184 Chap.

7 I Intertask Communicationand Synchronizat

3. Hold and wait

4. No preemPtion

Countering any one of the four necessaryconditions is needed to preve

deadlock.
Mutual exclusion applies to those resourcesthat can't be shared (e'
printers, disk devices, output channels).Mutual exclusion can be removed I
making such resourcesshareable,for example, through the use of SPOOLe
which allow these resources to appear to be shareable to an applicati
task.
The circular wait condition occuts when a circular chain of processesex
(such as
that hold resourcesneededby'other processesfurther down the chain
cyclic processing).One way to eliminatecircular wait is to impose an orderingr
the reslurces and to force all processesto requestresourcesin increasing order
enumeration.For example, consider the following list of resourcesand th
(increasing)order number.

Disk I
Printer 2
Motor conffol 3
Monitor 4

Now if a processwishes to use both the printer and the monitor, it must requ
first the printer and then the monitor' It can be proved that such a sche
eliminatesthe possibility of deadlock.
The hold and wait condition occurs when processesrequestresourcese
then lock that resourceuntil subsequentresourcelequestsare hlled. c)ne solut
to this problem is to allocateto a processall potentially requiredresourcesat
same time. This can, however, lead to starvation to other processes'Anoi
solution is never to allow a processthat locks more than one resourceat a til
For example,when writing one semaphore-protected disk file to another,lock (
file and copy a record, unlock that file, lock the other file, write the record' i
so on. This, of course,can lead to poor resourceutilization as well as windowt
opportunity for other processes to interrupt and interfere with resou
utilization.

resource and signal the semaphore.If we allow the higher priority task to pree
the lower one, then the deadlock can be eliminated. However, this can lea(
starvation in the low-priority process as well as to nasty interference proble
Sec.7.6I Deadlock

(For example,what if the low-priority task had locked the printer for output, and
now the high-priority task startsprinting?)
Two other ways of combating deadlock are to avoid it through avoidance
algorithms like the Banker's algorithm, or to detect it and recover from it.
Detection of deadlock is not always easy, although in embedded systems
watchdogtimers can be usedand in organic systemsmonitors are appiopriate.

7.6.1Avoidance

Severaltechniquesfor avoidingdeadlockare available.(A morethorough

of thetopiccanbe foundin [146].)Forexample,
discussion if thesemaphores
protecting critical resourcesare implementedby mailboxes with time-outs,then
deadlocking cannot occut But starvation of one or more tasks is possible.
Starvation occurs when a task does nct receive sufficient resourcesto complete
processingin its allocatedtime.
A secondmethod for preventing deadlockis to allow preemption.That is,
tasksof higherpriority which needresourcesshouldbe allowed to grab then from
lower prionty tasks. Unfortunateiy, this can cause problems like stawation or
incompleteI/O operarions.
The fact that each task acquires a resource and then does not relinquish it
until it can acquire anotherresourceis called a wait and hold condition. If we
eliminate this condition, then deadlockcan be avoided.

T EXAiIPLE 7.11
A taskneedsto rcad from file 1 andwdte to file 2. It might openfite l, reada record,closehle l.
Thenit opensflle 2, writes therecordandcldseshle 2 The processis repeatedfor eachrecorduntil
the file is transferred I

This technique, however,can slow downresponse timesgreatly.

Finally, a techniqueknown as thebanker'salgorithmcansometimesbe used
to prevent deadlocksituations.The techniquesuggested by Dijksra [36] usesthe
analogyof a small-townbank.The banker's algorithm works on like resources,
for example,pools of memoryor printers.The algodthmensuresthat the number
of resourcesattachedto all processescan neverexceedthe numberof resources
for thesystem.In addition,we cannevermakea "dangerouiallocation"-that is,
allocateresourcesin such a way that we do not have enoughleft to satisfy the
requirementsof any process.

I EXAMPLE
7..I2
CoNider a systemwith threeptocesses, A, B, alrd C, and a pool of 10 resourcesof a certaint]?e
(e.g., memoryblocks). It is known that processA will neverneedmore than 6 blocks at any one
B and C the totals are 5 aDd7, respectively.A table such as the one below is
time. For proce-sses
constnrctedto keep track of the rcsouce needsand availability.
r86 Chap. 7 I Intertask Communica on and S\

Max Requirement Used

6 t
5 0 5
1 0
:
Total Available ta

When resourcesare requested,the opemting system updates the table, ensuring dll I
deadlock state is not reached.An example of a "saie state" is

Process Max Requirement Used

6 2
5 3
c 7 I
Toral Available

Here, the requirementsof processA or B can be satisfied,so the stare is safe An

"unsafe state" is

Max Requirement Used

6 4
5. l
,1
2

Total Available

ln this case, the total requtrementsof no task can be met with the total available
deadlock could ensue.

The banker's algorithm is often too slow for real-time systems-

Habermann[56] has implemented the algorithm for mixed resources
always practical. Finally, resource needs for each task may not b€
prrcrt.

