Real Real- -Time Systems Time Systems Ada 95 Reference Manual - - PowerPoint PPT Presentation

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

1

Real Real-

• Time Systems

Time Systems

Verification Implementation Specification

• Ada 95
• Clocks, time, delay
• Task priorities

Ada 95 Reference Manual (ARM) Ada 95 Reference Manual (ARM)

Ada 95 consists of a Ada 95 consists of a core language core language and a set of and a set of annex annex containing extensions for special applications. containing extensions for special applications. An Ada 95 implementation must support the entire An Ada 95 implementation must support the entire core core language language, but can choose to support an arbitrary , but can choose to support an arbitrary combination of annex. combination of annex. An annex may define new An annex may define new packages packages, , attributes attributes and and pragma, pragma, but may not introduce new syntax or change but may not introduce new syntax or change semantics of the semantics of the core language core language. .

Ada 95 Reference Manual (ARM) Ada 95 Reference Manual (ARM)

The following parts of ARM are dealt with in this course: The following parts of ARM are dealt with in this course:

Section 9: Tasks and Synchronization Section 13: Representation Issues Annex C: Systems Programming Annex D: Real-Time Systems

In addition, the following parts of ARM are interesting: In addition, the following parts of ARM are interesting:

Annex E: Distributed Systems Annex F: Information Systems Annex G: Numerics Annex H: Safety and Security

Clocks and time in Ada 95 Clocks and time in Ada 95

To construct a real To construct a real-

• time system, the chosen programming

time system, the chosen programming language must support a concept of time that can be language must support a concept of time that can be used for modeling the system used for modeling the system’ ’s time constraints. s time constraints. In Ada 95, time is represented as system clocks, that can In Ada 95, time is represented as system clocks, that can be read in order to report current time. be read in order to report current time. Ada 95 has two different time packages that each defines Ada 95 has two different time packages that each defines a system clock: a system clock:

Ada.Calendar Ada.Calendar: : compulsory package (Section 9.6) with a clock compulsory package (Section 9.6) with a clock that represents calendar time with that represents calendar time with " "satisfactory" resolution. satisfactory" resolution. Ada.Real_Time Ada.Real_Time: : annex package (Annex D.8) with a clock that annex package (Annex D.8) with a clock that represents physical (monotonic) time with high resolution. represents physical (monotonic) time with high resolution.

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

2

Calendar time in Ada 95 Calendar time in Ada 95

Ada.Calendar Ada.Calendar defines a data type

defines a data type Time

Time that represents

that represents calendar time (date + seconds since midnight) with a calendar time (date + seconds since midnight) with a resolution of at least resolution of at least 20 ms 20 ms. Values of this type can be . Values of this type can be converted to year, month, day and seconds. converted to year, month, day and seconds. Calendar time is normally monotonic (non Calendar time is normally monotonic (non-

• decreasing), but

decreasing), but can be adjusted (forwards/backwards) as a consequence can be adjusted (forwards/backwards) as a consequence

• f e.g. daylight savings time or other time adjustments.
• f e.g. daylight savings time or other time adjustments.

The current value of the calendar time can be read by calling The current value of the calendar time can be read by calling the function the function Ada.Calendar.Clock

Ada.Calendar.Clock.

. A (calendar) time interval (i.e. the difference between two A (calendar) time interval (i.e. the difference between two time instants) is represented by the data type time instants) is represented by the data type Duration

Duration.

.

Real time in Ada 95 Real time in Ada 95

Ada.Real_Time Ada.Real_Time defines a data type

defines a data type Time

Time that represents real

that represents real time (physical time) with a resolution of at least time (physical time) with a resolution of at least 1 ms 1 ms. . Values of this type Values of this type cannot cannot be converted to be converted to calender calender data. data. Real time is strictly monotonic (cannot be adjusted backwards) Real time is strictly monotonic (cannot be adjusted backwards) and measured in elapsed and measured in elapsed time units time units since an since an epoch

• epoch. Time

. Time unit and epoch are both implementation dependent. unit and epoch are both implementation dependent. The current value of the real time can be read by calling the The current value of the real time can be read by calling the function function Ada.Real_Time.Clock

Ada.Real_Time.Clock.

.

A (real) time interval (i.e. the difference between two time A (real) time interval (i.e. the difference between two time instants) is represented by the data type instants) is represented by the data type Time_Span

Time_Span.

