# On Time

Document Sample

```					On Time
Time and Order
• Temporal Order
– The continuum of Real Time (directed timeline)
– Infinite set {T}of instances
– An ordered set
•   Temporal Order: If p and q are two instances then
either p=q or p<q or q<p (mutually exclusive relations)
•   {T} is a dense set : exists(q) | p<q and q<r iff p <r
•   A section on the time line is duration
•   An event takes place at an instant and has no duration
• Instants are totally ordered
• Events are partially ordered - simultaneous events
have no ordering
• Can events be made totally ordered?
Causal Order
• What is the cause of an event e?
• Temporal order is a necessity but not sufficient
condition of causal order

e1) Somebody enters the room e2) Telephone starts
ringing
Case1: e1 < e2 Case2: e2<e1
Case 1: no causal order Case 2: Possible causal order

Useful for diagnostics: e.g. nuclear plant
“definitely ordered later” relation helps exclusion of events
in search of primary event
Clocks
• Physical clock: counter + physical
oscillation mechanism to update the counter
• Physical oscillation period => microtick
• Duration between microticks =>granularity
of the clock
• Identified by natural numbers 1,2,..n
• microtick I of clock k denoted by
microtickki
A Reference Clock
• Used for adherence to standard
• Assumed to be not varying and is at a constant
frequency with respect to other distributed sites.
• Usually of high frequency - granularity denoted by
z
• For a clock of 1015 microticks the granularity is 1
femto second
• Cannot measure events of smaller granularity
Drift of a clock
• The drift of a physical clock “k” between microticks i
and i+1 is the frequency ratio between k and the
reference clock z, at the instant i.
•   drift(k,i) = [z(m_tick(k, i+1) - z(m_tick(k,i)]/n(k)
– difference between the granularity (duration of a
granule) of a clock with the reference clock z divided
by the nominal number of m_ticks of the reference
clock
– perfect clock : drift=1;
– drift rate = drift -1 (typical 10-2 to 10-7 sec/sec)
Time of reference clock   Drift error

Perfect clock

Good clock zone

Error in clock value
/counter

Time of local clock
Clock Properties
• Offset: between two clocks at a given microtick is the
time difference between the respective microticks,
measured in terms of the microticks of the reference clock.
• Precision: of a set of clocks (at a given microtick) is the
maximum offset between any two clocks in the set - high
precision is maintained by internal synchronization
• Accuracy: of a clock is the maximum drift w.r.t. the
reference clock - maintained through external
synchronization
More on Time (Distributed
Clocks)
Global Time
• Local clocks (with their own oscillator) may not
be synchronized
• Assume local clock ck ticks with granularity gk
• Assume for all local clocks
|z(m_tickji – m_tickki| < pi (precision of clock
system)
• Select a subset of microticks of each local clock
for local implementation of global notion of time
(macrotick or tick of local time)
Example of Global Time
Macrotick = 10 microticks (say)
z

k

j
e      f
Event e (f) at microtick 10.7 (10.9) of z
At macrotick 1(2) of k and macrotick
1(1) of j
Reasonableness Condition of
•
Global Timeif all local
A global time t is said to be reasonable
implementations of the global time satisfy the condition g
> pi, where g is the granularity of the global time
•   Ensures that the synchronization error is bounded to less
than one macrogranule.
•   Global timestamps for a single event can differ by one tick
(the best we can achieve)
•   If two events differ by one tick it is not possible to decide
the temporal order (since g > pi and pi accounts for the
accumulation of synch. error and digitization error.
•   If the events differ by two tics it is possible to establish the
temporal order
Notion of Interval Measurement
• An interval is delimited by two events, may be
measured by two different clocks.
