Subversion Repositories shark

Rev

Rev 929 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
882 trimarchi 1
/**
2
   \mainpage FSF reference
3
 
4
   This reference manual contains the description of the API provided
5
   by the FSF library.
6
 
7
   \section intro Introduction to FSF
8
 
9
   The First Scheduling Framework (FSF) is the result of a joint
10
   effort from four european research groups to propose an API for
929 lipari 11
   flexible real-time scheduling in Real Time operating systems.  See
993 lipari 12
   the FIRST web page <a
13
   href="http://130.243.76.81:8080/salsart/first/">
14
   (http://130.243.76.81:8080/salsart/first/)</a> for more details in
15
   the project.
882 trimarchi 16
 
17
   \section lib Objectives
18
 
929 lipari 19
Scheduling theory generally assumes that real-time systems are mostly
993 lipari 20
composed of activities with hard real-time requirements.
21
 
22
Many systems are built today by composing different application or
23
components in the same system, leading to a mixture of many different
24
kinds of requirements with small parts of the system having hard
25
real-time requirements and other larger parts with requirements for
26
more flexible scheduling, taking into account quality of service. Hard
929 lipari 27
real-time scheduling techniques are extremely pessimistic for the
28
latter part of the application, and consequently it is necessary to
29
use techniques that let the system resources be fully utilized to
30
achieve the highest possible quality.
882 trimarchi 31
 
929 lipari 32
The FIRST project aims at developing a framework for a scheduling
33
architecture that provides the ability to compose several applications
34
or components into the system, and to flexibly schedule the available
35
resources while guaranteeing hard real-time requirements. The FIRST
36
Scheduling Framework (FSF) is independent of the underlying
37
implementation, and can run on different underlying scheduling
38
strategies. It is based on establishing service contracts that
39
represent the complex and flexible requirements of the application,
40
and which are managed by the underlying system to provide the required
41
level of service.
882 trimarchi 42
 
929 lipari 43
FSF provides a generalized architecture framework that combines
44
different kinds of requirements:
882 trimarchi 45
 
929 lipari 46
 - co-operation and coexistence of standard real-time scheduling
993 lipari 47
   schemes, time triggered and event triggered, dynamic and fixed
929 lipari 48
   priority based, as well as off-line based through a common
49
   architecture that is independent on the underlying scheduling
50
   mechanism
882 trimarchi 51
 
929 lipari 52
- integration of different timing requirements such as hard and soft,
53
  and more flexible notions
882 trimarchi 54
 
929 lipari 55
- temporal encapsulation of subsystems in order to support the
56
  composability and reusability of available components including
57
  legacy subsystems.
58
 
59
FSF has been implemented in two POSIX compliant real-time operating
60
systems, <a href="http://marte.unican.es">MaRTE</a> and <a
61
href="http://shark.sssup.it/">SHARK</a>, which are based on FP and EDF
62
scheduling schemes, respectively, thus illustrating the platform
63
independence of the presented approach.
64
 
65
   \section Service Contracts
66
 
67
The service contract is the mechanism that we have chosen for the
68
application to dynamically specify its own set of complex and flexible
993 lipari 69
execution requirements. From the application's perspective, the
929 lipari 70
requirements of an application or application component are written as
71
a set of service contracts, which are negotiated with the underlying
72
implementation. To accept a set of contracts, the system has to check
73
as part of the negotiation if it has enough resources to guarantee all
74
the minimum requirements specified, while keeping guarantees on all
75
the previously accepted contracts negotiated by other application
76
components. If as a result of this negotiation the set of contracts is
77
accepted, the system will reserve enough capacity to guarantee the
78
minimum requested resources, and will adapt any spare capacity
79
available to share it among the different contracts that have
80
specified their desire or ability for using additional capacity.
81
 
82
 
83
As a result of the negotiation process, if a contract is accepted, a
84
server is created for it. The server is a software object that is the
85
run-time representation of the contract; it stores all the information
86
related to the resources currently reserved for that contract, the
87
resources already consumed, and the resources required to handle the
88
budget consumption and replenishment events in the particular
89
operating system being used.
90
 
