A Synchronous IPC Protocol for Predictable Access to Shared Resources in Mixed-Criticality Systems
|
|
- Arthur Lindsey
- 5 years ago
- Views:
Transcription
1 A Synchronous IPC Protocol for Predictable Access to Shared Resources in Mixed-Criticality Systems RTSS 14 December 4, 2014 Björn B. Linux Testbed for Multiprocessor Scheduling in Real-Time Systems
2 How To Synchronize Access to Shared Resources? (such as data structures, OS services, I/O ports, ) Part 1 Locking is the wrong approach in mixed-criticality (MC) systems. Part 2 MC-IPC: Predictable IPC for Cross-Criticality Resource Sharing Part 3 A Case Study: Freedom-from-Interference Despite Failures, DoS, 2
3 Synchronization vs. Isolation in Mixed-Criticality Systems 3
4 Isolation: The Core MC Requirement Freedom from Interference High-criticality tasks not negatively affected by other (low-criticality) tasks. 4
5 Isolation: The Core MC Requirement Freedom from Interference High-criticality tasks not negatively affected by other (low-criticality) tasks. analyze & trust isolate & enforce 5
6 Isolation: The Core MC Requirement Freedom from Interference High-criticality tasks not negatively affected by other (low-criticality) tasks. analyze & trust Design Time Proof Obligation Show that a (lower-criticality) task does not cause interference. isolate & enforce Mandate Strict Isolation Ensures that a (lower-criticality) task cannot cause interference. At runtime Trust that other tasks do not cause unpredictable interference. At runtime Unpredictable interference impossible due to isolation. 6
7 Isolation: The Core MC Requirement The Problem with Analyze & Trust Freedom from Interference Need to establish absence of interference at the level of assurance High-criticality tasks not negatively affected by other (low-criticality) tasks. of the highest-criticality task that could be interfered with. we re back to applying the highest standards to all tasks analyze & trust Design Time Proof Obligation Show that a (lower-criticality) task does not cause interference. isolate & enforce Mandate Strict Isolation Ensures that a (lower-criticality) task cannot cause interference. At runtime Trust that other tasks do not cause unpredictable interference. At runtime Unpredictable interference impossible due to isolation. 7
8 Isolation: The Core MC Requirement Benefit of Isolation Freedom from Interference Need to apply highest standards High-criticality tasks not negatively affected by other (low-criticality) tasks. only when validating the isolation mechanism itself. But NOT to each isolated (lower-criticality) task. analyze & trust Design Time Proof Obligation Show that a (lower-criticality) task does not cause interference. isolate & enforce Mandate Strict Isolation Ensures that a (lower-criticality) task cannot cause interference. At runtime Trust that other tasks do not cause unpredictable interference. At runtime Unpredictable interference impossible due to isolation. 8
9 Isolation: The Core MC Requirement Freedom from Interference High-criticality tasks not negatively affected by other (low-criticality) tasks. logical isolation + temporal isolation 9
10 Locking Implies Trust Real-time locking protocols: PIP, PCP, MPCP, FMLP, OMLP Applicable across multiple criticalities? task (1) lock (3) unlock (2) read & write shared memory Lowcriticality Highcriticality task 10
11 Locking Implies Trust Real-time locking Could protocols: access without PIP, PCP, locking MPCP, first. FMLP, OMLP Applicable across multiple criticalities? Could fail to unlock (or hold lock for arbitrary duration). Could leave resource in (1) lock (3) unlock inconsistent state. (also with wait-free/lock-free) Lowcriticality Highcriticality task (2) read & write shared memory task 11
12 Better: Message Passing / IPC Isolate resource in resource server process to mediate access Use inter-process communication (IPC) to request service Canonical approach in µ-kernels task (1) IPC request (2) check & process request (3) IPC reply IPC Resource Server private memory Lowcriticality Highcriticality task 12
13 Untrusted client cannot occupy resource indefinitely. Better: Message-Passing / IPC Isolate resource in resource server process to mediate access Untrusted client cannot Untrusted client cannot leave Use inter-process communication (IPC) to request service bypass synchronization. resource in inconsistent state. Canonical approach in µ-kernels task (1) IPC request (2) check & process request (3) IPC reply IPC Resource Server private memory Lowcriticality Highcriticality task 13
14 Logical isolation: Must still validate and trust the server Better: Message-Passing / IPC at highest-criticality level of assurance Isolate resource in resource server process to mediate access Use inter-process communication (IPC) to request service Canonical but not approach all clients! in µ-kernels task (1) IPC request (2) check & process request (3) IPC reply IPC Resource Server private memory Lowcriticality Highcriticality task 14
15 Temporal Isolation: What is the maximum IPC ing delay? Better: Message-Passing / IPC and what happens if clients misbehave!? Isolate resource in resource server process to mediate access Use inter-process communication (IPC) to request service Canonical approach in µ-kernels task (1) IPC request (2) check & process request (3) IPC reply IPC Resource Server private memory Lowcriticality Highcriticality task 15
16 MC-IPC An IPC Protocol for Mixed-Criticality Systems 16
17 System Topology: Clustered Scheduling J 2 J 4 J 1 J 3 Q1 Q2 m = 4 Core 1 Core 2 Core 3 Core 4 K = 2 m1 = 2 L2 Cache L2 Cache m2 = 2 Main Memory Shared-Memory multiprocessor platform Organized into K clusters C1, C2,, CK mi processors in cluster Ci non-uniform clusters permitted 17
18 Partitioned Scheduling: mi = 1 in each cluster (= partition) System Topology: Clustered Scheduling Special case most common in practice (and used in evaluation). J 2 J 4 J 1 J 3 Q1 L2 Cache Q2 Core 1 Core 2 Core 3 Core 4 L2 Cache m = 4 K = 2 m1 = 2 m2 = 2 Main Memory Shared-Memory multiprocessor platform Organized into K clusters C1, C2,, CK mi processors in cluster Ci non-uniform clusters permitted 18
19 Temporal Isolation: Reservation-Based Scheduling per-cluster top-level scheduler R1 R2 T1 T2 T3 T? T? Reservation-Based Scheduling R1, R2, top-level scheduler chooses reservation reservation chooses task Each reservation has a current current budget one or more client tasks Specific type of reservation intentionally left undefined. Compatible examples: polling reservation table-driven reservation constant bandwidth server (CBS) 19
20 Reservation Assumptions per-cluster top-level scheduler R1 R2 T1 T2 T3 T? T? Assumptions A1: the of a reservation changes only when its budget is exhausted or replenished. A2: a reservation selected for service by the top-level scheduler consumes budget even if all clients are blocked on IPC (idling rule). 20
21 Resource Servers cluster Ca top-level scheduler cluster Cb top-level scheduler Rx Ry T? Ti T? T? T? Sq Tj low-criticality high-criticality synchronous IPC synchronous IPC Shared resource servers each shared resource q encapsulated in resource server Sq Logical Isolation OS: isolate server in private protection domain (private address space) server implementation: reject requests that are illegal / illformed / non-sensical Temporal Isolation server implementation: bounded maximum operation length IPC protocol must ensure bounded IPC delay (= bandwidth consumption) 21
22 What Could Violate Temporal Isolation? P1: The resource server may be preempted indefinitely Need to ensure timely IPC request completion P2: Clients may attempt to monopolize server Need to prevent starvation ( FIFO?) P3: There may be an unpredictable number of contending clients Need to respect of requesting clients (?) P4: A client may run out of budget while waiting for server Need to prevent backlog of stale clients P5: Best-effort background tasks may need to access server Some system services inherently shared (e.g., network stack) 22
