-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
1/103
CENGCENG--336336Introduction to EmbeddedIntroduction to Embedded
Systems DevelopmentSystems Development
CENGCENG--336336Introduction to EmbeddedIntroduction to Embedded
Systems DevelopmentSystems Development
Introduction toIntroduction toRTOSRTOS RealReal--time Operating Systemstime Operating SystemsBased on Lecture Notes by Tuna TucuBased on Lecture Notes by Tuna Tucu
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
2/103
CENG-336 Introduction to Embedded Systems Development 2
Three Central ConceptsThree Central Concepts
Concurrency several concurrentthreads of execution
Reactivity external input is reacted to
rather than requested Real time timing behavior of reactions
is important
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
3/103
CENG-336 Introduction to Embedded Systems Development 3
ConcurrencyConcurrency
Real world is concurrent, so is real-timecomputing Several computers running in parallel is a
concurrent system
For cost effectiveness, we should map manytasks onto fewer processors (resourcesharing)
For independent tasks, concurrency is trivial. We are interested in tasks that are cooperating
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
4/103
CENG-336 Introduction to Embedded Systems Development 4
ReactivityReactivity
Who is the active party below? Who calls who? the user demanding a result by clicking on the screen the program requesting the next mouse click by means of an
OS call
The active view: the environment (user) acts because
the program demands it (traditional programming) The reactive view: the program acts because the
environment (user) demands it (embedded systems)
Nowhere is the clash between these views more
apparent than in the handling of interrupts We will study this problem, as well as reactive
programming in general
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
5/103
CENG-336 Introduction to Embedded Systems Development 5
Real TimeReal Time
Someone asks about the current outdoortemperature. Which response is better? A correct reading of 20C delivered 12 hours later A false reading of 10C delivered immediately
In a real time system, a late response isjust as bad as a wrong one
In this chapter, we will introduce methods
and models for controlling the timing behaviorof programs, in addition to their functionality
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
6/103
CENG-336 Introduction to Embedded Systems Development 6
SomeSome
Horror StoriesHorror Stories
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
7/103
CENG-336 Introduction to Embedded Systems Development 7
GoalsGoals
To give some examples of real real-time systems that have actually beenproduced
To illustrate various ways that theconcept of time may affect systemdesign
To warn about the consequences of badreal time system design!
To motivate programmers to do better!
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
8/103
CENG-336 Introduction to Embedded Systems Development 8
Apollo 11 Lunar LandingApollo 11 Lunar Landing
Basic facts: First manned lunar landing (July 20, 1969) A small 2-person spacecraft descended to the
lunar surface, while mothership stayed in lunar
orbit Both spacecrafts equipped with a computer for
navigation and guidance (notice the time & space): 100 kHz 16-bit CPU
38K RAM & core memory programmed in assembly language
priority-based event-driven OS of 2K
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
9/103
CENG-336 Introduction to Embedded Systems Development 9
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
During the landing phase, the role of the lunarlander computer was to measure altitude andcontrol the overall attitude of the spacecraft
In the middle of descent, with only minutes to
go before landing, the computer started todisplay 1202 alarm This alarm kept repeating itself every 10 seconds
As the minimum altitude for aborting wasapproaching, the software engineers had to
decide whether the alarm was fatal or not The advice was to ignore the alarm, and the
landing also proceeded successfully
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
10/103
CENG-336 Introduction to Embedded Systems Development 10
Problem: Computer too slow to handle alltasks concurrently
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
11/103
CENG-336 Introduction to Embedded Systems Development 11
Solution: During descent
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
12/103
CENG-336 Introduction to Embedded Systems Development 12
Solution: During ascent
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
13/103
CENG-336 Introduction to Embedded Systems Development 13
Cause of the alarmsDescent
consequence #1: event buffer overflow every 10s
consequence #2: about 20% of the CPU cycles spent inthe rendezvous radar interrupthandler
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
14/103
CENG-336 Introduction to Embedded Systems Development 14
The engineers knew 1202 alarm meant overflow ofsome event buffer, not clear which one
However, because of the fixed priorities used,judgment was that whatever events and computationsbeing lost, they would be the least important ones
The decision to ignore the alarms was taken on basisof that gut feeling (instinctive feeling about a givensituation) rather than knowledge
Analysis and simulations during the 24h moon stay
found the exact alarm cause (the erroneous switch) (The engineer in charge of the decision to proceed
was later awarded the Presidents Medal togetherwith the astronauts!)