.

Although same names are used for types & functions, Although same names are used for types & functions, Ada.Calendar Ada.Calendar

and and Ada.Real_Time

Ada.Real_Time can coexist in the same program. can coexist in the same program.

Example: control of execution time Example: control of execution time

(with (with Ada.Calendar Ada.Calendar) )

with Ada.Calendar; use Ada.Calendar; package body Controller is task body Temp_Controller is ...

• - declaration of variables

Start, Finish : Time; Interval : Duration := 1.7; Overrun_Error : exception; begin loop Start := Clock; ...

• - statements in Temp_Controller;

Finish := Clock; if Finish - Start > Interval then raise Overrun_Error; end if; end loop; exception when Overrun_Error =>

• - program code for error handling

end Temp_Controller; end Controller;

Example: control of execution time Example: control of execution time

(with (with Ada.Real_Time Ada.Real_Time) )

with Ada.Real_Time; use Ada.Real_Time; package body Controller is task body Temp_Controller is ...

• - declaration of variables

Start, Finish : Time; Interval : Time_Span := To_Time_Span(1.7); Overrun_Error : exception; begin loop Start := Clock; ...

• - statements in Temp_Controller;

Finish := Clock; if Finish - Start > Interval then raise Overrun_Error; end if; end loop; exception when Overrun_Error =>

• - program code for error handling

end Temp_Controller; end Controller; Time constants have type Duration as default. Conversion of time intervals is found in Ada.Real_Time.

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

3

Time delays Time delays

How can the execution of a task be delayed in Ada? How can the execution of a task be delayed in Ada?

• Use the (relative) delay statement:

delay 10.0;

• - wait for 10 seconds
• While the task is delayed in the delay statement, other tasks (if

such exist) may execute.

• The delay statement guarantees that the delay will be at least the

indicated number of seconds (which should be of type Duration).

• The actual delay could be longer because the delayed task may

have to wait for other tasks to complete their execution.

Periodic activities Periodic activities

Example: Example: Execute a task periodically every 5th second.

package body Periodic_Action is task body T is Interval : constant Duration := 5.0; begin loop Action; delay Interval; end loop; end T; end Periodic_Action;

This solution gives rise to a This solution gives rise to a systematic time skew systematic time skew

– The code for Action takes a certain time Δaction – The code for administrating the loop construct takes a certain time Δloop ⇒ The minimum interval between two executions of Action is: 5 + Δaction + Δloop seconds.

Periodic activities Periodic activities

How can systematic time skew be avoided in Ada? How can systematic time skew be avoided in Ada?

• Use the (absolute) delay statement:

delay until Later;

• - wait until clock becomes Later
• The absolute delay statement guarantees that the continued

execution is delayed until the given time instant at the earliest.

• The given time instant can be of arbitrary time type

(i.e. from Ada.Calendar as well as from Ada.Real_Time).

Periodic activities Periodic activities

package body Periodic_Action is task body T is Interval : constant Duration := 5.0; Next_Time : Time; begin Next_Time := Clock + Interval; loop Action; delay until Next_Time; Next_Time := Next_Time + Interval; end loop; end T; end Periodic_Action;

This solution does not eliminate This solution does not eliminate local time skew local time skew

– Other tasks with same or higher priority may interfere so that the task cannot begin its execution at the desired time instant – Local time skew may cause the start time within the current time interval to vary between different executions of the same task. – Local time skew can be avoided by using suitable scheduling algorithms or be determined with the aid of special analysis methods.

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

4

Example: a simple control system Example: a simple control system

Problem: Problem: Write a procedure Periodic_Controller for the control system

introduced in an earlier lecture (also see p. 27 in the course book). – Task Temp_Controller should use an iteration period of 70 ms. – Task Pressure_Controller should use iteration period 30 ms. – Printing to the display should take place without the server task. – Use package Ada.Real_Time to model physical time.

We solve this on the whiteboard We solve this on the whiteboard! !

Task priorities in Ada 95 Task priorities in Ada 95

To be able to guarantee and analyze the behavior of a real To be able to guarantee and analyze the behavior of a real-

• time

time system, the programming language and run system, the programming language and run-

• time system

time system must have support for must have support for task priorities task priorities. . Task priorities are used for selecting which task that should be Task priorities are used for selecting which task that should be executed if multiple tasks contend over the processing executed if multiple tasks contend over the processing resource (the CPU). resource (the CPU). The priority of a task can be given in two different ways: The priority of a task can be given in two different ways: Static priorities Static priorities: : based on task characteristics that are known before the system is running, e.g., iteration frequency or deadline. Dynamic priorities Dynamic priorities: : based on task characteristics that are derived at certain times while the system is running, e.g., remaining execution time or remaining time to deadline.

