Demystifying the Real-Time Linux Scheduling Latency

Linux has become a viable operating system for many real-time workloads. However, the black-box approach adopted by cyclictest, the tool used to evaluate the main real-time metric of the kernel, the scheduling latency, along with the absence of a theoretically-sound description of the in-kernel behavior, sheds some doubts about Linux meriting the real-time adjective. Aiming at clarifying the PREEMPT_RT Linux scheduling latency, this paper leverages the Thread Synchronization Model of Linux to derive a set of properties and rules defining the Linux kernel behavior from a scheduling perspective. These rules are then leveraged to derive a sound bound to the scheduling latency, considering all the sources of delays occurring in all possible sequences of synchronization events in the kernel. This paper also presents a tracing method, efficient in time and memory overheads, to observe the kernel events needed to define the variables used in the analysis. This results in an easy-to-use tool for deriving reliable scheduling latency bounds that can be used in practice. Finally, an experimental analysis compares the cyclictest and the proposed tool, showing that the proposed method can find sound bounds faster with acceptable overheads

Design, Implementation, and Evaluation of a Distributed Real-Time Kernel for Distributed Robotics (Dissertation Proposal)

Modern robotics applications are becoming more complex due to greater numbers of sensors and actuators. The control of such systems may require multiple processors to meet the computational demands and to support the physical topology of the sensors and actuators. A distributed real-time system is needed to perform the required communication and processing while meeting application-specified timing constraints. We are designing and implementing a real-time kernel for distributed robotics applications. The kernel\u27s salient features are consistent, user-definable scheduling, explicit dynamic timing constraints, and a two-tiered interrupt approach. The kernel wi1l be evaluated by implementing a two-arm robot control example. Its goal is to locate and manipulate cylindrical objects with spillable contents. Using the application and the kernel, we will investigate the effects of time granularity, network type and protocol, and the handling of external events using interrupts versus polling. Our research will enhance understanding of real-time kernels for distributed robotics control

Software parametrization of feasible reconfigurable real-time systems under energy and dependency constraints

Enforcing temporal constraints is necessary to maintain the correctness of a realtime system. However, a real-time system may be enclosed by many factors and constraints that lead to different challenges to overcome. In other words, to achieve the real-time aspects, these systems face various challenges particularly in terms of architecture, reconfiguration property, energy consumption, and dependency constraints. Unfortunately, the characterization of real-time task deadlines is a relatively unexplored problem in the real-time community. Most of the literature seems to consider that the deadlines are somehow provided as hard assumptions, this can generate high costs relative to the development time if these deadlines are violated at runtime. In this context, the main aim of this thesis is to determine the effective temporal properties that will certainly be met at runtime under well-defined constraints. We went to overcome these challenges in a step-wise manner. Each time, we elected a well-defined subset of challenges to be solved. This thesis deals with reconfigurable real-time systems in mono-core and multi-core architectures. First, we propose a new scheduling strategy based on configuring feasible scheduling of software tasks of various types (periodic, sporadic, and aperiodic) and constraints (hard and soft) mono-core architecture. Then, the second contribution deals with reconfigurable real-time systems in mono-core under energy and resource sharing constraints. Finally, the main objective of the multi-core architecture is achieved in a third contribution.Das Erzwingen zeitlicher Beschränkungen ist notwendig,um die Korrektheit eines Echtzeitsystems aufrechtzuerhalten. Ein Echtzeitsystem kann jedoch von vielen Faktoren und Beschränkungen umgeben sein, die zu unterschiedlichen Herausforderungen führen, die es zu bewältigen gilt. Mit anderen Worten, um die zeitlichen Aspekte zu erreichen, können diese Systeme verschiedenen Herausforderungen gegenüberstehen, einschliesslich Architektur, Rekonfigurationseigenschaft, Energie und Abhängigkeitsbeschränkungen. Leider ist die Charakterisierung von Echtzeit-Aufgabenterminen ein relativ unerforschtes Problem in der Echtzeit-Community. Der grösste Teil der Literatur geht davon aus, dass die Fristen (Deadlines) irgendwie als harte Annahmen bereitgestellt werden, was im Verhältnis zur Entwicklungszeit hohe Kosten verursachen kann, wenn diese Fristen zur Laufzeit verletzt werden. In diesem Zusammenhang ist das Hauptziel dieser Arbeit, die effektiven zeitlichen Eigenschaften zu bestimmen, die zur Laufzeit unter wohldefinierten Randbedingungen mit Sicherheit erfüllt werden. Wir haben diese Herausforderungen schrittweise gemeistert. Jedes Mal haben wir eine wohldefinierte Teilmenge von Herausforderungen ausgewählt, die es zu lösen gilt. Zunächst schlagen wir eine neue Scheduling-Strategie vor, die auf der Konfiguration eines durchführbaren Scheduling von Software-Tasks verschiedener Typen (periodisch, sporadisch und aperiodisch) und Beschränkungen (hart und weich) einer Mono-Core-Architektur basiert. Der zweite Beitrag befasst sich dann mit rekonfigurierbaren Echtzeitsystemen in Mono-Core unter Energie und Ressourcenteilungsbeschränkungen. Abschliessend wird in einem dritten Beitrag das Verfahren auf Multi-Core-Architekturen erweitert

