Abstract-This paper presents a general discrete-event system (DES)-based hard periodic real-time task model. Based on supervisory control theory (SCT), an optimal priority-free real-time scheduling technique is proposed to process all the tasks running in uniprocessor or multiprocessor real-time systems (RTS). The preemption relation in this paper generalizes priority-based preemption. First, regular languages are utilized to describe the processor behavior related to each task's execution. Thereafter, the languages are represented by DES generators. Finally, the global processor behavior is generated as the synchronous product of these DES generators. By discarding the priorities, a novel preemption policy, namely conditional-preemption, is developed. Two sets of conditional-preemption specifications are developed, on the processor level and task level, respectively. Moreover, in order to control the system to be nonblocking and also limit the worst-case response time of the tasks, two corresponding sets of specifications are presented. After generating the global specification as the synchronous product, by implementing SCT the calculated supervisor can provide all the safe real-time execution sequences. The supervisor calculation can be sped up by a threestep algorithm. Finally, the real-time scheduling is implemented for real-world examples.
I. INTRODUCTION

I
N PAST decades, most of the existing real-time scheduling algorithms are based on dynamic or fixed priorities [1] - [12] . The study in [7] shows that, with the tasks' periods equal to their deadlines, the preemptive earliest deadline first (EDF) scheduling algorithm is optimal. For uniprocessor real-time system (RTS) scheduling, a timed discrete-event system (TDES)-based task model referred to as the Chen-Wonham (CW) model, is proposed in [13] . Based on supervisory control theory (SCT) [14] - [16] , for nonpreemptive scheduling, a supervisor [17] - [19] that contains all the safe execution sequences is found. In these sequences, all the possible EDF and fixed-priority (FP) sequences are included. Users can choose any sequence to schedule the RTS.
Compared with non-preemptive scheduling, preemptability can provide more flexibility to real-time scheduling. In fully preemptive systems, at any time, the execution of a running task can be interrupted by tasks with higher priorities, and it continues when all tasks with higher priorities have completed [20] .
However, for the real-time scheduling in a processor, both preemptive and non-preemptive scheduling policies are too conservative. Generally, users may customize specific preemption plans that are neither preemptive nor non-preemptive. Recently, several studies are devoted to different preemption policies; these can be divided into two categories.
1) Priority-Based: Preemption threshold scheduling (PTS) [21] , [22] , under FP scheduling, allows a task to disable preemption up to a specified priority level. Each task is assigned a fixed priority and a preemption threshold, and only tasks with priorities higher than the threshold of the running task can preempt its execution.
2) Task-Based:
Deferred preemption scheduling (DPS) [23] , under EDF scheduling, assigns each task a maximum interval that is free from preemption. The two preemption policies are considered as the tradeoff between preemptive and non-preemptive real-time scheduling. They can significantly improve the EDF and FP real-time scheduling algorithms, respectively. However, both policies are still limited by priorities. In fact, for some real-time scheduling requirements, priorities cannot be assigned to real-time tasks. Moreover, to the best of our knowledge, no existing work can combine the two latter policies together into a real-time scheduling strategy and find all the safe execution sequences. For example, under FP or EDF scheduling, an RTS cannot be scheduled by satisfying PTS and DPS simultaneously.
In this paper, a discrete-event system (DES) real-time task model is presented to schedule the real-time tasks running in uniprocessor or multiprocessor systems. The preemption relation in this paper generalizes priority-based preemption. Regular languages are utilized to describe the processor 2168-2216 c 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
behavior related to the execution and preemption of each task. Each language can be represented by a DES generator. The synchronous product [14] of these DES generators can integrate the models of the tasks running in a processor into a complex generator to represent the global processor behavior. For each processor, without considering the priorities, this present study extends the PTS and DPS scheduling policies to two general conditional-preemption specifications. They are utilized to customize scheduling and preemption requirements conditionally, such as FP, PTS, DPS, preemptive scheduling, and non-preemptive scheduling. Moreover, the worst-case response time (WCRT) of a task can also be restricted by a specification. Thereafter, similar to the work in [13] , all the safe execution sequences generated by the synchronized specifications with respect to the tasks running in each processor can be calculated off-line by SCT. Users can choose any sequence to schedule the processor. The real-time scheduling with conditional-preemption is applied to the real-world uniprocessor or multiprocessor systems. The rest of this paper is organized as follows. Section II presents the terminology used throughout this paper. The system model and motivation are described in Section III. The priority-free real-time scheduling with conditionalpreemption principles is defined in Section IV. The DES model for the periodic tasks and the RTS are proposed in Section V. The specifications are formalized and established in Section VI. For application to real-world systems, Section VII reports methodologies for the real-time scheduling with conditional-preemption. Further relevant issues are discussed in Section VIII. Finally, Section IX states the conclusions.
II. CONCEPTS AND TERMINOLOGY
A DES plant is a generator
where Q is the finite state set; is the finite event set (alphabet), partitioned into the controllable event subset c and the uncontrollable event subset u ; δ : Q × → Q is the partial state transition function; q 0 is the initial state; Q m ⊆ Q is the subset of marker states. In accordance with [14] , + denotes the set of all finite sequences of symbols in . By adjoining the empty string , the set of strings over the alphabet is written as * , i.e., * = + ∪{ }. Function δ can be extended to δ : Q× * → Q. We write δ(q, s)! to mean that δ(q, s) is defined, where state q ∈ Q and string s ∈ * . The length |s| of a string s ∈ * is defined as
The closed behavior of G is represented by
Synchronous product [14] is a standard way to combine a finite set of DES into a single and more complex one. Suppose that we have n languages corresponding to n DES, L i ⊆ * i with = i∈n i , n := {1, 2, . . . , n}. The natural projection
Suppose that the specification language is represented by E ⊆ * . Let C(E) be the family of sublanguages of E that are controllable with respect to G. C(E) is nonempty and is closed under arbitrary unions. The (unique) supremal element within C(E), denoted by supC(E), always exists.
