Академический Документы
Профессиональный Документы
Культура Документы
Overload
A system goes into overload // configure the normal and background priorities, the budget interval, and
when events’ interarrival times // the maximum number of replenishments
are shorter than planned or param.sched_ss_low_priority = NIC_SPORADIC_BKGD_PRIORITY;
when threads’ execution inter- param.sched_priority = NIC_SPORADIC_PRIORITY;
vals are longer than planned. param.sched_ss_max_repl = NIC_SPORADIC_MAXREPLENISHMENTS;
Under these conditions, the sys- nsec2timespec(¶m.sched_ss_repl_period, NIC_SPORADIC_PERIOD);
tem must discard events or allow nsec2timespec(¶m.sched_ss_init_budget, NIC_SPORADIC_BUDGET);
one or more threads to miss their
deadlines to allow more critical
if (pthread_attr_setschedparam(&pattr, ¶m) != EOK) {...}
threads to complete on time.
Overload results when pe-
ripherals and external agents // now set the scheduling policy to sporadic
conform to their true nature if (pthread_attr_setschedpolicy(&pattr, SCHED_SPORADIC) != EOK) {...}
rather than to designers’ ideal-
ized assumptions. Hardware de- // create the thread/task and have it explicitly use sporadic parameters
vices may fail, generating spuri- if (pthread_create(&devData->threadId, &pattr, rtl_EventHandler, devData) != EOK) {...}
ous signals greatly out of line
with proper behavior. Errant or
malicious code, improperly Listing 1: The POSIX C code used to configure a sporadic scheduling policy for the packet reception thread of the network driver is found here.
trained or malicious users and
unusual number of external threads will miss their dead- suite describes a programming If a thread ever requires more
agents can generate excessive lines during overload condi- interface for portable operating processor time than its budget
event traffic that violates de- tions. Furthermore, an over- systems. In 1999, the POSIX allows, the sporadic scheduling
signers’ statistical assumptions. running thread may cause Working Group introduced policy dynamically lowers the
Several practical examples other future threads to miss IEEE 1003.1d to specify addi- priority of the thread to its
include Mother’s Day callers, their deadlines. tional real-time extensions for “background” priority. While
who are notorious for overload- On the other hand, a designer the C language. Section 13.2.4 at either priority, the scheduler
ing the phone network; net- using a static-priority policy can of that standard adds the spo- treats the thread identically to
work packet broadcast storms; perform schedulability analysis radic scheduler policy to the other threads with the conven-
focused denial of service at- to assure that the deadlines of round robin and FIFO policies tional FIFO scheduling policy.
tacks; large files fed at high critical threads will be satisfied previously standardized. The For example, priority inherit-
speed into serial ports; mal- even in overload. Employing a POSIX Working Group speci- ance and positioning within
functioning disk controllers; predictable scheduling policy is fied the sporadic scheduling ready queues remain the same—
faulty sensors; electromagnetic especially important for safety- policy precisely for handling the important differences are
disturbances; errant, dynami- critical systems, which must re- aperiodic and sporadic events the enforcement of the thread’s
cally loaded device driver code main predictable even in over- and threads running within the execution time and priority re-
that forgets to clear interrupt load. For example, an overloaded context of a static-priority pre- assignment of the thread.
conditions; and the stuck active system that misses a few user in- emptive scheduler. By lowering the thread’s pri-
interrupt request signals my terface updates is preferable to In addition to the single, ority, the system allows other
team encountered. one that fails to close control normal-priority level used for threads to execute that the spo-
The choice of scheduling valves. FIFO and round-robin schedul- radic thread would otherwise
policy makes a dramatic differ- While poorly designed sys- ing, the parameters of a spo- preempt at its normal priority.
ence on how the system behaves tems often fail to satisfy the radic policy include a second, Dynamic adjustment of thread
in overload, and determines constraints of critical and less lower background priority; a priorities is the key capability of
whether a designer can predict- important threads in overload, replenishment interval; an ex- the policy that enables pro-
ably characterize the system well-designed systems must se- ecution budget; and a maxi- grammers to build predictable
during overload. For example, lectively process events to as- mum number of replenish- systems.
the dynamic priority earliest sure that the deadlines of criti- ments allowed within each re- A sporadic thread consumes
deadline first (EDF) scheduling cal threads will always be met. plenishment inter val. To- execution time whenever it is
policy performs poorly in over- POSIX’s sporadic scheduling gether, the replenishment in- running. The scheduler de-
load. Since EDF is used to as- policy makes good design easy. terval and execution budget de- ducts consumed time from the
sign thread priorities on the fly, fine the maximum processor thread’s budget each time the
the designers of the system can- Sporadic scheduling utilization granted to a thread thread blocks or the scheduler
not predict which specific IEEE’s POSIX specification at its “normal” priority. preempts it.
