontrolo de admissão, o que permite rejeitar alterações que

omprometam as garantias temporais do sistema, assegurando

assimum omportamento previsível.

Emalgunsdomíniosespe í osdeapli açãodeDCCS,veri a-se

umane essidade res ente de suportea gestãoon-line de

Quali-dadede Serviço(Quality ofServi e /QoS). Generi amente, esta

fun ionalidade permite aumentar a e iên ia da exploração dos

re ursos do sistema, pois habitualmente veri a-se uma relação

dire ta entre o grau de re ursos alo ados às a tividades de um

sistemaeorespe tivoQoS.Agestãodinâmi adeQoSrequerum

altograudeexibilidade,dondeestatesetambémdes reve omo

o paradigma FTT suporta este tipo de serviço no que on erne

tráfego, omapossibilidadedealterarassuaspropriedades,

exe- utargestãodeQoSealterarapoliti adees alonamentodurante

ofun ionamento,sem omprometerasgarantias temporais

gran-jeadas ao tráfego e atingindo uma elevada e iên ia no uso da

largura debanda.

O paradigma FTT apresentado nesta tese teve a sua génese no

proto olo FTT-CAN. Após algum trabalho realizado sobre este

proto olo veri ou-se que os on eitos prin ipais poderiam ser

abstraídos, resultando um paradigma de omuni ação genéri o,

passível de implementação em diversos meios de omuni ação.

Paraveri araperforman edoparadigmaFTT,estadissertação

in lui algumas ontribuições relativas ao proto olo FTT-CAN,

nomeadamente no que on erne ao estudo do desempenho em

termos de es alonamento e análise de tempos de resposta. Por

outroladoétambémapresentadaaimplementaçãodoparadigma

FTTsobreEthernet (FTT-Ethernet),a qualsedestinaa

apli a-ções mais exigentes no que respeita a poder de pro essamento

e largura de banda, por exemplo apli ações integrando tráfego

multimédia. No que respeita a este último proto olo explora-se

fa turing ontrol to automotive, avioni s and roboti s. Many of these

appli ations omprisereal-timea tivities,thatis,a tivitiesthatmustbe

performedwithinstri ttimebounds. Duetoitsdistributednature,these

systems omprisemultipleautonomouspro essingunitsthat,despite

be-ingautonomous, need to ex hange data in orderto a hieve ontrol over

the environment. For this reason the data ex hange among dierent

nodesis also subje tto real-time onstraints, and thus the

ommuni a-tionsubsystemmustbeabletodeliver datawithinspe i timebounds.

ManyDCCSappli ationsare omplexandheterogeneous, omprising

dif-ferent sets of a tivities with dierent properties and requirements. For

instan e, they ommonly in lude periodi a tivities, e.g. resulting from

losedloop ontrol,andsporadi a tivitiesresultingfromeventsthat

o - ur at unpredi table instants in time in the environment under ontrol.

Thesetypesofa tivities anhavedistin tlevelsof riti alnessand

time-liness requirements, independently of their a tivation nature. On the

otherhand,exibilityisbe omingin reasinglyimportant inDCCS, due

both to the need of redu ing the osts of set-up, onguration hanges

and maintenan e, and also to the re ent use of DCCS in new types

of appli ations, su h as agile manufa turing, real-time databases with

variablenumber of lients, automotive, mobile roboti sin unstru tured

environmentsandautomati tra ontrolsystems,thatmustdealwith

environments thatareinherently dynami .

To ope withsu hhighdegreeof omplexityanddynamism,distributed

real-time systems must support both time and event-triggered

ommu-ni ation servi es under timing onstraints and, at the same time, they

mustbeoperationallyexible,supportingon-the-y hangestothe

om-putational a tivities they exe ute. Con erning spe i ally the

ommu-ni ation subsystem, existing real-time proto ols do not generally fulll

theserequirements. Insystemseminently time-triggered,event-triggered

servi esareeither non-existing or handledine iently, whilein systems

eminently event-triggered, interesting properties of time-triggered

ser-vi esarenormallylost. Onthe otherhand,exibilityandtimelinessare

often onsidered as oni ting: systems thatprovide timeliness

guaran-tees arebased on a stati ongurationof the ommuni ation a tivities

a -tionrequirementsand s heduling of syn hronous tra in a singlenode

and uses a master/multi-slave s hedule distribution te hnique that

re-quires low overhead and is independent of the parti ular s heduling

al-gorithm employed. This ar hite ture fa ilitates the implementation of

on-line s heduling, whi h supports dynami hanges to the message set

properties, and the implementation of on-line admission ontrol, whi h

permits to ensure that hanges to the message set are only a epted if

the timelinessrequirements areall met.

Insomeappli ationdomainsDCCSarealsofa ingatrendtowardshigher

exibility in order to support on-line Quality-of-Servi e (QoS)

manage-ment. This feature is generally useful to in rease the e ien y in the

utilization of systemresour es sin e typi ally there is a dire t

relation-ship between resour e utilization and delivered QoS. On-line QoS

man-agement requiresahighlevelofexibility, andthusthisdissertationalso

des ribeshowthe FTT ommuni ationparadigm an supportsu htype

ofservi es.

This dissertation presents the FTT paradigm and argues that this

paradigmallowsto ombineinthesame ommuni ationsystemdierent

typesoftra ,withtheabilityto hangetheirpropertiesandthe

respe -tive s heduling poli y at run-time, without relinquishing predi tability

guarantees anda hieving e ient useof network bandwidth.

The FTT paradigm presented in this thesis has its roots in the

FTT-CANproto ol. AftersomeworkperformedovertheFTT-CANproto ol,

itwasrealized that the main on epts ould be abstra ted and usedto

build a generi ommuni ation paradigm, whi h ould be implemented

in distin t ommuni ation networks. To assess the performan e of the

FTTparadigm,thisdissertationin ludessome ontributionstothe

FTT-CAN proto ol, mainly in what on erns s heduling and response-time

analysis. Moreover, it also presents an implementation over Ethernet

(FTT-Ethernet), whi h aimsat more resour e demanding appli ations,

supporting for instan e multimedia a tivities. For this reason, in the

s opeoftheFTT-Ethernetproto olmostoftheworkpresentedisrelated

MinistériodaCiên ia e do EnsinoSuperior,por meioda F

unda-çãoparaaCiên iaeaTe nologia,queme on edeuumabolsade

Doutoramento no âmbito do III Quadro Comunitário de Apoio,

programaPOSI-DesenvolverCompetên ias-Medida1.2

(PRA-XISXXI/ BD/21679 / 99),o quepossibilitou arealização dos

trabalhosemregime dededi ação ex lusiva.

Universidade de Aveiro, que me propor ionou as ondições

lo-gisti as, té ni as e humanas para a prosse ução dos trabalhos

realizados noâmbito desta tese.