23 What Could Violate Temporal Isolation? P1: The resource server may be preempted indefinitely Need to ensure timely IPC request completion No existing design is resilient to all of these issues. P2: Clients may attempt to monopolize server Need to prevent starvation ( FIFO?) P3: There may be an unpredictable number of contending clients Need to respect of requesting clients (?) P4: A client may run out of budget while waiting for server Need to prevent backlog of stale clients P5: Best-effort background tasks may need to access server Some system services inherently shared (e.g., network stack) 23
24 What Could Violate Temporal Isolation? P1: The resource server may be preempted indefinitely Need to ensure timely IPC request completion No existing design is resilient to all of these issues. P2: Clients may attempt to monopolize server Need to prevent starvation ( FIFO?) P3: There may be an unpredictable number of contending clients Need to respect of requesting clients (?) MC-IPC: we can tolerate all causes by combining P4: A client may run out of budget while waiting to contact server prior techniques and simple commonsense solutions Need to prevent backlog of stale clients in just the right way P5: Best-effort background tasks may need to access server Some system services inherently shared (e.g., network stack) 24
25 P1: Ensuring Server Progress Server preempted while replying to IPC = Lock-holder preempted while executing critical section. apply well-known techniques for ensuring lock-holder progress 25
26 P1: Ensuring Server Progress Server preempted while replying to IPC = Lock-holder preempted while executing critical section. Ensuring timely IPC completion: Bandwidth Inheritance let server execute on budget of any client (implicit in idling rule). When preempted, migrate server to processor of waiting client. Well-known solution Helping / timeslice donation in L4/Fiasco Hohmuth & Härtig, Multiprocessor Bandwidth Inheritance (MBWI) Faggioli et al., 2010 & M. Hohmuth and H. Hä rtig, Pragmatic nonblocking synchronization for real-time systems, in Proc. USENIX ATC 01, D. Faggioli, G. Lipari, and T. Cucinotta, Analysis and implementation of the multiprocessor bandwidth inheritance protocol, Real-Time Systems, vol. 48, no. 6, pp ,
27 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. 27
28 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Need to respect priorities within each cluster, but also need to ensure fairness among clusters. can apply OMIP three-level structure [ECRTS 13] OMIP:, A Fully Preemptive Multiprocessor Semaphore Protocol for Latency-Sensitive Real-Time Applications, In Proc. ECRTS 13, July
29 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Cluster 1 Cluster 2 Cluster K 29
30 Clients ordered by current reservation. P2 & P3: Dealing With Unknown Contention Priority-ordered w.r.t. top-level scheduler, An unknown number of tasks may issue requests at arbitrary rates. not reservation-internal priorities (if any): important for proof. Cluster 1 Cluster 2 Cluster K 30
31 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Cluster 1 head (FIFO) Cluster 2 head (FIFO) Cluster K head (FIFO) 31
32 P2 & P3: Dealing With Unknown Contention Bounded length: at most mi - 1 jobs in each head. An unknown number of tasks may issue requests at arbitrary rates. (mi = number of cores in cluster) Cluster 1 head (FIFO) Cluster 2 head (FIFO) Cluster K head (FIFO) 32
33 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Cluster 1 head (FIFO) Cluster 2 local head in each cluster head (FIFO) next to be served Cluster K head (FIFO) 33
34 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Cluster 1 head (FIFO) global (FIFO) Cluster 2 head (FIFO) Cluster K head (FIFO) 34
35 P2 & P3: Dealing With Unknown Contention Bounded length: at most K - 1 jobs in global. An unknown number of tasks may issue requests at arbitrary rates. (K = number of clusters in the system) Cluster 1 head (FIFO) global (FIFO) Cluster 2 head (FIFO) Cluster K head (FIFO) 35
36 P2 & P3: Dealing With Unknown Contention An unknown number of tasks may issue requests at arbitrary rates. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Cluster K head (FIFO) 36
37 P4: Dealing With Budget Exhaustion Idling & bandwidth inheritance: a waiting client can run out of budget. 37
38 P4: Dealing With Budget Exhaustion Idling & bandwidth inheritance: a waiting client can run out of budget. With predictable IPC delay, a correct (high-criticality) task will have been provisioned to never exceed its budget. can prune clients from when budget exhausted & let them reissue requests after budget has been replenished 38
39 P4: Dealing With Budget Exhaustion Idling & bandwidth inheritance: a waiting client can run out of budget. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Cluster K head (FIFO) 39
40 P4: Dealing With Budget Exhaustion Easy case: client request not yet being served simply de. Idling & bandwidth inheritance: a waiting client can run out of budget. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Cluster K head (FIFO) 40
41 Tricky case: client request is being served. P4: propagate Dealing next task With from Budget head to Exhaustion local head, but do not add to global yet! (important for proof) Idling & bandwidth inheritance: a waiting client can run out of budget. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Cluster K head (FIFO) 41
42 P4: Dealing With Budget Exhaustion Idling & bandwidth inheritance: a waiting client can run out of budget. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Remove local stop flag only when IPC request is completed. Cluster K Intuition: create back-pressure without affecting other clusters. head (FIFO) 42
43 Added benefit: this mechanism allows us P4: Dealing With Budget Exhaustion to deal with budget-less best-effort tasks. Idling & bandwidth inheritance: a waiting client can run out of budget. (see paper for des) Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Remove local stop flag only when IPC request is completed. Cluster K Intuition: create back-pressure without affecting other clusters. head (FIFO) 43
44 MC-IPC: Bandwidth Isolation Guarantee MC-IPC = MBWI + OMIP Queue + Pruning + Best-Effort Tasks 44
45 MC-IPC: Bandwidth Isolation Guarantee MC-IPC = MBWI + OMIP Queue + Pruning + Best-Effort Tasks If a client Ti does not exhaust its reservation s budget during a synchronous IPC invocation (= if not pruned), then Ti s IPC request to a server Sq is delayed by at most 2 mk K other requests ( delayed = forced to expend budget). mk number of cores in local cluster K number of clusters 45
46 MC-IPC: Bandwidth Strict Temporal Isolation Guarantee The per-request IPC delay bound is independent of any task parameters. MC-IPC = MBWI + OMIP Queue + Pruning + Best-Effort Tasks No trust implied w.r.t. the number of tasks, request frequencies, budgets of other tasks, which resources any other task accesses, etc. If a client Ti does not exhaust its reservation s budget during a synchronous IPC invocation (= if not pruned), then Ti s IPC request to a server Sq is delayed by at most 2 mk K other requests ( delayed = forced to expend budget). mk number of cores in local cluster K number of clusters 46
47 Evaluation: A Case Study PRIO-IPC vs. FIFO-IPC vs. MC-IPC 47
48 Case Study: Access To Signing Service measurements of a real implementation on a real multicore system in a plausible scenario 48
49 Case Study: Access To Signing Service sensor read sample Data collection with high integrity requirements multiple data sources (sensors, ) forward collected samples for further processing over untrusted, potentially compromised network data acquisition task send sample network 49
50 Case Study: Access To Signing Service sensor read sample Data collection with high integrity requirements multiple data sources (sensors, ) forward collected samples for further processing over untrusted, potentially compromised network data acquisition task send sample + signature To ensure integrity and to prevent playback attacks timestamp each sample assign a sequence number add cryptographic signature network 50