Suppose that a DES model is nonempty. Under supervisory control, all the uncontrollable events are automatically enabled. After adjoining a particular subset of the controllable events to be enabled, a set of all control patterns is defined as
Let K ⊆ L(G) be nonempty and closed. There exists a supervisory control V for G such that L(V/G) = K iff K is controllable with respect to G; this is referred to as a nonblocking supervisory control (NSC). Generally, if marking is also considered, then we select a sublanguage M ⊆ L m (G). A marking NSC (MNSC) with respect to G exists, which is a map V : L(G) → with the behavior
III. SYSTEM MODEL AND MOTIVATION
In the literature of real-time scheduling, the existing preemption algorithms are defined based on (dynamic or fixed) priorities, which means that when several tasks are simultaneously eligible to be processed, only a task with the highest priority is permitted to enter the processor. In order to relax this constraint and provide all the tasks an equal chance to be processed, an optimal policy, named priority-free scheduling policy, is presented. This policy allows users to define conditional-preemption requirements freely without assigning task priorities.
A. System Model
Suppose that an RTS S processes a set of independent synchronous/asynchronous periodic tasks, i.e., S = {τ 1 , τ 2 , . . . , τ n }. For i ∈ n, task τ i ∈ S is in the form of a four-tuple 
Suppose that an RTS S is a uniprocessor system; and the
suppose that an RTS S is a multiprocessor system that possesses a processor set that consists of s processors, i.e., = { 1 , 2 , . . . , s }. The processor utilization of j is the sum of the processor utilization of all the tasks running in it, i.e., U j = i U i , τ i ∈ j . In both uniprocessor and multiprocessor systems, a processor is not schedulable in case that there is overload [1] . The present study allows a task to enter any processor randomly. However, once a task enters a processor, it cannot be shifted to another. In a processor, realtime scheduling policies can be divided into the following two categories. 1) Preemptive: A running task can be interrupted by the execution of other released tasks. 2) Non-Preemptive: The execution of a running task cannot be interrupted.
B. Motivation
For some real-world preemption policies, the tasks running in a processor cannot be assigned with priorities. Next we present a motivating example.
Suppose that a uniprocessor RTS S executes four tasks τ 1 , τ 2 , τ 3 , and τ 4 . Their parameters are shown in Table I . We assume that the execution of τ 1 can be preempted only by τ 2 , τ 2 only by τ 4 , and τ 4 only by τ 1 , respectively; moreover, τ 3 cannot be preempted. No priorities can be assigned to these tasks. In this case, the EDF, FP, and PTS algorithms cannot be utilized to schedule this RTS. In order to solve such problems, we discard the priorities and refer to the real-time scheduling as priority-free.
Based on the priority-free real-time scheduling, conditionalpreemption is presented in this paper. By a preemption matrix that will be defined later, users can define any preemption relation among all the tasks running in the same processor. WCET-based conditional-preemption specification is presented in this paper. Users can use it to designate how long after its execution is started, and a task can be preempted by other tasks. Moreover, the WCRT of a task can also be restricted by a specification. Finally, all the safe execution sequences generated by the synchronized specifications with respect to the tasks running in each processor can be calculated off-line by SCT. Users can choose any sequence to schedule the processor.
IV. PRIORITY-FREE HARD RTS WITH PERIODIC TASKS
Since both uniprocessor and multiprocessor RTS are considered, theoretical analysis in this section is based on processors instead of RTS.
A. Priority-Free Real-Time Scheduling
Definition 1 (Priority-Free): A scheduling policy is said to be priority-free if all the released tasks in a processor can be processed in any order.
From the perspective of an individual task τ i , in each hyperperiod [24] , all the processor time units are partitioned as follows.
1) Busy Time: The processor is occupied by other tasks, and thus τ i cannot be executed. 2) Running Time: τ i is in process. not arrived yet. These processor time units can be idle or utilized to execute other tasks. A priority-free scheduling policy can be utilized to schedule all the periodic tasks randomly, i.e., the busy time and the preemption time of each task can be occupied by other tasks. Moreover, in accordance with traditional real-time scheduling, a task is not allowed to be interrupted if the system would thereby be left idle. In this case, the free time is also allowed to be left idle only when no task in process.
Example 1: For τ 2 shown in Table I , a possible conditionally-preemptive real-time scheduling is illustrated in Fig. 1 . By allowing preemption of other tasks, the first nine processor time units are partitioned as follows.
1) Busy Time: Time interval [3, 4] . 2) Running Time: Time intervals [4, 6] and [7, 8] .
3) Preemption Time: Time interval [6, 7] . 4) Free Time: Time intervals [0, 3] and [8, 9] . The time intervals [0, 4] , [6, 7] , and [8, 9] can be occupied by other tasks running in the same processor. Moreover, only time intervals [0, 3] and [8, 9] could alternatively be idle.
B. Conditional-Preemption
From the perspective of processor and individual tasks, two sets of general policies are presented, respectively. They apply to any specific conditional-preemption plan.
1) Matrix-Based Conditional-Preemption: In this paper, the priority-based preemption policy is extended to a general matrix-based policy. From the perspective of each processor, its preemption matrix is defined to describe the preemption relations among the tasks running in it.
Definition 2 (Preemption Matrix): An n×n matrix P is said to be a preemption matrix if P i,j = 1 (respectively, P i,j = 0) represents that a task τ i is allowed (respectively, not allowed) to be preempted by τ j .
Proposition 1: Preemption matrix P can provide up to 2 n 2 −n conditionally-preemptive real-time scheduling plans.
