Blocking time under basic priority inheritance: Polynomial bound and exact computation
11 Blocking time under basic priority inheritance:Polynomial bound and exact computation
Paolo Torroni, Zeynep Kiziltan, Eugenio Faldella
Abstract
The Priority Inheritance Protocol (PIP) is arguably the best-known protocol for resource sharingunder real-time constraints. Its importance in modern applications is undisputed. Nevertheless, becausejobs may be blocked under PIP for a variety of reasons, determining a job’s maximum blocking timecould be difficult, and thus far no exact method has been proposed that does it. Existing analysis methodsare inefficient, inaccurate, and of limited applicability. This article proposes a new characterizationof the problem, thus allowing a polynomial method for bounding the blocking time, and an exact,optimally efficient method for blocking time computation under priority inheritance that have a generalapplicability.
Index Terms
Real-time systems, periodic tasks, resource access protocols, priority inheritance, feasiblity analysis.
I. I
NTRODUCTION
When you have eliminated the impossible,whatever remains, however improbable, mustbe the truth A.C. Doyle, 1890
Priority Inheritance [1] is a widely used protocol for real-time applications involving sharedresources with a huge practical and theoretical impact. Its adoption is pervasive in the controland automation industry and in all other domains that rely on real-time systems [2].
Department of Computer Science and Engineering, University of Bologna, Italy e-mail: [email protected].
June 12, 2018 DRAFT a r X i v : . [ c s . O S ] J un The purpose of priority inheritance is to prevent unbounded priority inversion. With respect toother, more efficient protocols proposed in the last years to address the same problem, priorityinheritance has a great advantage in its transparency, in the sense that its implementation doesnot require any information on the tasks involved. It offers, however, a significant drawback, inthat there are no known exact methods for computing the blocking time, and the only knownmethod for bounding the blocking time is of exponential complexity [3].Blocking time is an essential element in feasibility analysis, which is one key theoretical andpractical aspect of real-time systems. While blocking time computation can be done exactly,efficiently and straightforwardly under many other resource access protocols [3], under priorityinheritance even bounding the blocking time is nontrivial, because there are many possible causesof blocking, and jobs can be blocked multiple times, a phenomenon called chained blocking.The problem becomes particularly intricate when jobs are allowed to hold multiple resources ata time.In this article we propose a polynomial method for bounding the blocking time, and an exact,optimally efficient method for blocking time computation under priority inheritance that applieswithout restrictions on the number of resources each job can hold .We draw from results in operations research and artificial intelligence. In particular, we showhow the bounding problem can be mapped onto an assignment problem, which is a well-studiedproblem in operations research. Then we define blocking time computation as a search problemin the space of possible assignments of resources, where the objective is to find the path thatinduces the worst-case scenario associated with the maximum blocking time. Search can alsobe seen as a process aimed to eliminate impossible resource assignments, corresponding toinadmissible paths. To that end, we provide a full characterization of the conditions that must bemet in order for a resource assignment to be admissible. Moreover, we show that the polynomialbound can be used as an admissible heuristics in the search process. As a consequence, thesearch method we propose is both exact and maximally efficient , in the sense that it does notexplore branches unnecessarily. II. B
ACKGROUND
We build on work by Sha, Rajkumar and Lehoczky [1], who proposed and studied two priorityinheritance protocols : the “basic” Priority Inheritance Protocol (PIP), and the Priority CeilingProtocol (PCP) as a solution to unbounded priority inversion [3]. Blocking time is an essential
June 12, 2018 DRAFT element in feasibility analysis under resource constraints. While PCP’s blocking time is perfectlyunderstood, and its computation straightforward, with PIP instead literature only provides upperbounds [3]. One such upper bound was proposed by Rajkumar [4]. However, using an upperbound for feasibility analysis may be unnecessarily conservative and result in failure to identifyperfectly feasible applications with an arbitrarily small processor utilization. ... ...... ...... ...... ...... ......... ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ j ⌧ k ↵ = h ⌧ k , ⌧ j i o = h R, S i RSz j,q z k,p ⌧ i +1 ⌧ j ⌧ j ⌧ j +1 ⌧ n ✏ preemption ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h ⌧ k , ⌧ j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R, S i ⇢ = h . . . , R ⇢ ( j ) , . . . i R Sz j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j,q ) . . . z ⇠ ( j,p ) R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h ⌧ k , ⌧ j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R, S i ⇢ = h . . . , R ⇢ ( j ) , . . . i R Sz j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j,q ) . . . z ⇠ ( j,p ) R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h ⌧ k , ⌧ j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R, S i ⇢ = h . . . , R ⇢ ( j ) , . . . i R Sz j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j,q ) . . . z ⇠ ( j,p ) R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h ⌧ k , ⌧ j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R, S i ⇢ = h . . . , R ⇢ ( j ) , . . . i R Sz j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j,q ) . . . z ⇠ ( j,p ) R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h ⌧ k , ⌧ j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R, S i ⇢ = h . . . , R ⇢ ( j ) , . . . i R Sz j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j,q ) . . . z ⇠ ( j,p ) R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption Fig. 1. Example of resource accesses leading to an overly conservative bound for the PIP blocking time.