Institutode Engenharia Ele tróni a e Telemáti a deAveiro,que

apoiounan eiramenteaminhaparti ipação em onferên ias

in-terna ionaispara apresentação de resultados par iais obtidos no

àCristina e àSoa,

àmemória de minha mãee ameu Pai,

1 Introdu tion 1

1.1 Overview . . . 1

1.2 Flexiblereal-time distributedsystems . . . 2

1.3 Central propositionand ontributions . . . 3

1.3.1 Improvements on the FTT-CANproto ol: . . . 4

1.3.2 Spe i ation of the FTTparadigm . . . 4

1.3.3 TheFTT-Ethernet proto ol . . . 5

1.4 Organizationof the dissertation . . . 6

2 Real-time systems fundamentals 9 2.1 Basi on epts on real-timesystems . . . 9

2.2 S heduling real-timesystems tasks . . . 11

2.3 S hedulability analysis . . . 13

2.4 Examples ofs heduling algorithms . . . 14

2.4.1 Task model . . . 14

2.4.2 On-line s heduling algorithms . . . 16

2.4.3 S hedulability tests . . . 18

2.5 Con lusion. . . 24

3 Distributed real-time systems 27 3.1 Real-time ommuni ation . . . 28

3.1.1 Event and Time-triggered ommuni ation paradigms . 29 3.1.2 Combining event and time-triggered tra . . . 31

3.1.3 Message S heduling . . . 31

3.1.4 Co-operation models . . . 34

3.2 Fieldbus Proto ols - briefsurvey . . . 36

3.2.2 WorldFIP . . . 39 3.2.3 Probus . . . 42 3.2.4 P-Net . . . 44 3.2.5 Devi eNet . . . 45 3.2.6 TT-CAN . . . 47 3.2.7 TTP/C . . . 48 3.2.8 FF-H1 . . . 50 3.2.9 FlexRay . . . 53

3.2.10 Fieldbusproperties summary . . . 55

3.3 Ethernet-based RT proto ols - briefsurvey. . . 56

3.3.1 TheEthernet proto ol . . . 58

3.3.2 Modi ationof the Medium A essControl . . . 60

3.3.3 Addition of transmission ontrol over Ethernet . . . . 61

3.3.4 Ethernet-based proto ols propertiessummary . . . 66

3.4 Con lusion. . . 67

4 The FTT paradigm 69 4.1 Whyanew proto ol . . . 70

4.2 The Flexible Time-Triggered paradigm . . . 72

4.2.1 Systemar hite ture . . . 73

4.2.2 TheElementary Cy le . . . 75

4.2.3 Masternode ar hite ture . . . 77

4.2.4 Stationnode ar hite ture . . . 81

4.3 Syn hronousTra Analysis . . . 87

4.3.1 Syn hronous MessageModel. . . 88

4.3.2 Utilization-based s hedulabilityanalysis . . . 90

4.3.3 Ane essaryand su ient s hedulability test . . . 93

4.4 Asyn hronoustra analysis . . . 95

4.4.1 Worst- aseresponse time for AT1 asyn hronousmessage lass 96 4.4.2 Worst- aseresponse time for AT2 asyn hronousmessage lass100 4.5 Con lusion. . . 103

5 QoS management based on FTT 105 5.1 Addinga QoSmanager. . . 106

5.2 Examples of QoSmanagement poli ies . . . 108

5.2.3 Applyingthe Elasti Task Model to messages heduling110

5.3 QoSmanagement ase study: a mobilerobot . . . 112

5.3.1 Communi ation requirements . . . 112

5.3.2 Usingthe priority-based QoSmanager . . . 115

5.3.3 Usingthe Elasti Task ModelQoSmanager . . . 116

5.4 Con lusion. . . 117

6 Contributions to FTT-CAN 119 6.1 TheFTT-CANElementary Cy le . . . 119

6.1.1 Message Arbitration . . . 120

6.1.2 Enfor ing temporal isolation. . . 121

6.1.3 FTT-CANmessage types . . . 122

6.2 Syn hronous tra . . . 126 6.2.1 S hedulability analysis . . . 126 6.2.2 Experimental results . . . 127 6.3 Asyn hronoustra . . . 134 6.3.1 S hedulability analysis . . . 134 6.3.2 Experimental results . . . 135

6.4 Usinga Planning S heduler . . . 138

6.4.1 Responsiveness limits . . . 139

6.4.2 Improving the responsiveness . . . 141

6.4.3 Implementation issues . . . 143

6.4.4 Performan e analysis . . . 144

6.5 Dependability issues . . . 148

6.5.1 FTT-CANMaster repli ation . . . 148

6.5.2 Master repli asyn hronization proto ol . . . 149

6.5.3 Computing the worst- asesyn hronization time . . . . 150

6.5.4 A tive master repla ement . . . 152

6.5.5 Experimental results . . . 153

6.6 Con lusion. . . 154

7 The FTT-Ethernet proto ol 157 7.1 TheFTT-Ethernet Elementary Cy le. . . 159

7.1.1 Message Arbitration . . . 160

7.1.2 Enfor ing temporal isolation. . . 161

7.2.1 Message'stransmission time omputation . . . 166

7.2.2 Syn hronous tra . . . 168

7.2.3 Asyn hronoustra . . . 170

7.3 FTT-Ethernet implementation . . . 172

7.3.1 S.Ha.R.K.brief overview . . . 172

7.3.2 ImplementingFTT-Ethernet on top ofShark . . . 173

7.4 Experimentalresults . . . 175

7.4.1 Experiment hara terization . . . 176

7.4.2 Resultswith FTT-Ethernet . . . 178

7.4.3 Resultswith hub-based Ethernet . . . 179

7.4.4 Resultswith swit hed Ethernet . . . 180

7.4.5 Experimentalresults analysis . . . 180

7.5 Con lusion. . . 181

8 Con lusions and future work 183 8.1 Contributions . . . 183

8.2 Futureresear h . . . 188

A List of publi ationsand ommuni ations 205 A.1 Journal arti les . . . 205

A.2 Conferen e papers . . . 206

B List of a ronyms 209

2.1 Generi omputer-based ontrol systemblo k diagram . . . . 9

2.2 Taxonomyof real-time s heduling algorithms . . . 12

2.3 Exa t,su ient and ne essarys hedulability tests . . . 14

2.4 S hedule generated byRM. . . 17

2.5 S hedule generated byEDF . . . 18

3.1 Layered ommuni ationar hite ture . . . 33

3.2 CAN2.0A messageframe . . . 38

3.3 Periodi message propertiesand resulting BAT . . . 41

3.4 Probustoken-passing andmaster-slave relations . . . 43

3.5 TT-CANsystemmatrix . . . 48

3.6 TTP/C ar hite ture . . . 49

3.7 Foundation Fieldbus link. . . 51

3.8 FlexRay ommuni ation y lestru ture . . . 54

3.9 Ethernet frame . . . 59

4.1 TheFTT paradigmsystemar hite ture . . . 73

4.2 TheElementary Cy le stru ture. . . 75

4.3 FTTmaster internal ar hite ture . . . 77

4.4 FTTstation internal ar hite ture . . . 81

4.5 FTTstation network softwarear hite ture . . . 85

4.6 Expanding the syn hronouswindowto allowusing the blo king-free non-preemptive model 90 4.7 Modeling the ee t of the insertedidle-time, asyn hronous windowand triggermessage 92 4.8 Maximum dead-interval (