Proof: Since τ i cannot be preempted by itself, we have P i,i = 0 for all i ∈ n. If i = j, P i,j can be either 0 or 1. Since there are n 2 − n * 's in an n × n matrix P, P can provide up to 2 n 2 −n scheduling plans.
Example 2: Suppose that a processor executes all the tasks shown in Table I . Its preemption matrix P is in the form
where * , either 0 or 1, can be predefined by users. According to preemptive real-time scheduling, each task can be preempted by other tasks. Thus, all the * 's in P are replaced by 1, as shown in P 1 . In contrast, according to nonpreemptive real-time scheduling, no task can be preempted by other tasks. Thus, all the * 's in P are replaced by 0, as shown in P 2 .
Matrix P 3 describes that: 1) τ 1 can be preempted by τ 2 , τ 3 , and τ 4 ; 2) τ 2 can be preempted by τ 3 and τ 4 ; 3) τ 3 can be preempted by τ 4 . This is in accordance with the FP real-time scheduling by assigning priorities to tasks τ 1 , τ 2 , τ 3 , and τ 4 in an ascending order. Similarly, we can assign priorities to tasks τ 1 , τ 2 , τ 3 , and τ 4 in a descending order, as shown in P 4 .
By applying PTS to assign preemption threshold to each task, P 3 can be revised to be P 5 as an example. The preemption matrix for the motivating example is P 6 
Definition 3 (Matrix-Based Conditional-Preemption):
A preemption policy is said to be matrix-based conditionallypreemptive if it can be represented by a preemption matrix.
2) WCET-Based Conditional-Preemption: In this paper, the task-based preemption policy is extended to a general policy named WCET-based conditional-preemption. The execution of task τ i takes C i time units. From the perspective of an individual task, between any two adjacent processor time units the execution of τ i can be preempted by a subset of other tasks. With respect to task τ i , any two such subsets can be different from each other. Evidently, DPS studied in [23] can be considered as an application of the presented conditional-preemption policy.
In case that WCET-based conditional-preemption relations do not exist, the preemption relations defined in the matrix are applied to the real-time scheduling throughout the execution. Otherwise, the real-time scheduling should take both the WCET-based conditional-preemption and matrix-based conditional-preemption into account simultaneously.
Example 3: According to P 1 in the last example, τ 2 can be preempted by τ 1 , τ 3 , and τ 4 , which represents that the execution of τ 2 can be interrupted by τ 1 , τ 3 , or τ 4 immediately upon their arrival. As shown in Table I , we have C 2 = 3, i.e., the execution of τ 2 takes three time units. Thus, we can define two different WCET-based conditional-preemption plans for the execution of τ 2 , such as: 1) between the first two time units, only τ 1 and τ 3 can interrupt the execution of τ 2 and 2) between the last two time units, only τ 1 and τ 4 can interrupt the execution of τ 2 .
V. DES MODEL FOR REAL-TIME SYSTEMS
In this paper, regular languages are utilized to describe the processor behavior related to the periodic real-time tasks' execution. Thereafter, each language will be followed by a DES generator representation. Finally, the synchronized language, represented by a more complex DES generator, is utilized to describe the global processor real-time scheduling behavior. In a synchronized DES generator, all the enabled events can occur without considering their priorities. Thus, if two or more events are eligible simultaneously, their synchronous product allows them to occur in any order. Since synchronous product can provide all the possible sequences that are not related to priorities, conditional-preemption is possible.
Example 4: Suppose that we have three DES generators G a , G b , and G c . As depicted in Fig. 2 , their alphabets are Fig. 3(a) [respectively, Fig. 3(b) ], which has all the 4 (respectively, 6) paths, in which σ i can occur in any random sequence.
A. DES Model for Periodic Tasks
For any task τ i ∈ S arriving periodically, its execution is represented by a DES generator
that describes all possible executions and random preemptions of task τ i .
1) Regular Language Representation:
The alphabet (event labels), written as i to describe the behavior of G i , is the disjoint union of oi and e , i.e., i = oi∪ e , with oi ∩ e = ∅, oi = {γ i , α i , β i }, and e = {c 1 , c 2 , . . . , c i , . . . , c n , t}, where 1) oi is the operation event set of task τ i , with: a) γ i : release event; b) α i : the execution of τ i is started; c) β i : the execution of τ i is completed; 2) e is the execution event set, with: a) (i ∈ n) c i : τ i is running in the processor; b) t: no task is running in the processor, i.e., the corresponding processor time unit is idle. For any σ ∈ e , the occurrence of σ takes a single processor time unit. The marked language L m (G i ) describes all the possible execution sequences of task τ i 's execution within a period T i . We have
This expression contains two parts. 1) L R i : The processor behavior before task τ i is released.
2) L T i :
The processor behavior within a period T i between the occurrence of two adjacent γ i 's. The event occurrences within s r ∈ L R i take R i time units in total, i.e.,
If τ i is a synchronous task, then L R i is empty. Otherwise, the set of strings S 1 ⊆ ( e − {c i }) * represents the possible system behavior. Sublanguage L R i represents the processor could be idle or taken by other tasks during the time earlier than the occurrence of γ i . For any σ ∈ i , let #σ (s r ) represent the number of occurrences of σ in a string s r . We have
In a period T i , events α i and β i must occur only once. Since their occurrences are instantaneous (taking no time), and the events occurring within s ∈ L T i take T i time units in total, the length of every string in a period equals T i + 2. Formally
For any s ∈ L T i representing the complete execution of task
In a period T i , i.e., in L T i , the processor runs T i processor time units that are occupied by all the execution events. Formally, s satisfies
Any string s ∈ γ i L T i contains a substring s = γ i s e β i , in which s e represents the system behavior since the arrival of τ i until its execution is completed. Thus the response time of task τ i is the processor time spent between the occurrences of γ i and β i . Since the occurrence of α i is instantaneous, the response time of τ i in s is
The set of strings, S 1 ⊆ ( e − {t, c i }) * , occurring earlier than α i is utilized to represent the busy time. Moreover, the preemption time, occurring between α i and β i randomly, is represented by a set of strings S 2 ⊆ ( e − {t, c i }) * . Furthermore, a set of strings S 3 ⊆ ( e − {c i }) * that occur later than β i , is utilized to represent the free time. Consequently, for any s ∈ L T i , s is structurally represented by
with s 1 ∈ S 1 , s 2 ∈ S 2 , and s 3 ∈ S 3 . The strings in ( e −{t, c i }) * represent the system behavior corresponding to the random preemption by other tasks. String s 2 occurs between α i and c i or any two adjacent c i 's and represents that the execution of τ i can be preempted at any time. After the occurrence of the last c i , β i occurs immediately to not delay the response time.
