Real- -Time Systems Time Systems Real Specification - - PDF document

real time systems time systems real
SMART_READER_LITE
LIVE PREVIEW

Real- -Time Systems Time Systems Real Specification - - PDF document

May 19, 2023 315 likes •491 views

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10 Updated 2009-02-15 Real- -Time Systems Time Systems Real Specification Implementation Task model Execution-time analysis Verification Designing a real-

slide-1
SLIDE 1

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

1

Real Real-

  • Time Systems

Time Systems

Verification Implementation Specification

  • Task model
  • Execution-time analysis

Designing a real Designing a real-

  • time system

time system

Verification Implementation Specification

How should it be done? What should be done & When should it be done? Can it be done with the given implementation? New design!

  • Task model
  • Schedulability test
  • Logical function
  • Temporal function
  • System model
slide-2
SLIDE 2

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

2

Task model Task model

task body P1 is Interval : constant Duration := 5.0; Next_Time : Time; begin Next_Time := Clock + Interval; loop Action; delay until Next_Time; Next_Time := Next_Time + Interval; end loop; end P1; task body P2 is Interval : constant Duration := 7.0; Next_Time : Time; begin Next_Time := Clock + Interval; loop Action; delay until Next_Time; Next_Time := Next_Time + Interval; end loop; end P2;

Implementation Implementation Abstract model Abstract model

1

τ

2

τ

{ }

1 1 1 1 1

, , , C T D O τ =

{ }

2 2 2 2 2

, , , C T D O τ =

Task model Task model

A A task model task model must be defined to be able to analyze the must be defined to be able to analyze the temporal behavior of a set of tasks. temporal behavior of a set of tasks.

  • The static parameters of a task describe characteristics

that apply independent of other tasks.

– Derived from the specification or implementation of the system – For example: period, deadline, WCET

  • The dynamic parameters of a task describe effects that
  • ccur during the execution of the task.

– Is a function of the run-time system and the characteristics

  • f other tasks

– For example: start time, completion time, response time

slide-3
SLIDE 3

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

3

Task model Task model

Static task parameters: Static task parameters:

i

T

i

D

i

C

i

O

:

i

C (undisturbed) WCET :

i

T period :

i

D (relative) deadline :

i

O (absolute) time offset

{ }

, , ,

i i i i i

C T D O τ =

i

τ

t

Task model Task model

Static task parameters: Static task parameters:

Task’s worst-case execution time (WCET)

– Represents the longest undisturbed execution time for one iteration of the task – Derived as a function of the task’s program code

Task’s relative deadline (responsiveness constraint)

– Represents the maximum allowed time within which the task must complete its execution – Applies relative to the time when the task becomes executable – Derived as a function of the environment (e.g., laws of nature, control theory, ...)

i

C

i

D

slide-4
SLIDE 4

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

4

Task model Task model

Static task parameters: Static task parameters:

Task’s periodicity

– Represents how often the task should be repeated – Each iteration of the task has the same WCET

Task’s time offset

– Represents the first arrival time of the task, e.g., the earliest time instant at which the task becomes executable – Applies relative to a given ”origin” of the system

The arrival time of the n:th iteration of a task then becomes

i i n i

T n O A ⋅ − + = ) 1 (

i

T

i

O

Task model Task model

Different types of tasks: Different types of tasks:

  • Periodic tasks

– A periodic task arrives with a time interval Ti

  • Sporadic tasks

– A sporadic task arrives with a time interval ≥ Ti

  • Aperiodic tasks

– An aperiodic task has no guaranteed minimum time between two subsequent arrivals

⇒ ⇒ Hard real

Hard real-

  • time systems can only contain periodic and

time systems can only contain periodic and sporadic tasks. sporadic tasks.

slide-5
SLIDE 5

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

5

The importance of models The importance of models

Dad? How do t hey know how much weight a bridge can handle? They drive bigger and bigger t rucks over t he bridge unt il it collapses! Oh, I guess I should have known t hat ! Honey, if you don' t know t he answer, j ust SAY so! Free t ranslat ion f rom Swedish by J. J onsson Then t hey t ake t he weight of t he last t ruck and rebuild t he bridge

(this page deliberately left blank) (this page deliberately left blank)

slide-6
SLIDE 6

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

6

Execution Execution-

  • time analysis

time analysis

Program (no input data) Compiler + WCET analysis Code WCET Real-time compiler

for I:=1 to N loop begin if A > K then A:=K-1; else A:=K+1; if A < K then A:=K; else A:=K-1; end;