The following example introduces an application where the upper bound results in an overlyconservative blocking time estimation.
Example 1:
Consider a job J i with priority P i , which uses n − i resources { R , R , . . . , R n − i } ,and a set Γ i of n − i jobs, { J i +1 , J i +2 , . . . , J n } , with priority P i +1 , P i +2 , . . . , P n , which also usethe same resources. Let the resource associated with a critical section z j,p be R p (all jobs accessresources in the same order). Finally, let the duration of each critical section be: • δ for z j,n − j +1 , for all j (i.e., all the sections in the antidiagonal), and • an arbitrarily small (cid:15) in all other casesas illustrated in Figure 1. With this set up, the upper bound obtained by applying Rajkumar’smethod on J i ’s blocking time B i would be ( n − i ) δ . However, because of the reasons we willdiscuss in the next sections, the exact B i is only ( n − i ) (cid:15) + δ , if ( n − i ) is odd, or an even smaller ( n − i − (cid:15) + δ , if ( n − i ) is even. Since (cid:15) can be arbitrarily small, the exact value is n − i times smaller than the estimated bound, with self-evident implications on feasibility analysis. June 12, 2018 DRAFT
This apparent shortcoming of current feasibility analysis methods and the pervasive use ofPIP motivates us to devise an exact procedure for blocking time computation under PIP. In orderto do that, we start by introducing notation, definitions, as well as scheduling model used inliterature [1], [3]. For ease of reference we summarize the notation in Table I.A job is a sequence of instructions that will continuously use the processor until its completionif it is executing alone on the processor. That is, we assume that jobs do not suspend themselves,say for I/O operations.A periodic task is a sequence of jobs of the same type occurring at regular intervals. J i denotesa job, i.e., an instance of a task τ i . Each task is assigned a fixed priority , and every job of thesame task is initially assigned that task’s priority. P i denotes J i ’s priority. We assume that jobs J , J , . . . , J n are listed in descending order of priority with J having the highest priority, P .If several jobs are eligible to run, the highest-priority job will be run. Jobs with the samepriority are executed in FCFS discipline. When a job J is forced to wait for the execution oflower-priority jobs, J is said to be blocked .A binary semaphore guarding a shared resource is denoted by S , usually with a subscript,and it provides the wait and signal indivisible operations. The p -th critical section in J j isdenoted by z j,p and corresponds to the code segment of J j between the p -th wait operation andits corresponding signal operation. The semaphore that is locked and released by z j,p is denotedby S j,p . The resource guarded by S j,p is denoted by R j,p . The duration of a critical section z j,p ,denoted d j,p , is the time to execute z j,p when J j executes on the processor alone. A job J i issaid to be blocked by the critical section z j,p of job J j if i < j and J i has to wait for J j to exit z j,p in order to continue execution. The sequence of all critical sections of a job J j is denotedby β j = (cid:104) . . . , z j,p , . . . (cid:105) .As in [1], we use a simplified scheduling model, as defined by the following assumptions. Assumption 1:
All the tasks are periodic.
Assumption 2:
Access to shared resources is regulated by the basic priority inheritance protocoldefined in [1]. In particular, when a job J i blocks one or more higher-priority jobs, it temporarilyassumes the highest priority of the blocked jobs. Assumption 3:
Each job in a periodic task has deterministic execution times for both its criticaland noncritical sections and it does not synchronize with external events, i.e., a job will execute For a formal definition of the protocol see [1].