σ

i

) and level-ibusywindow(

w

i

) . . 97

4.9 Cal ulatingthe level-ibusy window . . . 101

5.1 Adding QoSmanagement to FTT . . . 108

5.3 In reasing the ee tive utilizationfa tor in FTT-Ethernet. . . 111

5.4 Robot omponents . . . 113

6.1 FTT-CANElementary Cy le . . . 120

6.2 Preventingsyn hronous windowoverrun . . . 121

6.3 Experimentalset-up . . . 128

6.4 S hedulability versus bus utilizationunder RM and EDF . . . 130

6.5 Per entage ofs hedulable message setusingEDF s heduling on CAN133 6.6 SMS Responsiveness bounds. . . 140

6.7 Using the AMS to temporarily onvey anewsyn hronous message141 6.8 Operationalow hart . . . 143

6.9 Transition fromSSP to SMS. . . 145

6.10 Timeline of the s heduling syn hronization pro ess . . . 150

6.11 Master repla ement pro ess . . . 153

7.1 Layer model offa tory ommuni ations . . . 158

7.2 FTT-Ethernet Elementary Cy le . . . 160

7.3 Asyn hronousmessage arbitration s heme . . . 161

7.4 Preventingwindow overrun . . . 162

7.5 FTT-Ethernet frame . . . 163

7.6 Ethernet propagationdelay . . . 168

7.7 Unwanted ollision between syn hronous messages . . . 169

7.8 In luding the propagation delays in the s hedule . . . 170

7.9 Asyn hronousarbitration overhead . . . 171

7.10 Master node: time- riti al a tivities. . . 174

7.11 Slavenode: time- riti al a tivities. . . 175

2.1 Periodi taskset properties . . . 17

5.1 Message setand properties. . . 114

5.2 Message setnetwork utilization . . . 114

5.3 Message setutilization: priority-based QoSmanager . . . 116

5.4 Message setnetwork utilization: ETMQoSmanager . . . 117

6.1 Message typeidenti ation . . . 123

6.2 ECTrigger Message stru ture . . . 123

6.3 Communi ation overhead imposedbythe EC Trigger Message 124 6.4 Syn hronous DataMessage stru ture . . . 124

6.5 Asyn hronousData Message stru ture . . . 125

6.6 Control Message stru ture . . . 126

6.7 Syn hronous ommuni ation requirements . . . 136

6.8 Asyn hronous ommuni ation requirements . . . 136

6.9 Resultsfromexperiment 1 . . . 137

6.10 Resultsfromexperiment 2 . . . 137

6.11 Syn hronous messageproperties. . . 154

7.1 ECTrigger Message stru ture . . . 163

7.2 Syn hronous DataMessage stru ture . . . 164

7.3 Asyn hronousData Message stru ture . . . 165

7.4 Control Message stru ture . . . 166

7.5 Communi ation overhead imposedbythe EC Trigger Message 167 7.6 Task setparameters usedin the experiments. (Periodsandtransmissiontimesinmillise onds)177 7.7 Periods ofea h message (ms)duringthe experiments. . . 177

7.8 Message jitterwith FTT-Ethernet. . . 179

Introdu tion

1.1 Overview

In the last de ades distributed omputer ontrol systems (DCCS) be ame

widely disseminated, appearing in many appli ation elds su h as

auto-matedpro essandmanufa turing ontrol,automotivesystems,avioni s and

roboti s [Pim90 , LA99, Kop97℄. Many of these appli ations pose stringent

onstraints to the properties of the underlying ontrol system, whi h arise

fromthe needtoprovidepredi tablebehaviorduringextendedtime periods.

Depending on the parti ular type of appli ation, failureto meet these

on-straints an ause important e onomi lossesor even puthumanlifesin risk

[Kop97 ℄.

To opewiththeserequirements,earlyDCCSshavebeendevelopedbased

onstati o-lines heduling,i.e.,alla tivitiesaremodeledandanalyzed

dur-ingsystemdesign,basedona ompleteaprioriknowledgeaboutthesystem

properties(e.g. [Kop99℄). Theresultingstati s heduleisusedduringsystem

run-timeto oordinateallsystema tivities. Thisframeworkprovidesahigh

level of predi tability, sin e all a tivities and respe tive a tivation instants

areknownbeforehand,andsoa orre tsystemwillperformasplannedinall

anti ipated ir umstan es. Forthismotive,manysafety riti alappli ations

employstati o-line s heduling.

Frequently, ompleteknowledgeaboutthesystemishard oreven

impos-sibletogatheratdesigntime[SLST99 ℄. Inthis ase,theuseofstati o-line

s heduling of a tivities would be impossible at all, or, even when possible,

an extended range of onservative approa hes. Thus, to be able to deploy

su hkind ofappli ation in amore ee tiveway, systema tivitiesshould be

dynami allys heduledduring run-time,asthey arerequired. Inthis ase it

isalso possible to provide a prioriguarantees about the system

predi tabil-ity, however the amount ofinformation required islower than in the aseof

stati o-line s heduling.

1.2 Flexible real-time distributed systems

Many real-world systems are omplex and dynami , evolving during time

and onsequently hanging their requirementsthat neverthelessmustbe

al-waysfullledbythe ontrolsystem. Furthermore,the adoptionofDCCSsin

marketssu hasthe automotive,in whi he onomi issuesareofparamount

importan e,requireshighlye ient systems. To opewiththerequirements

of su h appli ations, DCCS systems must be able to adapt themselves to

the evolving requirements of the environment they are atta hed to.

How-ever, high resour e e ien y frequently oni ts with stati s heduling

ap-proa hes, a ording to whi h resour es arepermanently allo ated basedon

worst- aserequirements.

An initial step to improve e ien y onsists in the provision of several

modesofoperation duringsystemdesign. At run-time,the parti ular mode

of operation that better ts the operational requirements is sele ted.

Is-sues on erning the timeliness during mode hanges have been addressed

in previous s ienti work [Ped99, Foh93 ℄. Some ommuni ation proto ols

supportthe mode hangessemanti to provide some levelof exibility (e.g.

Time-Triggered Proto ol (TTP) [KG94 ℄). Nevertheless, mode hanges are

stillrestri tive,sin eallthemodesarerequiredtobe ompletely knownand

hara terized during system design. For omplex highly dynami systems,

thisdegreeofknowledge anbeunavailable,or anresultinanexplosionon

thenumber ofpossiblemodes,makingtheir implementation umbersomeor

even impossible at all.

Tobeabletosupportappli ationshavingsu hhigh omplexityandhigh

degree of dynamism, a distributed real-time system must be operationally

exible, meaning that it must support on-the-y hanges to the

dataex hangesbetweenthemusinganappropriate ommuni ationnetwork.

Both task exe ution and data ex hange a tivities are losely related. In a

distributed environment tasks require as input and/or produ e as output

data, whi h mustbe distributedbythe underlying ommuni ation network

within onstrained time boundaries [TC94 , GH98℄. Failing to meet su h

time onstraints an resultin feedingtaskswith outdateddata, whi h inits

turn an ompromise the entire system behavior. From this strong

inter-dependen y between tasks and ommuni ation a tivities within distributed

systems,it follows that hangesin the properties of real time a tivities an

leadto hangesboth in the taskandmessage s heduling.

