Synthesis of safe, QoS extendible, application specific schedulers for heterogeneous real-time systems
read more
Citations
Oris: a tool for modeling, verification and evaluation of real-time systems
Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services
A real-time profile for UML
Ten years of analyzing actors: Rebeca experience
On synthesizing controllers from bounded-response properties
References
The Java Language Specification
Priority inheritance protocols: an approach to real-time synchronization
Modern Operating Systems
The Real-Time Specification for Java
Branching time and abstraction in bisimulation semantics
Related Papers (5)
Frequently Asked Questions (16)
Q2. What are the future works in this paper?
The authors plan to address this problem in future versions of their tools, which will perform the synthesis in an on-the-fly manner while constructing the state-space, as for example was done in [ 10 ]. The authors also plan to study ways to perform the synthesis symbolically, without explicitly constructing the state space graph. The authors indeed plan to develop such a model extraction for Java, so as to be able to schedule real-time Java programs. Such models can be extracted from programs using static analysis techniques.
Q3. What is the disadvantage of their method?
A disadvantage of their method is that the authors must build the entire state space before the authors can synthesise a scheduler for an application.
Q4. What is the advantage of a cache read and flush?
In fact, since a cache reads and flushes one cache line at a time (i.e., multiple consecutive memory addresses) the benefits can be even greater, both with respect to energy consumption and execution speed.
Q5. What are the actions of the time and application automata?
The actions of the time and application automata being uncontrollable, the only controllable actions are those of the two scheduler automata.
Q6. What is the mechanism that controls the execution of a scheduler?
After one of the scheduler stacks is finished, it passes control to an underlying R-T OS which provides low-level kernel mechanisms.
Q7. Why do safety & mission-critical systems need to be of high quality?
Safety & mission-critical systems need to be of extremely high quality, due to the great dangers and the high cost of their potential failure.
Q8. How can the authors reduce the state space of a system?
Once the authors can indeed safely schedule the system under the hypothesis that threads are never preempted, then the authors can use the constraints obtained during this step to reduce even further the state space that the authors have to construct and analyse when the authors do allow threads to be preempted.
Q9. What can be done to reduce the energy consumption of the system?
This can help decrease the energy consumption of the system, since a cache miss can lead to two main memory accesses, which are known to be quite demanding with respect to energy [7].
Q10. What mechanisms are available to the underlying R-T OS?
Such mechanisms include the ability to create, suspend and resume an application thread, as well as the ability to create, set and disable alarms for future events (e.g., arrival of next period or the timeout of a waitTimed).
Q11. What is the size of the state space the authors must explore?
Since the verification is performed on the safely schedulable application, the size of the state space the authors must explore is quite small.
Q12. How many constraints are in the safe-exec layer?
These 56 constraints are all part of the Safe-Exec layer, since in this application there is always at most one thread waiting to be notified on a particular condition variable and thus the authors cannot control the communication aspect of the application.
Q13. What is the role of the safe-exec layer?
The Safe-Exec scheduler layer is responsible for calculating the subset Sexec of Rexec, consisting of those threads that can safely execute.
Q14. How many constraints can be found in the untimed model?
For instance, the untimed model of the application shown in Figure 4 is 97% smaller than the timed one and it allowed us to discover 8 constraints which can help us avoid all the 10 deadlocks caused by the use of shared resources.
Q15. What is the difficulty of implementing a safe scheduler as is?
The difficulty of implementing it as is, arises from the fact that the constraints the authors produce during the synthesis use the state of the system to decide what are the safe choices at each point during the execution and, therefore, also make reference to the values of the local clocks of the threads.
Q16. How can the authors verify the robustness of the synthesised scheduler?
the robustness of the synthesised scheduler with respect to the assumed execution times of the computations can be verified by enlarging the corresponding intervals.