June 12, 2018 DRAFT
Symbol Meaning τ j j -th periodic task P j the priority associated with τ j J j j -th job : an instance of J j Γ a set of jobs ( application ) Γ i the set of all jobs in Γ that can block J i Γ iN the set of jobs that can block J i when jobs can hold more than one resource at a time z j,p p -th critical section of J j , corresponding to the code segment of J j between the p -th wait operationand its corresponding signal operation z j,p ⊂ z j,s z j,p is entirely contained in z j,s β j the sequence of all critical sections of a job J j : (cid:104) . . . , z j,p , . . . (cid:105) β j ( ˆ R ) maximal sequence with respect to ˆ R : (cid:104) z j,p ∈ β j | z j,p is maximal with respect to ˆ R(cid:105)Z a chain of critical sections, or z-chain : (cid:104) . . . , z j,k , . . . (cid:105) d j,p z j,p ’s duration d ( Z ) Z ’s duration S j,p the semaphore associated with z j,p R j,p the resource guarded by S j,p R i the set of all resources whose semaphores can block J i when each job can hold at most one resourceat a time R the set of all resources used by jobs in Γ R iN the set of all resources whose semaphores can block J i when jobs can hold more than one resourceat a time in ( J i , z j,p , ˆ R ) set induced by ( J i , z j,p ) from ˆ R in ( J i , Z ) set induced by ( J i , Z ) TABLE IN OTATION to its completion when it is the only job in the system.The last assumption implies that the sequence of operations on semaphores by each individualjob is known, and that the worst-case execution time of each critical section is also known. Inparticular, we will describe each job by the sequence and length of its critical sections.Current work on blocking time analysis under PIP typically assumes that a job can hold onlya resource at a time. We instead accept that jobs can hold multiple shared resources at the sametime. However, following a well-established convention [3], we assume proper nesting of critical Blocking time analysis typically considers only the longest critical sections [1]. However, an exact computation of theworst-case blocking time under PIP requires more information.
June 12, 2018 DRAFT sections. We shall write z j,p ⊂ z j,s , or equivalently z j,s ⊃ z j,p , if a critical section z j,p is entirelycontained in z j,s [1]. Assumption 4:
We assume that critical sections are properly nested . That is, given any pairof critical sections z j,s and z j,p , if s < p , then either z j,p ⊂ z j,s , or z j,s ∩ z j,p = ∅ . Moreover,we assume that a semaphore may be locked at most once in a single nested critical section, so z j,s ⊃ z j,p ⇒ R j,s (cid:54) = R j,p [1].Finally, we assume that resources are properly released. Assumption 5:
Each job releases before terminating any resource it holds.When convenient, we will use square brackets to denote critical sections, indicating in thebrackets the name of the associated resources and the duration of the section.
Example 2:
The following notation: J [ R : 3 [ R : 1]] J [ R : 3] [ R : 4] describes a set of two jobs: J with two critical sections, z , and z , , and J with two criticalsections, z , and z , . The duration of z , is d , = 3 , and the resource associated with z , is R , = R , guarded by semaphore S . z , is entirely contained in z , , whereas z , follows z , .We will call an ordered sequence of critical sections a z-chain , denoted as Z = (cid:104) . . . , z j,p , . . . (cid:105) .The duration of a z-chain, denoted d ( Z ) , is the sum of the durations of its elements: d ( Z ) = (cid:88) z j,p ∈Z d j,p III. M
ODEL
In this section we will identify and define all the elements that are necessary for an analysisof the blocking time computation under PIP.Consider an application
Γ = { J , . . . , J i , . . . , J n } and a set of resources R = { R , R , . . . , R m } ,each guarded by a distinct binary semaphore.It is a known fact that, if each job can hold at most one resource at a time, R i includes alland only the resources used both by jobs with priority lower than P i and by jobs with priorityhigher than or equal to P i [1]. We will use R i to denote the set of resources whose semaphores can cause blocking to J i if each job can hold at most one resource a time: R i = { R ∈ R|∃ z j,p ∈ β j , z k,q ∈ β k , k ≤ i, i < j | R k,q = R j,p = R } . June 12, 2018 DRAFT
Accordingly, we will use Γ i to denote the set of all jobs that can block J i , if each job canhold at most one resource at a time. In particular, Γ i includes all and only the jobs with prioritylower than P i that use resources belonging to R i [1]: Γ i = { J j ∈ Γ | j > i, ∃ z j,p ∈ β j | R j,p ∈ R i } . The fact that critical sections can be nested, properly or otherwise, introduces the threat of deadlock . Clearly, deadlocks must be prevented in real-time applications. A common way todo so is by preventing a necessary condition for deadlock, known as circular wait , in particularby imposing a strict order on resource acquisitions. Checking that a given application respectssuch a strict order is trivial. We will thus assume that deadlock is prevented by some externalmeans, and in particular that semaphores are accessed in an order consistent with a predefinedacyclical order [1]:
Assumption 6:
We assume that the ⊂ relation defined over nested critical sections induces apartial order over resources.Nesting also introduces a new phenomenon, called transitive priority inheritance [3]. Inparticular, if a job J i is blocked by a job J j , and J j is blocked by a third job J k , then J k inherits J i ’s priority via J j . An effect of transitive priority inheritance is the extension of the set of resources that cancause blocking to J i . In the absence of nested sections, when each job can hold at most oneresource at a time, a resource can block J i only if its ceiling is at least P i , and it is used by a jobwith a priority lower than P i . This no longer holds. In the presence of nested sections, becauseof transitive inheritance, a job can inherit a priority higher than that of the job it’s blocking.Therefore, a resource can cause blocking to J i even if its ceiling is lower than P i , but higherthan or equal to the priority of the jobs that can inherit a priority greater than or equal to P i .The set of jobs that can block J i is thus, in general, a superset of Γ i . Deadlock is not an issue when all sections are disjoint, because a deadlock requires the occurrence of the hold-and-wait condition [2], which cannot occur if all sections are disjoint. One possibility is to map resources onto vertices of a directed graph, and the “entirely contained” relation onto edges betweenvertices. Then one can use a linear-time method such as Tarjan’s strongly connected components algorithm [5] to verify that thegraph has no strongly connected subgraphs with more than one vertex, i.e., the graph is a directed acyclic graph. If the graphis acyclic, deadlock cannot occur. It is well-known that transitive priority inheritance is only possible in the presence of nested sections.