Anotherrequirement foundinreal-timedistributedsystemsisthe

apa -ity to deliver both time and event-triggered ommuni ation servi es under

timing onstraints [LA99 ℄. In time-triggered systems the ommuni ation

a tivities are triggered at pre-dened time instants, a ording to a global

s hedule, thus requiring a global time syn hronization. This approa h

al-lowssettingthe dierent messagestreamsout ofphase,whi hin some ases

may result in a redu tion in the number of message streams that be ome

ready for transmission simultaneously. Therefore, this type of systems is

well suited to onvey periodi updatesof state data. Onthe other hand,in

event-triggeredsystems ommuni ation a tivitieso uronly whenrequired,

thus these systems are more adapted to onvey alarms and management

data. Most DCCSs privilege either one or the other type of servi es. In

systems eminently time-triggered, event-triggered servi es are either

non-existingor handled ine iently in termsof either responsetime or network

utilization. Onthe other hand,in systems eminently event-triggered,

inter-esting properties of time-triggered servi es su h as global syn hronization

and omposabilitywith respe tto the temporal behaviorarenormally lost.

Thus,anotheraspe tthatshouldbeaddressedbyaexiblesystemisthe

e- ientintegrationofboththesetra paradigms,with me hanismsproviding

temporal isolationbetween them, in order toprevent mutualinterferen e.

1.3 Central proposition and ontributions

Thisworkintrodu es a ommuni ationparadigmdeemed tosupportthe

ni ation system dierent types of tra , with the ability to hange tra

properties and/or the respe tive s heduling poli y during system run-time,

withoutrelinquishingpredi tabilityguaranteesand a hievinge ient useof

network bandwidth. More spe i ally, the envisaged tra types are time

and event-triggered with distin t timeliness requirements

(hard/soft/non-real-time). Theproposed ommuni ation paradigmmeets the following

ob-je tives:

•

Supportforon-linemessages hedulingoftime-triggeredmessagesbased on dynami requirements;

•

Supportforon-line hangesbetweendierent s hedulingpoli ies,both withxedanddynami priorities, on erningthetime-triggeredtra ;

•

Timelinessguarantees on erningthereal-timetra ,basedonon-line admission ontrol;

•

Supportfor distin ttra types(timeandevent-triggered) with tem-poral isolation;

•

Low proto oloverhead;

The ontributionsfoundinthisthesisrelatetothespe i ation,analysisand

implementation ofsu h ommuni ation paradigm,and arethe following:

1.3.1 Improvements on the FTT-CAN proto ol:

TheFTT-CANproto olwasdevelopedattheUniversityofAveiro([AFF98 ℄)

andrelies on theController AreaNetwork (CAN)[Rob91℄ asthe base

om-muni ationnetwork proto ol. The initial implementation of the FTT-CAN

proto ol omprised a planning s heduler and an on-line admission ontrol

proto olbased on as hedulabilityanalysis for the periodi tra assuming

xed priorities. The resear h made in the s ope of this thesis addresses on

one hand the s heduling of periodi messagesusing dynami priorities and

respe tive feasibility analysis, and onthe other handthe supportfor

aperi-odi tra , bothreal and non-real-time,and respe tive timelinessanalysis.

1.3.2 Spe i ation of the FTT paradigm

abletosupportthe ommuni ation requirementsofexibledistributed

real-timesystems. ThisframeworkisdesignatedFlexibleTime-Triggered(FTT)

paradigmanddenesa ommuni ationsystemar hite ture. Thesystem

ar- hite ture herein referred to is generi in the sense that itdoes not rely on

any parti ular network proto ol. The only requirement posed by the FTT

paradigmwithrespe ttotheunderline ommuni ationproto olistheability

to ex hange broad ast messages. The FTT paradigm denes a entralized

s heduling ar hite ture, where a parti ular node, designated by Master, is

responsibleformanagingadatabasewithallthe relevant ommuni ation

re-quirements,performson-linefeasibilitytests on erningthereal-timetra ,

exe utesadynami s hedulerandnallydistributesthe generateds hedules

tothenetworkdevi es. Fromthedevi eside,theFTTparadigmalsodenes

the rules to perform ommuni ations. Furthermore, all these fun tions are

abstra ted from the respe tive implementation, thus allowing appli ations

to be developed independently of the parti ular implementation and MAC.

Tosupportsu har hite ture, suitables hedulingandon-lineadmission

pro-to ols werealso developed.

1.3.3 The FTT-Ethernet proto ol

Oneimportantaspe tofexibilityisrelatedtos alability. Distributed

real-timesystemsareusedinawiderangeofappli ations,with dierent

require-ments in many aspe ts, namely bandwidth. Observing that some

appli a-tions require greater bandwidththan the one made available by traditional

eldbus proto ols like CAN, the FTT paradigm wasalso implemented over

Ethernet,leadingtotheFTT-Ethernetproto ol. Withrespe ttothis

proto- ol,besidestheimplementationofthefun tionsstri tlyrelatedwiththeFTT

paradigm,afurtherresear hwasdevelopedintheeldofdynami Qualityof

Servi e (QoS) handling and supportfor multimedia message streams.

Con- erning the dynami QoS management, an implementation of the Elasti

TaskModel[BLA98 ℄wasperformed,providingsupportformessagestreams

hara terized by ranges of a eptable QoS on erning the network

1.4 Organization of the dissertation

Inthis hapterwehaveoutlinedthes opeofthethesisandbrieydis ussed

the need for further resear h on the exibility of the ommuni ation

net-works supporting distributed real-time systems. Finally, it was presented

the entral proposition of this thesis and its main ontributions. The

re-minder ofthis thesisprovides ba kground information onthis resear h eld

andpresentsthe workdoneinorderto supportthe propositionmadeabove,

beingorganized asfollows:

Chapter 2 in ludes abrief overviewof the areaof real-time systems,with

spe ial emphasis on the issues that areaddressed in this dissertation.

Starting with an informal presentation of the main on epts on

real-time systems,thefo usthenmovestoanoverviewofthemostrelevant

resultsintheeldofs hedulingalgorithmsands hedulabilityanalysis.

Chapter 3 isdevotedto distributedreal-time systems. This hapterstarts

bya hara terization of distributedreal-time systems,task a tivation

and o-operation models andmessage s heduling. Thenit presentsan

overview of some of the more relevant ommuni ation proto ols used

in DCCS systems. Besides the dedi ated ommuni ation proto ols,

developed spe i ally for use in DCCSs, are also addressed real-time

proto ols based on Ethernet, whi h re ently has been target of

inter-est both from the s ienti and industrial ommunities. This hapter

in ludestwotablesthatsummarizethe propertiesoftheseproto olsin

issuesrangingfromthesupportofdierenttypesoftra totimeliness

guarantees and operational exibility.

Chapter 4 presentstheFlexibleTime-Triggered ommuni ationparadigm.

This hapter is the heart of this dissertation and starts by

present-ing a set of requirements that exible real-time ommuni ation

net-worksmustfulll, aswell asthe justi ationforthe proposalofa new

paradigm. Then the FTT paradigm is presented in detail, both from

an ar hite tural andfun tionalpointof view. Furthermore, this

hap-teralso presentsageneri s hedulability analysis,both on erningthe

syn hronous and asyn hronous tra ,adapted to ope with the FTT

ni ationnetwork,issue thatis addressed in Chapters 6 and 7,for the

FTT-CANandFTT-Ethernet implementations, respe tively.

Although hronologi ally the FTT paradigm as appeared after the

FTT-CAN proto ol, the presentation be omes more lear and

under-standable if the paradigm is presented before the implementations.

