Showing papers in "Real-time Systems in 1993"
TL;DR: A formal path model for dynamic path analysis is introduced, where user execution information is represented by a set of program paths and a method to verify given user information with known program verification techniques is introduced.
Abstract: This paper describes a method to predict guaranteed and tight deterministic execution time bounds of a sequential program. The basic prediction technique is a static analysis based on simple timing schema for source-level language constructs, which gives accurate predictions in many cases. Using powerful user-provided information, dynamic path analysis refines looser predictions by eliminating infeasible paths and decomposing the possible execution behaviors in a pathwise manner. Overall prediction cost is scalable with respect to desired precision, controlling the amount of information provided. We introduce a formal path model for dynamic path analysis, where user execution information is represented by a set of program paths. With a well-defined practical high-level interface language, user information can be used in an easy and efficient way. We also introduce a method to verify given user information with known program verification techniques. Initial experiments with a timing tool show that safe and tight predictions are possible fbr a wide range of programs. The tool can also provide predictions for interesting subsets of program executions.
251 citations
TL;DR: Good response time bounds for tasks with offset information are derived, giving an optimal priority ordering algorithm for hard real-time systems.
Abstract: One common way of constructing hard real-time systems is to use a number of periodic and sporadic tasks assigned static priorities and dispatched at run-time according to the preemptive priority scheduling algorithm. Most analysis for such systems attempts to find the worst-case response time for each task by assuming that the worst-case scheduling point is when all tasks in the system are released simultaneously. Often, however, a given set of hard real-time tasks will have offset constraints: a number of tasks sharing the same periodic behaviour will be constrained to execute at fixed offsets in time relative to each other. In this situation the assumption of a simultaneous release of all tasks can lead to pessimistic scheduling results. In this paper we derive good response time bounds for tasks with offset information, giving an optimal priority ordering algorithm.
135 citations
TL;DR: A simple instruction pipeline is modeled so that more accurate estimations are obtained and it is indicated the WCET overestimates at basic block level can be reduced from over 20% to less than 2%, and that the overestimates for typical structured real-time programs can be cut by 17%–40%.
Abstract: The calculation of worst case execution time (WCET) is a fundamental requirement of almost all scheduling approaches for hard real-time systems. Due to their unpredictability, hardware enhancements such as cache and pipelining are often ignored in attempts to find WCET of programs. This results in estimations that are excessively pessimistic. In this article a simple instruction pipeline is modeled so that more accurate estimations are obtained. The model presented can be used with any schedulability analysis that allows sections of nonpreemptable code to be included. Our results indicate the WCET overestimates at basic block level can be reduced from over 20% to less than 2%, and that the overestimates for typical structured real-time programs can be reduced by 17%–40%.
97 citations
TL;DR: New deadline verification techniques for a basic task nzodel have heen extended to verifr deadlines in real process control environments and are outlined in this paper.
Abstract: A mandatoiy condition for event driven hard real-time systems to meet deadlines under all circunzstaizces is the bounded number of events in time. Traditionally the verification of hard deadlines is achieved for periodic events or sporadic events with given interarrival tinzes only. A new event nzodel presented in this paper provides the means to describe the occurrence of events bounded in time iitteivals more precisely to achieve a better offline schedulability test. New deadline verification techniques for a basic task nzodel are outlined in this paper. These techniques have heen extended to verifr deadlines in real process control environments.
96 citations
TL;DR: This paper presents the mapping mechanism that relates the current IPTES user interface with theIPTES machine language and presents the formal semantics of SA/RT defined by means of high-level timed Petri nets.
Abstract: In the IPTES project a dual language approach is proposed for overcoming both the problems derived from the use of a user-friendly, high-level, but not-formally-defined language and from a lower-level, formal, but difficult-to-use language. The approach uses a user-friendly, high-level language as user interface and a lower-level, formal language asmachine language. In this way the users can both access the IPTES environment through a nice interface and can profit from non-ambiguity-checks and proofs algorithms based on the formal kernel machine language. The correspondence between the two languages is built-in in the IPTES environment that provides a transparent mapping mechanism that relates the users specifications expressed by means of the high-level interface-language with the formal definitions expressed in the formal machine language.