When a sporadic thread is tem even when in overload. least one thread for receiving tem against this, I switched the
blocked (but not preempted), To clarify these concepts, packets as part of interrupt ser- reception thread’s default
the sporadic scheduler allocates Figure 2 shows a sporadically vice, and another for transmit- FIFO policy to a sporadic
a new replenishment event one scheduled thread that begins ting packets. scheduling policy and so re-
replenishment period after the with an execution budget of Designers make several as- stricted its high priority utili-
most recent unblocking of the eight units and a 12-unit replen- sumptions when employing a zation of the processor to the
thread. The scheduler sets the ishment period. Once released, multi-node communications desired worst case amount,
amount of execution budget that the thread runs for four units medium into their designs, in- 39 percent. I accomplished
it will grant to the thread at that before blocking. The scheduler cluding expectations on the uti- this by initializing the fields of
replenishment to the amount of deducts four units from the lization of the medium, the a POSIX scheduling param-
time the thread ran since it un- thread’s budget and schedules a bandwidth of the medium, the eters attribute to my expected
blocked. replenishment of four units to average and worst-case packet period and execution budget
A thread may contend for occur 12 units after the thread sizes and the expected interval and passing those attributes at
multiple resources with lower started. Unblocked, the thread between packets destined for POSIX’s thread creation.
priority threads during a single runs for three units before block- the connecting system. With The sporadic scheduling
period and, therefore, might ing a second time. The sched- these assumptions, the design- policy ensured that the system
have several replenishment uler deducts three units from ers determine an appropriate could withstand abnormal
events outstanding. To mini- the budget and schedules a period, computation interval packet bursts and would drop
mize scheduler overhead, the 3-unit replenishment to occur and priority for the packet re- excessive incoming traffic, but
POSIX specification enables a 12 units after the thread un- ception thread. would still satisfy the time con-
straints of critical threads lower
in priority than the NIC recep-
Parameter Duration tion handler.
NIC interrupt request interarrival 1,024µs Listing 1 presents the
Thread computation requirement 400µs POSIX C code to configure a
sporadic scheduling policy for
Effective maximum utilization 39 percent the packet reception thread of
the network driver. A complete
Table 1: For these requirements, we can create a periodic thread to handle packet reception and assign it a rate monotonically derived implementation of a Realtek
priority based on its 1,024ms period. NIC device driver for the QNX
OS is available for download
designer to limit the number of blocked. Unblocked the second My system needed to con- from www.embedded.com/
outstanding replenishment time, the thread executes for nect to a 100Mbps network, code.htm.
events per period. If the maxi- one unit, whereupon the sched- would receive constant sized Predictably, sporadic sched-
mum is reached, no additional uler detects the exhaustion of (64byte) packets, required uling manages aperiodic and
replenishment events are the execution budget and down- 25ms of processing per packet, sporadic events and threads by
scheduled within the replenish- grades the thread’s priority. and expected to receive packets wrapping them within a peri-
ment period. The thread is free to run at the once every 64ms. I selected an odic framework. This is an ef-
If and when a sporadic background priority if no NIC that interrupted the host fective technique for predict-
thread consumes its entire ex- other higher priority threads processor for each packet re- ably handling overload sce-
ecution budget, the scheduler preempt it. ceived, yet also included a narios on static-priority pre-
is informed so it can lower the Note that the resolution of 32-entry ring buffer. I planned emptive schedulers. Using spo-
thread’s priority to its back- the operating system’s timer to protect against packet drops radic scheduling, threads that
ground level. The thread re- tick limits the accuracy of the by never letting the ring buffer would otherwise introduce un-
mains at this priority until a re- sporadic scheduler. A low- become more than 50 percent desirable jitter or deny the pro-
plenishment event occurs, at resolution 10ms tick, wouldn’t full. Processing all packets cessor to lower-priority threads
which point the scheduler pro- yield good results for threads within the time constraints was during overload can be safely
motes the thread back to its nor- with periods and budgets mea- a goal, but never overloading included. With sporadic sched-
mal priority. If the thread is sured in milliseconds. the system was the require- uling, we can predictably ana-
able to run at its background ment. To ensure this, I allowed lyze unpredictable systems.
priority because no higher pri- An example the system to drop packets if If you are interested in incor-
ority thread is ready to run, Let’s see how we can put a spo- absolutely necessary. porating sporadic scheduling
then the scheduler allows the radic scheduling policy into Given the requirements in into your applications, you can
sporadic thread to run and does practice by examining the re- Table 1, I created a periodic find implementations of the
not deduct time from its execu- ception thread of a network in- thread to handle packet recep- policy within the Ada95 pro-
tion budget. terface controller’s (NIC) de- tion and assigned it a rate gramming language, the QNX
These consumption and re- vice driver. monotonically derived priority RTOS, Java Virtual Machines
plenishment policies assure that Applications communicate based on its 1,024ms period. To compliant with the Real-Time
within any interval of time equal over packet networks via device keep the ring buffer utilization Specification for Java (RTSJ),
to the thread’s replenishment drivers attached to NICs. These under 50 percent the period is and several real-time variants of
interval, the thread is allowed to controllers implement the 16 x 64µs and the computation the Linux kernel. Note, how-
execute only for as long as its physical and data link layers of interval is 16 x 25µs. (I also ever, that not all implementa-
computation budget indicates. the physical medium’s commu- used an OS that uses extremely tions are fully compliant with
The scheduler thereby forces the nication protocol to provide short interrupt exception han- the POSIX 1003.1d specifica-
thread’s processor utilization to node-to-node connections dlers and performs interrupt tion. For example, RTSJ’s spo-
conform to the designers’ expec- without errors, to arbitrate for service handling within a pri- radic scheduling policy neither
tations and to the assumptions the medium, and to handle the oritized thread.) uses the C bindings nor imple-
of optimal RM static-priority physical and electrical specifi- I realized that if the incom- ments replenishments. Ada95’s
preemptive scheduling. This cations necessary to transmit ing rate exceeded 15,625 pack- implementation uses POSIX’s
utilization enforcement is what data across the medium. A net- ets/s, the system would go into 1003.5 Ada bindings.
assures predictability of the sys- work device driver contains at overload. To protect the sys- [Embedded Systems Programming]