1 / 17

Real-time Design and Verification

Real-time Design and Verification. Somesh Jha University of Wisconsin, Madison. Mars Pathfinder and Priority Inversion. Mars pathfinder claimed as “flawless” in early days of July 4-th, 1997 Mission Gather and send data back from Mars

betha
Download Presentation

Real-time Design and Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Real-time Design and Verification Somesh Jha University of Wisconsin, Madison

  2. Mars Pathfinder and Priority Inversion • Mars pathfinder claimed as “flawless” in early days of July 4-th, 1997 • Mission • Gather and send data back from Mars • Panoramic pictures sent back by the Pathfinder were a big hit on the Web • Several unique features • Unconventional landing

  3. Mars Pathfinder

  4. Symptom • Few days into the mission • Spacecraft began experiencing total system resets • Each system reset caused the data to be lost • Press described this problem as “software glitches” • “the computer was trying to do too many things at once”

  5. Priority Inversion • Pathfinder contained an information bus • Used to communicate between different components of the spacecraft • Access to bus synchronized with mutexes • Tasks • Bus-management task (high priority) • Communication task (medium priority) • Data-gathering task (low priority) • Gather meteorological data

  6. Bus-management Task • Executed frequently • Moved certain kinds of data in and out of the information bus • Acquired the information bus mutex before it transferred data • Remember this is a high priority task

  7. Data-gathering task • Gather meteorological data • Publish data using the information bus • This task ran infrequently and executed for a very short time Tdata-task • Remember this task was a low priority task

  8. Communications task • This was a medium priority job • Presumably was used to communicate messages between components • Certain interrupts enabled this task • Presumably interrupts corresponded to a component sending a message to another • This was a long running job. Call its execution time Tcomm-task

  9. Priority Inversion • Data-gathering task starts publishing the data • Acquires the information bus mutex • Bus-management task is scheduled but blocks • Information bus mutex is taken • Interrupt occurs and communications task is scheduled

  10. Priority Inversion (Contd) • Communications task starts executing • It preempts the data-gathering task • Remember that the bus-management task can be blocked for • Tdata-task + Tcomm-task • Without communications task interrupting bus-management task will only be blocked for Tdata-task

  11. Priority Inversion (Contd) • Watchdog timer monitors how long bus-management task is blocked • Timeout is T • Assume that • Tdata-task <= T • T < Tdata-task + Tcomm-task • Timer goes off and initiates a total system reset

  12. Take Away • Have to be careful in designing protocols for real-time systems • Correct by design • Large body of work on scheduling jobs for real-time systems • Verify real-time properties of protocols • Discover priority-inversion problems at design time

  13. Verification • Discrete time • Chapter 16 • Continuous time • Chapter 17 • Timed automata • Model checking, E.M. Clarke, O. Grumberg, D.A. Peled, MIT Press.

  14. Real-time Verification • Design “real-time version” of temporal logic • Extend model-checking algorithms for these extended temporal logics • CTL  RCTL

  15. RCTL • E [ f U[a,b] g] • Timed until • EG[a,b] f • Timed global

  16. Real-time Scheduling • See next of slides

More Related