Apollo 11 Lunar LandingApollo 11 Lunar Landing (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
15/103
CENG-336 Introduction to Embedded Systems Development 15
TheracTherac--2525
The Therac-25 was a computer thatcontrolled therapeutic radiation machine forthe treatment of tumors
Deployed in the mid 80s, it was a modernized
successor to a highly successful, but slow andbulky machine: the Therac-20 Massive radiation overdoses generated by the
machine resulted in deaths or severe injuriesfor at least six people in the USA and Canada
(1985-1987) The machine was redesigned in 1987 as the
result of multiple federal investigations
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
16/103
CENG-336 Introduction to Embedded Systems Development 16
TheracTherac--2525 (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
17/103
CENG-336 Introduction to Embedded Systems Development 17
TheracTherac--2525 (contd)(contd)
DEC PDP-11 responsible for Scanning operator input Positioning the turntable with the tungsten shield Setting up the electron gun, bending magnets, and
various other devices Performing treatment timing Executing extensive safety checks
Controlled via an ASCII-based terminal in a
remote room, using cursor keys for movingbetween input fields
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
18/103
CENG-336 Introduction to Embedded Systems Development 18
TheracTherac--2525 (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
19/103
CENG-336 Introduction to Embedded Systems Development 19
TheracTherac--2525 (contd)(contd)
Accident cause: The operator erroneously enters X-ray mode, realizes
the mistake, and switches back to electron mode allwithin 8 seconds
During that time window, the treatment phase task is
ignoring the keyboard entry flag because it is delayingin a busy-wait loop while bending magnets are being setup
Thus, the new mode is never copied over to the variableread by the gun emission control task
The other tasks register the edit, though, so theturntable is moved and the screen updated accordingly This results in the patient being exposed to unshielded,
high energy radiation, with no indication to theoperator
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
20/103
CENG-336 Introduction to Embedded Systems Development 20
TheracTherac--2525 (contd)(contd)
The Therac-25 software was written inassembly language by a single person, who alsowrote the context-switching kernel
Few people seem to have had any clear idea of
how the software really worked Safety analyses for the machine never took
timing errors into account
It turned out that the Therac-20 also
contained the same bugs, but the hardwaresensors and fuses were used as an extrasafety net against high radiation
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
21/103
CENG-336 Introduction to Embedded Systems Development 21
Mars PathfinderMars Pathfinder
Unmanned spacecraft that landed on Mars in 1997 Famous for its high-resolution panoramic pictures of
the Mars surface
Also famous for utilizing balloons in a bouncing
landing procedure, and for deploying a surface vehicleon wheels
Not so well-known: Severe computer problems on thePathfinder that resulted in frequent system resetsand loss of data
The cause: A classical example of priority inversion
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
22/103
CENG-336 Introduction to Embedded Systems Development 22
Mars PathfinderMars Pathfinder (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
23/103
CENG-336 Introduction to Embedded Systems Development 23
Mars PathfinderMars Pathfinder (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
24/103
CENG-336 Introduction to Embedded Systems Development 24
Mars PathfinderMars Pathfinder (contd)(contd)
The Pathfinder software ran under the VxWorksRTOS VxWorks can be run with a tracing option, which
records every activity within in the kernel During simulations on an exact replica of the
Pathfinder, engineers were able to reproduce theresets, and the problem was identified Fortunately, a C interpreter had been left in the
Pathfinders version of VxWorks, and a fix could beuploaded that turned on priority inheritance for theinfo bus mutex
The mutex in question was actually hidden within ahigher-level synchronization construct, that didntoffer any priority inheritance option!
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
25/103
CENG-336 Introduction to Embedded Systems Development 25
ArieneAriene--5 Blow5 Blow--upup
Launch of Ariane-5 took place in FrenchGuyana (June 4, 1996)
The rocket contained a fairly sophisticated,fault tolerant computer system, withsoftware written in Ada
About 40 seconds after take-off, the rocketself-destructed at an altitude ofapproximately 4000 meters
Telemetry data, and memory readouts fromcomputer units recovered from the debrisenabled identification of the cause of eventsat a high level of detail
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
26/103
CENG-336 Introduction to Embedded Systems Development 26
ArieneAriene--5 Blow5 Blow--upup (contd)(contd)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
27/103
CENG-336 Introduction to Embedded Systems Development 27
ArieneAriene--5 Blow5 Blow--upup (contd)(contd)
The rocket started to disintegrate at 39s afterliftoff, which caused automatic self-destruction
Disintegration was the result of an angle-of-attack ofmore than 20, which in turn was caused by fullnozzle deflections on all engines
Nozzle deflections were commanded by the OBCsoftware on basis of data transmitted by SRI2
SRI2 was actually not transmitting inertial data, butbit-patterns corresponding to debug information
SRI2 had aborted because of an unhandled floating-point exception, and so had SRI1 one cycle earlier
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
28/103
CENG-336 Introduction to Embedded Systems Development 28
ArieneAriene--5 Blow5 Blow--upup (contd)(contd)
The FP exception was due to an error fitting a 64-bitfloating-point value into a 16-bit integer
Exception handling for this conversion had beenturned off in order to squeeze CPU utilization below80% (as dictated by RM analysis)
The unexpected value occurred in a task used forguiding the rocket while still at the launch pad
This task was left running for 40s after lift-off, dueto extra time allocated in case of short pauses duringcountdown (to avoid realigning the gyros)
The analysis that outruled exceptional values for thevariable after lift-off was most likely based ontrajectory data for Ariane-4!
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
29/103
CENG-336 Introduction to Embedded Systems Development 29
ConclusionsConclusions
If something can go wrong in a real-time concurrentsystem, it will eventually go wrong
Because of the time dimension, the argument Itworks now has little value for a real-time system
Correctness of a real-time system should ideally beestablished by some form of software verification,with clearly stated assumptions
The problem is This is easier said than done withcurrent technology Extensive testing can find many errors, but never give full
correctness guarantees
We, as programmers, can help by choosing programstructures that are clearly correct by construction
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
30/103
CENGCENG--336336
Introduction to EmbeddedIntroduction to EmbeddedSystems DevelopmentSystems Development
CENGCENG--336336
Introduction to EmbeddedIntroduction to EmbeddedSystems DevelopmentSystems Development
RTOSRTOS Realtime Operating SystemsRealtime Operating Systems
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
31/103
CENG-336 Introduction to Embedded Systems Development 31
Whats an Operating System?Whats an Operating System?