40 citations
TL;DR: A dual priority scheme is proposed: a task may execute in two phases; each phase has a static priority assigned, and the transition from one phase to another is made at a Jived offset in rime from the release of the task.
Abstract: Static priority schemes have the disadvantage that processor utilisations less than 3 00% must be tolerated if a system is to be guaranteed off-line. By comparison earliest deadline scheduling can theoretically utilise all of a processors capacity, although in practice run-time overheads are increased that undermine this advantage. In this paper a dual priority scheme is proposed: a task may execute in two phases; each phase has a static priority assigned, the transition from one phase to another is made at a Jived offset in rime from the release of the task. Utilisations equal to 100% can now he obtained whilst retaining an essentially static priority model. Examples of the scheme are given and some of its properties investigated. Implementation issues are also considered.
38 citations
TL;DR: This paper formalizes priority inversion and gives sufficient conditions as well as some new protocols for preventing priority inversions.
Abstract: A priority inversion occurs when a low--priority task causes the execution of a higher--priority task to be delayed. The possibility of priority inversions complicates the analysis of systems that use priority--based schedulers because priority inversions invalidate the assumption that a task can be delayed by only higher--priority tasks. This paper formalizes priority inversion and gives sufficient conditions as well as some new protocols for preventing priority inversions.
37 citations
TL;DR: This survey paper introduces novel speci cation languages and veri cation techniques for four levels of development: Requirements de nition and design; Programspeci cations and their transformation to parallel programs; compilation of programs to hardware; and Compilation of real-time programs to conventional processors.
Abstract: The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, real-time, computer systems. This survey paper introduces novel speci cation languages and veri cation techniques for four levels of development: Requirements de nition and design; Program speci cations and their transformation to parallel programs; Compilation of programs to hardware; and Compilation of real-time programs to conventional processors.
34 citations
TL;DR: This paper analyses some aspects of the problem and attempts to demonstrate that an alternative approach to designing these systems exists and a description of the system’s architecture developed by us (SPLICE) that underlies this solution is given.
Abstract: A short historical perspective is given of the evolution of the use of software for the realization of increasingly complex control systems. The state-of-the-art in designing computer-based control systems is discussed and highlighted with an example. Two major aspects of the difficulties encountered with the current approach to designing these systems are discussed as an introduction to a solution. The solution is in the form of SPICE, a system that makes large real-time control software less complex by adopting a highly modular and expandible software architecture. A description of the system's architecture developed is given and illustrated with a simple example. >
28 citations
TL;DR: A new task taming analysis tool for MARS that not only allows to compute worst case execution time bounds of high quality but also produces detailed information about the extent to which every statement contributes to this bound and allows to experiment with hypothetical times.
Abstract: In modern programming environments for real-time software the presence of task timing analysis tools has become state of the art. Upon the results produced by these tools programmers judge whether software being developed meets the specified timing requirements. In this paper we present a new task taming analysis tool for MARS. This tool not only allows to compute worst case execution time bounds of high quality. It also produces detailed information about the extent to which every statement contributes to this bound and allows to experiment with hypothetical times. These properties of the timing analysis tool allow to make execution time information an integral part of the entire programming process.
27 citations
TL;DR: The formal kernel of IPTES is a class of high-level Petri nets, called HLTPNs (High-Level Timed Petri Nets), that allow specifications to be executed, simulated, tested and formally proved.