Task priorities in Ada 95 Task priorities in Ada 95

Task priorities are of data type Task priorities are of data type Any_Priority

Any_Priority which is declared

which is declared in package System (see Section 13.7 in ARM). in package System (see Section 13.7 in ARM). Priorities are a subtype of Priorities are a subtype of Integer

Integer and are given as values in

and are given as values in the range the range

Any_Priority’First .. Any_Priority’Last

The range of the priority values is implementation dependent The range of the priority values is implementation dependent (not defined in the language): (not defined in the language):

subtype Any_Priority is Integer range implementation-defined;

Task priorities in Ada 95 Task priorities in Ada 95

Depending of the type of task, two types of priorities are Depending of the type of task, two types of priorities are used (both of which are subtypes of used (both of which are subtypes of Any_Priority

Any_Priority) ):

:

Normal tasks use priorities Normal tasks use priorities av av data type data type Priority

Priority:

:

subtype Priority is Any_Priority range Any_Priority’First .. implementation-defined;

Interrupt handlers and protected objects use priorities of data Interrupt handlers and protected objects use priorities of data type type Interrupt_Priority

Interrupt_Priority:

:

subtype Interrupt_Priority is Any_Priority range Priority’Last+1 .. Any_Priority’Last;

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

5

Static task priorities in Ada 95 Static task priorities in Ada 95

In the Ada 95 In the Ada 95 core language core language there is only support for static there is only support for static task priorities. task priorities. The static (base) priority of a task is expressed using the The static (base) priority of a task is expressed using the pragma pragma Priority

Priority, which should be located in the

, which should be located in the specification specification of the task.

• f the task.

task P1 is pragma Priority(5); entry E1(X : in Objekt); entry E2(Y : out Objekt); end P1;

The parameter to the pragma is of data type The parameter to the pragma is of data type Priority Priority. .

Static task priorities in Ada 95 Static task priorities in Ada 95

In the absence of a priority pragma, a task inherits the In the absence of a priority pragma, a task inherits the priority of its parent task. priority of its parent task. If no priority is given in its ancestors, the task is assigned t If no priority is given in its ancestors, the task is assigned the he priority priority Default_Priority

Default_Priority (found in package

(found in package System

System):

):

Default_Priority : constant Priority := (Priority’First + Priority’Last)/2;

For the main program, which is executed by a predefined For the main program, which is executed by a predefined (non (non-

• declared) task, the priority is given directly in the

declared) task, the priority is given directly in the main procedure because it lacks a specification part. main procedure because it lacks a specification part. If no priority is given for the main program, it is assigned the If no priority is given for the main program, it is assigned the priority priority Default_Priority

Default_Priority. .

Dynamic task priorities i Ada 95 Dynamic task priorities i Ada 95

Annex D Annex D (Real (Real-

• Time Systems) provides support for

Time Systems) provides support for dynamic priorities via package dynamic priorities via package Ada.Dynamic_Priorities

Ada.Dynamic_Priorities:

:

package Ada.Dynamic_Priorities is procedure Set_Priority(...); function Get_Priority(...) return Any_Priority; end Ada.Dynamic_Priorities;

By means of this package, the priority of a task can be By means of this package, the priority of a task can be read and modified while the system is running. read and modified while the system is running.

Priorities and shared objects Priorities and shared objects

When task priorities are used to introduce determinism and When task priorities are used to introduce determinism and analyzability to the system, this must also encompass analyzability to the system, this must also encompass the handling of protected objects. the handling of protected objects. In order to verify the system, an upper bound of each task In order to verify the system, an upper bound of each task’ ’s s blocking time must be possible to derive. blocking time must be possible to derive. Such derivation is relatively simple as long as a task can Such derivation is relatively simple as long as a task can

• nly be blocked by tasks with higher priority.
• nly be blocked by tasks with higher priority.