42 42

Execution Execution-

  • time analysis

time analysis

Motivation: Motivation:

  • Worst-case execution time (WCET) is important since

– it is a prerequisite for (hard) schedulability analysis – resource needs should be estimated early in the design phase

  • The execution time of a task depends on

– program structure + input data – initial system state – temporal properties of the system (OS + hardware) – internal and external system events

Estimation of WCET should consequently be made while the program is compiled!

slide-7
SLIDE 7

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

7

Execution Execution-

  • time analysis

time analysis

Requirements: Requirements:

  • WCET must be pessimistic but tight

0 ≤ ”Estimated WCET” – “Real WCET” < ε (ε small compared to real WCET) pessimistic: pessimistic: to make sure assumptions made in the schedulability analysis

  • f hard real-time tasks also apply at run time

tight: tight: to avoid unnecessary waste of resources during scheduling of hard real-time tasks

  • The computational complexity of the analysis method

must be tractable

Execution Execution-

  • time analysis

time analysis

estimated WCET real WCET Input data Execution time

slide-8
SLIDE 8

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

8

A simple (yet challenging) example A simple (yet challenging) example

Derive WCET for the following program: Derive WCET for the following program:

Issues to consider: Issues to consider:

  • Input data is unknown

– Iteration bounds must be known to facilitate analysis

  • Path explosion

– 4^N paths in this example

  • Exclusion of non-executable (false)

paths

– T1 + E2 is a false path in the example for I:=1 to N loop begin if A > K then A:=K-1; (T1) else A:=K+1; (E1) if A < K then A:=K; (T2) else A:=K-1; (E2) end;

A simpler (but non A simpler (but non-

  • trivial) example

trivial) example

Derive WCET for the following statement: Derive WCET for the following statement:

Issues to consider: Issues to consider:

  • Execution time:

– affected by cache misses, pipeline conflicts, exceptions ... – depends on previous and (!) subsequent instructions – also depends on (unknown) input data

  • Observations:

– accurate estimation of WCET must be based on a detailed timing model of the system architecture – uncertainties are handled by making worst-case assumptions

A := A / B;

slide-9
SLIDE 9

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

9

Formulation of the WCET problem Formulation of the WCET problem

Given a system (= program structure + system platform) find the program’s “worst-case” execution time for all possible input data, initial system states and (internal and external) system events

Fundamental issues Fundamental issues

  • Issues in the analysis of program paths

– how to limit WCET (if necessary, pessimistically) – how to eliminate false paths (in order to derive a tight WCET estimate)

  • Issues in the analysis of temporal behavior

”everything that takes time must be modeled in a realistic fashion (or at least not optimistically)” – accurate and effective timing model of the system platform (influence of, e.g., cache memories, pipelining, …) – consequences of system events at run time (e.g.: exceptions, interrupts, context switches)

slide-10
SLIDE 10

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

10

Path analysis Path analysis

  • CFG may not contain cycles
  • Non-executable paths must be eliminated

A control flow graph (CFG) describes the structure of the program Timing analysis problem: Find the longest executable path in the program’s CFG

Path analysis Path analysis

Shaw Shaw’ ’s Timing Schema (1989): s Timing Schema (1989):

for I:=1 to N loop begin if A > K (I1) then A:=K-1; (T1) else A:=K+1; (E1) if A < K (I2) then A:=K; (T2) else A:=K-1; (E2) end; WCETe = N*(WCET(loop) + WCET(I1) + max(WCET(T1), WCET(E1)) + WCET(I2) + max(WCET(T2), WCET(E2)))

The estimated WCET ( The estimated WCET (WCETe WCETe) is the ) is the execution time of the longest execution time of the longest structural structural path through the program path through the program

slide-11
SLIDE 11

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

11

Methods for path analysis Methods for path analysis

Branches (alternative paths) introduces the following Branches (alternative paths) introduces the following set of problems: set of problems:

  • 1. Iterations (loops, recursions …)
  • 2. Alternative (if-then-else, case …)

Goal: Goal:

– Bound the number of iterations in a loop or recursion – Eliminate non-executable (false) program paths