7.6.2 Detectand Recover

Assfming that a deadlock situation can be detected (for example, bg
watchdog timer), what can be done? One technique, known as fu
algorithm, advisesthat the problem be ignored.If the deadlocksituadm
to occur infrequently, for example, once per year, and the system is Dd
one, this approach may be acceptable.For example, if in a video
problem is known to occur infrequently, the effort needed to detect and
problemmay not be justified given the cost and function of the sysren
Sec 7.7 I Exercises lE7

to the child who just losr his quarter).If the systemis a mannedolle or in control
of say, an assemblyline, then the ostrich algorithm is unacceptable
Another methodfor handling the deadlockis to resetthe systemcomPletelY.
Again, this may be unacceptablefor certain critical systerhs.
Finally, if a deadlockis detected,someform of rollback to a pre-deadlockstate
can be perfomred,althoughthis may lead to a recurrentdeadlock,and operations
suchas writing to certainfiles or devicescannotbe rolled backeasily.

7,7 EXERCISES
1 What effect would size N of a ring buffer have on its performance?How would you
determinethe opdmal size?
2. For a machine you are familiar with, discuss whether the counting semaPhore
implementationgiven in this chapter has any cntical region problems That is' can the
semaphoreitself be tnte[upted in a harmful way'?
3. Why is it not wise to disable intetrupts before the while statement In the binary
semaphore,P?
4. Rewrilelhe rinC bulTertead-and-wrile procedures in
(a) C or C++
(b) Ada or Ada 95
(c) Modula-2
5. Modify the wnte ptocedure for the ring buffer to handle the overflow condition'
6, Write a set of pseudocoderoutines to access(read from and write to) a 20-item ring
buffer. The routines should use semaphoresto allow more than one user to accessthe
buffer,
7. Consider a binary semaphore,counting semaphore'queues,and mailboxes Any three
can be implementedwith the fourth We have shown hovr'binary semaphorescan be used
to implement counting semaphoresand vice versa, how mailboxes can be used to
implementbinary semaphores,and how mailboxescan be usedto implementqueues For
each pair, show how one can be used to implement the otherl
(a) Binary semaphoresfor impl€menting mailboxes.
(b) Binary semaphoresfor implementing queues.
(c) Queuesfor implemeniing binary semaphores.
(d) Queuesfor implementing mailboxes.
(e) Queuesfor implementin8 counting semaphores.
(O Counting semaphoresfor implementing mailboxes.
(g) Counting semaphoresfor implementing queues
(h) Mailboxes for implemenring counting semaphores.
8. Discussthe problemsthat can ariseif the test and setin the P(S) operationare not atomic'
What could happen if the simple assignmentstatementin the v(S) operation were nol
atomic?
9. Rewrite the binary semaphoreimplementationof the counling semaphorein
(a) C or C++
(b) Ada or Ada 95
(c) Modula-2
10. Using the ANSI-C raise and signal facilities' implement the pend(datas) and
post(data,S) operations for arbitrary mailbox S
188 Chap. ? I Intertask Communicationand

rl. Rewrite the test_and set procedurein:

(a) C or C++
(b) Ada or Ada 95
(c) Modula-2
12.The TANDS instructioncan be usedin a multiprocessingsystemto prevent
accessto a global semaphoreby two processors.The instruction is made indivisiti:
the CPU refusing to issuea DMA acknowledge(DMACK) signal in responseto a
request (DMARQ) signal dunng execution of the instruction. The other
sharing the bus are locked out of accessingmemory.What are the real-time
for a processortrying to accessmemory when anolher processoris executing a
that is looping for a semaphoreusing the following code?

Process 2:

r|aNInq <an:6h^ra

JNE qE! IOCK

If this busy wait must be used, is there a bettet way to test the semaphorein pror-:rs
so that the bus is not tied up?
13. Rewrite the exception handler in Example 7.8 in
(a) Ada or Ada 95
(b) Modula-2
(c) C++
14. Write a function to compute.xfactorial, tI, where i is some nonnegativeinteger
that rI = j . (.r - J ) . l and 0/ = .1.)Write an associatedexceptionhandlerthat
errols related to trying to take .r/ for -t < 0 and to handle overflow conditions-
factorial funcrion should invoke the exception handler if either error type occurs. Dc
ln
(a) c
(b) Ada or Ada 95
(c) C+r
15. Investigatethe use of signal handlersin the imPlementationof a Unix process
communication mechanism called a pipcline. Pipelines allow lhe outpuls of
processesto be used as inputs to other processes.Your investigation can be doE
examining the sourcecode to any Unix operating system,if available,or by
one of the many texts on the Unix operating system
 Real-Time
Memory
Management

KEY POINTS OF THE CHAPTER

1 . Dynamic memory managementof any kind in real-time, though usually

necessary,is detrimental to real-time performanceand schedualability
analysis.
Stacksare typically usedin foreground,/backgroundsystemsand the task-
control block used in commercial, generic executives.
3 . Techniquesfor managingstacksand task-controlblocks are given in the
chaDter.