For this reason the FTT paradigm is presented in Chapter 4, while

the FTT-CAN and FTT-Ethernet implementations are presented in

Chapters6 and 7,respe tively.

Chapter 5 dis usses the suitability of the FTT paradigm to support

sys-tems that benet or even require dynami QoS management. This

hapter starts by dis ussing the internal impli ations of supporting

this type of servi e. Then two illustrative QoS management poli ies

arepresented,whi h areusedin a simple ase study.

Chapter 6 and 7 present two FTT implementations, one based on the

Controller AreaNetwork proto ol (Chapter 6), and another based on

Ethernet(Chapter7). Althoughfromtheappli ationpoint-of-viewthe

setof servi esprovided byanyofthe implementationsis basi allythe

same, their internals must ope with the parti ularities that ea hone

of the underline ommuni ation proto ols presents. Su h

parti ulari-tiesbe omespe iallyvisibleinwhat on ernsthemessagearbitration,

a ess- ontrolandarbitration te hniquesemployedinea h ase, whi h

are arefullydis ussed. Moreover,these haptersalsoin ludethesmall

adaptationsthatmustbeperformedinthegeneri s hedulability

anal-ysispresented in Chapter4.

Bothofthese haptersin ludesimulationandexperimentalresultsthat

allow, in some extent,to assess the performan e ofthe proto ols.

Chapter 8 ontains a brief summary and dis ussion about the

ontribu-tions presented in this dissertation and suggests some lines of future

Real-time systems

fundamentals

2.1 Basi on epts on real-time systems

Computer-based ontrol systems are be oming a ommonpla e. They are

oftenfound in appli ations ranging from bread toasters,washing ma hines,

automati doorsanda ess ontrolsystemstoautomotive,avioni s,roboti s

andpro essandmanufa turingindustries. A omputer-based ontrolsystem

omprises at least a sensory system to gather data about the state of the

systemunder ontrol,or environment, a omputer ableto exe utea ontrol

algorithm and ana tuation system.

The nature of the omputations made in this kind of systems is very

broad, ranging from omplex numeri al omputations required to

imple-Environmnet

Sensory

System

Actuation

System

ment advan ed ontrol algorithms or image pro essing usedfor instan e in

roboti s,to basi operationslike turning some devi eon or oa ording to

a binary input fed by some sensor. A broad range of values is also found

on erningthe time granularity. For example, in industrial environments it

isusual tond ontrol loopsin the rangeof se onds tomillise onds.

Systemsare onsideredto produ elogi ally orre tresultswhenits

out-putsarerelated to the a tual inputs a ording to the laws determined

dur-ing system spe i ation. However, for some systems, this requirement is

not enough. For instan e, if the bread toaster ontroller takes an

ex es-sive amount of time to turn it o after dete ting that the bread is enough

toasted, the output of the pro ess an be ome a pie e of har oal. Su h

kindofsystems,inwhi h omputationsmustbe arriedwithinspe i time

boundaries, are referred as having real-time requirements. More on isely,

areal-time omputersystemis a omputer systemin whi h the orre tness

ofthe system behavior depends notonlyon the value of the omputation but

also on the time atwhi h theresults are produ ed [SR88 ℄. Thus, areal-time

systemmustrea tto hanges inthe stateofthe obje tunder ontrolwithin

time boundaries, whi h depend on the dynami s of the ontrolled obje t.

Thelast instant at whi h a result an be produ ed is alled deadline.

Depending on the parti ular appli ation, failing to meet deadlines an

have dissimilar onsequen es. For example, to be able to rea h some

geo-graphi al position, a mobile robot must olle t data from the environment

anduseitto perform traje toryplanning. However, to be ableto dealwith

realenvironments, itmustalsobeableto dete tand avoidobsta les. Ifdue

to some system overload, the traje tory planning task sometimes does not

have enough omputational resour es to exe ute, the robot will take more

timetorea hitsgoal,buteventuallywillrea hit,providedthatthedeadline

missratio is not too high. On the other hand, if,in the ourse of the same

overload, the robot failsin timely dete ting the presen e of an obsta le, it

an ollide with it. Thisfailure an ause e onomi al losses, for example if

the robot or the obje t with whi h it ollides be omes damaged, or it an

alsoputhumanlifesinrisk,forexampleiftheundete ted obje tisaperson.

In[Kop97 ℄deadlinesare lassied asrm orsoft. Ifaresulthasutilityeven

after the deadline haspassed, the deadline is lassied assoft, otherwise it

atastro-leastonea tivityhavinganharddeadlineitis alledahardreal-time system

or safety- riti al real-time system. If no hard real-time deadlines exist, the

systemis alled soft real-time system.

2.2 S heduling real-time systems tasks

Inthe s ope ofreal-time systems,pro esses (orlogi al units of on urren y

withinthe system, intera tingto a hieve a ommon goal[Aud93 ℄)in a

real-time appli ation are mapped on software tasks. Tasks thus represent

a -tivities handled by the omputational system. Usually omputational

sys-temsexe uteseverala tivities,eventuallywithdierentdeadline onstraints.

Some of these a tivities are independent of ea h other, with no pre eden e

onstraints or shared resour es. Other a tivities must be exe uted in some

spe i order, or share a ess to some entities, su h as data stru tures or

I/Odevi es.

To be able to perform orre tly, the resour es required byall the

a tiv-ities should be granted in a waythat they an be ompletely served within

their respe tive deadlines, while respe ting any other requirements, su h as

pre eden e onstraints. The pro edure of sele ting whi h task should be

exe uted at a parti ular point in time is alled s heduling and the set of

rules that, at any time, determinesthe order in whi h tasksareexe uted is

alled a s heduling algorithm. More a urately, a s heduling problem an

be dened [But97℄ by three sets: a set of

n

tasks

J = {J

1

, J

2

, ..., J

n

}

, a set of

m

pro essors

P = {P

1

, P

2

, ..., P

m

}

and a set of

s

types of resour es

R = {R

1

, R

2

, ..., R

s

}

. Furthermore,pre eden erelationsamongtasks anbe spe iedthroughadire teda y li graphandea htask anhaveasso iated

timing onstraints. In this ontext s heduling means to assign pro essors

from

P

and resour es from

R

to tasksfrom

J

inorder to ompleteall tasks

under the imposed onstraints.

Real-time s heduling is perhaps the resear h topi that deserved most

attentionfromthereal-timeresear h ommunity. A ommontaxonomy(e.g.

[But97 ℄) ofreal-time tasks heduling ispresented in Figure 2.2:

O-line. All s heduling de isions are made prior to system exe ution.

The resulting s hedule is stored in a table, alled dispat her table, whi h

run-Real-Time

Scheduling

Off-Line

On-Line

Static

Dynamic

Preemptive

Nonpreemptive

Preemptive

Nonpreemptive

Cyclic

executive

Figure2.2: Taxonomyof real-time s heduling algorithms

thelistanda tivatesthe tasksattheappropriateinstants. Tobeabletouse

this approa h, a omplete hara terization of the propertiesof the task set

isrequired in advan e. Therefore,this method annot handle systems that

require runtime hanges to the task set. On the other hand, su h systems

require low runtime overhead and support omplex s heduling algorithms.