Methods for path analysis Methods for path analysis

The user annotates the program so that its CFG only The user annotates the program so that its CFG only contains a limited number of executable paths: contains a limited number of executable paths: Annotation of loop bounds: Annotation of loop bounds:

  • Provide upper bounds on loop indices and catch potential

exceptions at run time

Elimination of false paths: Elimination of false paths:

  • Enumerate all possible paths and list the set of false

paths so that these can be avoided in the analysis Requires very detailed knowledge of the program’s function, but is therefore also very prone to errors!

slide-12
SLIDE 12

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

12

Methods for path analysis Methods for path analysis

Automated method: Automated method: Static analysis (embedded in compiler): Static analysis (embedded in compiler):

  • Derive upper bounds on loop indices

– requires an explicit loop index – does not always work for complicated termination conditions

  • Eliminate false paths

– symbolically execute the program and do ”assert” with respect to the possible values that variables are able to assume

Preliminary methods are promising but only for fairly simple programs where the analysis is trivial!

Methods for path analysis Methods for path analysis

The reality? The reality? Existing methods implicitly assume that the execution time Existing methods implicitly assume that the execution time

  • f each language statement is
  • f each language statement is constant

constant and known and known

  • This is a quite realistic assumption for a micro-controller that

– lacks pipelined execution – lacks cache memories – does not generate exceptions

However, for modern processor architectures (= RISC), these methods yield very pessimistic results!

slide-13
SLIDE 13

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

13

Timing analysis for modern processors Timing analysis for modern processors

Modern processors have several advanced mechanisms Modern processors have several advanced mechanisms (e.g., pipelining, caching, branch prediction, out (e.g., pipelining, caching, branch prediction, out-

  • of
  • f-
  • rder execution
  • rder execution)

) that cause significant variation in the

that cause significant variation in the execution time of a processor instruction. execution time of a processor instruction. We must therefore We must therefore estimate the execution time for each estimate the execution time for each executable path through the program and at the same executable path through the program and at the same time account for these mechanisms. time account for these mechanisms. This can be solved by partitioning the program code into This can be solved by partitioning the program code into code blocks code blocks and analyze each block separately. and analyze each block separately. Today, mature methods for timing analysis only exist for Today, mature methods for timing analysis only exist for pipelining pipelining and and caching caching. .

Timing analysis for modern processors Timing analysis for modern processors

Processor with pipeline: Processor with pipeline:

Sources of time variations: Sources of time variations:

  • structural conflicts
  • data conflicts
  • branch conflicts

IF ID EX M WB

ICACHE DCACHE

Sources of time variations: Sources of time variations:

  • cache misses
slide-14
SLIDE 14

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

14

Timing analysis of cache memory Timing analysis of cache memory

Issues: Issues:

  • Not enough to investigate an

isolated code block

– miss/hit depends on previous executions of the code

  • Instruction cache behavior is

predictable for each path

– known sequence of code

  • Data cache behavior is more

difficult to analyze

– data addresses can depend on the program’s input data

Timing analysis of pipeline Timing analysis of pipeline

Issues: Issues:

  • Not enough to investigate an

isolated code block

– conflicts may occur on the boundary between code blocks

  • Pipeline behavior is predictable

for each path

– known sequence of code

slide-15
SLIDE 15

EDA222/DIT160 – Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10

Updated 2009-02-15

15

Methods for timing analysis Methods for timing analysis

Extension of Shaw Extension of Shaw’ ’s Timing Schema s Timing Schema

– Analysis is performed at code block level – Merging of paths at certain code locations by estimating the effects of worst-case situations (reduces path explosion)

Data flow analysis: Data flow analysis:

– Analysis performed at code block level – Propagation of pipeline and cache states between blocks

Integer Linear Programming Integer Linear Programming

– Formulate an ILP problem as a function of execution time and number of executions at code block level

Challenges Challenges

So far, non So far, non-

  • preemptive scheduling of program code has

preemptive scheduling of program code has been assumed (which is not always realistic). been assumed (which is not always realistic). In reality, pseudo In reality, pseudo-

  • parallel execution is typically used,

parallel execution is typically used, something which requires preemptive execution. something which requires preemptive execution.

– Preemptions will affect system state (i.e., cache contents will change and pipeline will be flushed) and must therefore be accounted for in the analysis. – However, it is difficult to account for these effects in the analysis

  • f WCET, which means that it must be handled at a higher level

(i.e., in the schedulability test).