### Managing Hard Real Times (28 Years Later)

Peter Welch (phw@kent.ac.uk)

### CPA 2015, University of Kent, 24<sup>th.</sup> August, 2015

Received wisdom about *hard real-time* systems *(where lateness in response means system failure)* is that a currently running process must be *pre-empted* by a higher priority process that becomes runnable (e.g. by the assertion of a processor event pin or timeout). Otherwise worst-case response times cannot be guaranteed.

Further, if a higher priority process needs to synchronise with one of lower priority, the latter must automatically *inherit* the priority of the former. If this does not happen, the opposite happens and the former effectively inherits the lower priority of the latter as it waits for it to be scheduled *(priority inversion)* — again, worst-case response times fail.

The CCSP multicore scheduler for occam-pi (part of the KRoC package) is, *possibly*, the fastest and most scalable (with respect to processor cores) multicore scheduler on the planet. [Some say ... ③]

However, its scheduling is *cooperative* (not *pre-emptive*) and it does not implement *priority inheritance* (and *cannot do so*, given the nature of CSP synchronisation, where processes do not know the identities of the other processes involved).

Therefore, despite its performance, received wisdom would seem to rule it out for hard real-time applications. [8]

# Hard Real Times (28 years later)

This talk reviews a paper from OUG-7 proceedings (1987) that discusses these ideas with respect to Transputers. No change is needed for modern multicore architectures. [3]

Peter H. Welch. Managing Hard Real-Time Demands on Transputers. In: Traian Muntean, ed., *Proceedings of OUG-7 Conference and International Workshop on Parallel Programming of Transputer Based Machines*. LGI-IMAG, Grenoble, France: IOS Press. 1987.

One minor fix, that simplifies the logic and improves behaviour, can be made. [3]

Let's start with Conclusions:

- pre-emptive scheduling is not required for hard real-time; [<sup>©</sup>]
- priority inheritance is a design error (dealt with by correct design, not the run-time system); [<sup>©</sup>]
- the occam-pi/CCSP scheduler can be made to work even more efficiently for hard real-time systems than it presently does for soft real-time (e.g. complex system modelling). [3]



24-Aug-2015



24-Aug-2015





24-Aug-2015











## **Event Manager**



PROC event.manager (CHAN SIGNAL event.pin?, []CHAN BYTE out!) WHILE TRUE

#### SEQ

SIGNAL any:

event ? any

- ... find who pulled the pin (from status registers)
- ... extract data (from data register 'i')
- out[i] ! data

3

### **Event Manager**



- Must guarantee never to miss an assertion of the event pin.
- Worst case: an event signal has just been taken when another arrives. We have to find who was responsible for the *just-taken* signal, extract the relevant data and send to the relevant server process for that signal. How long for this?
- Need to have a max delay for outputting the data.

### **Event Manager & Smart Buffer**





PROTOCOL TAGGED.BYTE IS INT; BYTE: -- n.missed; data



```
PRI ALT
```

in ? data

... process the data

BOOL any:

loaded & request ? any

... process the request

-



```
WHILE TRUE
PRI ALT
in ? data
IF
loaded
    n.missed := n.missed + 1
    NOT loaded
    loaded := true
BOOL any:
loaded & request ? any
    ... process the request
```



```
WHILE TRUE
    PRI ALT
    in ? data
    ... process the data
    BOOL any:
    loaded & request ? any
    SEQ
        out ! n.missed; data
        loaded := FALSE
        n.missed := 0
```



• A (high priority) sends information to B (low priority).

- A can send at any time and must never be blocked by B not being ready to receive (even when B has made a request for data previously saved in the smart buffer and not yet taken it).
- B can receive data at any time but, first, it has to make a request.
   Such requests will be blocked if there is nothing loaded in the buffer.



Insert an id process (high priority). Let this get stuck communicating with the low priority one. That block only happens when it does not have to guarantee service to the smart buffer – so no problem! ③

```
PROC id (CHAN TAGGED.BYTE in?, out!)
WHILE TRUE
INT n.missed:
BYTE data:
SEQ
in ? n.missed; data
out ! n.missed; data
```

3



 Initially, it must guarantee worst-case time to accept an input. Subsequently, no input will happen until its output has been taken.
 Only then, must it guarantee service on its input.

```
PROC id (CHAN TAGGED.BYTE in?, out!)
WHILE TRUE
INT n.missed:
BYTE data:
SEQ
in ? n.missed; data
out ! n.missed; data
```

3



Alternatively, we could relieve B from having to make requests by combining an auto-prompter with the memory cell.

```
PROC prompt (CHAN BOOL request!, CHAN INT in?, out!)
WHILE TRUE
INT n.missed: BYTE data:
SEQ
request ! TRUE
in ? n.missed; data
out ! n.missed; data
```





Let's start with Conclusions:

- pre-emptive scheduling is not required for hard real-time; [<sup>©</sup>]
- priority inheritance is a design error (dealt with by correct design, not the run-time system); [<sup>©</sup>]
- 1
- the occam-pi/CCSP scheduler can be made to work even more efficiently for hard real-time systems than it presently does for soft real-time (e.g. complex system modelling). [3]

 pre-emptive scheduling is not required for hard real-time; [<sup>©</sup>]

"Imagine each process running on its own silicon ..." [1987 paper]

Using this analogy, the paper showed how worst-case response times can be calculated – for a transputer, relying on *pre-emption* of low by high priority processes scheduled on a single processing core.

With multcore, we don't have to imagine ... and we don't have to pre-empt. ③ ③ ③

pre-emptive scheduling is not required for hard real-time; [<sup>©</sup>]

"Imagine each process running on its own silicon ..." [1987 paper]

For XMOS Xcores, this is exactly what happens! Each process, when it has to guarantee response time, waits *("like a greyhound")* in its own silicon engine for the signal to be unleashed.

We still need the discussed techniques to not be blocked by another process while on duty! <sup>(2)</sup> <sup>(2)</sup> <sup>(2)</sup> <sup>(2)</sup>

pre-emptive scheduling is not required for hard real-time; [<sup>©</sup>]

"Imagine each process running on its own silicon ..." [1987 paper]

For occam-pi, processes may be confined to run on any subset of cores (rather than all).

Set those needing to guarantee hard real-time to run on one set (a singleton is good) and the rest on the rest of the cores.

The above techniques and analysis just work and no pre-emption is needed. 😳 😳

the occam-pi/CCSP scheduler can be made to work even more efficiently for hard real-time systems than it presently does for soft real-time (e.g. complex system modelling). [3]

We don't do this yet but ...

Run different versions of the CCSP scheduler on different cores ...

On the cores running non-real-time processes, don't check for interrupts (event pins, links, timeouts) every scheduling point ... faster!

On the real-time core, run the single core version ... faster! 24-Aug-2015

**CCSP** scheduler can be made to the occan efficiently for hard real-time work even sently does for soft real-time systems than modelling). 😰 (e.g. complex sy

We don't do this yet but

Run different versions of th SP scheduler on different cores ...

On the cores running non-real-tin rocesses, don't check for interrupts (event pins, lin meouts) every scheduling point ... faster!

On the real-time core, run the single core sion ... faster! 24-Aug-2015

CCSP scheduler can by de to the occal efficiently for har work even -time sently does t real-time systems than 0 modell (e.g. complex sy  $\odot$ 

We don't do this yet but

duestions. **Run different versiop** SP scheduler on ANV different cores ...

g non-real-tin On the cores r rocesses, don't ts (event pins, lin check for int meouts) every ... faster! schedulin

time core, run the single core On the i sion ... faster! 24-Aug-2015 Copyright P.H.Welch