Theformerpropertyresultsfromthefa tthat,duringruntime,theoverhead

isdueonlytothedispat herexe ution,whi hinturnonlyneedstoreaddata

sequentiallyfrom a table. The latter feature results from the fa t that the

s heduling is performed prior to systemexe ution. Thus, the time required

to build the s hedule is not tightly onstrained. Moreover, the s heduling

algorithm an be(and usuallyis)exe uted ina omputationalsystemother

than the one used to deploy the system, whi h an have more adequate

resour esto perform thisfun tion.

On-line. S heduler de isions are taken during system runtime, upon

the o urren e of some event that requires res heduling. Su h events an

be for instan e the arrival of new tasks, a blo king, or the termination of

the urrently exe uting task. To sele t the next taskto exe ute among the

ready ones, a parti ular parameter, usually alled priority, is used. The

priorityisderived bysome spe i methodology, resulting forinstan e from

thetemporalpropertiesofthetaskoritsrelativeimportan e. Thisapproa h

supports runtime hanges to the message set, sin e in ea h invo ation the

s heduler onsiders only the set of ready tasks. On the other hand, the

runtime pro essing required to nd a s hedule an be substantial. Sin e

the time required to build the s hedule is overhead in what on erns the

exe ution of appli ation tasks, the omplexity of the s heduling algorithms

ableat pre-runtime, e.g. xed priorities.

Dynami . S heduling de isions are basedon information that is

avail-ableat runtime, only, e.g. the release instants ofaperiodi tasks.

Non-preemptive. A running task exe utes until it de ides to release

the allo ated resour es, usually on ompletion, irrespe tively of other tasks

be oming ready, eventually with higher priority. In this ase s heduling

de isions areonly requiredafter task's ompletion instants.

Preemptive. A running task an be suspended or interrupted during

its exe ution, ifat some instant a taskwith higher priority be omesready.

Innon-preemptivesystems,whenataskbe omesready,itmustwaitatleast

forthe ompletion oftherunningtask,independently oftheir relative

prior-ities. Thisee t is alledblo king. Preemptive systemsaremoreresponsive

on erninghigherprioritytasks,sin ethesetasksdonotsuerblo kingfrom

lower priority ones. However, in this ase, s heduling events are generated

moreoften,inalltaska tivationinstants,resulting inhigheroverheadwhen

ompared with non-preemptive systems.

2.3 S hedulability analysis

Hard real-time systems demand a high degree of predi tability, thus the

feasibility of the s hedule should be guaranteed in advan e. On the other

hand, soft real-time systems have less stringent requirements, and missing

deadlineshaveno atastrophi onsequen es. S hedulingalgorithmsfallinto

two lasses, guarantee-oriented and besteort [SR92℄. Ino-line s heduled

systemstaskproperties su h asa tivation instants, worst- ase omputation

times, et . are known a priori, and the s hedule is built before runtime.

Provided that the assumptions on erning the task properties are

a u-rate, if a feasible s hedule is found the tasks are guaranteed to meet their

deadlines during system runtime. Thus, this kind of algorithms fall into

the guaranteed-oriented lass. However, in on-line s heduled systems, that

knowledge might not beavailable, e.g. when tasksare reated and removed

dynami ally during runtime. In this ase, if there is an on-line admission

ontrol me hanism based on a s hedulability test, responsible for reje ting

hangestothe tasksetthat ompromise thesystemtimeliness, the

Increasing task set complexity

Exact

Schedulability test

Negative

test

Task set not

schedulable

Positive

test

Task set

schedulable

Necessary schedulability test

Sufficient schedulability test

Figure2.3: Exa t, su ient and ne essarys hedulabilitytests

ofa eptedtasksarereservedintothe future. Ontheotherhand,if hanges

tothe tasksetarealways a eptedwithoutanykindofassessment,itisnot

possibleto guaranteethesystemtimeliness,andthus su halgorithmsfallin

the best eort ategory .

The s hedulability test algorithms are losely related to the parti ular

s hedulingalgorithm. Thes hedulabilitytestresultmustree ttheabilityof

theparti ulars hedulingalgorithmtondornotafeasibles hedule. Insome

ases,thes hedulabilitytestisexa t,meaningthat,ifafeasibles hedule an

be built,the test result ispositive, and onversely, anegative result implies

thatthe s hedulingalgorithm isunabletondafeasibles hedule. However,

exa t s hedulabilitytests anbe too omplex to exe uteon-line, or even be

omputationallyintra table[GJ75 ℄. Su ients hedulabilitytest algorithms

an be simpler. However, a su ient s hedulability test an reje t feasible

sets. On the other hand, sets reje ted by a ne essary s hedulability test

algorithm arenot ertainlys hedulable, but taskssets thatarenot reje ted

maybenots hedulable. Figure2.3depi tstheguaranteesdeliveredbythese

typesofs hedulability tests.

2.4 Examples of s heduling algorithms

This se tion briey presents some paradigmati s heduling algorithms and

respe tive s hedulability analysis. Parti ular attention is devoted to Rate

Monotoni and Earliest Deadline First s heduling algorithms be ause later

onthese algorithmswill bere-usedfor message s heduling.

2.4.1 Task model

Tasksare a tivated in responseto some event. For instan e, in a omputer

en-a tivatedand exe utedwhenpossible. Inthis asethea tivationinstantsof

the tasks annotbepredi ted. Thesetasksare alled aperiodi . Ifthere isa

minimum inter-arrival time between any two onse utive a tivations, tasks

are alled sporadi . Some othertasksarerequired to be a tivatedregularly.

This situation is often found in omputer ontrol systems, to enfor e the

sampling of data at some desired rate. These tasks are known as periodi .

To be able to s hedule a set of tasks, s heduling algorithms need to have a

minimum level of knowledge about ea h task properties. A set of periodi

tasks

Γ

an be denotedby:

Γ = {τ

i

(C

i

, T

i

, P h

i

, D

i

, P r

i

), i = 1, ..., n}

(2.1) where:

• C

i

isthe worst ase omputation time required bytask

τ

i

;

• T

i

isthe period oftask

τ

i

;

• P h

i

, isthe initial phase oftask

τ

i

;

• D

i

isthe relative deadline of task

τ

i

;

• P r

i

is the priority or valueof task

τ

i

.

Thea tivationinstant(

a

i,k

)andabsolutedeadlinevalue(

d

i,k

)ofthegeneri

k

th

instan eof the periodi task

τ

i

an be omputed as:

a

i,k

= P h

i

+ (k − 1) ∗ T

i

d

i,k

= a

i,k

+ D

i

Thesamenotationisvalidforsporadi tasks,ex eptthattheperiod(

T

i

) be omes the minimum inter-arrival time (

mit

i

) and the initial phaseis not dened. In this ase the a tivation instant and absolute deadline instants

an be omputed as:

a

i,k

≥ a

i,k−1

+ mit

i

d

i,k

= a

i,k

+ D

i

2.4.2 On-line s heduling algorithms

TheseminalworkbyLiuandLaylan[LL73℄in ludestwoofthemost

impor-tant s heduling algorithms for independent task s heduling in single CPU

systems. Thesealgorithms arethe RateMonotoni ,for stati priorities

sys-tems and Earliest Deadline First for dynami priorities systems. The

rele-van e ofthese algorithmsresultsfrom thefa tthattheyareoptimal among

their lasses. An algorithm is optimal if it is able to generate a feasible

s hedulewhenever some otheralgorithm of the same lass isableto do it.