Properties of a generic OS:Properties of a generic OS: Provides environment for executingProvides environment for executing
programsprograms
Process abstraction forProcess abstraction for multitasking /concurrency Scheduling
Hardware abstraction layer (deviceHardware abstraction layer (device
drivers)drivers)FilesystemsFilesystemsCommunicationCommunication
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
32/103
CENG-336 Introduction to Embedded Systems Development 32
Do I Need One?Do I Need One?
Not alwaysNot always (e.g., if you wish to control the(e.g., if you wish to control theprocessor behaviour with your own code; likeprocessor behaviour with your own code; likein PIC)in PIC)
Simplest approach:Simplest approach: cyclic executivecyclic executiveloop
do part of task 1
do part of task 2
do part of task 3...
end loop
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
33/103
CENG-336 Introduction to Embedded Systems Development 33
Cyclic ExecutiveCyclic Executive (CE)(CE)
AdvantagesAdvantages Simple implementation Low overhead Very predictable
DisadvantagesDisadvantages Cant handle sporadic events Everything must operate in lockstep Code must be scheduled manually
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
34/103
CENG-336 Introduction to Embedded Systems Development 34
Managing Real Time tasksManaging Real Time tasks --Foreground/BackgroundForeground/Background
The background is a single loop which executes forever, callingsubroutines to do application-specific jobs.
The foreground consists of interrupt service routines (ISRs) called byasynchronous events such as a clock tick or the arrival of a byte at acommunications port.
The processor pauses executing the background loop in order to servicean interrupt. Interrupts may be prioritised, so that an ISR may itself be interrupted so
that a more important event may be serviced.
Background
Foreground
ISR ISR
ISR(more
important)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
35/103
CENG-336 Introduction to Embedded Systems Development 35
Managing Real Time tasksManaging Real Time tasks ...... OK for simple real time systems
ISR processes briefly then returns. Typically just gets datafrom interrupting device and defers it for substantialprocessing to a task in the background loop.
Memory only as required by application(s). Minimal interrupt latency (time taken to break off from
current task and service an interrupt). All tasks have same priority and are executed in sequence in
the backgound loop eg (with reference to the diagram above):
= check inputfrom device 1
= monitor statusof device 2
= do a
computation= do output
to device 2
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
36/103
CENG-336 Introduction to Embedded Systems Development 36
Cyclic ExecutiveCyclic Executive ++ InterruptsInterrupts
Works fine for many signal processingapplications
56001 has direct hardware support for thisstyle
Insanely cheap, predictable interrupt handler: When interrupt occurs, execute a single user-
specified instruction
This typically copies peripheral data into a circularbuffer No context switch, no environment save, no delay
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
37/103
CENG-336 Introduction to Embedded Systems Development 37
Drawbacks of CE +Drawbacks of CE +InterruptsInterrupts
Main loop still running in lockstep
Programmer responsible for scheduling
Scheduling static
Sporadic events handled slowly
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
38/103
CENG-336 Introduction to Embedded Systems Development 38
Managing Real Time tasksManaging Real Time tasks ...... Application software must implement services such
as Timeouts, time delays, messaging, communication between tasks resource management
Typically, application software is in backgroundwhile communications, timer management, etc. arein foreground.
Code is hard to maintain as the application(s)
develops/grows A better approach in general is to use a multi-
tasking operating system kernel.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
39/103
CENG-336 Introduction to Embedded Systems Development 39
Managing RealManaging Real--Time tasksTime tasks ......
The kernel manages CPU time and othersystem resources required by variousapplication tasks
We are interested in multitasking kernels The application software consists of a number of
tasks which can run concurrently. The tasks may have different priorities. Each task is (in general) triggered by an event in
the environment of the software. A Kernel can be preemptive or non-
preemptive... (explained later)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
40/103
CENG-336 Introduction to Embedded Systems Development 40
Why anWhy an EmbeddedEmbedded OS?OS?
Demanding applications need access toDemanding applications need access tosystem resources for a variety ofsystem resources for a variety ofsome strictsome strict requirements:requirements:Critical applications withCritical applications with highhigh
functionality (flight control, medicalfunctionality (flight control, medicalapplications..)applications..)
Critical applications withCritical applications with lowlow functionalityfunctionality(pace maker, Atomatic Brake System)(pace maker, Atomatic Brake System)
NonNon--critical & technologycritical & technology--richrichapplications (telephones, smart card..)applications (telephones, smart card..)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
41/103
CENG-336 Introduction to Embedded Systems Development 41
Why not use anotherWhy not use another GPGP OS?OS?
Kernel isKernel is typicallytypically feature rich (feature rich (manymanyunused functions)unused functions)
Not (modular, fault tolerant, fast,Not (modular, fault tolerant, fast,
configurable, predictable,)configurable, predictable,) Takes big space (memory)Takes big space (memory)
Not power optimizedNot power optimized
Not designed for mission criticalNot designed for mission criticalapplicationsapplications (scheduling)(scheduling)..
