Ravenscar Support for Time-Triggered Scheduling

[EN] This position paper follows from a previous proposal to integrate a time-triggered scheduler in a prioritybased, preemptive scheduler such as that supported by Ada¿s task dispatching policy FIFO Within Priorities . The resulting combined scheduling carries the advantages of both time-triggered and priority-based scheduling, and helps mitigating their drawbacks. The paper presents a system model for the time-triggered subsystem that extends the original proposal, and describes a Ravenscar implementation of the scheduler at the run-time system level, in the form of a new package Ada.Dispatching.TTS. Multiple programming patterns can be implemented on top of this scheduler. With respect to the previously proposed full-Ada implementation, only patterns that implied the use of asynchronous transfer of control have been excluded. On the other hand, the extension of the original model enables new patterns, not supported in our previous proposal, using the new types of continuation and optional slots. We hold that bringing the time-triggered paradigm to Ravenscar is both feasible and convenient for the High-Integrity and Embedded application domains.This work has been partly supported by the Spanish Government’s project M2C2 (TIN2014-56158-C4-1-P-AR) and the European Commission’s projects ENABLE-S3 and AQUAS (ECSEL-JU, Contracts 692455 and 737475)Real Sáez, JV.; Sáez Barona, S.; Crespo, A. (2018). Ravenscar Support for Time-Triggered Scheduling. ACM SIGAda Ada Letters. 38(1):41-54. https://doi.org/10.1145/3241950.3241957S4154381M. Aldea and M. González-Harbour. MaRTE OS: An Ada Kernel for Real-Time Embedded Applications. Reliable Software Technologies - Ada Europe 2001, Lecture Notes in Computer Science, 2043:305-316, 2001.ISO/IEC-JTC1-SC22-WG9. Ada Reference Manual ISO/IEC 8652:2012(E). URL: http://www.ada-europe.org/manuals/LRM-2012.pdf, 2012.J. Leung and J. Whitehead. On the complexity of xed-priority scheduling of periodic, real-time tasks. Performance Evaluation (Netherlands), 2(4):237-250, 1982.C. Liu and J. Layland. Scheduling Algorithms for Multiprogramming in a Hard Real-Time Environment. Journal of the ACM, 20(1):46-61, 1973.J. Real and P. Rogers. Session Summary: Experience. Ada Letters, 36(1):101-102, June 2016.J. Real, S. Sáez, and A. Crespo. Combined scheduling of time-triggeed plans and priority scheduled task sets. Ada Letters, 36(1):68-76, June 2016.J. Real, S. Sáez, and A. Crespo. Combining time-triggered plans with priority scheduled task sets. In M. Bertogna and L. M. Pinho, editors, Reliable Software Technologies - Ada-Europe 2016, volume 9695 of Lecture Notes in Computer Science. Springer, June 2016.S. Sáez and J. Real. TTS Ravenscar runtime. https://doi.org/10.5281/zenodo.1168723, February 2018