An oftenneglected discussion,dynamicmemoryallocation,is importantin

terms of both the use of on-demandmemoryby applicationstasks ald the
requirements of the operatingsystem.Applicationstasksusememoryexplicitly,
for example,throughrequestsfor heap memory,and implicitly throughthe
maintenance of therun{ime memoryneededto supportsophisticated high-order
languages. The operatingsystem(or kemel)needsto performextensivememory
management in orderto keepthe tasksisolated.
Dangerous allocatlonof memoryis anyallocationthatcanprecludesystem
determinism. Dangerous allocationcandestroyeventdeterminism, for example,
by overflowingthe stack,or it candestroytemporaldeterminism by enteringa
deadlocksituation(Chapter11).It is importantto avoiddangerous allocationof
memorywhile at the sametime reducingthe overheadincurredby memory
allocation.This overheadis a standardcomponent of thecontextswitchtime and
mustbe minimized.Staticmemoryallocationschemes-thatis, the paftitioning
of memoryat systemgenerationtime-are discussed in Chapter9.
 Chap.8 I Real-Time
MemoryManagemeor

Although some of the memory managementschemesdiscussedin Section

8.2 may seem archaic (for example,MFT datesback to the early 1960s),these
schemeshave recently becomerelevant again.For example,cachememoriesare
generally very small relative to main memory oust as main mernory was small
relative to secondarystoragedevicesin early computers).In the case of cache,
some of the replacementrules such as LRU and working setsare usedto manage
the contentsof the cache.

8.1 PROCESS
STACKMANAGEMENT

In a multitasking system,context for eachtask needsto be savedand restoredin

order to switch processes.This can be done by using one or more run-time stacks
or the task-control block model. Run-time stacks work best for interrupt-only
systems and foreground/backgroundsystems, whereas the task-control block
model works best with full-featured real-time operating systems. Substantial
formalization of this statementcan be found in [10].

8.1.1Task-Control
Block Model
If the task-controlblock model is used, then a list of task-controlblocks is kept.
This list can be either fixed or dynamic.
In the fixed case,/r task-controlblocks are allocatedat system genemtion
time, all in the dormant state.As tasks are created,the task-confiol block enten
the ready state.Prioritizationor time slicing will then move the task to the execute
state. If a task is to be deleted, its task-control block is simply placed in the
dormant state.In the caseof a fixed number of task-conholblocks, no real-time
memory managementrs necessary.
In the dynamic case,task-controlblocks are addedto a linked list or sorne
other dynamic data structure as tasks are created.Again, the tasks are in the
suspendedstateupon creation and enter the ready statevia an operatingsystem
call or event. The tasks enter the executestateowing to priority or time-slicing.
When a task is deleted,its task-controlblock is removedfrom the linked list, and
its heap memory allocation is retumed to the unoccupiedoJ available status.
In this scheme,real-time memory managementconsistsof managing the
heap neededto supply the task-control blocks; however, gther data structures such
as a list or queuecan be used.(A heap is a specialkind of data structurebasedon
a binary tree. For a disiussion of these structures,consult any text on data
structures,for example,[83].)

8.1,2 Managingthe Stack

If a run-time stack is to be used, certain considerations are required. In order to
handlethe run-time savingand restoringof context,two simple routines-"save"
and "restore"-are necessary.The save routine is called bv an intemrpt haldler
S:c. 8.1 I ProcessStack Manasement 191

to save the current context of the machine into a stack area.This call should be
made immediately after intemrpts have been disabled to prevent disaster.The
restore routine should be called just before interrupts are enabled andtf,efore
retuming from the interrupt handler.

T EXAMPLE
8.'I
Consideathe implementationof the saveroutine. Assume that global variable "stack' is to point to
the top of the stack and that eight generalregisters(R0-R7) are to be savedon a stack The memory
location "PC" cofiespondsto the lnterrupt retum vector location, and so it containsthe PC value at
the time of intefiuption. We need to save this on the stack to allow stackingof interupts The code
for a 2-addressarchltectureresemblesthe followinsl

save (context ) : context is a pseudo-argument

disable inte.rupts
S T O R ER 0 , s t a c k , I save contentsof register 0 onto stack
LOAD R0, stack load index register with addressof stack
ADD R O ,1
S T O R ER 1 , R O .] save regrster I
ADD R O ,1
S T O R ER 2 , R O ,I save register 2
ADD R O ,1
S T O R ER 3 , R O , I save register 3
ADD R O ,1
S T O R ER 4 , R O ,I save regrster4
ADD R O ,1
S T O R ER 5 , R O ,I save register 5
ADD R O ,1
S T O R ER 6 , R O ,I save reglster o
ADD R O ,1
sfroRE R7,R0, 1 save register 7
ADD R O ,1
S T O R EP C ,R O .1 save retum location
ADD R O ,1
S T O R ER 0 , s L a c k save new stack point&
enable interrupts

The saveoperationis illusnatedin Figure8-1.