91
Because there are various application requirements specified in the
92
contract, they are divided into several groups, also allowing the
93
underlying implementation to give different levels of support trading
94
them against implementation complexity. This gives way to a modular
95
implementation of the framework, with each module addressing specific
96
application requirements. The minimum resources required by the
97
application to be reserved by the system are specified in the core
98
module. The requirements for mutual exclusive synchronization among
99
parts of the application being scheduled by different servers or among
100
different applications are specified in the shared objects
101
module. Flexible resource usage is associated with the spare capacity
102
and dynamic reclamation modules. The ability to compose applications
103
or application components with several threads of control, thus
104
requiring hierarchical scheduling of several threads inside the same
105
server are supported by the hierarchical scheduling module. Finally,
106
the requirements of distributed applications are supported by the
107
distributed and the distributed spare capacity modules. We will now
108
explain these modules together with their associated application
109
requirements.
110
 
111
 
882 trimarchi 112
 */
113
 
114
/**
115
   \defgroup coremodule Core module
116
 
929 lipari 117
The core module contains the service contract information related to
118
the application minimum resource requirements, the operations required
119
to create contracts and negotiate them, and the underlying
120
implementation of the servers with a resource reservation mechanism
121
that allows the system to guarantee the resources granted to each
122
server.
123
 
882 trimarchi 124
   This module includes the basic functions and services that are
125
   provided by any FSF implementation. This module includes basic type
126
   definitions, and functions to
127
 
128
   - create a contract and initialize it
129
   - set/get the basic parameters of a contract
130
   - negotiate a service contract, obtaining a server id
131
   - create and bind threads to servers
132
   - create/destroy a synchronization object
133
   - manage bounded workloads
993 lipari 134
 
135
   A round-robin background scheduling policy is available for those
136
   threads that do not have real-time requirements. Because some of
137
   these threads may require sharing information with other threads
138
   run by regular servers, special background contracts may be created
139
   for specifying the synchronization requirements.
140
 
141
   The way of specifying a background contract is by setting
142
   budget_min = period_max = 0. Negotiation may fail if the contract
143
   uses shared_objects. If the contract has no shared_objects the
144
   returned server id represents the background and may be used to
145
   bind more than one thread. If the contract has shared objects a
146
   server is created to keep track of them, but the associated threads
147
   are executed in the background, together with the other background
148
   threads.
149
 
150
   An abstract synchronization object is defined by the application.
151
   This object can be used by an application to wait for an event to
152
   arrive by invoking the fsf_schedule_triggered_job() operation.  It
153
   can also be used to signal the event either causing a waiting
154
   server to wake up, or the event to be queued if no server is
155
   waiting for it.
156
 
157
   These objects are used to synchronize threads belonging to bounded
158
   workload servers.
159
 
160
   In the future we may add a broadcast operation that would signal a
161
   group of synchronization objects. We have not included a broadcast
162
   service in this version because it can be easily created by the
163
   user by signalling individual synchronization objects inside a
164
   loop.
165
 
166
   Notice that for synchronization objects there is no naming service
167
   like in shared objects because tasks that use synchronization are
168
   not developed independently, as they are closely coupled.
169
 
170
 
882 trimarchi 171
*/
172
 
173
/**
174
   \defgroup sparemodule Spare capacity sharing module
175
 
929 lipari 176
Many applications have requirements for flexibility regarding the
177
amount of resources that can be used. The spare capacity module allows
178
the system to share the spare capacity that may be left over from the
179
negotiation of the service contracts, in a static way. During the
180
negotiation, the minimum requested resources are granted to each
181
server, if possible. Then, if there is any extra capacity left, it is
182
distributed among those applications that have expressed their ability
183
to take advantage of it.
184
 
993 lipari 185
   This module includes functions for sharing the spare capacity in the
929 lipari 186
   system between the servers. It allows to mainly to specify
882 trimarchi 187
   additional contract parameters to allow the sharing of the spare
929 lipari 188
   capacity.
882 trimarchi 189
 
190
   The features provided by this module are different from the
191
   services provided by the Dynamic reclamation module. This module
993 lipari 192
   influences the negotiation procedure (see the \ref coremodule
929 lipari 193
   module).
882 trimarchi 194
 
