Abstract
Model-based design methodologies based on the synchrony assumption are widely used in many safety-critical application domains. The synchrony assumption asserts that actions (such as the execution of code) occur instantaneously; however, physical platforms obviously do not possess this property. This paper considers the problem of obtaining resource-efficient implementations of programs that are written under the synchrony assumption on actual platforms, such that these implementations execute in a manner that is semantically consistent with the execution sequences that would occur if the synchrony assumption were to hold.
Similar content being viewed by others
Notes
This requirement has been stated (Berry 2000, p. 101) as the bounded delay property of the implementation: there is a maximum delay in completing the execution of the actions representing the system reaction to any input, which is strictly less than the minimum time that elapses between successive rounds.
This gap between conservative WCET estimates and the actual WCET value is only likely to increase: as has been pointed out in Henzinger and Sifakis (2006), because of the rapid progress in VLSI design, embedded systems are implemented on sophisticated, hardware/software layered multicore architectures with caches, pipelines, and speculative execution. The ensuing difficulty of accurate worst-case analysis makes conservative, safety-critical solutions ever more expensive, in both resource and design cost.
This statement is generally true for feedthrough blocks; for non-feedthrough blocks, cyclic dependencies need not result in inconsistency or non-determinism.
Many safety-critical application domains specify more than two criticality levels (also called, e.g., Safety Integrity Levels (SILs) or Design Assurance Levels (DALs) in different standards documents), with functionalities at higher criticality levels subject to more rigorous validation requirements. For ease of presentation, we make the simplifying assumption in this paper that there are just two criticality levels that we call lo and hi.
A cyclic executive is defined (Baker and Shaw 1988) as “a control structure or program for explicitly interleaving the execution of several periodic processes; [..] the interleaving is done in a deterministic fashion so that execution timing is predictable.”
We are not attempting to meet deadlines in this schedule, simply keeping the processor active whenever there are nodes remaining that have arrived but not completed execution, regardless of whether their deadlines are met or not.
As in Observation 2, we are not attempting to meet deadlines in this schedule.
References
Audsley NC (1991) Optimal priority assignment and feasibility of static priority tasks with arbitrary start times. Tech rep, The University of York, England
Baker TP, Shaw A (1988) The cyclic executive model and ada. In: Proceedings of the IEEE real-time systems symposium, pp 120–129
Baruah S, Fohler G (2011) Certification-cognizant time-triggered scheduling of mixed-criticality systems. In: Proceedings of the IEEE real-time systems symposium (RTSS). IEEE Computer Society, New York
Baruah S, Li H, Stougie L (2010) Towards the design of certifiable mixed-criticality systems. In: Proceedings of the IEEE real-time technology and applications symposium (RTAS). IEEE, New York
Baruah S, Burns A, Davis R (2011) Response-time analysis for mixed criticality systems. In: Proceedings of the IEEE real-time systems symposium (RTSS). IEEE Computer Society, New York
Baruah SK, Bonifaci V, D’Angelo G, Li H, Marchetti-Spaccamela A, Megow N, Stougie L (2012) Scheduling real-time mixed-criticality jobs. IEEE Trans Comput 61(8):1140–1152
Bensalem S, Caspi P, Parent-Vigouroux C, Dumas C (1999) A methodology for proving control systems with Lustre and PVS. Depend Comput Critical Appl. doi:10.1109/DCFTS.1999.814291
Benveniste A, Berry G (1991) The synchronous approach to reactive and real-time systems. Proc IEEE 79(9):1270–1282. doi:10.1109/5.97297
Berry G (2000) The Esterel v5 language primer: version v5_91. Centre de Mathématiques Appliquées, Ecole des Mines and INRIA
Burns A, Davis R (2013) Mixed-criticality systems: a review. Available at http://www-users.cs.york.ac.uk/~burns/review.pdf
