Predictability of just in time compilation

The productivity of embedded software development is limited by the high fragmentation of hardware platforms. To alleviate this problem, virtualization has become an important tool in computer science; and virtual machines are used in a number of subdisciplines ranging from operating systems to processor architecture. The processor virtualization can be used to address the portability problem. While the traditional compilation flow consists of compiling program source code into binary objects that can natively executed on a given processor, processor virtualization splits that flow in two parts: the first part consists of compiling the program source code into processor-independent bytecode representation; the second part provides an execution platform that can run this bytecode in a given processor. The second part is done by a virtual machine interpreting the bytecode or by just-in-time (JIT) compiling the bytecodes of a method at run-time in order to improve the execution performance. Many applications feature real-time system requirements. The success of real-time systems relies upon their capability of producing functionally correct results within dened timing constraints. To validate these constraints, most scheduling algorithms assume that the worstcase execution time (WCET) estimation of each task is already known. The WCET of a task is the longest time it takes when it is considered in isolation. Sophisticated techniques are used in static WCET estimation (e.g. to model caches) to achieve both safe and tight estimation. Our work aims at recombining the two domains, i.e. using the JIT compilation in realtime systems. This is an ambitious goal which requires introducing the deterministic in many non-deterministic features, e.g. bound the compilation time and the overhead caused by the dynamic management of the compiled code cache, etc. Due to the limited time of the internship, this report represents a rst attempt to such combination. To obtain the WCET of a program, we have to add the compilation time to the execution time because the two phases are now mixed. Therefore, one needs to know statically how many times in the worst case a function will be compiled. It may be seemed a simple job, but if we consider a resource constraint as the limited memory size and the advanced techniques used in JIT compilation, things will be nasty. We suppose that a function is compiled at the rst time it is used, and its compiled code is cached in limited size software cache. Our objective is to find an appropriate structure cache and replacement policy which reduce the overhead of compilation in the worst case

Flexible Scheduling in Middleware for Distributed rate-based real-time applications - Doctoral Dissertation, May 2002

Distributed rate-based real-time systems, such as process control and avionics mission computing systems, have traditionally been scheduled statically. Static scheduling provides assurance of schedulability prior to run-time overhead. However, static scheduling is brittle in the face of unanticipated overload, and treats invocation-to-invocation variations in resource requirements inflexibly. As a consequence, processing resources are often under-utilized in the average case, and the resulting systems are hard to adapt to meet new real-time processing requirements. Dynamic scheduling offers relief from the limitations of static scheduling. However, dynamic scheduling offers relief from the limitations of static scheduling. However, dynamic scheduling often has a high run-time cost because certain decisions are enforced on-line. Furthermore, under conditions of overload tasks can be scheduled dynamically that may never be dispatched, or that upon dispatch would miss their deadlines. We review the implications of these factors on rate-based distributed systems, and posits the necessity to combine static and dynamic approaches to exploit the strengths and compensate for the weakness of either approach in isolation. We present a general hybrid approach to real-time scheduling and dispatching in middleware, that can employ both static and dynamic components. This approach provides (1) feasibility assurance for the most critical tasks, (2) the ability to extend this assurance incrementally to operations in successively lower criticality equivalence classes, (3) the ability to trade off bounds on feasible utilization and dispatching over-head in cases where, for example, execution jitter is a factor or rates are not harmonically related, and (4) overall flexibility to make more optimal use of scarce computing resources and to enforce a wider range of application-specified execution requirements. This approach also meets additional constraints of an increasingly important class of rate-based systems, those with requirements for robust management of real-time performance in the face of rapidly and widely changing operating conditions. To support these requirements, we present a middleware framework that implements the hybrid scheduling and dispatching approach described above, and also provides support for (1) adaptive re-scheduling of operations at run-time and (2) reflective alternation among several scheduling strategies to improve real-time performance in the face of changing operating conditions. Adaptive re-scheduling must be performed whenever operating conditions exceed the ability of the scheduling and dispatching infrastructure to meet the critical real-time requirements of the system under the currently specified rates and execution times of operations. Adaptive re-scheduling relies on the ability to change the rates of execution of at least some operations, and may occur under the control of a higher-level middleware resource manager. Different rates of execution may be specified under different operating conditions, and the number of such possible combinations may be arbitrarily large. Furthermore, adaptive rescheduling may in turn require notification of rate-sensitive application components. It is therefore desirable to handle variations in operating conditions entirely within the scheduling and dispatching infrastructure when possible. A rate-based distributed real-time application, or a higher-level resource manager, could thus fall back on adaptive re-scheduling only when it cannot achieve acceptable real-time performance through self-adaptation. Reflective alternation among scheduling heuristics offers a way to tune real-time performance internally, and we offer foundational support for this approach. In particular, run-time observable information such as that provided by our metrics-feedback framework makes it possible to detect that a given current scheduling heuristic is underperforming the level of service another could provide. Furthermore we present empirical results for our framework in a realistic avionics mission computing environment. This forms the basis for guided adaption. This dissertation makes five contributions in support of flexible and adaptive scheduling and dispatching in middleware. First, we provide a middle scheduling framework that supports arbitrary and fine-grained composition of static/dynamic scheduling, to assure critical timeliness constraints while improving noncritical performance under a range of conditions. Second, we provide a flexible dispatching infrastructure framework composed of fine-grained primitives, and describe how appropriate configurations can be generated automatically based on the output of the scheduling framework. Third, we describe algorithms to reduce the overhead and duration of adaptive rescheduling, based on sorting for rate selection and priority assignment. Fourth, we provide timely and efficient performance information through an optimized metrics-feedback framework, to support higher-level reflection and adaptation decisions. Fifth, we present the results of empirical studies to quantify and evaluate the performance of alternative canonical scheduling heuristics, across a range of load and load jitter conditions. These studies were conducted within an avionics mission computing applications framework running on realistic middleware and embedded hardware. The results obtained from these studies (1) demonstrate the potential benefits of reflective alternation among distinct scheduling heuristics at run-time, and (2) suggest performance factors of interest for future work on adaptive control policies and mechanisms using this framework