Next considerthe restoreroutine,writtenin 2-address
code.

restore (context ) : contextis a pseudo-argument

disableinterrupts
L O A D R O ,s L a c K
SUB R O ,1
LOAD PC, RO, I rcstorerclum location
SUB RO, 1
192 Chap.8 I Real-TimeMemoryManagement

LOAD R7,RO,I restore register 7

suB R0, 1
L O A D R 6 , R O ,I restorercgister 6
SUB R O ,1
L O A D R 5 , R O, I restoreregister 5
SUB R O ,1
L O A D R 4 , R O ,I restore register4
SUB RO,1
L O A D R 3 , R O ,I restoreregister 3
SUB R O ,1
LOAD R2 , RO, 1 restore register 2
SUB R O .1
L O A D R 1 , R O, I restore register I
S T O R ER 0 , s t a c k reset stack pointer
SUB R O ,1
LOAD RO, RO, I restoreregister 0
enableinterrupts

The restoreoperatiolis illustratedin Figure8.2.

Certain machine architecturesallow block save and block restoreinstructionsE

store and load n general registers in t? consecutivememory locations. ThesE
instructionsgreatly simplify the implementationof the saveand restoreroutin€s.
Be aware that such macroinstructionsmay be designedto be interruptable(ro
reducecontext switch time), so that if interruptshave not alreadybeen disabled-
they should be.

Stack +

R7

R1

Stack RO

Figure 8,1 The saveop€ration. Figur€ 8,2 The restoreoperation.

 I Process
StackManasement

8 . 1 . 3Run-TimeFing Buffer
A run-time stack cannot be usedin a round-robin systembecauseof the firsfin/
firscout natureof the scheduling.In this casea ring buffer or circular queuecan
be used to save context.The context is savedto the tail of the list and restored
from the head.The saveandresloreroulines can be easilymodified to accompJish
this operation.

MaximumStackSize
The maximum amountof spaceneededfor the run{ime stackneedsto be known a
priori.ln general,stacksizecanbe determinedifrecursion is not usedandheapdata
structuresare avoided.If maximum stack memory requirementsare not known.
then a catastrophicmemory allocationcan occur,andthe systemwill fail to satisfy
event determinism.Ideally, provision for at least one more task than anticipated
should be allocated to the stack to allow for spurious intem:pm and time
overloading.We will discussthis matterfurther in Chapter11;also see[95],

8 . 1 . 5MultipleStackArrangements
Often a single run-time stackis inadequateto manageseveralprocessesin, say,a
foreground/backgroundsystem. Of course, in a multiprocessingsystem, each
processwill manage its own stack, but this is not the kind of multiple stack
schemewe are talking about.
A multiple stackschemeusesa singlerun-time stackand severalapplication
stacks. Using multiple stacks in embedded real-time systems has several
advantages.

1. It permits tasks to interrupt themselves,thus allowing for handling

transientoverload conditions or for detectingspuriousinterrupts,
2. The systemmay be written in a languagethat supportsre-entrancyand
recursion,such as C or Pascal.Individual run-time stackscan be kept for
each process which contains the appropriate activation records with
dynamic links needed to support recursion. Or two stacks for each
processcan be kept, one for the activationrecordsand the other for the
display (a stack of pointersusedto keep track of variable and procedure
scope).In either case,a pointer to thesestacksneedsto be savedin the
context or task-conftolblock associatedwith that task.
3. Only non-re-entr.ant languagessuch as older versions of FORTRAN or
assemblylanguagecan be supportedwith a single-stackmodel.

We can rewrite the saveard restoreroutinesto use the conFxt arsumentas

a Dointerto the stack.That is.
194 Chap.8 I Real-TimeMemoryManagement

save (ccn text )

DPI disable interrupts
S T O R ER 0 , c o n L e x t save contentsof register 0 onto stack
LOAD R0 , cont ext, I load index register
ADD R O ,1
S T O R ER 1 , R O ,I save reglsrcr r
ADD R O ,1
S T O R ER 2 , R O ,I save register 2
ADD R O ,1
STORE R3 , RO, I save register 3
ADD RO, ].
S T O R ER 4 , R O ,I save register 4
ADD R O ,1
sToRE R5.R0, I save register 5
ADD R O ,1
S T O R ER 6 , R O ,I save register 6
ADD R O ,1
S T O R ER 7 , R O ,I save rcgister 7
ADD R O ,1
S T O R EP C , R O ,1 save telum locanon
ADD contexL, 9 increment stack pointer
EPI enable interrupts

This is the new restoreprocedure.

DPI disableinterrupts
LOAD RO, context, 1
SUB RO, 1
LOAD PC, RO, 1 restoreretum location
SUB R O ,1
LOAD R7 , RO. I restorcregister7
suB R0, 1
L O A D R 5 , R O ,1 restoreiegister 6
suB R'0,1
L O A D R 5 . R O ,1 restoreregister5
SUB R O ,1
L O A D R 4 , R O ,1 restorercgister4
SUB R O ,1
LOAD R3 . RO, 1 resaoreregister3
suB R0, 1
LOAD R2 , RO, 1 restoreregister2
- suB R0, 1
8.1 I ProcessStack Manaeement 195

LOAD R 1 ,R 0 , L restoreregisterI
SUB R0,1
LOAD R O ,R O ,I restoreregister0
SUB contexL, 9 decrement stackpointer
EPI enable interupts

The individualinterupt-handler routines to save to a main stack, written in

Pascal,follow.

nr--611,'16 i n1- .

beg in
save (mains tack ) ;
.: ca i nFa-rrrnF ^f

1: inLl;
2t iIlL2;
3: inL3;
end
resCore (mainsLack )
end

hr^-6/l.,7a i-ts1

/*irtarrrr-r h:nrllar 1 */

begin
save (stackl ) ; /* save context on stack */
taskl; /" execute task 1 */
restore(stackl) /* restore context fron stack
end

hr^-64,r-6 i nF, .