Strings in ( e − {c i }) * represent the system behavior in the free time. These processor time units can be idle, or utilized to execute other tasks. In order to satisfy the hard deadline D i , all the c i 's must occur before β i . Thus, before the occurrence of β i , the preemption time cannot be longer than D i − C i . Formally, strings s 1 and s 2 in (9) form sublanguages S 1 and S 2 that also satisfy (10) and (11) as follows:
By (7), the free time cannot be longer than T i − C i . Formally, sublanguage S 3 in (9) must also satisfy
Example 5: The closed and marked languages to describe the processor behavior to execute task τ 1 are
and with s 1 ∈ S 1 , s 2 ∈ S 2 , and s 3 ∈ S 3 as follows.
So far, the regular language description of processor behavior related to each task's execution is well defined. The next step is to utilize an appropriate DES model to represent the regular language satisfying (1)- (12) simultaneously.
2) DES Generator Representation: The DES generator for task τ i is represented by
where 1) Q i is the finite state set; 2) i is the alphabet with i = oi∪ e , which can also be partitioned into i = ci∪ ui , with:
is the (partial) transition function; 4) q 0i is the initial state; 5) Q mi is the subset of marker states. The controllability of α i (resp. i ∈ n, c i ) endows the uniprocessor with the authority to choose and execute (resp. interrupt) any task among all the released ones. Disabling the controllable event α i is utilized to delay the execution of task τ i for the purpose of preventing blocking. The general DES model for real-time periodic tasks is presented in Fig. 4 . The subscript of each state's name consists of two parts. All the states and transitions are defined as follows.
1) States y 0i,0 , y 0i,1 , . . . , y 0i,R i −1 form the state set before the task releases for the first time. 2) State y 0i,R i : τ i releases.
3) For the other states except y 0i,_ , the first subscript is the past processor time unit after the arrival of task τ i in the current period, and the second is the corresponding operation related to τ i or the number of processor time units already utilized to process τ i . These states are defined as follows.
processor time units after the release of τ i , k time units have been utilized to process
f) The states with outgoing arrows are the marker states Q m . 4) The state with a double arrow is the initial and marker state y 0i,0 . 5) c i (respectively, c j ) represents the execution of τ i (respectively, τ j ∈ S, j = i). 6) The function δ i satisfies:
the execution of τ i is started;
occurrence of β i , the processor time units are idle; i) δ(y T i −1,β i , t) = y 0i : the last processor time unit in T i is idle. Example 6: The DES model G 2 corresponding to tasks τ 2 is depicted in Fig. 5 . Since R 2 = 3, event γ 2 occurs at the end of the third processor time unit. After each period of τ 2 is finished, γ 2 occurs immediately to repeat the process.
B. DES Task Model Creation in TCT
The software package TCT 1 is a tool utilized to create the DES generator related to each task. Thereafter, the DES model for RTS is established as the synchronous product [13] of the generated DES models. Further operations to edit the models and/or compute the supervisor can also be executed in TCT. The procedures utilized in this paper are summarized in Appendix A. All the operations in TCT and the names of the generated files are recorded in an annotated file MAKEIT.TXT. In TCT, G 1 , G 2 , G 3 , and G 4 are named as TASK1, TASK2, TASK3, and TASK4, respectively. As an example, TASK2 is reported in Appendix B. Furthermore, for i ∈ n, events γ i , α i , and β i are renamed i0, i1, and i2, respectively. Events c i and t are represented by i9 and 0, respectively. The system behavior corresponding to each processor is calculated by synchronous product. Suppose that we have an RTS S that possesses only one processor; three examples are discussed below. There is a blocked event 0 (t) in SYS3 (S 3 ), which represents that in the real-time scheduling, there is no idle time unit. This means that the processor utilization of S 3 is U 3 ≥ 1. According to the study in [3] , S 3 is nonschedulable if U 3 > 1. By calculating the processor utilization of S 3 , we obtain U 3 = 3/9+3/6+1/5+2/14 > 1. Thus, S 3 is nonschedulable. In the modeling phase, "bad decisions" made by synchronous product may block the priority-free conditionally-preemptive real-time scheduling. As a solution, in the rest of this paper, SCT is utilized to supervise the RTS to be nonblocking.
VI. SPECIFICATIONS FOR OPTIMAL PRIORITY-FREE
CONDITIONALLY-PREEMPTIVE REAL-TIME SCHEDULING
In accordance with [14] , all possible behaviors in a processor are generated by a DES, called the plant. A processor under control is a subset of the generated languages with respect to certain constraints that are contained in some specification languages. In order to schedule the processor to be nonblocking and conditionally-preemptive, we shall impose the synchronous product of proper specifications on the behavior of the processor. For each task running in a processor, four types of specifications are defined.
1) Nonblocking Specifications: Nonblocking preemptive scheduling of real-time tasks.
