Enforcing criticality constraints in real-time systems

Abstract

Contemporary programming languages use priority as the fundamental language feature for asserting timing and criticality. This thesis provides a thorough critique of priority in the context of safety critical real-time systems, highlighting the deficiencies of the concept. We then develop a new model for real-time control based on orthogonal constructs that directly express the user’s requirements. Initially the historical development of priority is surveyed, and it is revealed that priority has traditionally had multiple and often contradictory goals. The concept is shown to have developed in time-sharing and transaction based systems in which only average performance is considered and safety is not an issue. Priority was then adopted for real-time programming by default, in languages such as occam and Ada. Existing real-time implementation technologies are surveyed to provide a realistic basis for achievable and appropriate real-time language concepts. Examination of these techniques reveals that priority based models cannot effectively span processor boundaries. Priority is then examined in detail as a language feature and is found to suffer from several problems: the priority order specified may not be achievable, priority may conflict wdth other control mechanisms, and hardware may not be able to support the language concept of priority. Despite priority being most commonly used to express importance and urgency, the language feature does not reliably deliver either of these effects. Moreover, despite real-time systems being inherently inclined towrards distribution, priority is found to compromise modularity, portability and distribution. We utilise a four-level framework for assessing the clarity and practicality of language features in terms of user requirements, concepts, language constructs and implementation technology. The existing priority model is then presented in these terms. This further highlights the disparities between each level in priority-centric languages. A new model is then developed wiiich directly expresses the natural concerns of real-time system developers. This new model is based on two language constructs, criticality and timing, which replace priority. Care is taken to ensure that these new concepts allow portability, modularity and architecture independence. A prototype implementation generator is described and then used to demonstrate how the now model can be compiled into suitable implementations. The objective of these implementations is to meet timing requirements while avoiding criticality inversion. We demonstrate that although intuitive priority allocations can cause failure to meet timing requirements even at very low system loads, near optimal results can be obtained from the new model wdthout requiring the programmer to have a detailed understanding of subtle scheduling theory. Finally, we demonstrate, via a two examples, howr the new model encompasses the abilities of priority based languages, and how a single program in the new model can be translated into multiple different implementations using different scheduling regimes and different hardware architectures.