June 12, 2018 DRAFT
Example 3:
Let us consider
Γ = { J , J , J , J } . Let jobs in Γ access a set of shared resources R = { R , R , R , R } , in the following way: J [ R : 1] J [ R : 6 [ R : 4 [ R : 2]]] J [ R : 10] [ R : 3 [ R : 1]] [ R : 5] J [ R : 2] [ R : 4] These jobs define the following sequences of critical sections: β = (cid:104) z , (cid:105) , β = (cid:104) z , , z , , z , (cid:105) , β = (cid:104) z , , z , , z , , z , (cid:105) , and β = (cid:104) z , , z , (cid:105) . We observe that z , ⊂ z , , z , ⊂ z , , and z , ⊂ z , , which together with the fact that R , = R , R , = R , R , = R , R , = R , and R , = R , induces a resource ordering R < R < R < R , thus Γ is deadlock-free.We have R = { R } and Γ = { J , J } , so if the critical sections were all disjoint, J couldnot possibly cause blocking to J , and we would have B = d , = 10 .However, let us consider the sequence of events illustrated in Figure 2, where J is releasedas soon as J acquires S and enters z , , J is released as soon as J acquires S and enters z , ,and finally J is released as soon as J acquires S and executes z , . In that case, as soon as J attempts to acquire S (the semaphore guarding z , as well as z , ), J will be blocked for theduration of the whole z-chain Z = (cid:104) z , , z , , z , (cid:105) , that is, for 11 units of time. Interestingly, Z involves sections that are not directly associated with R and Γ : J (not in Γ ) has a section thatbelongs to Z , z , , which uses R , = R , also not in R ; however, R contributes to blockingbecause R = R , and z , ⊂ z , , and in turn R , = R = R , and z , ⊂ z , , with, finally, R , = R ∈ R . In the end, the set of resources that cause blocking to J in this example is { R , R , R } ⊃ R , and the set of jobs that block J is { J , J , J } ⊃ Γ .The example above motivates the introduction of the set R iN ⊇ R i , which includes all andonly the resources whose semaphores can cause blocking to J i when nested sections are allowed.Accordingly, Γ iN ⊇ Γ i denotes the set of jobs that can block J i when nested sections are allowed.In particular, R iN includes all and only the resources used both by jobs with priority lower than P i , and by jobs that have or can inherit a priority equal to or greater than P i (due to transitivepriority inheritance). In order to characterize R iN and Γ iN we need to delve a bit deeper intosuch a phenomenon.Transitive priority inheritance requires three distinct jobs, J i , J j , and J k . If these are the onlyjobs, then in order for J k to inherit P i through J j , the following conditions must hold: (1) J j June 12, 2018 DRAFT z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked wait ( R ) wait ( R ) wait ( R ) signal ( R ) signal ( R ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J Fig. 2. A possible scheduling of the application described in Example 3. defines two critical sections, z j,p and z j,q , such that z j,p ⊃ z j,q , (2) R j,p is shared with J i and (3) R j,q is shared with J k .More in general, we can say that a job J k can cause blocking to J i either because, indepen-dently of nested sections, J k ∈ Γ i , or because the following conditions hold: (1) a third job J j , with priority lower than P i , defines two critical sections, z j,p and z j,q , such that z j,p ⊃ z j,q , (2)the resource associated with the outer section, R j,p , is a resource that can cause blocking to J i , and (3) J k defines a critical section that uses R j,q . Under such conditions, R j,q can causeblocking to J i . Notice that the blocking in question does not depend on J j and J k ’s relativepriority, as long as J k ’s priority P k is lower than P i , and J j is other than J k . We then obtainthe following characterization: R iN = R i ∪ { R j,q |∃ z j,q ⊂ z j,p , R j,p ∈ R iN , ∃ z k,r | R k,r = R j,q , k > i, k (cid:54) = j } . Accordingly, Γ iN includes all and only the jobs with priority lower than P i , that use resourcesbelonging to R iN : Γ iN = { J j ∈ Γ | j > i, ∃ z j,k , R j,k ∈ R iN } . Example 4 (continued from 3):
We have R N = { R } ∪ { R , R , R } , Γ N = { J , J , J } , R N = { R , R , R } ∪ { R } , Γ N = { J , J } , R N = R = { R , R } , and Γ N = { J } . R iN defines the resources that in principle could block J i . However, blocking depends on theschedule, and not all schedules are possible. To illustrate, consider the following example. June 12, 2018 DRAFT0
Example 5 (continued from 4):