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
42/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
43/103
CENG-336 Introduction to Embedded Systems Development 43
Concurrency Provided by OSConcurrency Provided by OS
Basic philosophy: Let the operating system handle
scheduling, and let the programmer handlefunction
Scheduling and function usuallyorthogonal
Changing the algorithm would require achange in scheduling
First, a little history
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
44/103
CENG-336 Introduction to Embedded Systems Development 44
Batch Operating SystemsBatch Operating Systems
Original computers ran in batch mode:Original computers ran in batch mode: Submit job & its input Job runs to completion Collect output
Submit next job Processor cycles very expensive at thProcessor cycles very expensive at thatat timetime
Jobs involved reading, writing data to/fromJobs involved reading, writing data to/fromtapestapes
Cycles were being spent waiting for the tape!Cycles were being spent waiting for the tape!
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
45/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
46/103
CENG-336 Introduction to Embedded Systems Development 46
Why Operating Systems?Why Operating Systems? The first computers had none
Application software loaded into the RAM and ran on thehardware
Embedded software was like this until surprisingly recently
Not an efficient way to manage a desktop PC!
Key presses, mouse events happen from time to time andhave to be handled
A byte may arrive at the serial port and have to be saved(MSN, GTalk, etc.)
In general, a computer has many tasks on the go at
once One or more (many) applications house-keeping managing memory, disk drives, network
interfaces, input & output devices
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
47/103
CENG-336 Introduction to Embedded Systems Development 47
Why OWhy OSsSs?? ...... What is needed (at the very least)
A scheduler managing several applications running at once Each application may get a few milliseconds of processing in turn
At the and of a tasks turn with the CPU then its state (the values of the CPU registers, ) is saved
the CPU registers are loaded with the next tasks state
the next task gets a few milli-seconds processing
We get the appearance/illusion of several tasks running at once An interrupt mechanism
whereby an event in the environment (a key press, a bytearriving at the serial port ) causes the CPU to interrupt
processing the current task, and need arises to service theinterrupt, before resuming the task.
An alternative might be to include in the schedule a task to pollall the peripherals but this would be much less efficient. Why?
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
48/103
CENG-336 Introduction to Embedded Systems Development 48
InterruptsInterrupts
Some events cant wait for next loopiteration Communication channels Transient events
A solution: Cyclic executive plusinterrupt routines
Interrupt: environmental event thatdemands attention
Example: byte arrived interrupt on serial channel Interrupt routine: piece of code
executed in response to an interrupt
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
49/103
CENG-336 Introduction to Embedded Systems Development 49
Handling an InterruptHandling an Interrupt1. Normal1. Normal
programprogramexecutionexecution
2. Interrupt2. Interruptoccursoccurs
3. Processor3. Processorstate savedstate saved
4. Interrupt routine4. Interrupt routinerunsruns
5. Interrupt routine5. Interrupt routineterminatesterminates
6. Processor state6. Processor staterestoredrestored
7. Normal7. Normalprogramprogramexecutionexecutionresumesresumes
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
50/103
CENG-336 Introduction to Embedded Systems Development 50
Interrupt Service RoutinesInterrupt Service Routines
Most interrupt routines:Copy peripheral data into a buffer Indicate to other code that data has
arrived
Acknowledge the interrupt (signal thehardware)
Longer reaction to interrupt performed
outside interrupt routine E.g., causes a process to start or
resume running
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
51/103
CENG-336 Introduction to Embedded Systems Development 51
Why OWhy OSsSs?? ...... Also handy; provides
Means of running tasks sending each othermessages
Means of arbitrating fair sharing of systemresources between tasks
Means of enforcing mutual exclusion wherenecessary
These are all services provided by a modernoperating system kernel So called to distinguish it from the command shell,
a task which manages user input and output to/from thesystem
In case of PCs, via a graphical desktop
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
52/103
CENG-336 Introduction to Embedded Systems Development 52
NonNon--Preemptive KernelsPreemptive Kernels
When a task relinquishes the CPU, the highest priority task in the list of taskswaiting for the CPU executes
But lower-priority task cannot lose the CPU to a higher-priority task until it isdone., The higher priority task waits for the other to relinquish the CPU
The lower priority task can still be interrupted by an ISR; but it resumesprocessing after the ISR returns, and the higher priority task still only gets theCPU when the lower priority task has relinquished it.
A non-preemptive kernel can suffer from priority inversion problems, where alow-priority task can take a long time and lock out a more important higherpriority task.
Low priority task
High priority task
ISR
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
53/103
CENG-336 Introduction to Embedded Systems Development 53
Preemptive KernelsPreemptive Kernels
In this case, a higher priority task can grab the CPU off thelower priority task as soon as it becomes ready to execute,before the lower priority task relinquishes it. The lower-prioritytask waits (among other tasks of equal priority) to resume.
If the higher priority task becomes ready to run while an ISR(which interrupted the lower priority task) is executing, it getsthe CPU on return from the ISR, and the lower priority taskmust wait for the higher one to relinquish the CPU before it canresume.
Low priority task
High priority task
ISR
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
54/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
55/103
CENG-336 Introduction to Embedded Systems Development 55
TasksTasks ......
A task passes through several states in itsA task passes through several states in itslife cycle:life cycle: When born it resides in memory
starting tells the kernel its start address, address of
stack top, priority; the kernel may pass run-timearguments to the task
Once ready, it joins the prioritised queue of taskswaiting for CPU cycles.