Software development of reconfigurable real-time systems : from specification to implementation

This thesis deals with reconfigurable real-time systems solving real-time tasks scheduling problems in a mono-core and multi-core architectures. The main focus in this thesis is on providing guidelines, methods, and tools for the synthesis of feasible reconfigurable real-time systems in a mono-processor and multi-processor architectures. The development of these systems faces various challenges particularly in terms of stability, energy consumption, response and blocking time. To address this problem, we propose in this work a new strategy of i) placement and scheduling of tasks to execute real-time applications on mono-core and multi-core architectures, ii) optimization step based on Mixed integer linear programming (MILP), and iii) guidance tool that assists designers to implement a feasible multi-core reconfigurable real-time from specification level to implementation level. We apply and simulate the contribution to a case study, and compare the proposed results with related works in order to show the originality of this methodology.Echtzeitsysteme laufen unter harten Bedingungen an ihre Ausführungszeit. Die Einhaltung der Echtzeit-Bedingungen bestimmt die Zuverlässigkeit und Genauigkeit dieser Systeme. Neben den Echtzeit-Bedingungen müssen rekonfigurierbare Echtzeitsysteme zusätzliche Rekonfigurations-Bedingungen erfüllen. Diese Arbeit beschäftigt sich mit rekonfigurierbaren Echtzeitsystemen in Mono- und Multicore-Architekturen. An die Entwicklung dieser Systeme sind verschiedene Anforderungen gestellt. Insbesondere muss die Rekonfigurierbarkeit beachtet werden. Dabei sind aber Echtzeit-Bedingungen und Ressourcenbeschränkungen weiterhin zu beachten. Darüber hinaus werden die Kosten für die Entwicklung dieser Systeme insbesondere durch falsche Designentscheidungen in den frühen Phasen der Entwicklung stark beeinträchtigt. Das Hauptziel in dieser Arbeit liegt deshalb auf der Bereitstellung von Handlungsempfehlungen, Methoden und Werkzeugen für die zielgerichtete Entwicklung von realisierbaren rekonfigurierbaren Echtzeitsystemen in Mono- und Multicore-Architekturen. Um diese Herausforderungen zu adressieren wird eine neue Strategie vorgeschlagen, die 1) die Funktionsallokation, 2) die Platzierung und das Scheduling von Tasks, 3) einen Optimierungsschritt auf der Basis von Mixed Integer Linear Programming (MILP) und 4) eine entscheidungsunterstützende Lösung umfasst, die den Designern hilft, eine realisierbare rekonfigurierbare Echtzeitlösung von der Spezifikationsebene bis zur Implementierungsebene zu entwickeln. Die vorgeschlagene Methodik wird auf eine Fallstudie angewendet und mit verwandten Arbeiten vergliche

Schedulability Analysis for the Abort-and-Restart Model

In real-time systems, a schedulable task-set guarantees that all tasks complete before their deadlines. In functional programming, atomic execution provides the correctness of the program. Priority-based functional reactive programming (P-FRP) allows the usage of functional programming in the real-time system environment. The abort-and-restart (AR) is a scheme to implement P-FRP but an appropriate scheduling approach does not exist at the moment. Hence, efficient analysis is needed for the AR model. In this thesis, the schedulability analysis for the AR model is introduced and it shows that finding the critical instant for the AR model with periodic and sporadic tasks is intractable, and a new formulation is derived. Afterwards, a new priority assignment scheme is developed that has the performance close to the exhaustive search method, which is intractable for large systems. The technique of deferred preemption is employed and a new model, deferred abort (DA), provides better schedulability and dominates the non-preemptive model. Lastly, a tighter analysis is introduced and the technique of the multi-set approach from the analysis of cache related preemption delay is employed to introduce a new approach, multi-bag. The multi-bag approach can apply to both the AR model and the DA model. In the experiments, the schedulability of the AR model is improved at each stage of the research in this thesis

Response-Time Analysis of ROS 2 Processing Chains Under Reservation-Based Scheduling

Bounding the end-to-end latency of processing chains in distributed real-time systems is a well-studied problem, relevant in multiple industrial fields, such as automotive systems and robotics. Nonetheless, to date, only little attention has been given to the study of the impact that specific frameworks and implementation choices have on real-time performance. This paper proposes a scheduling model and a response-time analysis for ROS 2 (specifically, version "Crystal Clemmys" released in December 2018), a popular framework for the rapid prototyping, development, and deployment of robotics applications with thousands of professional users around the world. The purpose of this paper is threefold. Firstly, it is aimed at providing to robotic engineers a practical analysis to bound the worst-case response times of their applications. Secondly, it shines a light on current ROS 2 implementation choices from a real-time perspective. Finally, it presents a realistic real-time scheduling model, which provides an opportunity for future impact on the robotics industry

A Forward On-The-Fly Approach for Safety and Reachability Controller Synthesis of Timed Systems