From previous analysis we know that Z = (cid:104) z , , z , , z , (cid:105) corresponds to a possible schedule (illustrated in Figure 2), yielding an overall blocking timefor J of 11 time units. Z corresponds to the following allocation of resources in R N to jobsin Γ N : R /J , R /J , and R /J . Let us now consider a different z-chain Z (cid:48) , also involvingthree different resources/jobs in R iN / Γ iN : Z (cid:48) = (cid:104) z , , z , , z , (cid:105) , yielding a total duration d ( Z (cid:48) ) =4 + 5 + 6 = 15 . Z (cid:48) corresponds to the following allocation of resources in R N to jobs in Γ N : R /J , R /J , and R /J . The jobs and resources are the same as before, but unlike Z , Z (cid:48) describes an impossible schedule. Indeed, J may not obtain access to z , while J holds R ,because in order to reach z , , J should cross z , , meaning acquiring (and then releasing) R .Moreover, if we consider other possible allocations that could cause blocking to J , we noticethat each allocation where J holds R would inhibit any possible contribution of R , R , and R towards blocking J . As a matter of fact, R and R belong to R N only by virtue of J potentially holding R , and R belongs to R N only by virtue of J potentially holding R evenas J holds R .As a result, the only possible allocation where all the resources in R N play a role towards B is that corresponding to Z in Example 3. Another possible allocation of resources yielding thesame duration would be R /J , R /J , and in that case J may not hold any resource. Otherpossible allocations result in shorter z-chains, therefore the duration of the longest z-chain forthis application, corresponding to a possible schedule, is B = 11 units.In general, whether a resource may or may not belong to a z-chain corresponding to anadmissible schedule depends on the other resources in the same z-chain. We shall thus introducethe notion of a induced resource set. This will enable us define an iterative characterization of R iN equivalent to the recursive one given earlier. The idea is to obtain R iN by initially computing R i and then iteratively applying the definition of induced set until a fix point is reached. Butbefore we go there, we need to introduce the notion of maximality with respect to a set ofresource. Definition 1 (Maximal section):
Given a set ˆ R of resources, a section z j,p is maximal withrespect to ˆ R if and only if R j,p ∈ ˆ R and (cid:64) z j,s ⊃ z j,p | R j,s ∈ ˆ R . Definition 2 (Maximal sequence):
Given a set ˆ R of resources and a sequence β j , the corre-sponding maximal sequence with respect to ˆ R , denoted β j ( ˆ R ) , is the sequence of sections in β j that are maximal with respect to ˆ R : β j ( ˆ R ) = (cid:104) z j,p ∈ β j | z j,p is maximal with respect to ˆ R(cid:105) . Definition 3 (Induced set):
Let ˆ R be a set of resources, J i a job, and z j,p a maximal section June 12, 2018 DRAFT1 function R ELEVANT -R ESOURCES ( Γ , i ) R iN ← R i while R iN ⊂ R and ∃ maximal z j,k wrt R iN | j > i and in ( J i , z j,k , R iN ) (cid:54) = ∅ do R iN ← R iN ∪ in ( J i , z j,k , R iN ) return R iN Fig. 3. Iterative computation of R iN with respect to ˆ R , for some j > i . The set induced by ( J i , z j,p ) from ˆ R , denoted in ( J i , z j,p , ˆ R ) ,is the set of resources R j,q that (1) are associated with a critical section z j,q contained in z j,p ,(2) do not belong to ˆ R , and (3) are associated with a critical section belonging to a job otherthan J j and with a priority lower than P i : in ( J i , z j,p , ˆ R ) = { R j,q | z j,q ⊂ z j,p , R j,q ∈ R \ ˆ R , ∃ z k,r | R k,r = R j,q , k > i, k (cid:54) = j } . Example 6 (continued from 5):
Consider J , R , and z , , which is maximal with respect to R . We have in ( J , z , , { R } ) = { R , R } . Indeed, if J enters z , while R or R are heldby other jobs, J will not be able to complete its execution of z , and thus release R = R , until it can get hold of R and R as well.Induced sets can be used to compute R iN . The straightforward way to do that is to initiallyset R iN = R i and then apply the induction operator until a fix point is reached. Such a method,encoded by function R ELEVANT -R ESOURCES in Figure 3, will necessarily reach a fix point,because R iN is a monotonically growing set of resources, and resources are finite. Moreover,its complexity is bound by the number of resources outside of R i times the number of criticalsections in jobs with a priority lower than P i . Example 7 (continued from 6): R N (0) = R = { R } ⊂ R . in ( J , z , , R N (0) ) = { R , R } . R N (1) = R N (0) ∪ in ( J , z , , R N (0) ) = { R , R , R } ⊂ R . Maximal sections of J , J , and J with respect to R N (1) : z , , z , , z , , z , , and z , . in ( J , z , , R N (1) ) = ∅ . in ( J , z , , R N (1) ) = ∅ . in ( J , z , , R N (1) ) = { R } . R N (2) = R N (1) ∪ in ( J , z , , R N (1) ) = R (fix point).Definition 3 applies a single section, but we can extend it to z-chains. Definition 4:
Let Z be a z-chain of sections that can cause blocking to J i . The set inducedby ( J i , Z ), denoted in ( J i , Z ) , is defined as R i ∪ (cid:83) z ∈Z in ( J i , z, R i ) . June 12, 2018 DRAFT2
We are now ready to characterize all the possible cases of blocking using the notion of admissibility and its necessary condition, induction compatibility . Intuitively, a z-chain Z is induction compatible if each resource associated to sections in Z contributes to blocking J i , giventhe other elements in Z , whereas it is admissible if it is induction compatible and correspondsto a possible schedule. In that case, Z describes a possible sequence of job activations leadingto a situation where at a given time each relevant job executes inside its corresponding sectionin Z , whereby the total blocking J i is subject to is B i = d ( Z ) . If, otherwise, Z is inadmissible, Z cannot cause a blocking B i = d ( Z ) , because it is impossible to schedule jobs so as to haveat any given time all relevant job executing inside their corresponding section in Z . Definition 5 (Induction compatibility):
Consider a job J i and a z-chain Z of sections belongingto all-different tasks and associated with all-different resources. Then a section z j,p ∈ Z is induction compatible if either R j,p ∈ R i or ∃ z k,q , z k,r ∈ β k for some k (cid:54) = j such that z k,q ∈Z , z k,q ⊃ z k,r , R k,r = R j,p , and z k,q is induction compatible. Example 8 (continued from 7):
Consider Z (cid:48) = (cid:104) z , , z , , z , (cid:105) from Example 5. z , is inductioncompatible because R , ∈ R , while z , and z , are induction compatible because there aretwo sections contained in z , and associated with R , and R , . However, as we know fromExample 5, Z (cid:48) models an impossible schedule. Consider now Z (cid:48)(cid:48) = (cid:104) z , (cid:105) , which represents aperfectly possible job scheduling, where J has reached z , and is holding R and R . z , aloneis not induction compatible, because R , = R (cid:54)∈ R and there is no other induction compatiblesection in Z (cid:48)(cid:48) which contains a section associated with R . Indeed, there is no reason why Z (cid:48)(cid:48) should cause any blocking to J .Admissibility uses and extends induction compatibility by laying out all the constraints thatmust be satisfied in order for a z-chain Z of duration d to cause a blocking B i = d to a job J i .Admissibility is defined by induction. Figure 4 is meant as a reference to clarify the notationused in some constraints (FHO and FLO). Definition 6 (Admissibility):
Admissibility is defined with respect to a job J i by induction: • The empty chain (cid:104)(cid:105) is admissible with respect to any job J i . • A non-empty z-chain Z (cid:48) = Z + (cid:104) z j,p (cid:105) is admissible with respect to a job J i if and only if Z is admissible and z j,p is an admissible extension to Z with respect to J i . • A section z j,p is an admissible extension to Z with respect to J i if an only if it satisfies all the following conditions: NBJ ( Novelty of Blocking Job ): J j is a new job : β j ∩ Z = ∅ ; June 12, 2018 DRAFT3 z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q z , z , z , z , z , z , z , z , z , z , blocked R R R R wait ( S ) wait ( S ) wait ( S ) signal ( S ) signal ( S ) signal ( S ) J J J J J . . . J i z h,q z h,r z j,o z j,s z j,p z l,q z l,r R h,r R h,q R j,s R l,r R j,o R l,q R h,q = R j,s R j,o = R l,q ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t J h J l R i ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t J h J l R i ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t J h J l R i ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t J h J l R i z j,s ◆ z j,p z l,q ◆ z l,r ⌧ i J i ⌧ j J j ⌧ k J k ⌧ i +1 J i +1 ⌧ j J j ⌧ j +1 J j +1 ⌧ n J n ⇠ = h J k , J j i ⇠ = h . . . , J ⇠ ( j ) , . . . i ⇢ = h R , R i ⇢ = h . . . , R ⇢ ( j ) , . . . i R R z j,q z k,p ✏J ⇠ ( j ) R ⇢ ( j ) ⇢ ( j ) ⇠ ( j ) ⇠ ( j ) + ⇠ ( j ) ⇣ ⇠ ( j ) ˆ ⇠ ( j ) ⇣ ⇠ ( j ) ⇣ + ⇠ ( j ) z ⇠ ( j ) ,q . . . z ⇠ ( j ) ,p R ⇢ ( j ) ⇢ R ⇠ ( j ) ,q R ⇠ ( j ) ,p ⇢ R ⇢ ( j ) preemption t J h J l R i z j,s ◆ z j,p z l,q ◆ z l,r Fig. 4. Obstructing sections rendering z j,p inadmissible (Definition 6). NBR ( Novelty of Blocking Resource ): z j,p is associated with a new resource : (cid:64) z k,r ∈ Z| R k,r = R j,p ; LSM ( Limited-Scope Maximality ): z j,p is maximal with respect to in ( J i , Z ) : R j,p ∈ in ( J i , Z ) and (cid:64) z j,s ⊃ z j,p | R j,s ∈ in ( J i , Z ); FHO ( Freedom from Higher-priority job Obstruction ): R j,p is not associated with, or con-tained in a section z j,s associated with, a section z h,q of a higher priority job J h thatprecedes a section z h,r ∈ Z : (cid:64) z h,r ∈ Z , h < j, z j,s ∈ β j , z j,s ⊇ z j,p , z h,q ∈ β h , q < r | R h,q = R j,s ; FLO ( Freedom from Lower-priority job Obstruction ): z j,p is not preceded by a section z j,o associated with a resource associated with a section z l,r ∈ Z , or with a section z l,q containing a section z l,r ∈ Z , of a lower priority job J l : (cid:64) z l,r ∈ Z , j < l, z l,q ∈ β l , z l,q ⊇ z l,r , z j,o ∈ β j , s < p | R j,o = R l,q . These definitions provide a complete characterization of the conditions for blocking in theabsence of nested sections. In particular,
NBJ and
NBR are known from literature [3]: it shouldbe self-evident that in order for J i to be blocked by two different critical sections of tasks in Γ ,these critical section must refer to different resources and belong to different jobs. June 12, 2018 DRAFT4
LSM instead reflects the following observation: if Z already contains a section associatedwith a resource R , then any other section contained in a section associated with R cannotbe an admissible extension to Z , since that section could not possibly be reached (the jobwould be blocked before). Therefore, we are only interested in maximal sections. Moreover,only considering resources belonging to the set induced by Z ensures induction compatibility.Thus limited scope maximality–the scope being limited to in ( J i , Z ) –rather than just maximality.Finally, FHO an FLO are reachability conditions. On the one hand, the sections that alreadybelong to Z should remain reachable, therefore new sections that extend Z should not obstructthem. On the other hand, these new extensions to Z must themselves be reachable. Notice that,because jobs can hold multiple resources at the same time, a resource can be either directlyassociated with a section z , or it can be associated with a section that contains z , and will thusbe allocated to the job that executes z . In particular, FHO stipulates that if a section z j,p is addedto a chain that contains higher-priority sections, the latter must still be reachable, whereas FLOstipulates that z j,p must itself be reachable in spite of lower-priority sections that may already bein Z . Reachability is obstructed by sections in the higher-priority job that precede the higher-priority section and are associated with resources that are also associated with the lower-prioritysection, directly or otherwise.It is worthwhile noticing that any 1-element z-chain is admissible if and only if its elementis maximal with respect to R i . Any z-chain composed of first-only sections ( ∀ z k,p ∈ Z , p = 1 )satisfies FHO and FLO (as well as, trivially, NBJ), and is therefore admissible if and only if itsatisfies NBR and is induction-compatible. The bottom line:
The model we introduce provides a complete characterization of the se-quences of critical sections that can block a job. Given such a model, we propose the followingmethodology for computing the blocking time:1) Because nested sections under PIP introduce the risk of deadlock, the first step is toestablish that semaphores are accessed in an order consistent with a predefined acyclicalorder. If that is not the case, the blocking time is infinity. This can be done in linear time.2) If there is no risk of deadlock, one proceeds to determine an upper bound. This, as wewill see, can be done in polynomial time.3) Next, one verifies that the upper bound found in the previous step corresponds to anadmissible z-chain. If that is the case, the upper bound corresponds to the exact value.This verification procedure can also be carried out in polynomial time.