Under control of the kernel it will context-switchbetween the running state where it is receivingprocessing cycles and the ready state.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
56/103
CENG-336 Introduction to Embedded Systems Development 56
TasksTasks ......
born (dormant)born (dormant)
readyready runningrunning
waiting/blockedwaiting/blocked
deaddead
interruptedinterrupted
startstart
context switchcontext switch
event, timeoutevent, timeout wait, i/o request, etcwait, i/o request, etc..
tasktaskcompletioncompletion
ISRISR
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
57/103
CENG-336 Introduction to Embedded Systems Development 57
TasksTasks ......
Task states & life cycle:Task states & life cycle: When running it may be forced to wait for
a resource,
a mutex
another task to reach a certain stage (precedence)
I/O (blocked) a time delay to expire, etc.
Once the relevant event has occurred, theresource is available, a timeout has expired, etc.,
the task returns to the ready state. The running task may be interrupted by an ISR (as
seen in previous slides, return may be followedimmediately by a context switch.)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
58/103
CENG-336 Introduction to Embedded Systems Development 58
Scheduling & Context SwitchingScheduling & Context Switching
The scheduling task repeatedly decideswhether there is a higher-priority task torun. This happens when ...
a task has to wait for a time expiry or i/o or a mutexlock, etc
a task sends a signal or message to another task
an ISR sends a signal or message to a task (but after allnested ISR calls have returned).
The result is either a context switch -- if a higher-priority task has become
ready to run; or
a return to the task interrupted by the scheduling task,otherwise
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
59/103
CENG-336 Introduction to Embedded Systems Development 59
Scheduling & Context SwitchingScheduling & Context Switching
The context is the dynamic state of a task.It includes current values in CPU register, floating point
register, memory management registers, etc. pointer to current TCB (Task Control Block)
and/or Task-Id
The switch causes these registers to besaved on the old tasks stack, and to be
loaded from the new tasks stack.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
60/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
61/103
CENG-336 Introduction to Embedded Systems Development 61
Tasks and ThreadsTasks and Threads ......
Threads have a life cycle similar to tasks asabove
In Java, for example, a Thread object has A run() method normally programmed with an infinite
loop A sleep(int n) method to put the thread into a waiting
state for n milliseconds A notify() method to fire an event to wake up a
thread in a waiting state A yield() method to give up the CPU and return to the
ready state.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
62/103
CENG-336 Introduction to Embedded Systems Development 62
RealReal--TimeTime iiss nnot Fairot Fair
Main goal of an RTOS schedulerMain goal of an RTOS schedulermeeting deadlinesmeeting deadlines
If you have fiveIf you have five concurrentconcurrent homeworkhomeworkassignments and only one is due in an hour, youassignments and only one is due in an hour, you
work on that onework on that one. Wouldnt you?. Wouldnt you?
Fairness does not help you meetFairness does not help you meet
deadlinesdeadlines!!
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
63/103
CENG-336 Introduction to Embedded Systems Development 63
OS for Embedded SystemsOS for Embedded Systems Configurable (eliminate unused functions)Configurable (eliminate unused functions)
Direct control of devices by tasksDirect control of devices by tasks(applications) is enabled:(applications) is enabled:
Standard OS :Standard OS : Real Time OS:Real Time OS:
Device DriversDevice Drivers
Operating SystemOperating System
MiddlewareMiddleware
ApplicationApplication
Real Time KernelReal Time Kernel
Device DriversDevice Drivers
ApplicationApplication
MiddlewareMiddleware
* Kernel is the basic central part of an OS (no user interface etc.)
Tasks are directly connected to interruptsTasks are directly connected to interrupts
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
64/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
65/103
CENG-336 Introduction to Embedded Systems Development 65
RTOSRTOS ......
Mainly an OS (with scheduling andMainly an OS (with scheduling andmemory management)memory management)withwith furtherfurther carecare
Most of the Kernel resources areMost of the Kernel resources areopened for access to the applicationopened for access to the application
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
66/103
CENG-336 Introduction to Embedded Systems Development 66
Typical RTOS Task ModelTypical RTOS Task Model
Each taskEach task is represented asis represented as a triplet: (execution time,a triplet: (execution time,
period, deadline)period, deadline)
Usually, deadline = periodUsually, deadline = period
Can be initiated any time during the periodCan be initiated any time during the period
ExecutionExecutiontimetime
PeriodPeriod
DeadlineDeadline
TimeTime
InitiationInitiation
RealReal Time Operating SystemTime Operating System
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
67/103
CENG-336 Introduction to Embedded Systems Development 67
RealReal--Time Operating SystemTime Operating System(RTOS)(RTOS)
Most moderate and complex RT systems have RTOS.Most moderate and complex RT systems have RTOS. Some functions of RTOS are similar to normal OS:Some functions of RTOS are similar to normal OS:
Managing interfaces to the low-level hardware. Scheduling and preempting tasks. Memory management. Providing common services: I/O, standard devices (keyboard,
printer)
Some functions of RTOS differ:Some functions of RTOS differ: Scalability. Scheduling policies and synchronization methods. Support for embedded, diskless target environment. RTOS is tailored and optimized for embedded systems. RTOS provides the ability to boot from ROM. Many RTOS can operate from ROM.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
68/103
CENG-336 Introduction to Embedded Systems Development 68
ScalabilityScalability
RTOS is structured so that only the neededRTOS is structured so that only the neededcomponents are included in the RTOS imagecomponents are included in the RTOS imageexecuting on the target.executing on the target.