Abstract: One of the goals of the IPTES environment is to provide a highly usable and formally based specification support environment for real-time applications. Therefore the environment is built upon a formal language that provides a sound, and mathematically well-defined kernel for IPTES. The language provides a means for formulating unambiguous specifications that can be formally verified at any stage of the project. The ability of verifying the specifications from the early stages of the project is very important for revealing errors when their correction can be done at a much lower cost compared with the cost of removing the same errors in later phases. The formal kernel of IPTES is a class of high-level Petri nets, called HLTPNs (High-Level Timed Petri Nets), that allow specifications to be executed, simulated, tested and formally proved. HLTPNs come in two forms: the internal form (HLTPN
i
) and the abstract form (HLTPN
a
).HLTPN
i
may be viewed as the machine language of the abstract machine underlying the IPTES environment.HLTPN
a
provides a higher-level intermediate notation that allows to deal explicitly with aspects related to scheduling of the modeled system.
TL;DR: This paper describes the application of partial evaluation to programming languages for hard-real-time systems, gives examples of programs handled by the techniques, discusses how the system appears from a user's perspective, and provides an overview of the partial evaluation techniques employed.
Abstract: The use of high-level programming constructs (such as recursion, loops, and dynamic data structures) makes it difficult to estimate at compile-time the execution time and resource requirements of a program. We contend thatpartial evaluation provides a solution to this problem. Given a real-time program employing high level language constructs, partial evaluation uses information about the execution environment to create a specialized program tailored for that particular environment. Specialized programs can be better analyzed to estimate accurately the execution time and resource requirements. Our techniques offer substantially greater power and flexibility to the programmer than previous estimation techniques for real-time systems. This paper describes the application of partial evaluation to programming languages for hard-real-time systems, gives examples of programs handled by our techniques, discusses how the system appears from a user's perspective, provides an overview of the partial evaluation techniques employed using examples and describes some limitations of our techniques and possible solutions.
TL;DR: First, a new model for real-time database systems which includes both hard and soft real- time transactions is introduced, and second, an integratedreal-time transaction processing scheme under deterministic subsystem support is developed.
Abstract: A real-tame database system can be defined as a database system where transactions are associated with real-time constraints typically in the form of deadlines. The system must process transactions to both meet the deadlines and maintain data consistency. Current research effort in this field has been focused on schedaling transactions with soft or firm deadlines under the conventional transaction model and database system archatecture. They cannot support predictable realtime transaction processing. In this paper, we will provide a framework to realize predictable real-time transaction processing. First, we introduce a new model for real-time database systems which includes both hard and soft real-time transactions. Second, we develop an integrated real-time transaction processing scheme under deterministic subsystem support.
TL;DR: This paper summarizes the support for incremental, heterogeneous and distributed prototyping of real time systems developed as a part of the IPTES environment and describes the overall architecture of the environment and related approaches.
Abstract: This paper summarizes the support for incremental, heterogeneous and distributed prototyping of real time systems developed as a part of the IPTES environment. After describing the overall architecture of the environment and related approaches, the paper focuses on the internal levels of the environment.
TL;DR: This article presents the executable specification language IPTES Meta-IV based on the formal specification language VDM-SL and presents how it supports the specification of the data transformation part of SA/RT.
Abstract: In this article we present the executable specification language IPTES Meta-IV based on the formal specification language VDM-SL. The language has been fitted to work in an SA/RT framework and the article presents how it supports the specification of the data transformation part of SA/RT. Furthermore we present some of the advanced constructs of the language seen as an executable specification language in its own right. Finally we present how an IPTES Meta-IV interpreter is used in combination with a high-level timed Petri net executor to execute SA/RT models.
TL;DR: The IPTES environment provides a set of tools to help in the process of creating, analyzing, and testing distributed heterogeneous prototypes to enable the specification, development, and verification of executable system models.
Abstract: The constantly increasing concurrency, complexity, and risks associated with the industrial development of real-time embedded computer systems has been approached in different ways in recent years. In Esprit project no. EP5570, called IPTES, a methodology and a supporting environment to support the Boehm's spiral process are being developed. The prototyping environment will enable the specification, development, and verification of executable system models so that different parts of the system may represent different modeling levels and yet can be executed as a total system. Concurrent engineering problems in connection with multi-supplier, distributed software development are also addressed in the IPTES environment. In the IPTES project the concept of heterogeneous prototyping is proposed as a solution. Each of the development teams may use relatively abstract models of the other parts of the systems as a testbed (environment model) for their own part, yet they can proceed developing their own part full speed by means of advancing the maturity of their part to the next abstraction level(s). The IPTES environment provides a set of tools to help in the process of creating, analyzing, and testing distributed heterogeneous prototypes.