51 Case Study: Access To Signing Service sensor Data collection with high integrity requirements multiple data sources (sensors, ) read sample forward collected samples for further processing over untrusted, potentially compromised network data acquisition task IPC request: sample IPC reply: signature send sample + signature signature server To ensure integrity and to prevent playback attacks timestamp each sample assign a sequence number add cryptographic signature To prevent leakage of cryptographic key material key material accessible only to signature server network 51
52 The signature server is a shared resource. Case Study: Access To Signing Service If there are multiple data acquisition tasks, what is the maximum IPC delay? data acquisition task sensor read sample IPC request: sample IPC reply: signature send sample + signature signature server Data collection with high integrity requirements multiple data sources (sensors, ) forward collected samples for further processing over untrusted, potentially compromised network To ensure integrity and to prevent playback attacks timestamp each sample assign a sequence number add cryptographic signature To prevent leakage of cryptographic key material key material accessible only to signature server network 52
53 Case Study: Implementation Reservation-Based Scheduler implemented in LITMUS RT table-driven, sporadic, polling reservations with EDF and FP scheduling Linux Testbed for Multiprocessor Scheduling in Real-Time Systems IPC System Calls added to LITMUS RT Signature Server RSA w/ 2048bit keys max. request length: 2ms Platform 4 Xeon E (2.4 Ghz) cores 53
54 Case Study: Setup on a 4-Core System 4 high-criticality tasks provisioned with table-driven static reservations 10 low-criticality tasks provisioned with simple EDF-scheduled polling reservations 0ms 50ms 100ms core C 1 R H 1 idle core C 2 R H 2 R H 3 static schedule length = 100 ms core C 3 R H 4 idle core C 4 idle idle 54
55 Low-criticality polling reservations assigned to cores C3 and C4; Case executed Study: only Setup when table-driven on a reservation 4-Core is idle. System 4 high-criticality tasks provisioned with table-driven static reservations 10 low-criticality tasks provisioned with simple EDF-scheduled polling reservations 0ms 50ms 100ms core C 1 R H 1 idle core C 2 R H 2 R H 3 static schedule length = 100 ms core C 3 R H 4 idle core C 4 idle idle 55
56 Case Study: Setup on a 4-Core System 4 high-criticality tasks One high-criticality task each provisioned with table-driven static reservations with period = deadline =100ms 10 low-criticality tasks provisioned with simple EDF-scheduled polling reservations 0ms 50ms 100ms core C 1 R H 1 idle core C 2 R H 2 R H 3 static schedule length = 100 ms core C 3 R H 4 idle core C 4 idle idle 56
57 10 low-criticality tasks Case Study: Setup on a 4-Core System one per EDF-based low-criticality reservation 4 high-criticality five per core, tasks with budget = 20ms and periods provisioned = deadline with table-driven {100, 120, 250, static 500, reservations 1000}ms 10 low-criticality tasks provisioned with simple EDF-scheduled polling reservations 0ms 50ms 100ms core C 1 R H 1 idle core C 2 R H 2 R H 3 static schedule length = 100 ms core C 3 R H 4 R L 5,...,R L 9 core C 4 R L 10,...,R L 14 57
58 Case Study: Experiment 8 phases of execution, 60 seconds each = 480 seconds 1 phase = 60 seconds of normal execution 7 phases = 420 seconds of different failure modes measured: IPC delay experienced by each task 58
59 Case Study: Experiment 8 phases of execution, 60 seconds each = 480 seconds 1 phase = 60 seconds of normal execution 7 phases = 420 seconds of different failure modes measured: IPC delay experienced by each task Three IPC protocols MC-IPC (this paper) FIFO-IPC serve requests strictly in FIFO order like Multiprocessor Bandwidth Inheritance Protocol (MBWI) PRIO-IPC order requests by of reservation like most microkernels (e.g., L4/Fiasco) 10 runs each MBWI: D. Faggioli, G. Lipari, and T. Cucinotta, Analysis and implementation of the multiprocessor bandwidth inheritance protocol, Real-Time Systems, vol. 48, no. 6, pp ,
60 Case Study: Experiment 8 phases of execution, 60 seconds each = 480 seconds 1 phase = 60 seconds of normal execution 7 phases = 420 seconds of different failure modes measured: IPC delay experienced by each task 0ms 50ms 100ms core C 1 R H 1 idle Vantage Point core C 2 R H 2 R H 3 All data reported for core C 3 R H 4 R L 5,...,R L 9 high-criticality task on core 1. core C 4 R L 10,...,R L 14 60
61 Case Study: Results Overview MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) 8 phases of execution, 60 seconds each = 480 seconds measured & shown: IPC delay experienced by jobs of task on core 1 Comparison: measured IPC delay vs. predicted maximum All three IPC protocols permit a priori IPC delay bounds but they react differently to task failures / unexpected behavior. 61
62 thick black line = predicted maximum delay Case Study: Results Overview Based on RT analysis & specified task set parameters. MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) 8 phases of execution, 60 seconds each = 480 seconds measured & shown: IPC delay experienced by jobs of task on core 1 Comparison: measured IPC delay vs. predicted maximum All three IPC protocols permit a priori IPC delay bounds but they react differently to task failures / unexpected behavior. 62
63 Case Study: Results Overview MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Red samples = measured IPC delay One sample per job of task on core 1. 8 phases of execution, 60 seconds each = 480 seconds measured & shown: IPC delay experienced by jobs of task on core 1 Comparison: measured IPC delay vs. predicted maximum All three IPC protocols permit a priori IPC delay bounds but they react differently to task failures / unexpected behavior. 63
64 measured IPC delay > predicted maximum delay Case Study: Results Overview unpredictable IPC delays in case of failures! MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) 8 phases of execution, 60 seconds each = 480 seconds measured & shown: IPC delay experienced by jobs of task on core 1 Comparison: measured IPC delay vs. predicted maximum All three IPC protocols permit a priori IPC delay bounds but they react differently to task failures / unexpected behavior. 64
65 Case Study: Results Overview MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) 8 phases of execution, 60 seconds each = 480 seconds measured & shown: IPC delay experienced by jobs of task on core 1 Comparison: measured IPC delay vs. predicted maximum In this talk: 3 select phases. All three IPC protocols permit a priori IPC delay bounds but they react differently to task failures / unexpected behavior. (See paper for discussion of all 8 phases.) 65
66 Phase 1: Normal Operation MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Reality check: all tasks behave exactly as designed / as assumed. Tasks Operate Normally One request to signature server per data acquisition job Expected number of tasks All IPC delays (well) below upper bounds lowest bound under PRIO-IPC most pessimistic bound with FIFO-IPC 66
67 Phase 1: Normal Operation MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Tasks Operate Normally One request to signature server per data-acquisition job No unexpected tasks All IPC delays (well) below upper bounds lowest bound under PRIO-IPC (8ms) most pessimistic bound with FIFO-IPC (28ms) 67