195
 */
196
 
197
/**
198
   \defgroup hiermodule Hierarchical scheduling module
199
 
929 lipari 200
One of the application requirements that FSF addresses is the ability
201
to compose different applications, possibly using different scheduling
202
policies, into the same system. This can be addressed with support in
203
the system for hierarchical scheduling. The lower level is the
204
scheduler that takes care of the service contracts, using an
205
unspecified scheduling policy (for instance, a CBS on top of EDF, or a
206
sporadic server on top of fixed priorities). The top level is a
207
scheduler running inside one particular FSF server, and scheduling the
208
application threads with whatever scheduling policy they were
209
designed. In this way, it is possible to have in the same system one
210
application with, for example, fixed priorities, and another one
211
running concurrently with an EDF scheduler.
882 trimarchi 212
 
929 lipari 213
We are currently providing three top-level schedulers: fixed
214
priorities, EDF, and table-driven.
882 trimarchi 215
 */
216
 
217
/**
218
   \defgroup shobjmodule Shared Objects module
219
 
929 lipari 220
The shared objects module of FSF allows the application to specify in
993 lipari 221
the contract attributes all the information related to the mutually
222
exclusive use of shared resources that is required to do the
223
schedulability analysis.
882 trimarchi 224
 
929 lipari 225
The set of shared objects present in the system together with the
226
lists of critical sections specified for each contract are used for
227
schedulability analysis purposes only. A run-time mechanism for mutual
228
exclusion is not provided in FSF for two important reasons. One of
229
them is upward compatibility of previous code using regular primitives
230
such as mutexes or protected objects (in Ada); this is a key issue if
231
we want to persuade application developers to switch their systems to
232
the FSF environment. The second reason is that enforcing worst case
233
execution time for critical sections is expensive. The number of
234
critical sections in real pieces of code may be very high, in the tens
235
or in the hundreds per task, and monitoring all of them would require
236
a large amount of system resources.
882 trimarchi 237
 
929 lipari 238
The FSF application does not depend on any particular synchronization
239
protocol, but there is a requirement that a budget expiration cannot
240
occur inside a critical section, because otherwise the blocking delays
241
could be extremely large. This implies that the application is allowed
242
to overrun its budget for the duration, at most, of the critical
243
section, and this extra budget is taken into account in the
244
schedulability analysis.
245
 
993 lipari 246
   Because shared objects are meant to be used by independent
247
   applications, there needs to be a way of identifying them through
248
   some global name. We use the type fsf_shared_object_id_t to
249
   represent these identifiers. To avoid potential name or identity
250
   conflicts between different independent applications we use a
251
   null-character-terminated string.
252
 
253
   For efficiency purposes, the contracts have smaller identifiers for
254
   the shared objects, that can be implemented with a pointer or an
255
   index to an array element.  Therefore conversion functions are
256
   necessary to convert a long identifier of type
257
   fsf_shared_object_id_t into a short handle to the object, of the
258
   type fsf_shared_obj_handle_t.  This conversion is done at the
259
   creation of the object (with fsf_init_shared_object), and there is
260
   also a function to obtain the handle after the object has been
261
   created (fsf_get_shared_object_handle).
262
 
263
   To make the use of shared objects in FSF independent of the
264
   underlying synchronization protocol, the function that initializes
265
   a shared object (fsf_init_shared_object) also initializes the mutex
266
   specified by the user with the appropriate, implementation-defined,
267
   attributes. Therefore, the application should not initialize the
268
   mutex itself, but should pass the mutex to this function call, and
269
   then use it with the regular POSIX interfaces to enter and leave
270
   critical sections. It is possible to obtain a pointer to the mutex
271
   from the shared object with the function
272
   fsf_get_shared_object_mutex.
882 trimarchi 273
 */
929 lipari 274
 