KernelKernel:: the innermost core, provides the mostthe innermost core, provides the mostessential features of the RTOS.essential features of the RTOS.
Other features are added as necessary.Other features are added as necessary.
Scalability makes RTOS widely applicable to small,Scalability makes RTOS widely applicable to small,singlesingle--processor applications and to large,processor applications and to large,
distributed ones.distributed ones. RTOS vendors call thisRTOS vendors call this asas microkernelmicrokernel
architecture, emphasizing the small size of thearchitecture, emphasizing the small size of theminimalist kernel.minimalist kernel.
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
69/103
CENG-336 Introduction to Embedded Systems Development 69
SchedulingScheduling
RTOS most commonly provideRTOS most commonly providess prioritypriority--based preemption for control of scheduling.based preemption for control of scheduling.
The higher priority task always preemptsThe higher priority task always preemptsthe lowerthe lower--priority tasks when the formerpriority tasks when the formerbecomes ready.becomes ready.
Average performance is a secondary concernAverage performance is a secondary concern(fairness may be sacrificed also).(fairness may be sacrificed also).
The primary concern is that system meet allThe primary concern is that system meet allcomputational deadlines, even in the absolutecomputational deadlines, even in the absoluteworst case.worst case.
ll
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
70/103
CENG-336 Introduction to Embedded Systems Development 70
PriorityPriority--based Schedulingbased Scheduling
Typical RTOS based on fixedTypical RTOS based on fixed--priorityprioritypreemptive schedulerpreemptive scheduler
Assign each process a priorityAssign each process a priority
At any time, scheduler runs highestAt any time, scheduler runs highestpriority process ready to runpriority process ready to run
Process runs to completion unlessProcess runs to completion unlesspreemptedpreempted
PriorityPriority based Preemptivebased Preemptive
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
71/103
CENG-336 Introduction to Embedded Systems Development 71
PriorityPriority--based Preemptivebased PreemptiveSchedulingScheduling
Always run the highestAlways run the highest--prioritypriorityrunnable processrunnable process
1
2
3
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
72/103
RR M h d lM h d l
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
73/103
CENG-336 Introduction to Embedded Systems Development 73
RateRate--Monotonic SchedulingMonotonic Scheduling
RMSRMS Common way to assign prioritiesCommon way to assign priorities
Result from Liu & Layland, 1973 (JACM)Result from Liu & Layland, 1973 (JACM)
Simple to understand and implement:Simple to understand and implement: Processes with shorter period given higherProcesses with shorter period given higher
prioritypriority
E.g.,E.g.,Period Priority
1010 11 (highest)(highest)1212 221515 332020 44 (lowest)(lowest)
K RM R lK RM R l
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
74/103
CENG-336 Introduction to Embedded Systems Development 74
Key RMS ResultKey RMS Result
RateRate--monotonic scheduling ismonotonic scheduling is optimaloptimal If there is fixedIf there is fixed--priority schedule thatpriority schedule that
meets all deadlines, then RMS will producemeets all deadlines, then RMS will producea feasible schedulea feasible schedule
However, tHowever, task sets do not always have aask sets do not always have aschedulescheduleSimple example:Simple example:
(Exec Time, Period, Deadline)(Exec Time, Period, Deadline) P1 = (10, 20, 20)P1 = (10, 20, 20) // P2 = (5, 9, 9)P2 = (5, 9, 9)
Requires more than 100% processor utilizationRequires more than 100% processor utilization
RMS Mi i D dliRMS Mi i D dli
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
75/103
CENG-336 Introduction to Embedded Systems Development 75
RMS Missing a DeadlineRMS Missing a Deadline
p1 = (10,20,20) p2 = (15,30,30) utilization is 100%
1
2
P2 misses first deadline
Would have met the deadline ifp2 = (10,30,30), utilizationreduced 83%
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
76/103
Wh I Th RMSWh I Th RMS
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
77/103
CENG-336 Introduction to Embedded Systems Development 77
When Is There an RMSWhen Is There an RMS
Schedule?Schedule?n Bound for U1 100% Trivial: one process
2 83% Two process case3 78%
4 76%
g 69% Asymptotic bound
When Is There an RMSWhen Is There an RMS
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
78/103
CENG-336 Introduction to Embedded Systems Development 78
When Is There an RMSWhen Is There an RMSSchedule?Schedule?
Asymptotic result: If the required processor utilization is
under 69%, RMS will give a valid schedule
If the required processor utilization isover 69%, RMS might still give a validschedule, but there is no guarantee
Converse is not true. Instead: EDF
EDF S h d liEDF S h d li
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
79/103
CENG-336 Introduction to Embedded Systems Development 79
EDF SchedulingEDF Scheduling
Earliest Deadline First (EDF)RMS assumes fixed prioritiesCan you do better with dynamically-chosen
priorities?