68 Phase 3: Surge in Low-Criticality Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Deviation from original system model: additional low-criticality reservations with period = 3000ms are admitted on all cores. 0ms 50ms 100ms core C The system is flooded 1 R with additional 1 H idle low-criticality tasks Each task operates as expected but there core are unexpectedly many low-criticality tasks. C 2 R H 2 R H 3 16 additional lowcriticality tasks Schedulability of high-criticality tasks should not be affected table-driven core C reservations 3 R have 4 H statically R5 L,...,R higher L (on each 9 anyway. core.) FIFO-IPC problem: core C unexpected length 4 R10,...,R L 14 L With FIFO-IPC, need to place trust in the total number of tasks! 68
69 Phase 3: Surge in Low-Criticality Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) The system is flooded with additional low-criticality tasks Each task operates as expected but there are unexpectedly many low-criticality tasks. Schedulability of high-criticality tasks should not be affected table-driven reservations have statically higher anyway. FIFO-IPC problem: unexpected length With FIFO-IPC, need to place trust in the total number of tasks! 69
70 measured IPC delay > predicted maximum delay Phase 3: Surge in Low-Criticality Tasks unpredictable IPC delays incurred by high-criticality MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) The system is flooded with additional low-criticality tasks Each task operates as expected but there are unexpectedly many low-criticality tasks. Schedulability of high-criticality tasks should not be affected table-driven reservations have statically higher anyway. FIFO-IPC problem: unexpected length With FIFO-IPC, need to place trust in the total number of tasks! 70
71 MC-IPC: somewhat elevated IPC delays, Phase but below 3: predicted Surge bound! in Low-Criticality Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) The system is flooded with additional low-criticality tasks Each task operates as expected but there are unexpectedly many low-criticality tasks. Schedulability of high-criticality tasks should not be affected table-driven reservations have statically higher anyway. FIFO-IPC problem: unexpected length With FIFO-IPC, need to place trust in the total number of tasks! 71
72 Phase 5: High-Criticality DoS MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Deviation from original system model: two high-criticality tasks malfunction, start invoking signature server as quickly as possible effectively a Denial-of-Service (DoS) attack. 0ms 50ms 100ms core C Two higher- 1 R tasks of equal 1 H idle criticality monopolize server PRIO-IPC permits starvation With Attempt PRIO-IPC, core to Cneed 2 to place R H trust in maximum request frequencies. 2 R3 H monopolize FIFO-IPC signature C predicted server. core bound and 3 actual R IPC 4 H delays independent R5 L,...,R9 L of request frequencies MC-IPC core C 4 R10,...,R L 14 L predicted bound accounts for arbitrary request frequencies 72
73 Phase 5: High-Criticality DoS MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Two higher- tasks of equal criticality monopolize server PRIO-IPC permits starvation With PRIO-IPC, need to place trust in maximum request frequencies. FIFO-IPC predicted bound and actual IPC delays independent of request frequencies MC-IPC predicted bound accounts for arbitrary request frequencies 73
74 measured IPC delay approaching 100ms (= period) Phase 5: High-Criticality DoS high-criticality task on core 1 starved completely. MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Two higher- tasks of equal criticality monopolize server PRIO-IPC permits starvation With PRIO-IPC, need to place trust in maximum request frequencies. FIFO-IPC predicted bound and actual IPC delays independent of request frequencies MC-IPC predicted bound accounts for arbitrary request frequencies 74
75 MC-IPC: provides freedom-from-interference even with respect to tasks Phase 5: High-Criticality DoS of equal or higher criticality (= fault containment). MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Two higher- tasks of equal criticality monopolize server PRIO-IPC permits starvation With PRIO-IPC, need to place trust in maximum request frequencies. FIFO-IPC predicted bound and actual IPC delays independent of request frequencies MC-IPC predicted bound accounts for arbitrary request frequencies 75
76 Only MC-IPC Ensures Predicted Worst Case MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) FIFO-IPC and PRIO-IPC Vulnerable to deviations from analyzed system model. MC-IPC: does not require trusting the bound on the number of tasks (either high- or low-criticality). any bounds on maximum request frequencies. the behavior of best-effort or any real-time tasks. The trust rests solely with the server (must reject illegal requests). 76
77 Only MC-IPC Ensures Predicted Worst Case MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) FIFO-IPC Analytical and PRIO-IPC Benefits: Integration with Vestal s Model Vulnerable to deviations from analyzed system model. Because the MC-IPC ensures strict isolation, it is simple to statically reclaim pessimism at lower criticalities MC-IPC: does not require trusting in the spirit of (and compatible with) Vestal s model. the bound on the number of tasks (either high- or low-criticality). Criticality-dependent any bounds on maximum IPC costs, request criticality-dependent frequencies. interference, the behavior of best-effort or any real-time tasks. The trust rests solely with See the paper server. for des. 77
78 Conclusion 78
79 Summary Locking and lock-free/wait-free synchronization are ill-suited for cross-criticality synchronization. Explicit synchronization implies trust and violates isolation. MC-IPC: Resources may be shared between high- and lowcriticality tasks without violating freedom-from-interference Other tasks do not need to be trusted, only the accessed server. Prototype and case study in LITMUS RT (Lack of) isolation easily observed in practical system 79
80 Limitations & Future Work Algorithmic challenge: nested IPC requests (server to server) Not supported by current analysis. Which to en in? Cluster of server? Cluster of client? Both? None? IPC Overheads Prototype in LITMUS RT not optimized, not comparable to highly tuned implementations like those found in the L4 family. Even if highly optimized, MC-IPC will likely still be more heavyweight due to additional operations. 80
81 MC-IPC: freedom-from-interference despite shared resources, despite untrusted tasks, even on multiprocessors. Linux Testbed for Multiprocessor Scheduling in Real-Time Systems Björn B.
82 Appendix 82
83 P5: Accommodating Best-Effort Tasks Sharing with best-effort tasks may be unavoidable for system resources. 83
84 P5: Accommodating Best-Effort Tasks Sharing with best-effort tasks may be unavoidable for system resources. A best-effort task without any guaranteed budget is no different than a real-time task that exhausted its budget just after it started being served. bandwidth inheritance takes care of such tasks 84
85 P5: Accommodating Best-Effort Tasks Sharing with best-effort tasks may be unavoidable for system resources. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) Cluster K head (FIFO) 85
86 P5: Accommodating Best-Effort Tasks Sharing with best-effort tasks may be unavoidable for system resources. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) best-effort served only if global RT is empty Cluster K head (FIFO) 86
87 A real-time task encounters at most one best-effort task. P5: Accommodating Best-Effort Tasks Analytically, no different than finding Sq stuck on Sharing with best-effort a real-time tasks task may with be an unavoidable exhausted for budget. system resources. Best-effort is global, can be ordered arbitrarily. Cluster 1 client currently being served waiting for IPC reply head (FIFO) Cluster 2 Sq global (FIFO) server head (FIFO) best-effort served only if global RT is empty Cluster K head (FIFO) 87
88 Phase 8: Flood of Best-Effort Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Deviation from original system model: additional low-criticality reservations with period = 3000ms are admitted on all cores. Best-effort tasks create contention for resource used by real-time tasks With FIFO-IPC, need to place trust in maximum number of background best-effort tasks. PRIO-IPC Best-effort tasks have lower no additional delays. MC-IPC Handles best-effort tasks explicitly analysis accounts for best-effort tasks. 88