2) Matrix-Based Conditional-Preemption Specifications:
The preemption relation among all the tasks.
3) WCET-Based Conditional-Preemption Specifications:
During the execution of each task, the exact preemption plan between two adjacent time units.
4) WCRT-Based Conditional-Preemption Specifications:
The WCRT in all the periods. 
A. Nonblocking Specifications
In order to control the RTS to be nonblocking, the specification S N i for τ i should allow the occurrence of any s ∈ * i , i.e., L(S N i ) = * i . The procedure allevents can be utilized to generate a DES representing * i . As shown in Fig. 6 , the nonblocking specification for task τ i is a generator with only one state at which all σ ∈ i are enabled.
B. Matrix-Based Conditional-Preemption Specifications
In a processor, all the possible preemptions that may occur during the execution of τ i are defined in the ith row of the preemption matrix P. More precisely, task τ i can be preempted by τ j in case P i,j = 1. The preemption occurs between the occurrences of α i and β i . Thus, a specification S P i is defined for each task τ i with a generator
. where 1) Q P i : the state set that contains two states: a) y 0 : τ i is not in process; b) y 1 : τ i is in process; 2) P i = i∈n i : the set of all the events appearing in the processor; 3) δ P i : the (partial) transition function: a) δ P i (y 0 , σ ) = y 0 , σ ∈ e − {c i }: τ i is not in process, and the time unit can be taken by other tasks or idle;
the execution of τ i is started; e) δ P i (y 1 , β i ) = y 0 : the execution of τ i is completed; 4) Q P mi = {q P 0i } = {y 0 }: is the initial and marker state. The DES model of specification S P i for τ i is illustrated in Fig. 7 , where c j represents the execution of task τ j that is allowed to preempt the execution of τ i .
C. WCET-Based Conditional-Preemption Specifications
In this section, we define the exact preemption plans between two adjacent time units (c i 's) of task τ i . A specification S C i is defined for each task τ i with a generator 2) C i = i∈n i : the set of all the events appearing in the processor; 3) δ C i : the (partial) transition function:
is not in process; and the time unit can be occupied by other tasks or idle;
i } is the initial and marker state. The DES model of specification S C i for τ i is shown in Fig. 8 .
D. WCRT-Based Conditional-Preemption Specifications
The preemption of real-time execution increases the response time of task τ i . In order to constrain the execution time of task τ i to be no longer than a value WCRT W i , i.e., in a period T i , the execution between γ i and β i is limited to be not greater than W i time units. A specification S W i is defined for each task τ i with a generator Theorem 1 [14] :
E. Specification Creation in TCT
The corresponding TCT operations to create specifications are listed in Appendix C. In TCT, SN1, SN2, SN3, and SN4 are the nonblocking specifications S N 1 , S N 2 , S N 3 , and S N 4 , respectively. SP1 (resp. SP2) is the non-preemptive specification S P 1 (resp. S P 2 ) for task τ 1 (resp. τ 2 ). The matrix-based conditional-preemptions are created for the PTS example (P 5 ) and motivating example (P 6 ). 
VII. SUPERVISOR SYNTHESIS
So far, the priority-free scheduling policy with conditionalpreemption can be described in regular languages that can be represented by DES. It is well known that SCT can be used to find the supremal controllers that provide the minimally restricted controller of the systems. TCT is based on SCT, a well-recognized theory in DES modeling and control. By utilizing the procedure sync in TCT, all the specifications can be integrated into a unique one. The procedure supcon in TCT finds all the safe execution sequences within an RTS satisfying the synchronized specification. An off-line technique is developed in Algorithm 1 to achieve this goal. Users need not be concerned with the mathematical calculations; and by utilizing TCT, all the safe execution sequences can be provided in the supervisor. Each sequence can be utilized by users to schedule the RTS. All the EDF, FP, and other sequences can be found in the supervisor (Super).
By comparison, under EDF real-time scheduling the tasks with the earliest deadlines are assigned with the highest priority. Moreover, EDF scheduling chooses only one task among them to execute without considering other possibilities. Other released tasks have no chance to be executed by the processor.
A. Example 1
In this paper, as illustrated in Fig. 10 , an example motor network similar to the one studied in [13] is considered as an RTS. Suppose that four electric motors are controlled by a uniprocessor. Their deadlines and periods are represented by D and T, respectively. These parameters coincide with those of the tasks in the previous examples as follows. 4 . The work plans of the motor network also coincide with the RTS models presented in Section V. Since R 2 = 3, Motor 2 will be ready three ms later than other tasks. We take the three work plans of S, i.e., S 1 , S 2 , and S 3 , to find all the safe execution sequences under priority-free conditionally-preemptive scheduling.
B. Supervisory Control of S 1
Since τ 1 , τ 2 ∈ S 1 , we only consider the specifications corresponding to tasks τ 1 and τ 2 . The scheduling corresponding to P 1 is preemptive. Thus, we only need to control the RTS to be nonblocking. Denote this specification by PS1. According to Algorithm 1, in TCT, it is calculated by PS1 = sync (SN1, SN2) (1, 11).
All the safe preemptive execution sequences are calculated by the procedure supcon, that is PSUP1 = supcon (SYS1, PS1) (71, 98).
The other marker states except the initial state in PSUP1 represent that the corresponding task is ready to be released, which is redundant information for the users. Thus they are unmarked as follows: 71, 98) . The safe execution sequence set in PSUP1 is represented by a DES with 84 states and 130 transitions. By projecting out all events but α i , that is PMPSUP1 = project (PSUP1, Image [11, 21] ) (6, 7) we obtain the preemptive release map of S 1 in the trimmed version of PMPSUP1 as follows: PMPSUP1 = trim (PMPSUP1) (6, 7).