• Considering the synchronization and digitization
errors, the sum of these two errors will be less
than 2g because of reasonableness condition
• True duration dtrue is bounded by
(d obs –2g) < d true < (d obs + 2g), where d obs is the
observed difference between the ticks
corresponding to the start event and terminating
event of the interval
Temporal Relations
Time representation:
Requirements
• Should allow representation of time points (instantaneous
events)
• Should be able to represent events with durations (time
intervals)
• Allow representation of convex (contiguous) and non-
convex (containing gaps) events
• Should be able to represent periodic and sporadic events
• Should allow reasoning about various temporal orderings
• Should allow reasoning at different granularities
• Should support relative as well as absolute quantification
Temporal Relations
• Two binary relations tα < tβ or its inverse
tβ<tα
OR tα = tβ
• A convex time interval <t,t> = {t: t <= t
<=t}
• A duration of a convex time interval <t,
t> is a measure ||<t, t>|| = |t - t|
• A non-convex time interval is a subset of
disjoint convex intervals
Convex Interval Relations
• Let A and B be two convex time intervals, such
that <tA, tA> and <tB,tB>
• Equal (A=B)
(tA=tB) Λ (tA=tB)
• Precede (A < B)
tA < tB

• Meet( AB)or Met_by (BA)
tA = tB
• Overlap(AB)
tA < tB< tA<tB

• Start (AB)
tB=tA< tA<tB

• During (A<<B)
tB < tA < tA < tB

• End(AB)
tB< tA < tB = tA
Duration of Actions
• Actual duration (Actual execution time)
dact(a,x): Given an input data set x , the number
of time units acc. to a ref. clock between the start
of a and end of a.
• Minimal duration: min (dact(a) quantified
over all x
• Worst Case Execution Time (WCET):
dwcet(a) is the max. time that an action a may take
given the stated load, fault hypothesis, quantified
over all possible input data
• Frequency of activation: Maximum number of
activations of a task (or action) per unit time.
Every computational/ communication resource has
a finite capacity. To meet temporal obligations,
such frequency must be controlled.
• Deadline of a task (action): The time duration
between the arrival of the stimuli requesting the
action and the time of completion of the action.
• S-Task: No synchronization point within the task;
– cannot be blocked within the body of the task
– execution time can be determined in isolation
– Premption can occur
• C-Task: contains blocking synchronization
statements (such as “wait”) within the task
body.
• WCET is therefore a global issue.
Temporal Obligations in a Client
Server Model
• Three temporal parameters
– RESP: The max. response time that is expected
(and tolerated) by the client - mentioned in the
specification
– WCET: of the server - that is determined by the
implementation of the server and the associated
– MINT: The min. time between two successive
requests by the client.
• WCET is in SOC of Server
• For hard real time systems WCET < RESP must be
guaranteed assuming the client respects MINT
• To have WCET << RESP => oversized server
– not a realistic assumption for embedded systems
– For WCET=RESP careful analysis of temporal
properties is required
– We depend on the clients not generating too frequent
interrupts.(Not is SOC of server)
Network Interface

Controlled               Node                Network
Object

Process Interface
Temporal control versus Logical
control
• Rolling Mill example:
– when (p1<p2) && (p2 <p3) then everything ok
else raise alarm
• Functionally okay - temporally?
– a) Time diff. Between occurrence of alarm cond. and
triggering of the alarm (GUI)?
– b) when to activate pressure measurement? At what time
difference should the three pressures be measured?
• “When” statement buries the timing information
but only establishes logical information.
• Logical control: deals with the control flow
within a task that is determined by the
program structure and a particular input
data
• Temporal control: is concerned with the
points in time when a task must be activated
(or blocked)
– In an S-Task the only temporal control is to
decide when a task is to be activated.
– In a C-Task logical control is intermingled with
temporal control e.g. “wait” statement can
delay the execution until a condition outside the
Event Triggered and Time Triggered
Systems
• A temporal control signal may arise from two
sources:
– a) from a considerable state change -- an event
trigger
– b) from the progression of real time; whenever a
real time clock reaches a preset value -- a time
trigger
• Elevator controller example:
– Event triggered: Every press at the button causes
an interrupt - activates the rescheduling task
– Time triggered: Every press sets a local memory
Interrupts (Event Trigger)
• Asynchronous hardware supported request
• Context switch overheads –WCAO (W.C. Admin. O/H)
100%
CPU
capacity                     CPU capacity needed for
interrupt housekeeping
CPU capacity
available for
application sw

Int. Freq.