Combined Scheduling of Time-Triggered Plans and Priority Scheduled Task Sets

© Owner/Author (2016). This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ACM SIGAda Ada Letters, 36(1), 68-76, http://dx.doi.org/10.1145/10.1145/2971571.2971580.[EN] Preemptive, priority-based scheduling on the one hand, and time-triggered scheduling on the other, are the two major techniques in use for development of real-time and embedded software. Both have their advantages and drawbacks with respect to the other, and are commonly adopted in mutual exclusion. In a previous paper, we proposed a software architecture that enables the combined and controlled execution of time-triggered plans and priority-scheduled tasks. The goal was to take advantage of the best of both approaches by providing deterministic, jitter-controlled execution of time-triggered tasks (e.g., control tasks), coexisting with a set of priority-scheduled tasks, with less demanding jitter requirements. In this paper, we briefly describe the approach, in which the time-triggered plan is executed at the highest priority level, controlled by scheduling decisions taken only at particular points in time, signalled by recurrent timing events. The rest of priority levels are used by a set of concurrent tasks scheduled by static or dynamic priorities. We also discuss several open issues such as schedulability analysis, use of the approach in multiprocessor architectures, usability in mixed-criticality systems and needed changes to make this approach Ravenscar compliant.This work has been partly supported by the Spanish Government’s project M2C2 (TIN2014-56158-C4-1-P-AR) and the European Commission’s project EMC2 (ARTEMIS-JU Call 2013 AIPP-5, Contract 621429).Real Sáez, JV.; Sáez Barona, S.; Crespo Lorente, A. (2016). Combined Scheduling of Time-Triggered Plans and Priority Scheduled Task Sets. Ada Letters. 36(1):68-76. https://doi.org/10.1145/2971571.2971580S6876361T. P. Baker and A. Shaw. The cyclic executive model and Ada. In Proceedings IEEE Real Time Systems Symposium 1988, Huntsville, Alabama, pages 120--129, 1988.P. Balbastre, I. Ripoll, J. Vidal, and A. Crespo. A Task Model to Reduce Control Delays. Real-Time Systems, 27(3):215--236, September 2004.A. Burns and R. Davis. Mixed Criticality Systems - A Review. Technical report, Depatment of Computer Science, University of York, 2013.A. Cervin. Integrated Control and Real-Time Scheduling. PhD thesis, Lund Institute of Technology, April 2003.R. Dobrin. Combining Offline Schedule Construction and Fixed Priority Scheduling in Real-Time Computer Systems. PhD thesis, Mälardalen University, 2005.S. Hong, X. Hu, and M. Lemmon. Reducing Delay Jitter of Real-Time Control Tasks through Adaptive Deadline Adjustments. In IEEE Computer Society, editor, 22nd Euromicro Conference on Real-Time Systems -- ECRTS, pages 229--238, 2010.J. W. S. Liu. Real-Time Systems. Prentice-Hall Inc., 2000.J. Palencia and M. González-Harbour. Schedulability Analysis for Tasks with Static and Dynamic Offsets. In 9th IEEE Real-Time Systems Symposium, 1998.M. J. Pont. The Engineering of Reliable Embedded Systems: LPC1769 edition. Number ISBN: 978-0-9930355-0-0. SafeTTy Systems Limited, 2014.J. Real and A. Crespo. Incorporating Operating Modes to an Ada Real-Time Framework. Ada Letters, 30(1):73--85, April 2010.J. Real, S. Sáez, and A. Crespo. Combining time-triggered plans with priority scheduled task sets. In M. Bertogna and L. M. Pinho, editors, Reliable Software Technologies -- Ada-Europe 2016, volume 9695 of Lecture Notes in Computer Science. Springer, June 2016.S. Sáez, J. Real, and A. Crespo. An integrated framework for multiprocessor, multimoded real-time applications. In M. Brorsson and L. Pinho, editors, Reliable Software Technologies -- Ada-Europe 2012, volume 7308, pages 18--34. Springer-Verlag, June 2012.S. Sáez, J. Real, and A. Crespo. Implementation of Timing-Event Anities in Ada/Linux. Ada Letters, 35(1), April 2015.A. J. Wellings and A. Burns. A Framework for Real-Time Utilities for Ada 2005. Ada Letters, XXVII(2), August 2007

A hierarchical architecture for time- and event-triggered real-time systems

[EN] This paper proposes an architecture for combining the execution of time- and event-triggered real-time task sets. This makes it possible for the designer to choose the most appropriate mechanism depending on the role and nature of each task in the system. The proposed architecture allows one to choose the priority levels at which time- and event-triggered tasks are executed. This gives the designer an additional degree of freedom to make compromise decisions upon contradicting timing requirements, such as granting reduced jitter and at the same time providing prompt service to non-periodic events, for example. The proposed model is accompanied with a Ravenscar implementation of the time-triggered scheduler and a library of utilities for specifying time-triggered schedules and reusing time-triggered task patterns.This work has been partly supported by Spanish Government and FEDER funds (AEI/FEDER, UE) under grant (TIN2017-86520-C3-1-R) (PRECON-I4); and by European Commission project AQUAS (ECSEL-JU, Contract 737475).Real Sáez, JV.; Sáez Barona, S.; Crespo, A. (2019). A hierarchical architecture for time- and event-triggered real-time systems. Journal of Systems Architecture. 101:1-15. https://doi.org/10.1016/j.sysarc.2019.101652S11510

Tighter Integration of Drivers and Protocols in a AADL-based Code Generation Process