89 Phase 8: Flood of Best-Effort Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Best-effort tasks create contention for resource used by real-time tasks With FIFO-IPC, need to place trust in maximum number of background best-effort tasks. PRIO-IPC Best-effort tasks have lower no additional delays. MC-IPC Handles best-effort tasks explicitly analysis accounts for best-effort tasks. 89
90 Phase 8: Flood of Best-Effort Tasks MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) FIFO-IPC: cannot share resources with best-effort tasks (or must derive high-criticality assurance on maximum number of tasks). Best-effort tasks create contention for resource used by real-time tasks With FIFO-IPC, need to place trust in maximum number of background best-effort tasks. PRIO-IPC Best-effort tasks have lower no additional delays. MC-IPC Handles best-effort tasks explicitly analysis accounts for best-effort tasks. 90
91 MC-IPC: combines advantages of FIFO-IPC and PRIO-IPC. Phase 8: Flood of Best-Effort Tasks Like PRIO-IPC w.r.t. to lower-/lower-criticality tasks, like FIFO-IPC w.r.t. monopolization attempts and starvation effects. MC-IPC (predicted bound: 18ms) FIFO-IPC (predicted bound: 28ms) PRIO-IPC (predicted bound: 8ms) Best-effort tasks create contention for resource used by real-time tasks With FIFO-IPC, need to place trust in maximum number of background best-effort tasks. PRIO-IPC Best-effort tasks have lower no additional delays. MC-IPC Handles best-effort tasks explicitly analysis accounts for best-effort tasks. 91
A Fully Preemptive Multiprocessor Semaphore Protocol for Latency-Sensitive Real-Time Applications
A Fully Preemptive Multiprocessor Semaphore Protocol for Latency-Sensitive Real-Time Applications ECRTS 13 July 12, 2013 Björn B. bbb@mpi-sws.org A Rhetorical Question On uniprocessors, why do we use the
More informationFast on Average, Predictable in the Worst Case
Fast on Average, Predictable in the Worst Case Exploring Real-Time Futexes in LITMUSRT Roy Spliet, Manohar Vanga, Björn Brandenburg, Sven Dziadek IEEE Real-Time Systems Symposium 2014 December 2-5, 2014
More informationImproved Analysis and Evaluation of Real-Time Semaphore Protocols for P-FP Scheduling
Improved Analysis and Evaluation of Real-Time Semaphore Protocols for P-FP Scheduling RTAS 13 April 10, 2013 Björn B. bbb@mpi-sws.org Semaphores + P-FP Scheduling Used in practice: VxWorks, QNX, ThreadX,
More informationSchedulability Analysis of the Linux Push and Pull Scheduler with Arbitrary Processor Affinities
Schedulability Analysis of the Linux Push and Pull Scheduler with Arbitrary Processor Affinities Arpan Gujarati, Felipe Cerqueira, and Björn Brandenburg Multiprocessor real-time scheduling theory Global
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW
Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW 2 SO FAR talked about in-kernel building blocks: threads memory IPC drivers
More informationCopyright Notice. COMP9242 Advanced Operating Systems S2/2014 Week 9: Real-Time Systems. Real-Time System: Definition
Copyright Notice These slides are distributed under the Creative Commons Attribution.0 License COMP94 Advanced Operating Systems S/014 Week 9: Real- Systems @GernotHeiser You are free: to share to copy,
More informationEvent-Driven Scheduling. (closely following Jane Liu s Book)
Event-Driven Scheduling (closely following Jane Liu s Book) Real-Time Systems, 2006 Event-Driven Systems, 1 Principles Assign priorities to Jobs At events, jobs are scheduled according to their priorities
More informationMicrokernel/OS and Real-Time Scheduling
Chapter 12 Microkernel/OS and Real-Time Scheduling Hongwei Zhang http://www.cs.wayne.edu/~hzhang/ Ack.: this lecture is prepared in part based on slides of Lee, Sangiovanni-Vincentelli, Seshia. Outline
More informationBlocking Analysis of FIFO, Unordered, and Priority-Ordered Spin Locks
On Spin Locks in AUTOSAR: Blocking Analysis of FIFO, Unordered, and Priority-Ordered Spin Locks Alexander Wieder and Björn Brandenburg MPI-SWS RTSS 2013 12/04/2013 Vancouver, Canada Motivation: AUTOSAR:
More informationImplementing Scheduling Algorithms. Real-Time and Embedded Systems (M) Lecture 9
Implementing Scheduling Algorithms Real-Time and Embedded Systems (M) Lecture 9 Lecture Outline Implementing real time systems Key concepts and constraints System architectures: Cyclic executive Microkernel
More informationMixed Criticality Scheduling in Time-Triggered Legacy Systems
Mixed Criticality Scheduling in Time-Triggered Legacy Systems Jens Theis and Gerhard Fohler Technische Universität Kaiserslautern, Germany Email: {jtheis,fohler}@eit.uni-kl.de Abstract Research on mixed
More informationResource Sharing among Prioritized Real-Time Applications on Multiprocessors
Resource Sharing among Prioritized Real-Time Applications on Multiprocessors Sara Afshar, Nima Khalilzad, Farhang Nemati, Thomas Nolte Email: sara.afshar@mdh.se MRTC, Mälardalen University, Sweden ABSTRACT
More informationPredictable Interrupt Management and Scheduling in the Composite Component-based System
Predictable Interrupt Management and Scheduling in the Composite Component-based System Gabriel Parmer and Richard West Computer Science Department Boston University Boston, MA 02215 {gabep1, richwest}@cs.bu.edu
More informationMultiprocessor Real-Time Locking Protocols: from Homogeneous to Heterogeneous
Multiprocessor Real-Time Locking Protocols: from Homogeneous to Heterogeneous Kecheng Yang Department of Computer Science, University of North Carolina at Chapel Hill Abstract In this project, we focus
More informationCoordination and Agreement
Coordination and Agreement Nicola Dragoni Embedded Systems Engineering DTU Informatics 1. Introduction 2. Distributed Mutual Exclusion 3. Elections 4. Multicast Communication 5. Consensus and related problems
More informationFaculty of Computer Science Institute of Systems Architecture, Operating Systems Group. vs. REAL-TIME SYSTEMS MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group REAL-TIME vs. SYSTEMS MICHAEL ROITZSCH DEFINITION system whose quality depends on the functional correctness of computations
More informationTime Triggered and Event Triggered; Off-line Scheduling
Time Triggered and Event Triggered; Off-line Scheduling Real-Time Architectures -TUe Gerhard Fohler 2004 Mälardalen University, Sweden gerhard.fohler@mdh.se Real-time: TT and ET Gerhard Fohler 2004 1 Activation
More informationExam Review TexPoint fonts used in EMF.
Exam Review Generics Definitions: hard & soft real-time Task/message classification based on criticality and invocation behavior Why special performance measures for RTES? What s deadline and where is
More informationREAL-TIME OVERVIEW SO FAR MICHAEL ROITZSCH. talked about in-kernel building blocks:
Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW 2 SO FAR talked about in-kernel building blocks: threads memory IPC drivers
More informationAperiodic Servers (Issues)
Aperiodic Servers (Issues) Interference Causes more interference than simple periodic tasks Increased context switching Cache interference Accounting Context switch time Again, possibly more context switches
More informationReal-Time (Paradigms) (47)
Real-Time (Paradigms) (47) Memory: Memory Access Protocols Tasks competing for exclusive memory access (critical sections, semaphores) become interdependent, a common phenomenon especially in distributed
More informationComputer Science Window-Constrained Process Scheduling for Linux Systems
Window-Constrained Process Scheduling for Linux Systems Richard West Ivan Ganev Karsten Schwan Talk Outline Goals of this research DWCS background DWCS implementation details Design of the experiments
More informationMultiprocessor System. Multiprocessor Systems. Bus Based UMA. Types of Multiprocessors (MPs) Cache Consistency. Bus Based UMA. Chapter 8, 8.
