Resource Access Control Part I The Mars Pathfinder

Resource Access Control (Part I) • The Mars Pathfinder Incident • Resource Model • Priority Inversion

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Resource Access Control in Real-Time Systems • Resources, Resource Access, and How Things Can Go Wrong: The Mars Pathfinder Incident • Resources, Critical Sections, Blocking • Priority Inversion, Deadlocks • Nonpreemptive Critical Sections • Priority Inheritance Protocol • Priority Ceiling Protocol • Stack-Based Protocols

Mars Pathfinder Incident • Landing on July 4, 1997 • “experiences software glitches” • Pathfinder experiences repeated RESETs after starting gathering of meteorogical data. • RESETs generated by watchdog process. • Timing overruns caused by priority inversion. • Resources: research. microsoft. com/~mbj/Mar s_Pathfinder/Mars_Pathfinder. ht ml

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Priority Inversion on Mars Pathfinder Task bc_sched detects overrun blocks on mutex becomes active high priority Task bc_dist other tasks Task ASI/MET low priority starts gets preempted locks mutex

Resource Access: System Model • Processor(s) – m types of serially reusable resources R 1, . . . , Rm – An execution of a job Ji requires: • a processor for ei units of time • some resources for exclusive use • Resources – Serially Reusable: Allocated to one job at a time. Once allocated, held by the job until no longer needed. – Examples: semaphores, locks, servers, . . . – Operations: lock(Ri) -----<critical section>------ unlock(Ri) – Resources allocated non-preemptively – Critical sections properly nested

Resource Access: System Model • Processor(s) – m types of serially reusable resources R 1, . . . , Rm – An execution of a job Ji requires: • a processor for ei units of time • some resources for exclusive use • Resources – Serially Reusable: Allocated to one job at a time. Once allocated, held by the job until no longer needed. – Examples: semaphores, locks, servers, . . . – Operations: lock(Ri) -----<critical section>------ unlock(Ri) – Resources allocated non-preemptively – Critical sections properly nested

Preemption of Tasks in their Critical Sections Example: lock(s) Zzzz! unlock(s) T 1 T 2 T 3 lock(s) unlock(s) • Negative effect on schedulability and predictability. • Traditional resource management algorithms fail (e. g. Banker’s Algorithm). They decouple resource management decisions from scheduling decisions.

Unpredictability: Scheduling Anomalies • Example: 0 T 1 = (c 1=2, e 1 = 5, p 1 = 8) T 2 = (4, 7, 22) 5 10 15 T 3 = (4, 6, 26) 20 25 • Shorten critical section of T 3: T 1 = (c 1=2, e 1 = 5, p 1 = 8) T 2 = (4, 7, 22) T 3 = (2. 5, 6, 26) 0 5 10 15 20 25