Rate Monotoni algorithm

TheRate Monotoni (RM)algorithm [LL73℄ is an on-line preemptive

algo-rithmbasedon stati priorities.

A ording to the RM algorithm, priorities are assigned monotoni ally

with respe t to the tasks period; the shorter the period, the greater the

priority:

∀τ

i

, τ

j

∈ Γ : T

i

< T

j

⇒ P r

i

> P r

j

(2.2)

At runtime, whenever a task instan e is a tivated or the running task

nishesexe uting,the s heduler sele ts the taskwith highestperiod among

the ready ones. The overall omplexity of this algorithm is

O(n)

sin e

in-sertinga newtaskinstan ein an orderqueue of

n

elementsmaytake upto

n

steps. At dispat hing time, sele ting the highest priority ready task just requiresto getthe rstelement of the head ofthe queue.

Earliest DeadlineFirst Algorithm

TheEarliestDeadlineFirst(EDF)[LL73℄algorithmisanon-linepreemptive

algorithmbasedondynami priorities. A ordingtotheEDFalgorithm,the

earliestthedeadline thehighestthepriorityofthetask. During runtime the

following relation holds:

∀τ

i

, τ

j

∈ Γ

R

: d

i

< d

j

⇒ P r

i

> P r

j

(2.3) where

Γ

R

isthe subset of

Γ

omprising the ready tasks and (

d

i

,

d

j

) are the absolutedeadlinesof tasks

τ

i

and

τ

j

.

Task T C

1 4 2

2 6 2

3 11 1

Table 2.1: Periodi taskset properties

0

5

10

15

20

25

τ1

τ2

τ3

Figure2.4: S hedule generated byRM

Atruntime,whenever ataskinstan eisa tivatedortherunningtask

n-ishesexe uting,thes hedulersele tsthetaskwithhighestperiodamongthe

ready ones. Sin e the taskpriorities aredynami , it isne essaryto sortthe

readytaskqueuewhenever newtaskinstan esarea tivated. Thus,thetime

omplexityofthisalgorithm is

O(n ∗ log(n))

. IffollowsthatEDFs heduling

requireshigher runtime overhead than the RM s heduling algorithm, whi h

an be problemati in systems based on low pro essing power CPUs, often

foundinsomeembeddeddistributed ontrolappli ations. However,asitwill

be seen further on, ompared to RM, the EDF algorithm is ableto a hieve

higherutilization fa torsand,at the sametime, the number ofpreemptions

an be potentially lower. This results in a trade-o between runtime

over-headands hedulabilitylevel,whi hmustbeevaluated aseby ase. Figures

2.4 and 2.5 depi t the timeliness relative to the s hedules generated both

by an RM and EDF s hedule algorithms for a periodi task set with the

propertiesstated in table 2.1.

InFigure2.4 , on erningtheRMs heduler,it anbeobserved thattask

τ

1

alwaysexe utesrst,sin eithastheshortestperiodamongalltasks, and thus the highest priority. Task

τ

2

always exe utes beforetask

τ

3

be ause it hasashorterperiod. However,inFigure2.5 , on erningtheEDFs heduler,

0

5

10

15

20

25

τ1

τ2

τ3

Figure2.5: S hedule generated byEDF

duringruntime. For instan e, at time t=6task

τ

3

hasthe shortest deadline andthus exe utes before task

τ

2

.

Other s heduling algorithms

Manyothers hedulinghavebeendevelopedalongtheyears. Twoother

well-knownalgorithmsarethe DeadlineMonotoni (DM)[LW82 ℄andthe

Least-Laxity(LL) algorithms [MD78℄. The DM algorithm belongs to the lassof

the stati priorities preemptive algorithms and uses the same assumptions

asthe RMalgorithm ex eptthat relative deadlines an be shorterthan the

periods. Inthis algorithm taskpriorities are assigneda ording to the task

relative deadlines instead of periods. The DM algorithm is also optimal in

its lass[LW82 ℄. TheLLalgorithmmakesthesameassumptionsastheEDF

algorithm. However, thepriorityassignment ismadea ordingto thelaxity

ofthetask, i.e.,the amount oftime thatatask anwait tobeabletonish

withinthe deadline. TheLL algorithm also isoptimal in its lass [MD78℄.

2.4.3 S hedulability tests

Most of the s hedulability tests fall in one of two lasses: utilization-based

andresponse-timebased. Theformer oneshavealower omputational

om-plexity than the latter ones, thus from this point of view are more

suit-ableto be usedin on-lines heduledsystems. However, response-timebased

Utilization-based s hedulability tests

Liu and Layland present a su ient s hedulability ondition for the RM

algorithm [LL73℄. The following assumptionsareassumed:

•

Task setonly omprisesperiodi tasks;

•

Relativedeadlines ofall tasksare equalto the tasks periods;

•

Independent tasks,i.e.,nopre eden eormutualex lusion onstraints;

•

Alltaskinstan es have the sameworst- aseexe ution time.

Moreover, itisimpli itlyassumedthat, on estarted, taskinstan esexe ute

until ompletionorpreemptionandthattheoperatingsystemoverhead(e.g.

time required for ontext swit hing and ti k handling) is small and an be

ignored. However, when required, the operating system overhead an be

a ounted for in the analysis.

The pro essor utilization fa tor of a task set is dened as the fra tion

of the pro essor time spent in the exe ution of the task set. The ratio

between the omputation time of a taskand its periodgivesthe fra tionof

the pro essortimespentin exe uting thattask. Thus,the utilization fa tor

U

of ataskset omposedby

n

tasks is:

U =

n

X

i=1

(

C

i

T

i

)

(2.4)

The su ient s hedulability analysispresented in [LL73℄ onsistsin the

omputation of the least upper bound for the task set utilization. For all

tasksets having a utilization fa tor below this bound there exist a feasible

s hedule. Theleastupper bound is given by the following equation:

U =

n

X

i=1

(

C

i

T

i

) < n(2

1

n

− 1)

(2.5)

Thisfun tionapproa hes(

≃ 0.69

)as

n

goestoinnity. Fortasksetswith

harmoni periods the leastupper bound isone, the maximum attainable in

single pro essors. To perform this feasibility test it is required to sum the

utilizations of ea h task. For atask setwith

n

messagesthis takes

n

steps,

Other utilization-based analysis for the RM s heduling algorithm have

been proposed, some of them providing exa t results ([LSD89 ℄) even for

arbitrarydeadlines([Leh90 ℄). However,despitebeingmore omplexto

om-pute, they still do not provide timing information for individual tasks, as

response-timebased s hedulabilitytestsdo.

AnextensionoftheoriginalanalysisofLiuandLaylandfornon-preemptive

systems was presented in [SS93 ℄. In this ase high priority tasks an be

blo ked byrunning lower prioritytasks. Thisblo king o urs at most on e

inea h taskinstan ea tivationifasuitableresour e a essproto olisused

(e.g. Priority Ceiling Proto ol). For these assumptions, a set of

n

periodi tasksiss hedulable byRM if:

∀i, 1 ≤ i ≤ n,

i−1

X

j=1

(

C

j

T

j

) +

C

i

+ B

i

T

i

≤ i(2

1

i

− 1)

(2.6)

where

B

i

isthetimeduringwhi htask

τ

i

isblo kedbylowerprioritytasks (priority inversion). The task set is supposed to be ordered by de reasing

priorities,i.e.,

∀i, j : 1 ≤ i, j ≤ n, i < j ⇒ P

i

≥ P

j

.