Multiprocessor System Multiprocessor Systems Chapter 8, 8.1 We will look at shared-memory multiprocessors More than one processor sharing the same memory A single CPU can only go so fast Use more than
More informationREPORT DOCUMENTATION PAGE Form Approved OMB NO
REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,
More informationMultiprocessor Systems. COMP s1
Multiprocessor Systems 1 Multiprocessor System We will look at shared-memory multiprocessors More than one processor sharing the same memory A single CPU can only go so fast Use more than one CPU to improve
More informationREAL-TIME OPERATING SYSTEMS SHORT OVERVIEW
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group REAL-TIME OPERATING SYSTEMS SHORT OVERVIEW HERMANN HÄRTIG, WS 2017/18 OUTLINE Basic Variants of Real-Time Operating
More information1.1 Explain the difference between fast computing and real-time computing.
i 1.1 Explain the difference between fast computing and real-time computing. 1.2 What are the main limitations of the current real-time kernels for the development of critical control applications? 1.3
More informationReplica-Request Priority Donation: A Real-Time Progress Mechanism for Global Locking Protocols
Replica-Request Priority Donation: A Real-Time Progress Mechanism for Global Locking Protocols Bryan C. Ward, Glenn A. Elliott, and James H. Anderson Department of Computer Science, University of North
More informationTDDD82 Secure Mobile Systems Lecture 6: Quality of Service
TDDD82 Secure Mobile Systems Lecture 6: Quality of Service Mikael Asplund Real-time Systems Laboratory Department of Computer and Information Science Linköping University Based on slides by Simin Nadjm-Tehrani
More informationAn Evaluation of the Dynamic and Static Multiprocessor Priority Ceiling Protocol and the Multiprocessor Stack Resource Policy in an SMP System
An Evaluation of the Dynamic and Static Multiprocessor Priority Ceiling Protocol and the Multiprocessor Stack Resource Policy in an SMP System Jim Ras and Albert Mo Kim Cheng Outline Handling shared resources
More informationSubject Name: OPERATING SYSTEMS. Subject Code: 10EC65. Prepared By: Kala H S and Remya R. Department: ECE. Date:
Subject Name: OPERATING SYSTEMS Subject Code: 10EC65 Prepared By: Kala H S and Remya R Department: ECE Date: Unit 7 SCHEDULING TOPICS TO BE COVERED Preliminaries Non-preemptive scheduling policies Preemptive
More informationUniprocessor Scheduling. Basic Concepts Scheduling Criteria Scheduling Algorithms. Three level scheduling
Uniprocessor Scheduling Basic Concepts Scheduling Criteria Scheduling Algorithms Three level scheduling 2 1 Types of Scheduling 3 Long- and Medium-Term Schedulers Long-term scheduler Determines which programs
More informationMultiprocessor Systems. Chapter 8, 8.1
Multiprocessor Systems Chapter 8, 8.1 1 Learning Outcomes An understanding of the structure and limits of multiprocessor hardware. An appreciation of approaches to operating system support for multiprocessor
More informationOverview of Scheduling a Mix of Periodic and Aperiodic Tasks
Overview of Scheduling a Mix of Periodic and Aperiodic Tasks Minsoo Ryu Department of Computer Science and Engineering 2 Naive approach Background scheduling Algorithms Under static priority policy (RM)
More informationDocument downloaded from: http://hdl.handle.net/10251/38978 This paper must be cited as: Sáez Barona, S.; Crespo, A. (2013). Deferred setting of scheduling attributes in Ada 2012. Ada Letters. 33(1):93-100.
More informationReal-Time Resource-Sharing under Clustered Scheduling: Mutex, Reader-Writer, and k-exclusion Locks
Real-Time Resource-Sharing under Clustered Scheduling: Mutex, Reader-Writer, and k-exclusion Locks Björn B. Brandenburg Department of Computer Science University of North Carolina at Chapel Hill bbb@cs.unc.edu
More informationMultiprocessor Synchronization and Hierarchical Scheduling
Multiprocessor Synchronization and Hierarchical Scheduling Farhang Nemati, Moris Behnam, Thomas Nolte Mälardalen Real-Time Research Centre P.O. Box 883, SE-721 23 Västerås, Sweden farhang.nemati@mdh.se
More informationMulticore for safety-critical embedded systems: challenges andmarch opportunities 15, / 28
Multicore for safety-critical embedded systems: challenges and opportunities Giuseppe Lipari CRItAL - Émeraude March 15, 2016 Multicore for safety-critical embedded systems: challenges andmarch opportunities
More informationA Comparison of Scheduling Latency in Linux, PREEMPT_RT, and LITMUS RT. Felipe Cerqueira and Björn Brandenburg
A Comparison of Scheduling Latency in Linux, PREEMPT_RT, and LITMUS RT Felipe Cerqueira and Björn Brandenburg July 9th, 2013 1 Linux as a Real-Time OS 2 Linux as a Real-Time OS Optimizing system responsiveness
More informationGlobal Scheduling in Multiprocessor Real-Time Systems
Global Scheduling in Multiprocessor Real-Time Systems Alessandra Melani 1 Global vs Partitioned scheduling Single shared queue instead of multiple dedicated queues Global scheduling Partitioned scheduling
More informationRT- Xen: Real- Time Virtualiza2on. Chenyang Lu Cyber- Physical Systems Laboratory Department of Computer Science and Engineering
RT- Xen: Real- Time Virtualiza2on Chenyang Lu Cyber- Physical Systems Laboratory Department of Computer Science and Engineering Embedded Systems Ø Consolidate 100 ECUs à ~10 multicore processors. Ø Integrate
More informationScheduling policy. Reference: ULK3e 7.1. Scheduling in Linux 1 / 20
Scheduling policy Reference: ULK3e 7.1. Goals fast process response time good throughput for background jobs avoidance of process starvation reconciliation of needs of low- and high-priority processes
More informationA Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria
A Predictable RTOS Mantis Cheng Department of Computer Science University of Victoria Outline I. Analysis of Timeliness Requirements II. Analysis of IO Requirements III. Time in Scheduling IV. IO in Scheduling
More informationOverview. Sporadic tasks. Recall. Aperiodic tasks. Real-time Systems D0003E 2/26/2009. Loosening D = T. Aperiodic tasks. Response-time analysis
Overview Real-time Systems D0003E Lecture 11: Priority inversion Burns/Wellings ch. 13 (except 13.12) Aperiodic tasks Response time analysis Blocking Priority inversion Priority inheritance Priority ceiling
More informationFixed-Priority Multiprocessor Scheduling
Fixed-Priority Multiprocessor Scheduling Real-time Systems N periodic tasks (of different rates/periods) r i T i C i T i C C J i Ji i ij i r i r i r i Utilization/workload: How to schedule the jobs to
More informationPrecedence Graphs Revisited (Again)
Precedence Graphs Revisited (Again) [i,i+6) [i+6,i+12) T 2 [i,i+6) [i+6,i+12) T 3 [i,i+2) [i+2,i+4) [i+4,i+6) [i+6,i+8) T 4 [i,i+1) [i+1,i+2) [i+2,i+3) [i+3,i+4) [i+4,i+5) [i+5,i+6) [i+6,i+7) T 5 [i,i+1)
More informationReal-Time Internet of Things
Real-Time Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory h7p://www.cse.wustl.edu/~lu/ Internet of Things Ø Convergence of q Miniaturized devices: integrate processor, sensors and radios.