/r interrupt handler 2 */
begin
drrra/ci.^l/r\.
/* save context on stack r/
task2; /* execute task 2 */
racl ^,6/cr-.^L,) /t restore context from stack */
end

hr^-aA,r,6 ini-1'

/* ihi6r,,,^r h:h/ll67 I +/

begin
.:valal:^L1\. /* save contexfo-n stack */
task3; /* execute task 3 */
restore (stack3) /* restore context from stack r/'
end
196 Chap. 8 I Real-Time Memory Management

I EXAMPLE
8.2
Supposethree processesare running in an interrupt-only systemwhere a single interrupt basedon
three prioritized intenupts is gener4ted.Let taskl, task2, and task3 be as follows:

procedure taskl;
begfn
appLicl;
aPPl ic2
end

procedure Lask2;
oeg1n
applic2;
appf rc3
end

procedure task3;
begln
appfic3;
applic4
end

Supposetaskl is running when it is interupted by task2 during applic2. Later, task2 is interrupted
by task3 dudng applic3. The main and run time stackswill then look like Figure 8.3. I

Main task2 task3

slack sta6li stack

Figure 8.3 Main andrun-timestacksfor Example8.2.

8.1.6Task-Control
Block Model
When implementingthe task-controlblock (TCB) model of rcal-time multitaskrn&
the chief memory management issue is the maintenance of the linked lists for tbe
ready ald suspendedtasks.As shown in Figure 8.4, when the currently executing
task completes,is preempted,or is suspendedwhile waiting for a resource,the ne
highest priority task in th€ ready list is rernoved and is made the executing one. E
Sec.8.2 I DynamicAllocation 197

Ready Ljst

1. Exsculinqtask|El€as€sdilic€l
rcsourcane-€dsdby suspendsd
high-prioitylask
2. Ex€culingtssk insenedin

3. Suspgnd€dtaskbegins

4 Dormad list nol shown

List
SusPended

Figure 8.4 Memory managementin the task-controlblock model

the executing task needsto be added to the suspendedlist, that is done. (If the
executingtaskhascompleted,then its TCB is no longer needed.)
Hence,by properly managingthe linked lists, updatingthe statusword in the
TCBs, and adheringto the appropriateschedulingpolicy by checking the priority
word in theTCBs, round-robin,preemptivepriority, or both kinds ofschedulingcan
be induced.Other memory managementcan include the maintenanceof reserved
blocks of memorythat are allocatedto individual task applicationsasrequested.

ALLOCATION
8.2 DYNAMIC

Dynamic allocation used to satisfy individual task requirementsfor memory is

accomplishedby using a data structure such as a list or heap. For example,
memory allocationcalls to the procedure"malloc" in C are implementedthough
library calls to the operatingsystem.In Pascal,the NEW function can be'usedto
generatea new record type in a dynamic memory scheme.Ada and Modula-2
provide similar constructs.How these languagesimplement the ailocation and
deallocationof memory is compiler dependent.And, as we discussedbefore.
languages such as FORTRAN and BASIC do not have dynamic allocation
constructs.A good book on data structures(e.g.,t83l) can be consultedil order
to implement thesedynamic memory allocation schemes
In this section,however,we ate interestedin dynamicmemory allocationfor
processcode in main memory, and certdin aspectsof this need to be considered
as they relate to real-time systems.In particular, we are interestedin scbemes
where two or more programs cal co-residein main memory. Several schemes
. allow this capability,and we will review someofthem briefly with respectto their
 MemoryManagement
Chap.8 I Real-Time

real-dme implications. Interestedreaderscan consult a good text on operating

systems such as [129] for a more detailed coverage.In general, the types of
dynamic allocation that we are about to discuss are not recommended in
embeddedreal-time sysbms.

8.2.1Swapping
The simplestschemethat allows the operatingsystemto allocatememory to two
processes"simultaneously" \s swapping' In this case, the operating system is
always memory resident)and one processcan co-residein the memory spacenot
required by the operatingsystem,called the user space When a secondprocess
needsto run, the frrstprocessis suspendedandthen swapped,alongwith its contexl
to a secondarystoragedevice, usually a disk. The secondprocess,along with its
context,is then loadedinto the user spaceand initiated by the dispatcher.
This type of schemecan be used along with round-robin or preemptive
priority systems,but we would like the executiontime of eachprocessto be long
relative to the swap time. The accesstime to the secondarystore is the principal
contributor to the context switch overheadand real-time responsedelays

8.2.2 Overlays
A technique that allows a single program to be larger than the allowable user
spaceis called overlaying.In this casethe program is broken up into dependent
code and data sections called overlays, which can fit into available memoq'.
Specialprogram code must be included that permits new overlaysto be swaPped
into memory as needed(over the existing overlays), and care must be exercised
in the design of such sYstems.
This technique has negative real-time implications becausethe overla;c
must be swappedfrom secondarystoragedevices.Nevertheless,overlaying ca
be usedin conjunction with any of the techniquesmentionedlater in this chapter
to extend the available address space. Many commercial tools are available thr
facilitate overlaid linking and loading in conjunction with commonly used
programming languagesand machines.
Note that in both swapping and overlaying a portion of memory is never
swapped to disk or overlaid. This memory contains the swap or overlay
manager(and in the caseof overlaying any code that is common to all overlayr
is called the root).