Earliest deadline first Processes with soonest deadline givenProcesses with soonest deadline given
highest priorityhighest priority
EDF M ti D dliEDF M ti D dli
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
80/103
CENG-336 Introduction to Embedded Systems Development 80
EDF Meeting a DeadlineEDF Meeting a Deadline
p1 = (10,20,20) p2 = (15,30,30) utilization is100%
11
22
P2 takes priority because itsP2 takes priority because itsdeadline is soonerdeadline is sooner
K EDF R ltK EDF R lt
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
81/103
CENG-336 Introduction to Embedded Systems Development 81
Key EDF ResultKey EDF Resultss
Earliest deadline first scheduling isoptimal If a dynamic priority schedule exists, EDF
will produce a feasible schedule
Earliest deadline first scheduling isefficientA dynamic priority schedule exists if and
only if utilization is no greater than 100%
P i it I iP i it I i
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
82/103
CENG-336 Introduction to Embedded Systems Development 82
Priority InversionPriority Inversion
RMS and EDF assume no process interactionRMS and EDF assume no process interaction Often a gross oversimplificationOften a gross oversimplification
Consider the following scenario:Consider the following scenario:
1
2
Process 2 begins running
Process 2 acquires lock on resource
Process 1 preempts Process 2Process 1 tries to acquire lock for resource
P i it I iP i it I i
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
83/103
CENG-336 Introduction to Embedded Systems Development 83
Priority InversionPriority Inversion
Lower-priority process effectivelyblocks a higher-priority one
Lower-priority processs ownership of
lock prevents higher-priority processfrom running
Nasty: makes high-priority process
runtime unpredictable
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
84/103
P i it I h itP i it I h it
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
85/103
CENG-336 Introduction to Embedded Systems Development 85
Priority InheritancePriority Inheritance Solution to priority inversion
Temporarily increase processs priority whenit acquires a lock
Level to increase: highest priority of any
process that might want to acquire same lock i.e., high enough to prevent it from being
preempted
Danger: Low-priority process acquires lock,gets high priority and hogs the processor So much for RMS
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
86/103
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
87/103
SummarySummary
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
88/103
CENG-336 Introduction to Embedded Systems Development 88
SummarySummary
Preemptive Priority-Based Multitasking Deadlines, not fairness, the goal of RTOSes
Rate-monotonic analysis/scheduling
Shorter periods get higher priorities Guaranteed at 69% utilization, may work higher
Earliest deadline first scheduling Dynamic priority scheme Optimal, guaranteed when utilization 100% or less
SummarySummary
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
89/103
CENG-336 Introduction to Embedded Systems Development 89
SummarySummary
Priority Inversion Low-priority process acquires lock, blocks
higher-priority process
Priority inheritance temporarily raisesprocess priority
Difficult to analyze
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
90/103
CENG-336 Introduction to Embedded Systems Development 90
Priority InversionPriority Inversion
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
91/103
CENG-336 Introduction to Embedded Systems Development 91
Priority InversionPriority Inversion
This can happen even in Preemptive kernels. Eg: 3 task with low, medium, high priority: Task 3 (low) runs while 1 and 2 wait for some event. At point 1, 3 acquires an exclusive lock on a
resource. At point 2, task 1 becomes ready and preempts task 3 At point 3, task 1 wants the resource but it is still locked by task 3; so task 1 waits and task 3
resumes At point 4, task 2 becomes ready and starts running, preempting task 3.
Task 2 runs until done, point 5 and task 3 resumes, not task 1 because the latter is still waiting forthe resource locked by task 3 Finally at point 6, task 3 releases the resource and task 1 acquires it and can run.
Effectively task 1 has been trapped at the level of task 3 until 3 releases the resource.
Task 1 (high)
Task 2 (medium)
Task 3 (low)
1 2 3 4 5 6
SolutionSolution
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
92/103
CENG-336 Introduction to Embedded Systems Development 92
SolutionSolution
In a kernel that supports priority inheritance, As soon as task 1 wants the resource (point 3) locked by task 3, task 3 is temporarily
promoted to task 1s priority so that it can continue running until it releases theresource (point 4)
Then, task 1 becomes ready because it can acquire the resource released by task 3. Task 1 releases the resource at point 5, but keeps running also task 2 is ready, because
it has the highest priority Finally at point 6, task 1 finishes and task 2 can run. Task 3, with the lowest priority,
waits. NB Task 2 could have become ready at point 2 or any after thereafter, with no
difference in outcome..
Task 1 (high)
Task 2 (medium)
Task 3 (low)
1 2 3 4 5 6
InterruptsInterrupts
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
93/103
CENG-336 Introduction to Embedded Systems Development 93
InterruptsInterrupts The kernel can always interrupt the currently running task
except when kernel or application has disabled interrupts (by means of asystem call) In effect, ISRs have super-high priority. They are prioritised among themselves and the ISR of a high-priority
interrupt can interrupt the ISR of a lower one. Software interrupts are triggered by software -- usually in other tasks
System calls
Hardware interrupts are raised by, eg, interrupt request (IRQ) lines --each is a bit in a CPU IRQ register. Setting bit n to 1 notifies the CPU thatInterrupt number n has occurred.