Caspi P, Scaife N, Sofronis C, Tripakis S (2008) Semantics-preserving multitask implementation of synchronous programs. ACM Trans Embedded Comput Syst 7(2)
Dorin F, Richard P, Richard M, Goossens J (2010) Schedulability and sensitivity analysis of multiple criticality tasks with fixed-priorities. Real-Time Syst 46(3):305–331
Fohler G (1993) Changing operational modes in the context of pre run-time scheduling. IEICE Trans Inf Syst E 76–D(11):1333–1340. Special Issue on Responsive Computer Systems
Forget J (2009) A synchronous language for critical embedded systems with multiple real-time constraints. PhD thesis, University of Toulouse
Forget J, Boniol F, Grolleau E, Lesens D, Pagetti C (2010) Scheduling dependent periodic tasks without synchronization mechanisms. In: Proceedings of the IEEE real-time technology and applications symposium (RTAS). IEEE, New York
Garey M, Johnson D (1975) Complexity results for multiprocessor scheduling under resource constraints. SIAM J Comput 4:397–411
Guan N, Ekberg P, Stigge M, Yi W (2011) Effective and efficient scheduling for certifiable mixed criticality sporadic task systems. In: Proceedings of the IEEE real-time systems symposium (RTSS). IEEE Computer Society, New York
Halbwachs N (1993) Synchronous programming of reactive systems. Kluwer Academic, Amsterdam
Halbwachs N, Raymond P (1999) Validation of synchronous reactive systems: from formal verification to automatic testing. In: ASIAN’99, Asian computing science conference. LNCS, vol 1742. Springer, Berlin
Harel D, Pnueli A (1985) On the development of reactive systems. In: Logics and models of concurrent systems. Springer, New York, pp 477–498. http://dl.acm.org/citation.cfm?id=101969.101990
Henzinger T, Sifakis J (2006) The embedded systems design challenge. In: Proceedings of the 14th international symposium on formal methods (FM). Lecture notes in computer science. Springer, Berlin. http://chess.eecs.berkeley.edu/pubs/264.html
Jagadeesan LJ, Puchol C, Olnhausen JE (1996) A formal approach to reactive systems software: a telecommunications application in Esterel. Form Methods Syst Des 8:123–151. doi:10.1007/BF00122418
Kopetz H (2011) Real-time systems—design principles for distributed embedded applications. Springer, Berlin
Kuo TW, Mok AK (1991) Load adjustment in adaptive real-time systems. In: Proceedings of the IEEE real-time systems symposium, pp 160–171
Lee EA, Neuendorffer S, Wirthlin MJ (2003) Actor-oriented design of embedded hardware and software systems. J. Circ Syst Comput 2
Liu C, Layland J (1973) Scheduling algorithms for multiprogramming in a hard real-time environment. J ACM 20(1):46–61
Lublinerman R, Tripakis S (2008) Modularity vs. reusability: code generation from synchronous block diagrams. In: DATE. IEEE, New York, pp 1504–1509
Mok A (1983) Fundamental design problems of distributed systems for the hard-real-time environment. PhD thesis, Laboratory for Computer Science, Massachusetts Institute of Technology. Available as Technical Report No MIT/LCS/TR-297
Natale MD, Zeng H (2011) Task implementation and schedulability analysis of synchronous finite state machines. In: Work in progress (WiP) session of the IEEE real-time and embedded technology and applications symposium, pp 21–24
Pagetti C, Forget J, Boniol F, Cordovilla M, Lesens D (2011) Multi-task implementation of multi-periodic synchronous programs. Discrete Event Dyn Syst 22(3)
Vecchié E, de Simone R (2006) Syntax-driven behavior partitioning for model-checking of Esterel programs. Electron Notes Theor Comput Sci 153:19–35. doi:10.1016/j.entcs.2006.02.023
Vestal S (2007) Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In: Proceedings of the Real-Time Systems Symposium. IEEE Computer Society, New York, pp 239–243
Author information
Authors and Affiliations
Corresponding author
Additional information
This research is supported in part by NSF grants CNS 0834270, CNS 0834132, and CNS 1016954; ARO grant W911NF-09-1-0535; AFOSR grant FA9550-09-1-0549; and AFRL grant FA8750-11-1-0033.
Rights and permissions
About this article
Cite this article
Baruah, S. Implementing mixed-criticality synchronous reactive programs upon uniprocessor platforms. Real-Time Syst 50, 317–341 (2014). https://doi.org/10.1007/s11241-013-9197-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11241-013-9197-x