8.2.3 MFT
A moreelegantschemethansimpleswappingallowsmore thanoneprocessto bc
rnemory-resident at any one time by dividing the userspaceinto a numberd
txed-size partitions.This scherneis calledMFT (multiprogrammingwith a fixed
numberof tasks)and is useful in systemswherethe numberof tasksto bc
I DynamicAllocation

executed is known and fixed, as in many embedded appiications. Partition

swappingto disk can occur when a task is preempted.Tasks,however,must reside
in contiguouspartitions,and the dynamic allocation and deallocationof memory
causeproblems.
In some cases main memory can become checkered with unused but
available partitions,as in Figure 8.5. In this casethe memory spaceis said to be
externallyfragmented.This type of liagmentationcausesproblemswhen memory
requestscannotbe satisfiedbecausea contiguousblock of the size requesteddoes
not exist, even though the actual memory is available.

I EXAMPLE8.3
In Figure 8.5, even though 40 megabytesof memory are available,they are in noncottlguousblocks,
so the requestcannot be honored.

Figure 8.5 Fragmented

memory.

Another problem, internalfragmentation, occursin fixed partition schemes

when, for example, a process requires 1 megabyte of memory when only
2-megabytepartitions are available.The amount of wasted memory or intemal
fragmentationcan be reducedby creatingfixed partitionsof severalsizesand then
allocating the smallestpartition greaterthan the requked amount
Both intemal and extemal fragmentationhamper efficient memory usage
and ultimately degradereal-time performancebecauseof the overheadassociated
with their correction.
MFT is not particularly desirablein the real-time operatingsystembecause
it usesmemory inefficiently as a result of the overheadassociatedwith fitting a
processto availablememory and disk swapping.However, in some implementa-
tions, particularly in commercial real-time executives,memory can be divided
into regions in which each region containsa collection of differenrsized, fxed-
sized pa$itions. For example,one region of memory might consistof 10 blocks
of size 16Mb, while anotherregion might contain 5 blocks of 32Mb and so on.
 Chap. 8 I Real-Time Memory Management

The operatingsystemthen tries to satisfy a memory request(either diiectly from

the program via a systemcall or through the operatingsystemin the assignment
of that processto memory), so that the smallestavailablepartitions are used This
approachtends to reduce internal fragmentatlon.

8.2.4MVT
ln MVT (or multiprogramming with a variable number of tasks), memory is
allocated in amounts that are not fixed, but rather are determined by the
requirementsof the processto be loaded into memory. This techniqueis more
appropriatewhen the numberof reahime tasksis unknown or varies.In addition'
memory utilization is better for this techniquethan for MFT becauselittle or no
intemal fragmentationcan occur,as the memory is allocatedin the amountneeded
for each process.Extemal fragmentationcan still occur becauseof the dynamic
nature of memory allocation and deallocation,and becausememory must still be
allocatedto a processcontiguously.
In MVT, however,extemal fragmentationcan be mitigated by a processof
compressing fragmented memory so that it is no longer fragmented. This
techniqueis called compaction(seeFigure 8.6). Compactionis a CPU-intensive
processand is not encouragedin hard real-time systems.If compactionmust be
performed,it shouldbe donein the background,and it is imperativethat interrupts
be disabledwhile memory is being shuffled.
The bottom line is that MVT is useful when the number of real-time tasks
is unknown or can vary. Unfortunately,its context-switchingoverheadis much
hieher than in simpler schemessuch asMFT, and thus it is not always appropriate

Belore
I Dynamic Allocation

for embeddedreal-time systems.It is more likely to be found in a commercial

real-time operating system.

DemandPaging
In demand pdge systems, program segments are permitted to be loaded in
noncontiguousmemory as they are requestedin fixed-sizechunks calledpagesor
page frames. This schemehelps to eliminate extemal fragmentation.Program
codethat is not held in main memoryis "swapped"to secondarystorage,usually
a disk. When a memory referenceis made to a location within a page not loaded
in main memory, a page fault exception is raised.The interrupt handler for this
exceptionchecksfor a free page slot in memory. If none is found, a page frame
must be selectedand swappedto disk (if it has beenaltered)-a processcalled
page stealing.Paging,which is providedby mostcommercialoperatingsystems,
is advantageousbecauseit allows nonconsecutivereferencesto pagesvia a pd.qe
table. ln addiiion, paging can be used in conjunction wirh bank switching
hardwareto extend the virtual addressspace.In either case,pointers are usedto
accessthe desiredpage (see Figure 8.7). Thesepointers may representmemory-
mapped locations to map into the desired hard-wired memory bank; may be
implbmentedthrough associativememory; or may be simple offsets into memory,
in which casethe actual addressin main memory needsto be calculatedwith each
memory reference.
Paging can lead to problems including very high paging activity called
thrashing, intemal fragmentation,and the more seriousdeadlock(seeChapter7).
But it is unlikely.that you would use so complex a schemeas paging in an
embedded real-time system where the overhead would be too great and the
associatedhardware support is not usually available.