TL;DR: This paper deals with temporally constrained executions of ESTEREL programs, in order to execute “real-time” synchronous programs, special implementations techniques have to be used.
Abstract: Synchronous languages are dedicated to reactive system programming. A synchronous language like ESTEREL has to rely on some general purpose language for data processing facilities. This need for external code is explained in a first part of the paper. In order to execute “real-time” synchronous programs, special implementations techniques have to be used. Th.e second p art of the paper deals with temporally constrained executions of ESTEREL programs.
TL;DR: This paper investigates how the imprecise-computation approach can be combined with checkpointing; the result is a technique for fault-tolerance for real-time system.
Abstract: When a failure occurs in a real-time system, the temporary loss of service and the recovery can cause a transient overload with an increase in the number of tasks that can not meet their timing constraints. The imprecise-computation technique allows one to trade off computation accuracy with computation time and offers therefore the necessary scheduling flexibility required during the recovery process after a failure. In this paper we investigate how the imprecisecomputation approach can be combined with checkpointing; the result is a technique for fault-tolerance for real-time system. We define optimalaty criteria for the checkpointed imprecise-computation model. In an earlier work we have described algorithms to statically schedule imprecise tasks to meet these criteria. These approaches are conservative for systems with very rare failures. We take advantage of new results in on-line scheduling of imprecise computation to design an algorithm that dynamically adapts to failure occurrences. Simulations are described to evaluate the performance of this algorithm.
TL;DR: It is shown that animation strongly inherits certain benefits of prototyping while at the same time animation is able to alleviate some of the drawbacks of prototyper while the animation approach taken in Esprit project no. 5570, IPTES is described.
Abstract: An analysis of prototyping of embedded Real-Time Systems by means of graphical animation techniques is presented. We analyze the fundamental characteristics of prototyping and their relation to animation mechanisms. We show that animation strongly inherits certain benefits of prototyping while at the same time animation is able to alleviate some of the drawbacks of prototyping. A survey of known visualization techniques for real-time system animation is presented with an assessment to their relative strengths and weaknesses. Finally, the animation approach taken in Esprit project no. 5570, IPTES, is described. Our approach is unique in enabling animation of heterogeneous system models, i.e., combinations of submodels belonging to different levels of abstraction.
TL;DR: The IPTES project is aimed to provide a methodology and an integrated environment to support the development of embedded Real-Time Systems with incremental, distributed and heterogeneous prototyping.
Abstract: The IPTES project is aimed to provide a methodology and an integrated environment to support the development of embedded Real-Time Systems with incremental, distributed and heterogeneous prototyping. IPTES architecture relies on High Level Timed Petri Nets (HLTPN) as the kernel notation for prototype animation and analysis. According to the environment characteristics, a distributed execution of HLTPN is required. First a method for partitioning the nets, reflecting the required functionality of the higher layers of the environment, is provided. Specific problems of the distributed execution of nets are analyzed, and an algorithm that maintains the time semantics of the net is provided, along with a brief description of the necessary support from the communication layer. Other issues addressed are how to provide a realistic animation, in relation with the time notion perceived by the developer, and how to execute heterogeneous prototypes when some subnets are replaced by procedural code.
TL;DR: In this article, a mathematical model (the Q-model) which enables analytical study of a wide range of timing properties is suggested and some results obtained are listed, but the main attention of the paper is devoted to justifying the necessity of a new model against the wonderful existing formalisms.