The analysis becomes much more difficult The analysis becomes much more difficult when protected when protected

• bjects are used
• bjects are used, as

, as a task can then also be blocked by a task can then also be blocked by tasks with tasks with lower priority that does not use the object lower priority that does not use the object. . One such example is when One such example is when priority inversion priority inversion occurs.

• ccurs.

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

6

Priority inversion Priority inversion

Assume three tasks H, M and L (decreasing priorities) where H Assume three tasks H, M and L (decreasing priorities) where H and L share a protected object. and L share a protected object.

• 1. Assume that task L with lowest priority requests and acquires
• 1. Assume that task L with lowest priority requests and acquires a

a protected object (critical region). protected object (critical region).

• 2. Task H, which has highest priority, then starts and requests
• 2. Task H, which has highest priority, then starts and requests the

the protected object. As only one task at a time can execute code protected object. As only one task at a time can execute code in a protected object, H must wait until L releases the object. in a protected object, H must wait until L releases the object.

• 3. Task M, which has medium priority, preempts task L according
• 3. Task M, which has medium priority, preempts task L according

to the priority rules and then starts its execution. to the priority rules and then starts its execution.

• Priority inversion has now occurred because task M preempted a

Priority inversion has now occurred because task M preempted a task (H) with higher priority. task (H) with higher priority.

• The blocking time for task H now depends on a task (M) with lowe

The blocking time for task H now depends on a task (M) with lower r priority that does not use the protected object. priority that does not use the protected object.

• If task M should use another protected object there would also b

If task M should use another protected object there would also be e a potential risk that deadlock could occur. a potential risk that deadlock could occur.

Priority inversion Priority inversion

t1

H blocked

t2

Blocking time for H is not bounded by execution of critical region

t t

H

t

M normal execution critical region

priority (H) > priority (M) > priority (L)

L

H and L share resource R

Ceiling priorities Ceiling priorities

Priority inversion can be reduced with the aid of a Priority inversion can be reduced with the aid of a mechanism called mechanism called ceiling priorities ceiling priorities. . Each protected object is assigned a ceiling priority that is Each protected object is assigned a ceiling priority that is equal to the maximum priority among all tasks that may equal to the maximum priority among all tasks that may potentially request the protected object. potentially request the protected object. When a task executes the code of a protected object it is When a task executes the code of a protected object it is temporarily assigned a priority equal to that of the temporarily assigned a priority equal to that of the protected object protected object’ ’s ceiling priority. s ceiling priority. One method for ceiling priorities supported by Ada 95 is the One method for ceiling priorities supported by Ada 95 is the Immediate Ceiling Priority Protocol (ICPP) Immediate Ceiling Priority Protocol (ICPP). .

Ceiling priorities in Ada 95 (ICPP) Ceiling priorities in Ada 95 (ICPP)

L receives R’s ceiling priority (= H’s priority) L receives original priority H blocked

t

H

t

M normal execution critical region

priority (H) > priority (M) > priority (L)

t

L

H and L share resource R

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #4

Updated 2009-01-25

7

Ceiling priorities in Ada 95 (ICPP) Ceiling priorities in Ada 95 (ICPP)

Besides minimizing priority inversion, ICPP exhibits some Besides minimizing priority inversion, ICPP exhibits some

• ther nice properties in a
• ther nice properties in a single processor system

single processor system: :

– Mutual exclusion is guaranteed because a task that executes the code of a protected object cannot be preempted by any

• ther task that also requests the protected object.

– A task can only be blocked once (in the beginning of its execution) by a task with lower priority. – Freedom from deadlock is guaranteed if all objects are protected.

Ceiling priorities in Ada 95 Ceiling priorities in Ada 95

ICPP must be implemented in compilers that support ICPP must be implemented in compilers that support Annex D Annex D (Real (Real-

• Time Systems) in Ada 95.

Time Systems) in Ada 95. A compiler vendor may choose to support multiple ceiling A compiler vendor may choose to support multiple ceiling priority protocols. priority protocols. Which ceiling priority protocol to use in Ada 95 is selected Which ceiling priority protocol to use in Ada 95 is selected with the pragma with the pragma Locking_Policy

Locking_Policy:

:

pragma Locking_Policy(Ceiling_Locking);

The identifier The identifier Ceiling_Locking

Ceiling_Locking corresponds to ICPP.

corresponds to ICPP. In Gnu Ada 95, the pragma is not needed as ICPP is the In Gnu Ada 95, the pragma is not needed as ICPP is the default policy. default policy.