More informationSchedulability with resource sharing. Priority inheritance protocol Priority ceiling protocol Stack resource policy
Schedulability with resource sharing Priority inheritance protocol Priority ceiling protocol Stack resource policy 1 Lecture overview We have discussed the occurrence of unbounded priority inversion We
More informationA Server-based Approach for Predictable GPU Access Control
A Server-based Approach for Predictable GPU Access Control Hyoseung Kim * Pratyush Patel Shige Wang Raj Rajkumar * University of California, Riverside Carnegie Mellon University General Motors R&D Benefits
More informationTowards Principled OS-Level Temporal Isola?on
Towards Principled OS-Level Temporal Isola?on Gernot Heiser gernot@data61.csiro.au @GernotHeiser So6ware Systems Summer School, February 2016 h"ps://trustworthy.systems Requirements for Trustworthy Systems
More informationMC-SDN: Supporting Mixed-Criticality Scheduling on Switched-Ethernet Using Software-Defined Networking
MC-SDN: Supporting Mixed-Criticality Scheduling on Switched-Ethernet Using Software-Defined Networking Kilho Lee, Taejune Park, Minsu Kim, Hoon Sung Chwa, Jinkyu Lee* Seungwon Shin, and Insik Shin * 1
More information8th Slide Set Operating Systems
Prof. Dr. Christian Baun 8th Slide Set Operating Systems Frankfurt University of Applied Sciences SS2016 1/56 8th Slide Set Operating Systems Prof. Dr. Christian Baun Frankfurt University of Applied Sciences
More informationCPU Scheduling. The scheduling problem: When do we make decision? - Have K jobs ready to run - Have N 1 CPUs - Which jobs to assign to which CPU(s)
CPU Scheduling The scheduling problem: - Have K jobs ready to run - Have N 1 CPUs - Which jobs to assign to which CPU(s) When do we make decision? 1 / 31 CPU Scheduling new admitted interrupt exit terminated
More informationNested Multiprocessor Real-Time Locking with Improved Blocking
Nested Multiprocessor Real-Time Locking with Improved Blocking Bryan C. Ward and James H. Anderson Department of Computer Science, University of North Carolina at Chapel Hill Abstract Existing multiprocessor
More informationOperating Systems ECE344. Ding Yuan
Operating Systems ECE344 Ding Yuan Announcement & Reminder Midterm exam Will grade them this Friday Will post the solution online before next lecture Will briefly go over the common mistakes next Monday
More informationReal-Time Systems. Real-Time Operating Systems
Real-Time Systems Real-Time Operating Systems Hermann Härtig WS 2018/19 Outline Introduction Basic variants of RTOSes Real-Time paradigms Common requirements for all RTOSes High level resources Non-Real-Time
More informationOperating Systems. Scheduling
Operating Systems Scheduling Process States Blocking operation Running Exit Terminated (initiate I/O, down on semaphore, etc.) Waiting Preempted Picked by scheduler Event arrived (I/O complete, semaphore
More informationW4118: advanced scheduling
W4118: advanced scheduling Instructor: Junfeng Yang References: Modern Operating Systems (3 rd edition), Operating Systems Concepts (8 th edition), previous W4118, and OS at MIT, Stanford, and UWisc Outline
More informationRecap. Run to completion in order of arrival Pros: simple, low overhead, good for batch jobs Cons: short jobs can stuck behind the long ones
Recap First-Come, First-Served (FCFS) Run to completion in order of arrival Pros: simple, low overhead, good for batch jobs Cons: short jobs can stuck behind the long ones Round-Robin (RR) FCFS with preemption.
More informationCSL373: Lecture 6 CPU Scheduling
CSL373: Lecture 6 CPU Scheduling First come first served (FCFS or FIFO) Simplest scheduling algorithm cpu cpu 0 0 Run jobs in order that they arrive Disadvantage: wait time depends on arrival order. Unfair
More informationAirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems
AirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems Alan Burns, James Harbin, Leandro Indrusiak, Iain Bate, Robert Davis and David Griffin Real-Time Systems Research Group
More informationA Capacity Sharing and Stealing Strategy for Open Real-time Systems
A Capacity Sharing and Stealing Strategy for Open Real-time Systems Luís Nogueira, Luís Miguel Pinho CISTER Research Centre School of Engineering of the Polytechnic Institute of Porto (ISEP/IPP) Rua Dr.
More informationReal-Time Systems Hermann Härtig Real-Time Operating Systems Brief Overview
Real-Time Systems Hermann Härtig Real-Time Operating Systems Brief Overview 02/02/12 Outline Introduction Basic variants of RTOSes Real-Time paradigms Common requirements for all RTOSes High level resources
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Yuchen Zhou, Thomas E Fuhrman, Prathap Venugopal General Motors Scheduling Techniques for Automated Driving Systems using the AUTOSAR Adaptive Platform AUTOSAR Nov-2017 Agenda
More informationLearning Outcomes. Scheduling. Is scheduling important? What is Scheduling? Application Behaviour. Is scheduling important?
Learning Outcomes Scheduling Understand the role of the scheduler, and how its behaviour influences the performance of the system. Know the difference between I/O-bound and CPU-bound tasks, and how they
More informationComputer Networking. Queue Management and Quality of Service (QOS)
Computer Networking Queue Management and Quality of Service (QOS) Outline Previously:TCP flow control Congestion sources and collapse Congestion control basics - Routers 2 Internet Pipes? How should you
More informationEECS 571 Principles of Real-Time Embedded Systems. Lecture Note #10: More on Scheduling and Introduction of Real-Time OS
EECS 571 Principles of Real-Time Embedded Systems Lecture Note #10: More on Scheduling and Introduction of Real-Time OS Kang G. Shin EECS Department University of Michigan Mode Changes Changes in mission
More informationAdaptive Clustered EDF in LITMUS RT
Adaptive Clustered EDF in LITMUS RT Aaron Block,. Sherman, Texas William Kelley, BAE Systems. Ft. Worth, Texas Adaptable System: Whisper Whisper is a motion tracking system Speakers are placed on users
More informationMultimedia Systems 2011/2012
Multimedia Systems 2011/2012 System Architecture Prof. Dr. Paul Müller University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY http://www.icsy.de Sitemap 2 Hardware
More informationOPERATING SYSTEMS CS3502 Spring Processor Scheduling. Chapter 5
OPERATING SYSTEMS CS3502 Spring 2018 Processor Scheduling Chapter 5 Goals of Processor Scheduling Scheduling is the sharing of the CPU among the processes in the ready queue The critical activities are:
More information6.1 Motivation. Fixed Priorities. 6.2 Context Switch. Real-time is about predictability, i.e. guarantees. Real-Time Systems
Real-Time Systems Summer term 2017 6.1 Motivation 6.1 Motivation Real-Time Systems 6 th Chapter Practical Considerations Jafar Akhundov, M.Sc. Professur Betriebssysteme Real-time is about predictability,
More informationCSE120 Principles of Operating Systems. Prof Yuanyuan (YY) Zhou Scheduling
CSE120 Principles of Operating Systems Prof Yuanyuan (YY) Zhou Scheduling Announcement l Homework 2 due on October 26th l Project 1 due on October 27th 2 Scheduling Overview l In discussing process management
More informationIntroduction to Embedded Systems
Introduction to Embedded Systems Sanjit A. Seshia UC Berkeley EECS 9/9A Fall 0 008-0: E. A. Lee, A. L. Sangiovanni-Vincentelli, S. A. Seshia. All rights reserved. Chapter : Operating Systems, Microkernels,
More informationCPU Scheduling. CSE 2431: Introduction to Operating Systems Reading: Chapter 6, [OSC] (except Sections )