Model-based engineering provides an appealing frame- work for the precise modeling and analysis of embed- ded systems. Architecture Description Languages provide a clear and precise semantics to address multiple analy- sis dimensions: scheduling, fault, resource accounting, etc. This is completed by code generation tools that generate all required glue code to enable intercommunication between components and associated configuration mechanisms. The diversity of embedded targets requires extended con- figuration to support multiple devices, operating systems but also compilation toolchains. Yet, those are usually hard- wired in the code generation process. In this paper, we propose several patterns to support model- level configuration of the target, but also increased analysis capabilities in the context of the AADLv2

A non-intrusive fault tolerant framework for mission critical real-time systems

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2005.Includes bibliographical references (p. 85-87).The need for dependable real-time systems for embedded application is growing, and, at the same time, so does the amount of functionality required from these systems. As testing can only show the presence of errors, not their absence, higher levels of system dependability may be provided by the implementation of mechanisms that can protect the system from faults. We present a framework for the development of fault tolerant mission critical real-time systems that provides a structure for flexible, efficient and deterministic design. The framework leverages three key knowledge domains: firstly, a software concurrency model, the Ada Ravenscar Profile, which guarantees deterministic behavior; secondly, the design of a hardware scheduler, the RavenHaRT kernel, which further provides deadlock free inter-task communication management; and finally, the design of a hardware execution time monitor, the Monitoring Chip, which provides non-intrusive error detection. To increase service dependability, we propose a fault tolerance strategy that uses multiple operating modes to provide system-level handling of timing errors. The hierarchical set of operating modes offers different gracefully degraded levels of guaranteed service. This approach relies on the elements of the framework discussed above and is illustrated through a sample case study of a generic navigation system.by Sébastien Gorelov.S.M

The Ravenscar-compliant hardware run-time (Ravenhart) kernel

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2004.Includes bibliographical references (leaves 69-71).Real-time embedded systems are increasingly becoming the foundation of control systems in both the aerospace and automotive worlds. This class of systems has to meet three requirements: strict timing constraints on operational behavior, limited resource availability, and stringent certification standards. The heart of any embedded system is its run-time system (RTS), which provides resource management, task creation and deletion, and manages inter-task communication. The traditional Ada RTS does not provide deterministic behavior. In order to meet the requirement of a minimal, deterministic RTS, a formal model based on the Ravenscar profile of Ada95 was developed by Professor Kristina Lundqvist in 2000. This formal model forms the basis of the work carried out in this thesis. This thesis aims to leverage the reliability and efficiency of programmable hardware to implement a run-time kernel called RavenHaRT. The kernel was designed to support Ravenscar compliant Ada95 code and provides task creation, task scheduling and inter-task communication capabilities. The timing properties embedded in the formal model are captured in terms of kernel performance within the hardware. The kernel was implemented using a Xilinx Virtex-II Pro FPGA. The results from testing demonstrate that the hardware kernel has the expected behavior and can interface correctly with software code.by Anna Silbovitz.S.M

Operating System Contribution to Composable Timing Behaviour in High-Integrity Real-Time Systems

The development of High-Integrity Real-Time Systems has a high footprint in terms of human, material and schedule costs. Factoring functional, reusable logic in the application favors incremental development and contains costs. Yet, achieving incrementality in the timing behavior is a much harder problem. Complex features at all levels of the execution stack, aimed to boost average-case performance, exhibit timing behavior highly dependent on execution history, which wrecks time composability and incrementaility with it. Our goal here is to restitute time composability to the execution stack, working bottom up across it. We first characterize time composability without making assumptions on the system architecture or the software deployment to it. Later, we focus on the role played by the real-time operating system in our pursuit. Initially we consider single-core processors and, becoming less permissive on the admissible hardware features, we devise solutions that restore a convincing degree of time composability. To show what can be done for real, we developed TiCOS, an ARINC-compliant kernel, and re-designed ORK+, a kernel for Ada Ravenscar runtimes. In that work, we added support for limited-preemption to ORK+, an absolute premiere in the landscape of real-word kernels. Our implementation allows resource sharing to co-exist with limited-preemptive scheduling, which extends state of the art. We then turn our attention to multicore architectures, first considering partitioned systems, for which we achieve results close to those obtained for single-core processors. Subsequently, we shy away from the over-provision of those systems and consider less restrictive uses of homogeneous multiprocessors, where the scheduling algorithm is key to high schedulable utilization. To that end we single out RUN, a promising baseline, and extend it to SPRINT, which supports sporadic task sets, hence matches real-world industrial needs better. To corroborate our results we present findings from real-world case studies from avionic industry