B

i

isdetermined asfollows:

(

B

i

= 0,

P

i

= min

j=1..n

{P

j

}

B

i

= max

j∈lp(i)

{C

j

} , P

i

6= min

j=1..n

{P

j

}

(2.7)

where

lp(i)

denotes the set oftaskshaving lower prioritythan task

τ

i

. In [LL73 ℄ it is also presented a s hedulability ondition for the EDF

algorithm. It relies on the same assumptions of the RM s hedulability test

above referred. This ondition isexa t (ne essaryand su ient):

U =

n

X

i=1

(

C

i

T

i

) ≤ 1

(2.8)

As in the ase of RM s hedulability test, it is required to sum the

uti-lizations of ea h task. For a taskset with

n

messagesthis takes at most

n

steps,thus the omplexityof this method isalso

O(n)

.

Response-time based s hedulability tests

Severalresponse-timebaseds hedulabilitytestshavebeenproposed.

not onlyprovide s hedulabilitytestsfor tasksetswith arbitraryxed

prior-ity ordering, but also provide estimations of the a tual worst- aseresponse

time of ea htask.

A ording to the method presented in [ABR

+

93 ℄, the longest response

time of a periodi task

τ

i

, denoted as

R

i

, is given by the sum of its om-putation time (

C

i

) with the amount of interferen e that it an suer from higherprioritytasks(

I

i

), al ulatedinthe riti alinstant,i.e.,theinstantin whi h the ombination of the a tivations of the tasks auses the maximum

interferen e.

R

i

= C

i

+ I

i

(2.9)

The amount ofinterferen e due to higherprioritytasks is:

I

i

=

X

∀

j∈hp(i)

 R

i

T

j



C

j

(2.10)

where

hp(i)

isthe set oftaskswith higher priorities.

Combining equations 2.9and 2.10results:

R

i

= C

i

+

X

∀

j∈hp(i)

 R

i

T

j



C

j

(2.11)

Unfortunately, the response time

R

i

appears in both sides of equation 2.11. However,it an be usedan intera tivete hniqueto solveit. Let

r

n

i

be

the

n

th

approximationoftherealvalueof

r

i

. Thesu essiveapproximations aregenerated by:

r

n+1

_i

= C

i

+

X

∀

j∈hp(i)

 r

n

i

T

j



C

j

(2.12)

Theiterationstartswith

r

0

i

= 0

+

andstopswhen

r

n+1

i

= r

i

n

. Asreferred in [ABR

+

93 ℄, it an be shown that

r

n+1

i

≥ r

i

n

and so the iteration an be stopped either when

r

n+1

i

= r

n

i

or when

r

n

i

ex eeds the task deadline

or period (for Deadline Monotoni or Rate Monotoni s heduling poli y,

respe tively). Moreover, in ea hiteration of Equation2.12either

r

n+1

i

= r

n

i

andthepro ess isnished,or

r

n+1

i

> r

i

n

meaning that(atleast)aninstan e of an higher priority task be ame ready. Thus, iteration steps are

lower-impliesthatthetermination onditionisrea hedinanitenumber ofsteps.

The analysis presented in [ABR

+

93℄ also in ludes the ee t of

non-preemption due to resour e sharing. Moreover, it an be extended to

in-dependent non-preemptive systems. In this ase Equation 2.9 an still be

usedbutthe interferen eequationmustberedenedtoin lude theblo king

fa tordue to lower prioritytasks, asfollows:

I

i

= B

i

+

X

∀

j∈hp(i)

 I

i

T

j



C

j

(2.13)

The blo king term

B

i

is still given by 2.7. As in the ase of Equation 2.11 , Equation 2.13 is also solved iteratively. Note however that Equation

2.13 does not in lude the omputation time of the task

τ

i

itself, sin e in non-preemptive systems, on e a taskis dispat hed it annotbeinterrupted

byother tasks.

Contrarilytowhathappensinxedprioritysystemssu hasDMorRM,

the worst- ase response times of a general task set s heduled by EDF are

not ne essarily obtained with a syn hronous pattern of arrival, i.e., when

all tasks be ome ready at the same (arbitrary) time instant. In fa t, the

worst- ase response time of a task

τ

i

is found in a deadline busy period, in whi h all tasks but

τ

i

are released syn hronously from the beginning of the deadline busy period and at their maximum rate [GRS96℄. In order to

nd the worst- ase response time of

τ

i

, it is ne essary to onsider several s enarios, in whi h

τ

i

has an a tivation released at time

a

, while all other tasksarereleased syn hronously, at an arbitrarytime instant,usually

t = 0

[Spu96 ℄. Thus, for a given value of

a

, the response time of a

τ

i

instan e releasedat time

a

is given by:

R

i

(a) = max{C

i

, L

i

(a) − a}

(2.14)

where

L

i

(a)

is the length of the busy period thatin ludes

τ

i

a tivation. To ompute

L

i

(a)

thefollowing iterative omputationis performed:

L

(0)

_i

(a) = 0, L

(k+1)

_i

(a) = W

i

(a, L

(k)

i

(a)) + (1 +

 a

T

i



)C

i

(2.15)

where

W

i

(a, t)

in ludesthe ontributions of all instan es ofall tasks ex- ept

τ

i

having absolutedeadlines smalleror equal to

a + D

i

, i.e.:

W

i

(a, t) =

X

j 6= i

d

j

≤ a + D

i

min

 t

T

j



, 1 +

 a + D

i

− d

j

T

j



C

j

(2.16)

The issue of EDF task s heduling analysis on non-preemptive systems

wasaddressedin[GRS96℄. Asinthe aseofxedprioritiesaddressedabove,

also in systemsbasedon EDF,the s hedulability analysisissimilar in both

the preemptive and non-preemptive ases. The only twodieren es are:

•

Duetotheabsen eofpreemption,ataskinstan ewithalaterabsolute deadline an auseblo king,thus indu ing priorityinversions;

•

The al ulation of the busy period must be performed until the start time of the task instan e instead of its ompletion time, sin e, on e

dispat hed,the taskinstan e always exe utesuntil ompletion.

Therefore,Equations2.14,2.15and2.16fornon-preemptivesystemsbe ome

respe tively:

R

i

(a) = max{C

i

, L

i

(a) + C

i

− a}

(2.17)

L

(k+1)

_i

(a) =

max

D

j

>a+D

i

{C

j

− 1} + W

i

(a, L

(k)

_i

(a)) +

 a

T

i



C

i

(2.18)

W

i

(a, t) =

X

j 6= i

D

j

≤ a + D

i

min



1 +

 t

T

j



, 1 +

 a + D

i

− D

j

T

j



C

j

(2.19)

Asinthe aseofpreemptivesystems,Equation2.18isamonotoni

non-de reasingstepfun tion,and anbesolvediteratively,startingwith

L

0

i

(a) =

0

.