CPU Scheduling CSE 2431: Introduction to Operating Systems Reading: Chapter 6, [OSC] (except Sections 6.7.2 6.8) 1 Contents Why Scheduling? Basic Concepts of Scheduling Scheduling Criteria A Basic Scheduling
More informationMultiprocessor and Real-Time Scheduling. Chapter 10
Multiprocessor and Real-Time Scheduling Chapter 10 1 Roadmap Multiprocessor Scheduling Real-Time Scheduling Linux Scheduling Unix SVR4 Scheduling Windows Scheduling Classifications of Multiprocessor Systems
More informationImplementing Sporadic Servers in Ada
Technical Report CMU/SEI-90-TR-6 ESD-90-TR-207 Implementing Sporadic Servers in Ada Brinkley Sprunt Lui Sha May 1990 Technical Report CMU/SEI-90-TR-6 ESD-90-TR-207 May 1990 Implementing Sporadic Servers
More informationEmbedded Systems: OS. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Embedded Systems: OS Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Standalone Applications Often no OS involved One large loop Microcontroller-based
More informationTDDD07 Real-time Systems Lecture 10: Wrapping up & Real-time operating systems
TDDD07 Real-time Systems Lecture 10: Wrapping up & Real-time operating systems Simin Nadjm-Tehrani Real-time Systems Laboratory Department of Computer and Information Science Linköping Univerity 28 pages
More informationOperating Systems: Quiz2 December 15, Class: No. Name:
Operating Systems: Quiz2 December 15, 2006 Class: No. Name: Part I (30%) Multiple Choice Each of the following questions has only one correct answer. Fill the correct one in the blank in front of each
More informationCPU Scheduling. Daniel Mosse. (Most slides are from Sherif Khattab and Silberschatz, Galvin and Gagne 2013)
CPU Scheduling Daniel Mosse (Most slides are from Sherif Khattab and Silberschatz, Galvin and Gagne 2013) Basic Concepts Maximum CPU utilization obtained with multiprogramming CPU I/O Burst Cycle Process
More informationPROCESS SCHEDULING II. CS124 Operating Systems Fall , Lecture 13
PROCESS SCHEDULING II CS124 Operating Systems Fall 2017-2018, Lecture 13 2 Real-Time Systems Increasingly common to have systems with real-time scheduling requirements Real-time systems are driven by specific
More informationCSE 120 Principles of Operating Systems Spring 2017
CSE 120 Principles of Operating Systems Spring 2017 Lecture 5: Scheduling Administrivia Homework #1 due tomorrow Homework #2 out tomorrow October 20, 2015 CSE 120 Lecture 8 Scheduling and Deadlock 2 Scheduling
More informationA Flexible Multiprocessor Resource Sharing Framework for Ada
A Flexible Multiprocessor Resource Sharing Framework for Ada Shiyao Lin Submitted for the Degree of Doctor of Philosophy University of York Department of Computer Science September 2013 Abstract Lock-based
More informationOVERVIEW. Last Week: But if frequency of high priority task increases temporarily, system may encounter overload: Today: Slide 1. Slide 3.
OVERVIEW Last Week: Scheduling Algorithms Real-time systems Today: But if frequency of high priority task increases temporarily, system may encounter overload: Yet another real-time scheduling algorithm
More informationNuttX Realtime Programming
NuttX RTOS NuttX Realtime Programming Gregory Nutt Overview Interrupts Cooperative Scheduling Tasks Work Queues Realtime Schedulers Real Time == == Deterministic Response Latency Stimulus Response Deadline
More informationPROCESS SCHEDULING Operating Systems Design Euiseong Seo
PROCESS SCHEDULING 2017 Operating Systems Design Euiseong Seo (euiseong@skku.edu) Histogram of CPU Burst Cycles Alternating Sequence of CPU and IO Processor Scheduling Selects from among the processes
More informationOperating system concepts. Task scheduling
Operating system concepts Task scheduling Task scheduling (thread scheduling) Target of scheduling are ready tasks ACTIVE TASK BLOCKED TASKS PASSIVE TASKS READY TASKS Active task currently running on processor
More informationReal-Time Resource-Sharing under Clustered Scheduling: Mutex, Reader-Writer, and k-exclusion Locks
Real-Time Resource-Sharing under Clustered Scheduling: Mutex, Reader-Writer, and k-exclusion Locks Björn B. Brandenburg and James H. Anderson Department of Computer Science, University of North Carolina
More informationAUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann
AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel Alexander Züpke, Marc Bommert, Daniel Lohmann alexander.zuepke@hs-rm.de, marc.bommert@hs-rm.de, lohmann@cs.fau.de Motivation Automotive and Avionic industry
More informationWhat s An OS? Cyclic Executive. Interrupts. Advantages Simple implementation Low overhead Very predictable
What s An OS? Provides environment for executing programs Process abstraction for multitasking/concurrency scheduling Hardware abstraction layer (device drivers) File systems Communication Do we need an
More information* There are more than 100 hundred commercial RTOS with memory footprints from few hundred kilobytes to large multiprocessor systems
Presented material is based on ü Laura Carnevali: Formal Methods in the Development Life Cycle of Realtime Systems. PhD-Thesis, Univ. of Florence (IT) 2010. (Ch. 1.1-1.3) ü Doug Abbott: Linux for Embedded
More informationOperating Systems. Process scheduling. Thomas Ropars.
1 Operating Systems Process scheduling Thomas Ropars thomas.ropars@univ-grenoble-alpes.fr 2018 References The content of these lectures is inspired by: The lecture notes of Renaud Lachaize. The lecture
More informationEmbedded Systems: OS
Embedded Systems: OS Jinkyu Jeong (Jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu ICE3028: Embedded Systems Design, Fall 2018, Jinkyu Jeong (jinkyu@skku.edu) Standalone
More informationComputer Science. ! Other approaches:! Special systems designed for extensibility
Application-Specific Service Technologies for Commodity OSes in Real-Time Environments Richard West and Gabriel Parmer Boston University Boston, MA {richwest,gabep1}@cs.bu.edu Introduction! Leverage commodity
More informationMILS Middleware: High Assurance Security for Real-time, Distributed Systems
2001 Objective Interface Systems, Inc. MILS Middleware: High Assurance Security for Real-time, Distributed Systems Bill Beckwith bill.beckwith@ois.com Objective Interface Systems, Inc. 13873 Park Center
More informationCSE 120. Fall Lecture 8: Scheduling and Deadlock. Keith Marzullo
CSE 120 Principles of Operating Systems Fall 2007 Lecture 8: Scheduling and Deadlock Keith Marzullo Aministrivia Homework 2 due now Next lecture: midterm review Next Tuesday: midterm 2 Scheduling Overview
More informationCPU Scheduling. The scheduling problem: When do we make decision? - Have K jobs ready to run - Have N 1 CPUs - Which jobs to assign to which CPU(s)
1/32 CPU Scheduling The scheduling problem: - Have K jobs ready to run - Have N 1 CPUs - Which jobs to assign to which CPU(s) When do we make decision? 2/32 CPU Scheduling Scheduling decisions may take
More informationECE519 Advanced Operating Systems
IT 540 Operating Systems ECE519 Advanced Operating Systems Prof. Dr. Hasan Hüseyin BALIK (10 th Week) (Advanced) Operating Systems 10. Multiprocessor, Multicore and Real-Time Scheduling 10. Outline Multiprocessor
More informationARTIST-Relevant Research from Linköping
ARTIST-Relevant Research from Linköping Department of Computer and Information Science (IDA) Linköping University http://www.ida.liu.se/~eslab/ 1 Outline Communication-Intensive Real-Time Systems Timing
More informationTwo Real-Time Operating Systems and Their Scheduling Algorithms: QNX vs. RTLinux
Two Real-Time Operating Systems and Their Scheduling Algorithms: QNX vs. RTLinux Daniel Svärd dansv077@student.liu.se Freddie Åström freas157@student.liu.se November 19, 2006 Abstract This report tries
More information