Abstract: A mathematical model (the Q-model) which enables analytical study of a wide range of timing properties is suggested and some results obtained are listed. Main attention of the paper, however, is devoted to justifying the necessity of a new model against the wonderful existing formalisms. Three important features of real-time software, not really supported by the existing formalisms, are pointed out. A classification of basic requirements for timing correctness is given. It is suggested that , many essential timing properties -- analyzable in the Q-model -- can not be thoroughly studied in widely used formalisms since they do not capture the necessary multitude of time concepts.
TL;DR: This paper examines issues on how to predict timing behavior of rule-based decision systems for real-time applications and focuses on the analysis of response time ofRule-based programs written in the production system language MRL.
Abstract: This paper examines issues on how to predict timing behavior of rule-based decision systems for real-time applications. In particular, we focus on the analysis of response time of rule-based programs written in the production system language MRL. The design goal of MRL is to allow programmers to write OPS5-like rule-based programs in a language that is more amenable to formal analysis based on the semantic foundation underlying the language Unity. The language MRL, its analysis algorithms, and its execution system form a package of design tools for programming real-time rule-based decision systems.
TL;DR: FASTCHART is shortly described and compared with a standard processor to show which power can be achieved with a ‘(pure” hard real time processor.
Abstract: The designer of hard real time systems requires hardware which is fully predictable otherwise a great loss of computing power might occur. When using old but deterministic processors like the CISC processor Z80 the performance is sometimes not enough. So processors get specialised to achieve more power. One of these specialised processors FASTCHART is shortly described and compared with a standard processor to show which power can be achieved with a ‘(pure” hard real time processor. Also its benefits and - unfortunately - its disadvantages are described.
TL;DR: A control application model and a dis- tributed computer testbed, developed for the purpose of distributed real-time control of machinery, and the impor- tance of considering the real- time cooperation constraints of control components within a control application is emphasized.
Abstract: This paper describes a control application model and a dis- tributed computer testbed, developed for the purpose of stu- dying distributed real-time control of machinery. Different control approaches are considered depending on the support provided by the distributed computer system. The impor- tance of considering the real-time cooperation constraints of control components, within a control application, is emphasized and communication subsystem properties needed to fupll them are proposed.
TL;DR: This work proposes to mesh synchronous and asynchronous formalisms to concurrent programming in order to benefit of the complementary advantages of both classes of languages.
Abstract: Eve Coste-Manikre INRIA ICARE Project 2004, Route des lucioles BP 93 06902 Sophia Antipolis France e-mail: eve@sophia.inria.fr Robot programming presents specific issues associated to automatic control but also classic concerns of real time programming. We propose to mesh synchronous and asynchronous formalisms to concurrent programming in order to benefit of the complementary advantages of both classes of languages. The ESTEREL synchronous language is used to model the behaviour of control laws encapsulated in a robot-task and the reactive organization of robot-tasks in an application. The use of the synchronous paradigm requires special cares regarding implementation issues.
TL;DR: A general resource request condition is described that proves deadlock prevention in AND-OR systems and how it is used in a concurrent real-time system is described.
Abstract: To meet consistency requirements found in concurrent applications, a process must be guaranteed that it will be able to use all resources in a set ofpassive resources (such as shared data structures). To provide predictable execution time required in real-time systems, a process also needs guaranteed access to at least one of a set ofactive resources (such as processors) associated with each passive resource. As such, a concurrent real-time-process has AND-OR resource requirements. If locking is used to provide exclusive access to resources, deadlock is possible since processes can request additional resources while holding other resources. Deadlock detection and recovery techniques and deadlock avoidance techniques typically involve preempting resources or terminating processes, and are therefore inappropriate for real-time systems that require the execution time of processes to be predictable. This paper describes a general resource request condition that we proveprevents deadlock in AND-OR systems. It also describes how we use this AND-OR deadlock prevention technique in a concurrent real-time system.
TL;DR: In this article, the authors report on considerable extensions of the DRAGON SLAYER/MELODY file system which significantly enhance Melody's mission-critical capabilities (hard real-time responsiveness, adaptability, dependability, graceful degradation, fault tolerance).