All the safe release sequences are shown in Fig. 11 . In PSUP1, by projecting out all events but c i , that is PJPSUP1 = project (PSUP1, Image [19, 29] ) (24, 33) in the trimmed version below PJPSUP1 = trim (PJPSUP1) (24, 33) we obtain the preemptive scheduling map of S 1 , as shown in Fig. 12(a) , that contains all the safe execution sequences of c 1 and c 2 . The computed supervisor is shown in Table II , in which RM and SM represent the release map and the scheduling map, respectively. The numbers of the states and transitions are recorded in the form (number of states, number of transitions). By Algorithm 1, several other examples by considering different specifications are also listed in Table II . All the release maps are isomorphic with the release map depicted in Fig. 11 . Moreover, all the scheduling maps are depicted in Fig. 12 . This means that, based on a supremal release map, according to different preemption plans, the priority-free conditionallypreemptive scheduling policy can provide different results. To the best of our knowledge, no other scheduling algorithms can schedule an RTS by considering P 3 and SC1 simultaneously. For comparison, the preemptive EDF scheduling result of S 1 by Singhoff et al. [25] is depicted in Fig. 13 , which can also be found in Fig. 12(a) . The execution sequence in Fig. 13 seems like a non-preemptive scheduling sequence. Evidently, none of the exact preemptive scheduling sequences in Fig. 12(a) can be generated by EDF. In case that at the ninth time unit in Fig. 13 , τ 2 (with the earliest deadline) cannot arrive on time, and then according to the multiple sequences, users can choose another available sequence shown in Fig. 12(a) to schedule task τ 1 first. Thus, recalculating the scheduling sequences is unnecessary. However, at the ninth time unit, there is no EDF sequence to execute τ 1 first. If τ 2 cannot arrive on time, the EDF scheduling cannot schedule S 1 successfully. The supervisory control technique provides a larger number of safe execution sequences as compared with EDF scheduling. The WCRT of τ 1 in the scheduling sequence shown in Fig. 13 is W 1 = 6. By comparison, in the scheduling map shown in Fig. 12(a) , when tasks τ 1 and τ 2 are released simultaneously, one can preempt another randomly. In all these sequences, we have W 1 ≤ 6. Since τ 1 , τ 2 , τ 4 ∈ S 1 , we only consider the specifications corresponding to tasks τ 1 , τ 2 , and τ 4 . According to Algorithm 1, several supervisors are calculated and listed in Table III For comparison, the PTS scheduling result of S 2 is depicted in Fig. 16 , and it can also be found in Fig. 15(a) . Evidently, SCT provides a greater number of safe execution sequences as compared with PTS scheduling. The WCRT of τ 4 in the scheduling sequence shown in Fig. 16 is W 4 = 2. In comparison, in all the sequences shown in Fig. 15(a) , the WCRT of τ 4 varies from two to eight. This means that the WCRT in the conditional-preemption scheduling may increase. In this case, by also considering SR4 as a specification, we obtain a supervisor with 83 states and 118 transitions. The corresponding release map is isomorphic with the one shown in Fig. 14 . Two scheduling sequences are depicted in Fig. 17 ; they form a subset of the safe executions shown in Fig. 15(a) . The sequence in Fig. 16 can be found in Fig. 17 .
D. Example 2
Suppose that we have another motor network, denoted by S 4 that executes the five tasks listed in Table IV . Suppose that in a uniprocessor system, the preemption matrix takes the following form:
0 * * * * * 0 * * * * * 0 * * * * * 0 * * * * * 0
which can provide 2 20 matrix-based conditionally-preemptive real-time scheduling plans. It is unnecessary to calculate all the scheduling plans simultaneously. However, each of them can be represented by specifications and the corresponding supervisors can be calculated by SCT. 
1) Uniprocessor System:
In a uniprocessor system, the RTS processing these tasks is represented by a DES generator with 15572 states and 31333 events. Instead of calculating the supervisors of all the 2 20 plans, we arbitrarily choose the following eight plans to calculate the corresponding supervisors. The corresponding supremal supervisors, release maps, and scheduling maps are recorded in Table V . The numbers of the states in the release maps of each scheduling plan are close to each other. However, the scheduling maps differ greatly. The preemption matrix P 1 (respectively, P 8 ) represents that the RTS is under the preemptive (respectively, non-preemptive) real-time scheduling; and the supervisor provides the most flexible (respectively, restricted) behaviors. The preemption matrix P 2 indicates that the real-time scheduling plan is that the execution of τ 3 cannot be preempted by any other task. The preemption matrix P 3 represents that the execution of τ 1 can be preempted by τ 2 , τ 2 by τ 3 , τ 3 by τ 4 , τ 4 by τ 5 , and τ 5 by τ 1 , respectively. Importantly, the release maps for P 4 , P 5 , P 6 , and P 7 , are isomorphic with that for P 1 . However, the scheduling maps differ substantially from one another. The reason is that P 4 , P 5 , P 6 , and P 7 show that the execution of τ 1 can only be preempted by τ 2 , τ 3 , τ 4 , and τ 5 , respectively.
2) Multiprocessor System: Suppose that the tasks are running in an RTS that possesses two processors and their corresponding preemption matrices are identical. We need to calculate the processor behavior based on each processor individually. Suppose that tasks τ 1 and τ 2 are running in processor Fig. 18 . Manufacturing cell.
1 , and τ 3 and τ 4 are running in processor 2 . Task τ 5 is a newly arrived task and is allowed to enter any processor. By applying preemption matrix P 4 to both 1 and 2 , the corresponding supremal supervisors, release maps, and scheduling maps are recorded in Table VI . If task τ 5 enters 1 (respectively, 2 ), the corresponding new system behavior is represented by 1 (respectively, 2 ).