Operating System Contribution to Composable Timing Behaviour in High-Integrity Real-Time Systems

The development of High-Integrity Real-Time Systems has a high footprint in terms of human, material and schedule costs. Factoring functional, reusable logic in the application favors incremental development and contains costs. Yet, achieving incrementality in the timing behavior is a much harder problem. Complex features at all levels of the execution stack, aimed to boost average-case performance, exhibit timing behavior highly dependent on execution history, which wrecks time composability and incrementaility with it. Our goal here is to restitute time composability to the execution stack, working bottom up across it. We first characterize time composability without making assumptions on the system architecture or the software deployment to it. Later, we focus on the role played by the real-time operating system in our pursuit. Initially we consider single-core processors and, becoming less permissive on the admissible hardware features, we devise solutions that restore a convincing degree of time composability. To show what can be done for real, we developed TiCOS, an ARINC-compliant kernel, and re-designed ORK+, a kernel for Ada Ravenscar runtimes. In that work, we added support for limited-preemption to ORK+, an absolute premiere in the landscape of real-word kernels. Our implementation allows resource sharing to co-exist with limited-preemptive scheduling, which extends state of the art. We then turn our attention to multicore architectures, first considering partitioned systems, for which we achieve results close to those obtained for single-core processors. Subsequently, we shy away from the over-provision of those systems and consider less restrictive uses of homogeneous multiprocessors, where the scheduling algorithm is key to high schedulable utilization. To that end we single out RUN, a promising baseline, and extend it to SPRINT, which supports sporadic task sets, hence matches real-world industrial needs better. To corroborate our results we present findings from real-world case studies from avionic industry

Model for WCET prediction, scheduling and task allocation for emergent agent-behaviours in real-time scenarios