RÉSUMÉ Cette thèse s’intéresse à la synthèse de contrôleurs pour des systèmes temps réel (systèmes temporisés). Partant d’un système temps réel modélisé par un réseau de Petri temporel composé de transitions contrôlables et non contrôlables (TPN), le contrôle vise à forcer, en restreignant les intervalles de franchissement des transitions contrôlables, le système à satisfaire les propriétés souhaitées. Nous proposons, dans cette thèse, un algorithme pour synthétiser de tels contrôleurs pour des propriétés de sûreté et d’accessibilité. Cet algorithme, basé sur la méthode de graphe de classes d’états, calcule à la volée les classes d’états atteignables du TPN tout en collectant progressivement les sous-intervalles de tir à éviter, afin de satisfaire les propriétés souhaitées. Avec cet algorithme, il n’est plus nécessaire de calculer les prédécesseurs contrôlables et de partitionner récursivement les classes d’états jusqu’à atteindre un point fixe, comme c’est le cas dans les autres approches basées sur l’exploration, en avant et en arrière, de l’espace des états du système. Nous prouvons formellement la correction de l’algorithme, puis nous montrons que dans la catégorie des contrôleurs basés sur la restriction des intervalles de tir, l’algorithme, proposé dans cette thèse, synthétise un contrôleur optimal (le plus permissif possible). Afin d’atténuer davantage le problème d’explosion combinatoire, nous montrons comment combiner cette approche avec une abstraction par l’inclusion, par union-convexe ou par enveloppe-convexe. Nous montrons également comment exploiter cet algorithme pour générer des contrôleurs décentralisés. Enfin, nous proposons d’appliquer cet algorithme pour contrôler des TPN par des chronomètres. Notre algorithme permet de partitionner les intervalles des transitions en “bons” et “mauvais” sous-intervalles (à éviter). L’idée est d’utiliser des chronomètres pour suspendre les tâches (transitions) durant leurs mauvais sous-intervalles et les activer dans leurs “bons sous-intervalles”. Il s’agit donc de contrôler les réseaux de Petri temporels en associant des chronomètres aux transitions contrôlables, pour obtenir ainsi des réseaux de Petri temporels contrôlés.----------ABSTRACT This thesis deals with controller synthesis for real time systems (timed systems). Given a real time system modeled as a Time Petri Net (TPN) with controllable and uncontrollable transitions, the control aims at forcing the system to satisfy properties of interest, by limiting the firing intervals of controllable transitions. We propose, in this thesis, an algorithm to synthesize such controllers for safety / reachability properties. This algorithm, based on the state class graph method, computes on-the-fly the reachable state classes of the TPN while collecting progressively firing subintervals to be avoided so that the property is satisfied. It does not need to compute controllable predecessors and then split state classes until reaching a fixpoint, as it is the case for other approaches based on backward and forward exploration of state space of the system. We prove formally the correctness of the algorithm and show that, in the category of state dependent controllers based on the restriction of firing intervals, the algorithm proposed in this thesis, synthesizes maximally permissive controllers. In order to attenuate the state explosion problem, we show how to combine efficiently this approach with an abstraction by inclusion, convex union or convex hull. Afterwards, we discuss the compatibility of this method with distributed systems and decentralized controllers. Finally, we apply this algorithm to control TPN with controllable and uncontrollable transitions by stopwatch. In this approach, we find the subintervals violating the given properties and our objective is to suspend the tasks (transitions) during their bad subintervals and to resume them later. The controller is synthesized through the same algorithm already introduced. In this approach, we suggest to control time Petri nets by associating stopwatches to controllable transitions and to achieve a controlled time Petri nets

Safety and security of cyber-physical systems

The number of embedded controllers in charge of physical systems has rapidly increased over the past years. Embedded controllers are present in every aspect of our lives, from our homes to our vehicles and factories. The complexity of these systems is also more than ever. These systems are expected to deliver many features and high performance without trading off in robustness and assurance. As systems increase in complexity, however, the cost of formally verifying their correctness and eliminating security vulnerabilities can quickly explode. On top of the unintentional bugs and problems, malicious attacks on cyber-physical systems (CPS) can also lead to adverse outcomes on physical plants. Some of the recent attacks on CPS are focused on causing physical damage to the plants or the environment. Such intruders make their way into the system using cyber exploits but then initiate actions that can destabilize and even damage the underlying (physical) systems. Given the reality mentioned above and the reliability standards of the industry, there is a need to embrace new CPS design paradigms where faults and security vulnerabilities are the norms rather than an anomaly. Such imperfections must be assumed to exist in every system and component unless it is formally verified and scanned. Faults and vulnerabilities should be safely handled and the CPS must be able to recover from them at run-time. Our goal in this work is to introduce and investigate a few designs compatible with this paradigm. The architectures and techniques proposed in this dissertation do not rely on the testing and complete system verification. Instead, they enforce safety at the highest level of the system and extend guaranteed safety from a few certified components to the entire system. These solutions are carefully curated to utilize unverified components and provide guaranteed performance