Figure 8.7 Pagedmemoryusingpointers.

202 Chap. 8 I Real-TirneMemory Management

8.2.5,1 Replacement Algorithms-Least Recently Used Rule Several

methodscan be usedto decidewhich page should be swappedout of memory to
disk, such asfirsrinfirst-out (FIFO). This methodis the easiestto implement,and
its overheadis only the recordingof the loading sequenceof the pages Although
other algorithmsexist, the best nonpredictivealgorithm is the least recentlyused
(LRU) rule.
The LRU method simply states that the least recently used page will be
swapped out if a page iault occurs To illustrate the method' consider the
following.

8.4
T EXAMPLE
A pagedmemory systemis divided into sixteen256-megabytepagesof which any 4 can b€ loaded
at ihe sametime. Each page is tagged(1, 2, etc ) The operatingsystemkeepstrack of the usageof
each page.For examPle,the Pagereierencestring

2 3 4 5

indicatesthat pages2, 3, 4, and 5 have been used in that order' If a requestis made for page7' theo
page2 will be swappedout in order to make room for page7, becauseit was the leastrecently used
The loaded pageswould then be 3,4,5' and 7 with referencestdng

2 3 4 5 ' 7

pleasenote that referencesto pagesalreadyloaded in memory causeno page fault. For instance,if
a referenceis now made to page 3, no pages need to be swapped becausePage 3 is loaded iD
memory. If this referenceis followed by one to page 6, page 4 would have to be swappedou
becauseit had the least recent reference.The loaded pages would then be 3, 5' 7' and 6 wih
reference string

2 3 4 5 ' 7 3 6

Notethatinapagingmemoryscheme,thewolstpossiblescenarioinvolvespagestealirrgforead
request of memory. This occurs, fol examPle, in a four-page system when five pages are requested
cyclically as in the page referencestring

2 4 6 8 9 2 4 6 8 9"'

You should note that the performance of LRU is the same in this case as FIFO (in
terms of number of Pagefaults).
ln FIFO pagereplacementschemes(whetheror not usedin conjunctionwitl
working sets),we might tliink thatby increasingt\e numberofpagesin mernory(a
windowsin the working settwe canreducethenumberof pagefaults Oftenthisb
the case,but occasionallyan anomalousconditionoccurswherebyincreasingtb
numberof pagesactually increaseslhe numberof pagefaults This is Beladyb
Anomaly,whichasit tumsout,doesnot occurin LRU replacement schemes'
To conclude, the overhead for the LRU scheme rests in recording the
sequenceto all pages,which can be quite substantial.Therefore' the benefrtsof usi
LRU need to be weighed against the effort in implernenting it vis-d'vls FIFO'
i:c. X 2 I DlnamicAllocation

8.2.5.2 Memory Locking In additionto thrashing,the chief disadvantage

of page swappingin real-time systemsis the lack of predictableexecutiontimes.
In a real-time system,it is otien dqsirableto lock all or certain parts of a process
into memory in order to reducethe overheadinvolved in paging and to make the
execution times more predictable.Cenain commercial real-tjme kemels provide
this feature, called memorl laclhg. These kemels typically allow code or data
segments.or both, for a particularprocess,as well as the run{ime stack segment,
to be locked into main memory. Any processwith one oi mole locked pagesis
then prevented from being swapped out to disk. Memory locking decreases
execution times for the locked modules and. more importantly, can be used to
guaranteeexecution times. At the same time, it makes fewer pagesavailablefor
the applicalion, encouragingcorttention.

8.2.5.3 Other Points About Paging ln summary,

1. Paging is most efficient when supportedby the appropriatehardware.

2. Paging allows multitasking and extensionof the addressspace.
3. When a page is referencedthat is not in main memory, a page fault
occurs, which usually causesan interrupt.
,| The hardwareregistersthat are usedto do pageframe addresstranslation
are part of a task's context and add additional overheadwhen doing a
contextswitch.
5 . If hardware page mapping is not used, then additional overhead is
incurred in the ohvsical addresscalculations.
6. The least recently used rule is the best nonpredictive page-swapping
algorithm.
7. In time-critical real+ime systems, we cannot afford the overhead
associatedwith disk swappingin simple swapping,overlays,MFT, MVT,
or paging schemes.

8.2.6WorkingSets
Working sets are based,onthe model of localtty-of-reference.The idea is if you
examine a list of recently executedprogram instructionson a logic analyzer,you
will note that most of the instructionsare localized to within a small number of
instructions in most cases. (For example, in the absence of lnterrupts and
blanching, the program is executedsequentially.Or the body of a ioop may be
executeda large number of times.)However, when interrupts,procedurecalls, or
branchingoccurs,the locality-of-referenceis altered.The idea in workhg setsis
that a set of local code windows is maintained in the cache and that upon
accessinga memory location not containedin one of the working sets,one of the
windows in the working set is replaced(using a replacementrule such as FIFO or
 Chap. 8 I Real-Time Memory Management

LRU). The performanceof the schemeis basedentirely on the sizeof the working
set window, the number of windows in the working set, and the locality-of-
referenceof the code beins executed.