1/WCAO
• Control remains within the system
• Periodic time triggered task
• Overhead: The period of the trigger task
must be less than the laxity (difference
between deadline and execution time)
• If the laxity is too small (< 1 msec.) then the
overhead can be too high
Response Time Calculation
Polled Loops
• One event (external device sets flag)

Set flag     Check Flag (sec)   Process Flag (msec
(ns)                             ??)
• If response time > arrival time of events then the
cycle time to poll will have to be considered.
• Worst case for the nth event n(f+P) where f is the
flag checking time and P is the proc. Time of
an event (neglecting flag setting time)
Interrupt Driven Systems
Process
Int. latency Context                 interrupt
switch      Schedule
(ns)     sec                     Millisec.
sec

Ri=Li+Cs+Si+Ai
The schedule time Si is negligible when the interrupt
is scheduled by an interrupt controller handling
multiple interrupts.
Cs can be computed as computing the timing of any
application code
Interrupt Latency
• Latency between the arrival of interrupt and
when the CPU begins reacting to it.
• When higher priority task preempts a lower
priority task the latency can be computed as
Li= LP+ max {LI, LD} where LP is the
propagation delay of the interrupt signal
(nanosec to microsec.)
LI is the longest completion time of an
instruction in the interrupted process and LD is
the max. time the interrupts are kept disabled
by the lower priority routine.
Interrupt Latency (contd.)
• When lower priority routine attempts to interrupt
the interrupt will be processed only after all the
higher priority interrupts have been processed.

So LI= LH, where LH is the time taken to process all
higher priority interrupts.
Computation of LH is very difficult in view of the fact
that these can also be preempted.
So we try for bounded response time
• The execution time of the various modules
and the overall system time loading needs to
be known before implementation (even for
hardware selection)
• Logic Analyzer – detailed timing available;
but the sw must be fully coded and the hw
must also be available
• Instruction Counting – Trace the longest
path through the code (pre-final), count the
instruction types in that path and add their
execution times
• For any periodic system the total task
execution time divided by the cycle time for
that module gives the time loading for that
• For sporadic or mixed systems, the
maximum task execution rates (if known)
are to be used.
• If T is time loading, Ti is the cycle time for
Cycle time 5
= 0.5/5=10%

Execution time
=0.5 m.sec

5           10       15
Time in m.sec
Cycle time            Cycle
=10m.sed              time=40ms
Instruction Execution Time
•
Simulators the memory
Besides the instruction cycle time,
access time and wait states also contribute to the
instruction execution time
– Hence often simulators are used with
– Inputs:I) CPU type II) Memory speed III) Instr.Mix
– Output: total instruction time and throughput
• Short sections of code can be timed by reading the
system clock before and after execution
• For short codes (few microsecs.) it is better to
execute them several thousand times and divide the
instruction time by the total time spent. Takes care
of the errors due to granularity of the clock.
Non-deterministic factors
• Cache effects: For WCET assume all memory
references to be misses. What about conflict
misses?
• Pipeline effects: Instruction execution time is
changed. WCET – assume that at every possible
opportunity the pipeline has to be flushed?
• DMA: Cycle stealing occuring at every
opportunity?
• Rational approximations of effects are possible –
tighter the bound, better it is.
Timing Constraints in Real Time
Systems
• Maximum: No more than t amt. Of time can
elapse between two events
• Minimum: No less than t amt. Of time may
elapse between two events
• Durational: An event must occur for t amt.

• Issues: Are they meaningful? Required? For user
specified behavior? For system performance?
– What syntactic and semantic constructs are
needed?
– What features are needed for validation?
Maximum timing constraints
• S-S combination: max time between occurrence
of two stimuli . Ex. after the first digit is dialled,
second digit must be dialled no later than 20
sec.
• S-R combination: The caller shall get the dial
tone no later than 2sec. after lifting the receiver
• R-S comb.: max. time between response and
next stimulus. E.g. After receiving the dial tone,
next digit should be dialled within 30 sec.