275
/**
276
   \defgroup distjmodule Distributed module
277
 
993 lipari 278
   FSF is designed to support applications with requirements for
279
   distribution. The first step towards distribution is the ability to
280
   support service contracts for the network or networks used to
281
   interconnect the different processing nodes in the system. Similar
282
   to the core FSF module, the contracts on the network allow the
283
   application to specify its minimum utilization (bandwidth)
284
   requirements, so that the implementation can make guarantees or
285
   reservations for that minimum utilization. We use the same contract
286
   that is used for processing nodes, and thus the core attributes for
287
   distribution are the same as for the core FSF with the addition of
288
   the network id attribute, that identifies the contract as a network
289
   contract for the specified network. The default value for the
290
   network id is null, which means that the contract applies to the
291
   processing node where the contact is negotiated.
929 lipari 292
 
993 lipari 293
   For the FSF implementation to keep track of consumed network
294
   resources and to enforce the budget guarantees it is necessary that
295
   the information is sent and received through specific FSF
296
   services. To provide communication in this context we need to
297
   create objects similar to the sockets used in most operating
298
   systems to provide message communication services. We call these
299
   objects communication endpoints, and we distinguish send and
300
   receive endpoints.
301
 
302
   A send endpoint contains information about the network to use, the
303
   destination node, and the port that identifies a reception
304
   endpoint. It is bound to a network server that specifies the
305
   scheduling parameters of the messages sent through that endpoint,
306
   keeps track of the resources consumed, and limits the bandwidth to
307
   the amount reserved for it by the system. It provides message
308
   buffering for storing messages that need to be sent.
309
 
310
   A receive endpoint contains information about the network and port
311
   number to use. It provides message buffering for storing the
312
   received messages until they are retrieved by the application. A
313
   receive endpoint may get messages sent from different send
314
   endpoints, possibly located in different processing nodes.
315
 
316
   This module provides communication and negotiation services to
317
   support the negotiation of independent servers on networks, as well
318
   as to offer the simple communications primitives that allow for
319
   accounting and limiting the network bandwidth used.
320
 
321
   The concrete protocol and communications hardware and software
322
   interfaces to use and whether the communication strategy over the
323
   real-time network is connection-oriented or not, are implementation
324
   dependent. The creation of endpoints will set them as
325
   appropriate.
326
 
327
   A node may negotiate contracts to reserve bandwidth for the sending
328
   of messages through the networks to which it is connected. It does
329
   not have to reserve bandwidth for incoming messages, just for
330
   outgoing messages.  A node cannot reserve bandwidth in networks to
331
   which it has no direct connection.
332
 
333
   As mentioned above, specific send and receive communication
334
   primitives are included to transfer messages while managing the
335
   bandwidth budget consumption. The send operation is non-blocking:
336
   it just copies the message into an internal buffer and returns
337
   immediately. The FSF network scheduler of the sender processor
338
   takes responsibility on accounting the bandwidth fraction used
339
   through each send endpoint, using the bandwidth reservation made by
340
   the network server that is bound to it.
341
 
342
   Considering that bandwidth reservations should be done in the form
343
   of number of bytes per time unit, that the speed of the network is
344
   quite variable from one platform to another, and that the regular
345
   FSF contract negotiation operations work with budgets expressed as
346
   CPU time, a function is added to convert the size of messages to
347
   the amount of time that is necessary to be used as the budget in
348
   the FSF contract.
349
 
929 lipari 350
 */
351
 
352
/**
353
   \defgroup distsparemodule Distributed spare capacity module
354
 
993 lipari 355
   In the distributed FSF we have chosen to give a minimum support for
356
   spare capacity distribution inside FSF, and leave the consensus
357
   problem related to the negotiation of end-to-end transactions to
358
   some higher-level manager that would make the negotiations for the
359
   application.
929 lipari 360
 
993 lipari 361
   There is a new attribute in the service contract called the granted
362
   capacity flag which, when set, has the implication that the period
363
   or budget of the server can only change if a renegotiation or a
364
   change of quality and importance is requested for it; it may not
365
   change automatically, for instance because of negotiations for
366
   other servers. This provides a stable framework while performing
367
   the distributed negotiation.
368
 
369
   For a server with the granted capacity flag set, there is an
370
   operation to return spare capacity that cannot be used due to
371
   restrictions in other servers of a distributed transaction.
929 lipari 372
 */