8.2.7Real-Time
GarbageCollection
In a memory-management context,garbageis memorythat hasbeenallocatedbut
is no longer being usedby a task (that is, the task has abandonedit). Garbagecan
accumulatewhen tasks terminate abnormally without releasingmemory resour-
cesn441. It can also occur in object-orientedsystemsand as a normal byproduct
of nonprocedurallanguages[4], [162].
In C, for example,if memory is allocatedusing the malloc procedureand the
pointer for that memory block is lost, then that block cannotbe usedor properly
freed. The samesituationcan occur in Pascalwhen recordscreatedwith the new
statementare not properly disposedof.
Garbage collection algorithms generally have unpredictableperformance
(althoughaverageperformancemay be known). Garbagecan be reclaimedusing
the following procedure.Tag all memory from the heap which is pointed to by a
variable (including those variables in procedure activation frames-a non-
deterministicdata structure).Then reclaim all nontaggedmemory for the heap.
The loss of determinismresultsfrom the unknown amountof garbage,the tagging
time of the nondeterministicdata structures,and the fact that many incremental
garb;ge collectorsrequire that every memory allocationor deallocationfrom the
heap be willing to service a page-faulttrap handler
Another techniqueis to build a heap or table of memory blocks along wirt
an associatedprocessID for the owner of the memory block. This data structurE
is then periodically checkedto determinewhether memory has been allocatedto
a processthat no longer exists. If this is the case,the memory can be released
Becauseof the overheadinvolved, this method should not be implementedin
high-frequencycycles, and ideally garbagecollection should be performed as r
backgroundactivity or not performedat all [4]. Nevertheless,researchin real-tic
garbagecollection is still open.

8.2.8ContiguousFileSystems
Disk I/O is a problem in many real-time systemsthat can be exacerbatedby
fragmentation. File fragmentation is analogousto memory fragmentation and
the same associatedproblems, only worse. In addition to the logical
incuned in finding thcinext allocation unit in the file, the physical overhead of
disk mechanism is a factor.For example,physicaloverhead involvedin
the disk's read/writeheadto the desiredsectorcan be sisnificant
To reduce or eliminate this problem aliogether, many commercial real-d
systems,such asreal-time UNIX, force all allocatedsectorsto follow one
on the disk.-This techniqueis called contiguousfile allocation.
Sec.8.4 t Exercises 205

8,3 STATICSCHEMES

Static memory issues revolve around the partltioning of memory into the
appropriateamount of RAM, ROM, memory-mappedI/O space,and so on. This
in Chapter9.
problemof resourceallocationis discussed

8.4 EXERCISES
1. Rewrite the sale and restoreroutines assumlngthat eight generalregisters(R0 R7) and
the paogramcounter are to be saved on a stack. Do this fbr
(a) O-addressmachrne
(b) l-addressmachine
(c) 3-addressmachine
2, Rewrite the saveand restoreroutinesin 2-addresscode,assumingblock move (BMOVE)
and restore (BRESTORE) instructions are available Make the necessaryassumptions
aboutlhe tormal o[ the.e instruction:..
3. Rewaifethe saveand restoreroutines so that they saveand restoteto the headand tail of
a ring buffer, respectively.
4. Rewrite the save and testore routines in Pascal so that they employ push and pop
procequres.
Write a pseudocodealgorithm that allocatespagesof memory on request.Assume that
100 pages of size I megabyte, 2 megabytes, and 4 megabytes are available The
algorithm should take size of the pagerequestedas an argument,and retum a pointer to
the desiredpage.The smallestavailable page should be used,but if the smallestsrze ls
unavailable.the next smallestshould be used.
6. Write a pseudocodealgorithm compacting64 megabytesof memory that is divided into
l-megabyte pages Use a pointer scheme.
7. For a four-page merilory systemwith memory referencestring, for example,
2 4 6 8 9 2 4 6 8 9-..

show rhat the number or page faults for FIFO replacementis lhe same as for the LRU
replacementscheme.
8. A pagedmemory systemis divided into sixteen256-megabytepagesof which any four
can be loaded at the same time. Each page is tagged (1,2, etc.). Write a pseudocode
algorithm to implement the least recently used rule.
9, Write a heapmanagerto handlearbitrary-sizeddatablocksin a link list (analogousto the C
malloco routine).Rememberthat the run-time stackcan collide with the heap.Do this in
fa) C
(b) Ada
fc) Pascal
(d) Modula-2
(e) C++
10. Modify the heap manager in the previous exercise so that a table consisting of the
memory block number and processID is stored.Wrire a garbagecollection routine lo
accomFanythe heap manager which consults a second table consisting of a list of all
existing processIDs and frees all memory blocks belonging to extinc! processes.