• R-R com.: max. time between two responses,
e.g. after connection the caller shall receive the
ringback tone no later than the callee receiving
SDL and RTRL allow the use
of “timer”construct

DIAL
TIMER ALARM/    AGAIN
DIAL TONE
FIRST DIGIT/
START TIMER (20)    AWAIT
AWAIT
FIRST                      SECOND
DIGIT    SECOND DIGIT/
DIGIT                                SILENCE

AWAIT
NEXT
DIGIT
Use of timer in a behavioral requirement
%FEATURE local_to_local_call;
%TIMERS
collect_digit_timer (20) --
the user has 20 seconds to dial each
digit of a phone number;

%REQUIREMENTS digit_collection;
INSTATE await_first_digit;
TRANSITION;
(first_digit);
START collect_digit_timer;
NEWSTATE await_second_digit;
END TRANSITION;
INSTATE await_second_digit;
TRANSITION;
(second_digit);
SEND silence TO calling party;
NEWSTATE await_next_digit;
(collect_digit_timer.alarm);
SEND dial_tone TO calling
party;
NEWSTATE dial_again;
END TRANSITION;

Modeling a behavioral constraint in RTRL
S-R and R-R constraints are requirements of the system’s
performance
The construct “Latency” has been used in RTRL to this end

INSTATE idle;
TRANSITION;
(caller_off_hook);
LATENCY 2;
SEND dial_tone;
NEWSTATE
await_first_digit;
END TRANSITION;

How to use Latency for R-R?
Constraining system performance in RTRL
OFFHOOK/START      FIRST
TIMER (30)         DIGIT
AWAIT                    SECOND
FIRST                    DIGIT
AWAIT               AWAIT              AWAIT
DIGIT           SECOND               THIRD             SEVENTH
DIGIT               DIGIT               DIGIT

ALARM            ALARM               ALARM
REORDER          REORDER            REORDER
TONE             TONE              TONE

SEVENTH
ALARM               DIGIT
DAIL           REORDER             RINGTONE
START TIMER                    AGAIN           TONE

DIALING
COMPLETE

A maximum timing constraint on several events
[Caller should dial 7 digits within 30 sec.]
Specification of Minimum Time
Constraints
• S-S: A min. of 0.5 sec. must elapse
between dialling of two digits
• S-R: after the users dials 0, wait 15 sec. to
see if the user himself completes the call,
without operator assistance.
• R-S: where the system may be busy serving
requests from several ports
• R-R: Where the user needs some time to act
upon a result/response
AWAIT
NEXT     SECOND DIGIT/
TIMER ALARM    DIGIT
SILENCE

FIRST DIGIT
HANDLE
START TIMER      DIGIT
(O.5)
AWAIT
CALLER
SECOND DIGIT BEEPING      ONHOOK

The specification of a minimum timing constraint on system users
INSTATE await_second_digit;
TRANSITION;

/*    dialing_timer is assumed to have
started in state handle_digit */
(dialing_timer_alarm);
TRANSITION;
(second_digit);
SEND silence to
calling_party;
NEWSTATE await_next_digit;
(collect_digit_timer.alarm);
SEND dial_tone TO
calling_party;
NEWSTATE dial_again;
ENDTRANSITION;
(second_digit);
SEND beeping;
NEWSTATE await_caller_on_hook;
ENDTRANSITION;
Combing maximum and minimum timing constraints RTRL
Durational Time Constraints
• Two responses r1 and r2 should be heard
within 60 sec. after a stimulus s1 and r2
should be delayed at least 15 sec. after r1
and should occur no later than 30sec. after
r1. Also, r1 and r2 last for 3 and 4 sec.
respectively.

• Automatic Test Executor (ATE) attempts to
acheive this as:
CAUSE S1
/* r2 SHOULD END NO LATER THAN 64 (60+4)
SECONDS
*/ SET INTERRUPT 1 TO 64 SECONDS;
/* OBSERVE r1 for SECONDS */
VERIFY r1 (3);
SET INTERRUPT 2 TO 34 SECONDS;
/*r2 SHOULD END NO SOONER THAN 11(15-4)
SECONDS
*/ SET ALARM 1 TO 11 SECONDS;
REPEAT UNTIL ALARM 1 ON;
VERIFY NOT r1;
END;
VERIFY r2 (4);
CANCEL INTERRUPT 2;
CANCEL INTERRUPT 1;

```
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
 views: 6 posted: 9/21/2011 language: English pages: 51
How are you planning on using Docstoc?