Abstract: We report on considerable extensions of the DRAGON SLAYER/ MELODY file system which significantly enhance Melody's missioncritical capabilities (hard real-time responsiveness, adaptability, dependability, graceful degradation, fault tolerance). Tim e criticality of tasks and their sensitivity with respect to latest file information are explicitly used for novel flexible task scheduling algorithms and file replication management policies, in a fully integrated model. The achieved adaptability by far outweighs the additional overhead. - In order to avoid unnecessary and very costly locking of (remote) file copies, task scheduling in the MELODY model is done prior to resource/ file allocation. Although thus being based on estimates of execution times only (no guaranteed tasks), in the 2 different models of integrating task and resource scheduling developed, MELODY distinctively outperforms the classical model, most clearly in mission-critical applications.
TL;DR: In this paper, the authors describe the design and implementation of a debugger for a tightly coupled multiprocessor real-time system which complies with specific require-ments.
Abstract: Todays' real-time systems become ever more com- plex and multiprocessor hardware starts pervading many types of equipment. This complexity indicates that real-time programming has matured into a true software engineering discipline which demands the appropriate set of tools for the support of the entire system lifecycle. Since studies show that debugging takes about half of the development time it is obvious that powerful debuggers are needed. The character- istics of real-time systems impose specific require- ments on the debugger. The system must be capable of detecting logical as well as timing errors and the invasive nature of the debugging system must not alter the temporal logic of the application. We de- scribe the design and the implementation of a de- bugger for a tightly coupled multiprocessor real-time system which complies with those specific require- ments. This paper emphasizes on the high level tools which are necessary for the analysis and the inter- pretation of the trace data which has been collected at run,time. Those tools are necessary due to the high amounts of trace data being collected.
TL;DR: It is shown via simulation that the proposed algorithm can control the trade-off effectively and improve performance of up to 24% compared with current real-time disk scheduling algorithms, such as FD-SCAN, SSEDO and SSEDV.
Abstract: Real-time applications dealing with a large amount of data often require timely service of disk I/O requests. This paper presents a new real-time disk scheduling method called Urgent Group and Shortest Seek Time First(UG-SSTF) for soft real-time systems. According to this algorithm, the urgent group is formed by identifying urgent requests awaiting the disk service in a queue, among which a request with shortest seek time is selected for the next service. This scheduling approach not only improves the miss ratio but also provides a meam to control the trade-off between the two typacal performance requirements, miss ratios and mean tardy time. It is shown via simulation that the proposed algorithm can control the trade-off effectively and improve performance of up to 24% compared with current real-time disk scheduling algorithms, such as FD-SCAN, SSEDO and SSEDV.
TL;DR: In this paper, a protocol for dynamic replacement of software components in embedded hard real-time is described, which is implemented as a sporadic semer with a limited time budget, and does not disturb the realtime processes.
Abstract: software system may threaten the mission success. The usual maantenance technaques are not useful when dealang wzth non-stop software systems. It as not 0 Typical telecommunication systems require conpossable to stop the system executaon to update some tinuous operation, in order to provide an adeof zts components. Dynamac software replacement as quate service. The fault-rate of these systems a mechanasm that allows components iipdataiig waihout should be few hours in a year. stopping the wh,ole system. Several systems architectures and protocols for dyn,amically replacing software components have been developed. However, none of them takes inlo acc0un.t the specific requirements of embedded hard real-time system,s. In particular, there is no provision to en.sure that the timing requirem,ents will be met during and after a replacement operation. In, this paper, a protocol for dynamic replacement of software components in embedded hard real-time is described. This protocol does not disturb the real-time processes, so they can meet iheir deadliiies. The replncem,eiji operation. is m,an.aged by a Replacement. Supervisor that is implemented as a sporadic semer ,with a limited time budget. The protocol as divided into four p h, ases : loa ding, creation,, rep1 a ce in en, d a ii. d clea, n. in g .