[ES]Hasta el momento no se conocen modelos de tiempo real específicamente desarrollados para su uso en sistemas abiertos, como las Organizaciones Virtuales de Agentes (OVs). Convencionalmente, los modelos de tiempo real se aplican a sistemas cerrados donde todas las variables se conocen a priori. Esta tesis presenta nuevas contribuciones y la novedosa integración de agentes en tiempo real dentro de OVs. Hasta donde alcanza nuestro conocimiento, éste es el primer modelo específicamente diseñado para su aplicación en OVs con restricciones temporales estrictas. Esta tesis proporciona una nueva perspectiva que combina la apertura y dinamicidad necesarias en una OV con las restricciones de tiempo real. Ésto es una aspecto complicado ya que el primer paradigma no es estricto, como el propio término de sistema abierto indica, sin embargo, el segundo paradigma debe cumplir estrictas restricciones. En resumen, el modelo que se presenta permite definir las acciones que una OV debe llevar a cabo con un plazo concreto, considerando los cambios que pueden ocurrir durante la ejecución de un plan particular. Es una planificación de tiempo real en una OV. Otra de las principales contribuciones de esta tesis es un modelo para el cálculo del tiempo de ejecución en el peor caso (WCET). La propuesta es un modelo efectivo para calcular el peor escenario cuando un agente desea formar parte de una OV y para ello, debe incluir sus tareas o comportamientos dentro del sistema de tiempo real, es decir, se calcula el WCET de comportamientos emergentes en tiempo de ejecución. También se incluye una planificación local para cada nodo de ejecución basada en el algoritmo FPS y una distribución de tareas entre los nodos disponibles en el sistema. Para ambos modelos se usan modelos matemáticos y estadísticos avanzados para crear un mecanismo adaptable, robusto y eficiente para agentes inteligentes en OVs. El desconocimiento, pese al estudio realizado, de una plataforma para sistemas abiertos que soporte agentes con restricciones de tiempo real y los mecanismos necesarios para el control y la gestión de OVs, es la principal motivación para el desarrollo de la plataforma de agentes PANGEA+RT. PANGEA+RT es una innovadora plataforma multi-agente que proporciona soporte para la ejecución de agentes en ambientes de tiempo real. Finalmente, se presenta un caso de estudio donde robots heterogéneos colaboran para realizar tareas de vigilancia. El caso de estudio se ha desarrollado con la plataforma PANGEA+RT donde el modelo propuesto está integrado. Por tanto al final de la tesis, con este caso de estudio se obtienen los resultados y conclusiones que validan el modelo

Specification And Runtime Checking Of Timing Constraints In Safety Critical Java

The Java platform is becoming a vital tool for developing real-time and safety-critical systems. Design patterns and the availability of Java libraries, both provide solutions to many known problems. Furthermore, the object-oriented nature of Java simplifies modular development of real-time systems. However, limitations of Java as a programming language for real-time systems are a notable obstacle to producing safe real-time systems. These limitations are found in the unpredictable execution model of the language, due to Java’s garbage collector, and the lack of support for non-functional specification and verification tools. In this dissertation I introduce SafeJML, a specification language for support of functional and non-functional specifications, based on an implementation of a safety-critical Java platform and the Java Modeling Language (JML). This dissertation concentrates on techniques that enable specification and dynamic checking of timing constraints for some important Java features, including methods and subtyping. SafeJML and these dynamic checking techniques allow modular specification and checking of safety-critical systems, including those that use object-orientation and design patterns. Such coding techniques could have maintenance benefits for real-time and safety-critical softwar