Each interrupt has a number. (low number -> high priority) which indexesinto the Interrupt Vector Table -- an array of addresses of (pointers to)ISRs
ISR must tell the kernel it is processing an interrupt
could be interrupted by a higher priority ISR: Interrupts can be nested)
tell the kernel is has finished processing an interrupt context switch or return to interrupted task
InterruptsInterrupts the stepsthe steps
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
94/103
CENG-336 Introduction to Embedded Systems Development 94
InterruptsInterrupts ---- the stepsthe steps A task is running; there is an interrupt requests
If kernel has interrupts disabled, nothing happened until interrupts are enabled
Then (or immediately) the kernel saves the task context looks up the ISR in the vector table The ISR runs
notifies kernel of ISR entry
processes -- possible signals another task notifies kernel of ISR exit
If no higher priority task has become ready The original interrupted tasks context is restored and the task resumes
If a higher-priority task has become ready The higher priority tasks context is restored and it resumes.
The time interval from the interrupt request until the ISR starts is the
interrupt response time. The time interval from the ISR exit to task resumption is the interrupt
recovery time. (10s of Qs)
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
95/103
Kernel ServicesKernel Services
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
96/103
CENG-336 Introduction to Embedded Systems Development 96
Kernel ServicesKernel Services The kernel provides services to task software
time delays for n ticks task is placed in list of delayed tasks where consumes little on no CPU
time. This list can also contain timeouts from other services.
semaphores
a mechanism for enforcing synchronisation and mutual exclusion see below
message mailboxes and queues see below
event flags pipes
memory management a real-time clock change of task priority deletion of a task etc
SemaphoresSemaphores
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
97/103
CENG-336 Introduction to Embedded Systems Development 97
SemaphoresSemaphores Invented by Edsger Dijkstra
A simple mechanism for mutual exclusion and conditionsynchronisation Simple synchronisaton protocols No need for busy-wait loops
A semaphore is a nonnegative integer variable only modifiable
(apart from initialisation) by two procedures wait and signal. Dijkstra called these P and V Let s denote the semaphore variable,
wait(s) {
if (s > 0)
decrement s by 1;else {
wait until s > 0
decrement s by 1;
}
}
signal(s) {
increment s by 1;
}
Semaphores for SyncSemaphores for Sync
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
98/103
CENG-336 Introduction to Embedded Systems Development 98
Semaphores for SyncSemaphores for Sync.. Using a semaphore to synchronise a tasks on a condition
task1 needs condition = true to proceed; task 2 is signalling process(see below)
Assume semaphore variable consyn initialised to 0 When task 1 executes wait on a 0 semaphore, it will be delayed until
task 2 executes the signal. This sets consyn to 1 and the wait cansucceed. Task 1 can continue and consyn will be decrmeneted to 0 If task 2 executes signal first, consyn will = 1 and the wait() will will
not delay task1. Task 1 could be a task requiring an exclusive lock on a resource;
task 2 could signal on releasing the resource.
task1 {
....
wait(consyn);
....
}
task2 {
...
signal(consyn);
....
}
ExclusionExclusion
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
99/103
CENG-336 Introduction to Embedded Systems Development 99
ExclusionExclusion Using a semaphore for mutual exclusion
Assume semaphore variable mutex set initially to 1. If the two tasks arer in contention they may execute their wait()
statements simultaneously; but wait is atomic. One task will complete wait() before the other
begins; So one will execute wait with mutex = 1 and so proceed to its critical
section and set mutex to 0. The other will wait(mutex) with mutex = 0
and have to wait for the other task to signal(mutex) which it will do onleaving its critical section.
More generally initially setting mutex to n will allow n simultaneousaccesses to critical section
task1 {
while (...) {
wait(mutex);/*critical section*/
signal(mutex);
/*non-critical sect*/
}
}
task2 {
while (...) {
wait(mutex);
/*critical section*/
signal(mutex);
/*non-critical sect*/
}
}
Message Queues & EventsMessage Queues & Events
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
100/103
CENG-336 Introduction to Embedded Systems Development 100
Message Queues & EventsMessage Queues & Events
We would like tasks to be able tocommunicate asynchronously Tasks to send and receive messages ISRs to send messages
Discipline normally FIFO
Events Tasks can be synchronised with occurrence of
multiple events Occurrence of an event will signal a list of tasks;the highest-priority task of these will me madeready to run.
ReferencesReferences
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
101/103
CENG-336 Introduction to Embedded Systems Development 101
ReferencesReferences
Alan Burns & Andy Wellings, Real Time Systems &Programming Languages: Addison-Wesley Has a good section of semaphores -- section 8.4 (p233 ff)
J J Labrosse, MicroC/OS-II: The Real Time Kernel:
CMP Books Much of this material is based on this book See also Labrosss papers
Inside Real-Time Kernels
Designing with Real-Time Kernels (Look with Google)
FlyFly--byby--wire Avionicswire Avionics
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
102/103
CENG-336 Introduction to Embedded Systems Development 102
FlyFly--byby--wire Avionicswire Avionics
Hard real-time system with multiratebehavior
INU1kHz
GPS20 Hz
Air data
1 kHz
Joystick500 Hz
Pitch control500 Hz
Lateral Control250 Hz
Throttle Control250 Hz
Aileron 1
1 kHz
Aileron 21 kHz
Elevator
1 kHz
Rudder1 kHz
gyros,accel.
GPS
Sensor
Stick
Aileron
Aileron
Elevator
Rudder
Sensors SignalConditioning
Control laws Actuating Actuators
-
8/8/2019 Week 10 RTOS Real Time Operating Systems v1.2
103/103