E. Example 3
Consider a manufacturing cell as an example. As shown in Fig. 18 , a robot R is utilized to transport two types of workpieces, W1 and W2, to a conveyor. Two pieces of W1 (respectively, W2) are released to the input buffer B 1 (respectively, B 2 ) simultaneously in every six (respectively, three) seconds. The robot R has capacity one; and transporting each piece takes one second. Thus, we define two tasks τ 1 = (0, 2, 6, 6) (respectively, τ 2 = (0, 2, 3, 3) ) to represent the transportion of the two pieces of W1 (respectively, W2) by R, respectively. Consequently, we have a system S = {τ 1 , τ 2 }.
Suppose that the preemption matrix with respect to S is
The scheduling can be considered as an FP scheduling, i.e., task τ 1 cannot be preempted by τ 2 ; and τ 2 is allowed to be preempted by τ 1 . In other words, the robot must transport the two W1's in two adjacent seconds, but it is not necessary for transporting W2. By utilizing SCT, the supervisor calculated by supcon is represented by a DES with 21 states and 27 transitions. As shown in Fig. 19 , the release (respectively, scheduling) map is represented by a generator with three (respectively, six) states and three (respectively, six) transitions. As shown in Fig. 19(b) , no preemption scheduling sequences are found. This requires that the robot R should transport the workpieces in the following order periodically:
W2, W2, W1, W1, W2, W2.
Suppose that the preemption matrix is
i.e., the real-time scheduling is preemptive. This means that the robot can transport W1 and W2 in any order. By using SCT to calculate the supervisor, it is represented by a DES with 37 states and 55 transitions. As shown in Fig. 20 , the release map (respectively, scheduling map) is represented by a generator with four (respectively, ten) states and five (respectively, 14) transitions. The scheduling map in Fig. 20 (b) provides nine safe execution sequences. If we also require that, based on P 2 , the WCRT of task τ 1 be W 1 = 5, i.e., the two W1's must be transported in the first five seconds after their release, then we obtain a supervisor that is represented by a DES with 63 states and 91 transitions. The release map is isomorphic with the map depicted in Fig. 20(a) ; and the scheduling map is visualized in Fig. 21 .
VIII. DISCUSSION
A. Computational Complexity and Calculation Speed Up
The real-time scheduling is based on the computation of the supremal controllable sublanguage with respect to a finite DES. According to [13] and [26] , the computation of the supremal controllable sublanguage with respect to a finite DES can be completed in polynomial time. Similar to [13] , the computational complexity of the presented method in this paper is characterized by: 1) the modeling of a processor time unit as a distinct event in the DES framework and 2) the exponential growth in the number of states when synchronous product is utilized to combine individual tasks into the plant. The computational complexity of the supremal sublanguage of a specification is O(m 2 n 2 ), where m and n are the sizes of the final state set of the plant G and the specification S, respectively. Similar to [13] , this remains a challenge in "scaling up" the proposed method for the real-time scheduling based on SCT. In the worst case, the synchronous product of two DESs, with x and y states, respectively, results in a more complex system with x·y states. A method to speed up the calculation is to reduce the number of states in the plant and specification. In order to achieve this goal, we divide the calculations into three steps. Each step considers different specifications as follows. 1)
Step 1: Nonblocking and matrix-based conditionalpreemption specifications.
2)
Step 2: Nonblocking and WCET-based conditionalpreemption specifications.
3)
Step 3: Nonblocking and WCRT-based conditionalpreemption specifications. As the commutative diagram shown in Fig. 22 , Algorithm 1 is revised to be Algorithm 2, in which NS, PS, CS, and RS represent nonblocking specifications, matrix-based conditionalpreemption specifications, WCET-based conditionalpreemption specifications, and WCRT-based conditionalpreemption specifications, respectively.
For example, the scheduling of S 1 based on P 3 and SC1 can be calculated in the first two steps as listed in Table VII . Moreover, if we require that the WCRT of task τ 1 be W 1 = 4, only one such sequence exists, which is shown in Fig. 23 . Accordingly, S 1 can be scheduled in order τ 1 τ 2 τ 1 τ 2 τ 2 .
B. Comparison With the CW Model
In [13] , a TDES model is proposed to represent periodic real-time tasks. A task is represented by a TDES
where i consists of t tick event; γ i the release event of τ i ; α i the execution of τ i is started; β i the execution of τ i is finished. Suppose that after being enabled, events γ i , α i , and β i should wait for t γ i , t α i , and t β i ticks, respectively, until they are eligible to occur. Formally, the timer bounds are as follows.
1) γ
In the CW model [13] , t β i = C i . The regular languages utilized to describe the tasks represented by TDES/DES are different. In comparison, in the TDES (respectively, DES) model, the processor execution of task τ i is represented by t (respectively, c i ). Consequently, in the TDES (respectively, DES) model, the execution of different tasks is considered as the same (respectively, different) events. Hence, in the synchronous product, they will occur simultaneously (respectively, separately). For preemptive real-time scheduling, because of the nature of the real-time scheduling, the execution of two or more tasks within a uniprocessor cannot happen simultaneously. Thus, the CW TDES model cannot be utilized to schedule real-time tasks conditionally-preemptively.
Remark: Suppose that we have two substrings s 1 = c 1 c 1 and s 2 = c 2 under the condition that there exist 2 = {c 2 c 1 c 1 , c 1 c 2 c 1 , c 1 c 1 c 2 }; it represents all the possible executions correctly. Similarly, according to the TDES model presented in [13] , c 1 and c 2 are both replaced by the tick event t. Thus, we can obtain 
C. Comparison With (Time) Petri Nets Models
Recently, preemptive time Petri nets (pTPN) are developed in [27] - [29] to dynamically schedule RTSs. These studies have significant improvements in real-time scheduling based on TPN. However, the real-time scheduling in [27] - [29] can be only applied to the FP real-time scheduling. To the best of our knowledge, conditional-preemption is not addressed in these studies. For example, by using the models proposed in [27] - [29] , no fixed priority can be assigned to the tasks running in the motivating example of the present paper. Consequently, the real-time scheduling based on SCT is more general than the pTPN model.