Contributions to the safe execution of dynamic component-based real-time systems

Traditionally, real-time systems have based their design and execution on barely dynamic models to ensure, since design time, the temporal guarantees in the execution of their functionality. Great effort is being applied nowadays to progressively develop more dynamic systems, with the target of changing during their execution and to adapt themselves to their environment. The capability to change and to reconfigure themselves represents remarkable advantages as the capability to fix errors and to add new functionality with on-line updates. This means to be able to be updated without needing to stop the service, that may imply monetary losses in many cases. Design and development techniques based on components have become popular due to the use of components, which allows simplifying the system design, code reusability and updates through the substitution of components. The target of this thesis work is to provide certain degree of dynamism to real-time systems allowing them to replace components, incorporating new functionality of fixing existing bugs. On that purpose, a component-based framework is proposed, as well as the corresponding task in charge of providing dynamism to the system. The main contribution is to provide a framework to allow safe component replacements. Safe meaning that incorrect executions of tasks are avoided even y multiple tasks are executing concurrently and making use of the same data. Also that temporal guarantees are provided for every task. This framework incorporates a generic component model with real-time threads, a components replacement model with execution times that are known and bounded, and different strategies to apply such component replacement model. Some mechanisms to maintain a seamless and safe execution, regarding concurrency, before, during, and after applying the processes in charge of replacing running components are also described. Seamless execution means that components themselves do not perform the replacements, and safe means that temporal guarantees are provided and components are not affected in their execution. Part of these mechanisms are the system schedulability analysis and the framework tasks as well as reserving the needed resources for such scheduling to be correct. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Los sistemas de tiempo real han basado tradicionalmente su desarrollo en modelos altamente predecibles ya que estos requieren garantías temporales en su ejecución. A lo largo de los años, la technología de tiempo real ha ido penetrando en diferentes campos de aplicación y ajustándose a paradigmas de desarrollo software más novedosos. Esto ha presentado y presenta en la actualidad un tremendo reto ya que estas aplicaciones suelen tener un alto grado de dinamismo, lo que entra en conflicto con la predictibilidad temporal y, en general la ejecución segura de los mismos. Hoy en dia se esta realizando un gran esfuerzo en el desarrollo de sistemas cada vez más dinamicos que permitan adaptar su estructura en tiempo de ejecución para adaptarse a entornos que presentan condiciones cambiantes. La capacidad de soportar este tipo de dinamismo presenta ventajas descatables como permitir corregir fallos y anadir funcionalidad mediante actualizaciones en caliente, es decir, poder actualizarse sin necesidad de realizar paradas en su servicio, lo que podria implicar costes monetarios en muchos casos o perdidas temporales de servicio. Por otro lado, las técnicas de diseño y desarrollo basadas en componentes se han hecho muy populares y su aplicación a los sistemas de tiempo real gana terreno día a día. Uno de los principales motivos de ellos es que el uso de componentes permite simplificar el diseño del sistema, la reutilizacion de codigo e incluso la actualizacion del mismo mediante la substitucion de componentes. En esta tesis se aborda el objetivo de proveer a los sistemas de tiempo real de cierto grado de dinamismo para poder reemplazar componentes de forma segura, que permita incorporar nuevas funcionalidades o corregir errores existentes. Para ello, en esta tesis se ha elaborado de un marco de trabajo para dar soporte a reemplazos de componentes de forma segura, entendiendo como tal que el hecho de que no se produzcan ejecuciones incorrectas debido a la ejecución concurrente de multiples tareas, asi como el garantizar los tiempos de ejecucion de cada tarea y acotar la duración temporal de los reemplazos. El marco de trabajo propuesto está basado, pues, en componentes de tiempo real, que tiene en cuenta los requisitos temporales en la ejecución de los componentes del sistema y de las tareas propias del marco que dan soporte a estos mecanismos de reemplazo. Este marco de trabajo incorpora un modelo generico de componente con tareas de tiempo real, un modelo de reemplazo de componentes cuyos tiempos de ejecucion son conocidos y limitados en tiempo y diferentes estrategias de aplicacion de dicho modelo de reemplazo de componente. Las contribuciones propuestas integran el analisis de la planificabilidad de los componentes del sistema y de las tareas del marco de componentes para permitir establecer los parámetros de reserva de los recursos necesarios para las tareas del marco. Por último, se realiza una validación empírica en la que se comprueba experimentalmente la validez del modelo tanto de forma genérica como en un escenario específico y determinando también los recursos necesarios para su implementación

Adaptive Mid-term and Short-term Scheduling of Mixed-criticality Systems

A mixed-criticality real-time system is a real-time system having multiple tasks classified according to their criticality. Research on mixed-criticality systems started to provide an effective and cost efficient a priori verification process for safety critical systems. The higher the criticality of a task within a system and the more the system should guarantee the required level of service for it. However, such model poses new challenges with respect to scheduling and fault tolerance within real-time systems. Currently, mixed-criticality scheduling protocols severely degrade lower criticality tasks in case of resource shortage to provide the required level of service for the most critical ones. The actual research challenge in this field is to devise robust scheduling protocols to minimise the impact on less critical tasks. This dissertation introduces two approaches, one short-term and the other medium-term, to appropriately allocate computing resources to tasks within mixed-criticality systems both on uniprocessor and multiprocessor systems. The short-term strategy consists of a protocol named Lazy Bailout Protocol (LBP) to schedule mixed-criticality task sets on single core architectures. Scheduling decisions are made about tasks that are active in the ready queue and that have to be dispatched to the CPU. LBP minimises the service degradation for lower criticality tasks by providing to them a background execution during the system idle time. After, I refined LBP with variants that aim to further increase the service level provided for lower criticality tasks. However, this is achieved at an increased cost of either system offline analysis or complexity at runtime. The second approach, named Adaptive Tolerance-based Mixed-criticality Protocol (ATMP), decides at runtime which task has to be allocated to the active cores according to the available resources. ATMP permits to optimise the overall system utility by tuning the system workload in case of shortage of computing capacity at runtime. Unlike the majority of current mixed-criticality approaches, ATMP allows to smoothly degrade also higher criticality tasks to keep allocated lower criticality ones