Real-time scheduling can also be modeled by Petri nets (PN) [32] - [36] with time constraints [30] , [31] . However, the proposed approach in [30] faces the schedulability conditions of the off-line scheduling problems, and finding the optimal off-line periodic schedule is a challenge. The problems of [30] are addressed in [31] . However, it is arguable whether or not that a PN with time constraints is a sufficiently general model to schedule RTSs. Furthermore, not all the conditional specifications considered in this paper are addressed in the PN model with time constraints.
In comparison, in this paper, by utilizing SCT off-line, all that safe execution sequences can be found if any exist. On the basis, we conclude that the developed conditionallypreemptive scheduling algorithm is in some cases more general than the scheduling based on (time) PN models.
IX. CONCLUSION
This paper reports a formal constructive method for realtime periodic tasks via a DES model. For both uniprocessor and multiprocessor systems, the behavior of a processor can be established by the synchronous product of the DES models of all tasks running in it. The tasks can be scheduled without considering their priorities. This paper presents two sets of conditional-preemption specifications, i.e., matrixbased conditional-preemptions, and WCET-based conditionalpreemptions. Moreover, in order to control the system to be nonblocking and also limit the WCRT of the tasks, two corresponding sets of specifications are developed. The formal SCT of DES can be considered as a rigorous analysis and synthesis tool to schedule the RTS satisfying the hard deadlines. The procedure sync in TCT is utilized to generate the plant and global specifications. By utilizing the procedure supcon, all the conditional-preemptive safe execution sequences can be calculated. These sequences can provide more choices than the EDF, PTS, DPS scheduling algorithms and the TDES SCTbased real-time scheduling proposed in [13] . In order to speed up the calculation, a commutative diagram is proposed to calculate the supervisors in three steps. The off-line scheduling algorithm presented in this paper can be applied in a practical context to schedule the real-world uniprocessor and multiprocessor systems. In future work, we will focus on the real-time conditional-preemptive scheduling of sporadic tasks. [2, 19, 3] , [2, 39, 3] , [2, 49, 3] , [3, 20, 4] , [4, 19, 10] , [4, 21, 5] , [4, 39, 10] , [4, 49, 10] , [5, 19, 11] , [5, 29, 6] , [5, 39, 11] , [5, 49, 11] , [6, 19, 12] , [6, 29, 7] , [6, 39, 12] , [6, 49, 12] , [7, 19, 13] , [7, 29, 8] , [7, 39, 13] , [7, 49, 13] , [8, 22, 9] , [9, 0, 15] , [9, 19, 15] , [9, 39, 15] , [9, 49, 15] , [10, 19, 16] , [10, 21, 11] , [10, 39, 16] , [10, 49, 16] , [11, 19, 17] , [11, 29, 12] , [11, 39, 17] , [11, 49, 17] , [12, 19, 18] , [12, 29, 13] , [12, 39, 18] , [12, 49, 18] , [13, 19, 19] , [13, 29, 14] , [13, 39, 19] , [13, 49, 19] , [14, 22, 15] , [15, 0, 21] , [15, 19, 21] , [15, 39, 21] , [15, 49, 21] , [16, 19, 22] , [16, 21, 17] , [16, 39, 22] , [16, 49, 22] , [17, 19, 23] , [17, 29, 18] , [17, 39, 23] , [17, 49, 23] , [18, 19, 24] , [18, 29, 19] , [18, 39, 24] , [18, 49, 24] , [19, 19, 25] , [19, 29, 20] , [19, 39, 25] , [19, 49, 25] , [20, 22, 21] , [21, 0, 3] , [21, 19, 3] , [21, The generated files for the specifications are recorded.
A. Nonblocking Specifications
The generated nonblocking specifications are listed below. SN1 = allevents (TASK1) (1, 8) SN2 = allevents (TASK2) (1, 8) SN3 = allevents (TASK3) (1, 8) SN4 = allevents (TASK4) (1, 8) 
B. Matrix-Based Conditional-Preemption Specifications
The generated matrix-based conditional-preemption specifications are listed below. [1, 19, 2] , [1, 29, 1] , [1, 39, 1] , [1, 49, 1] , [2, 19, 3] , [2, 39, 2] , [2, 49, 2] , [3, 12, 0] , [3, 19, 3] , [3, 29, 3] , [3, 39, 3] , [3, 49, 3] [3, 29, 4] , [3, 39, 3] , [3, 49, 3] , [4, 19, 4] , [4, 22, 0] , [4, 39, 4] , [4, 49, 4] [2, 19, 3] , [2, 29, 2] , [2, 39, 2] , [3, 12, 0] , [3, 19, 3] , [3, 29, 3] , [3, 39, 3] , [3, 49, 3] [3, 29, 4] , [3, 19, 3] , [3, 39, 3] , [4, 19, 4] , [4, 22, 0] , [4, 39, 4] , [4, 49, 4] ]) (5, 20) 
D. WCRT-Based Conditional-Preemption Specifications
The generated WCRT-based conditional-preemption specifications are listed below. [2, 19, 3] , [2, 29, 3] , [2, 39, 3] , [2, 49, 3] , [3, 12, 0] , [3, 19, 4] , [3, 29, 4] , [3, 39, 4] , [3, 49, 4] , [4, 12, 0] , [4, 19, 5] , [4, 29, 5] , [4, 39, 5] , [4, 49, 5] , [5, 12, [2, 19, 3] , [2, 29, 3] , [2, 39, 3] , [2, 42, 0] , [3, 42, 0] ]) (4, 15) 