June 12, 2018 DRAFT5
4) Finally, if the previous steps fail, one needs to search for an admissible resource alloca-tion yielding the maximum blocking time. To that end, one could explore the space ofadmissible allocations using heuristic-based tree-search, which is a complete method ableto compute the blocking time exactly , as well as to provide a proof , in the format of az-chain. IV. B
OUND
In [4], Rajkumar proposes a branch-and-bound search technique to determine an upper bound B i on the blocking delay of each job under PIP, assuming that each job can hold at most oneresource at a time. The method consists in summing the durations of the longest critical sectionsof jobs that can block J i , with the restriction that all jobs must be different and the criticalsections must be associated with all different semaphores.Such an approach has three main limitations:1) it has an exponential complexity ,2) it only applies in the absence of nested sections , and3) it is not an exact method , as it only provides an upper bound.In this section we address the first two limitations, by showing how the same upper boundcan be computed using a polynomial complexity algorithm, called the Hungarian method [6],[7], and that such a method does not depend on the number of resources a job can hold at atime.The Hungarian method is a combinatorial optimization algorithm that solves the assignmentproblem [8] in polynomial time. Assignment is a minimization problem, described as finding anoptimal assignment of tasks to workers , based on a square cost matrix. The problem we addresscan be considered as an assignment problem’s dual , where “tasks” are resources to be assignedto jobs (the “workers”), “costs” are defined by longest durations, and the objective is to maximize (as opposed to minimize, hence the “dual” problem) the total time spent by the jobs on theseresources.The method we propose consists in casting the problem into an assignment problem’s dual,and then applying the Hungarian method, which we can always do as long as we express theinput data in the form of a square cost matrix.Our algorithm for determining Rajkumar’s upper bound using the Hungarian method is shownin Figure 5. For generality, the algorithm is expressed as a function H with two arguments: a June 12, 2018 DRAFT6 function B LOCKING -T IME -M ATRIX ( Γ H , R H ) d ← a new | Γ H | × |R H | zero matrix for all J j in Γ H do for all z j,k in β j such that R j,k ∈ R H do if d ( J j , R j,k ) < d j,k then d ( J j , R j,k ) ← d j,k return d function C OST -M ATRIX ( d, Γ H , R H ) N ← max {| Γ H | , |R H |} D ← max { d ( J j , R k ) } m ← a new N × N matrix for all J j , R k do m ( J j , R k ) ← D − d ( J j , R k ) return m function H( Γ H , R H ) d ← B LOCKING -T IME -M ATRIX (Γ H , R H ) m ← C OST -M ATRIX ( d, Γ H , R H ) repeat (cid:46) Step 1 : subtract min value α from each row for all J j in Γ H do α ← min { m ( J j , · ) } for all R k in R H do m ( J j , R k ) ← m ( J j , R k ) − α (cid:46) Step 2 : subtract min value γ from each column for all R k in R H do γ ← min { m ( · , R k ) } for all J j in Γ H do m ( J j , R k ) ← m ( J j , R k ) − γ Fig. 5. Hungarian method (first part)
June 12, 2018 DRAFT7 (cid:46)
Step 3 : check if assignment is possible assignment ← possible Γ ∗ ← Γ H R ∗ ← R H H ← ∅ h ← while Γ ∗ (cid:54) = ∅ and assignment is possible do J j ← job in Γ ∗ such that m ( J j , · ) has min number of 0 elements if ∃ R k ∈ R ∗ such that m ( J j , R k ) = 0 then Γ ∗ ← Γ ∗ \ { J j } R ∗ ← R ∗ \ { R k } H ← H ∪ { ( J j , R k ) } h ← h + d ( J j , R k ) else assignment ← impossible (cid:46) Step 4 : if impossible, transform m and repeat if assignment is impossible then s ← min set of rows/cols covering all 0s Θ − ← { ( J j , R k ) | row ( J j ) / ∈ s, col ( R k ) / ∈ s } Θ + ← { ( J j , R k ) | row ( J j ) ∈ s, col ( R k ) ∈ s } θ ← min { m ( J j , R k ) | ( J j , R k ) ∈ Θ − } for all ( J j , R k ) in Θ − do m ( J j , R k ) ← m ( J j , R k ) − θ for all ( J j , R k ) in Θ + do m ( J j , R k ) ← m ( J j , R k ) + θ until assignment is possible return h Fig. 6. Hungarian method (continuation)
June 12, 2018 DRAFT8 generic set of jobs, Γ H , and a generic set of resources, R H . When invoked with arguments Γ i and R i , H returns Rajkumar’s upper bound for J i ’s blocking time, B i . Moreover, when invokedwith arguments Γ iN and R iN it provides an upper bound for J i ’s blocking time when each jobcan hold multiple resources at a time. Finally, in the next section we will see that H also servesa key purpose in the exact computation of J i ’s maximum blocking time, when applied to subsetsof Γ i and R i . Hence our presentation of the algorithm in its parametric format.Function H relies on two matrices as its main data structures: a | Γ H | × |R H | blocking time matrix, denoted d , whose cells contain the longest durations of critical sections, and an N × N cost matrix m constructed from d , with N = max {| Γ H | , |R H |} . Notation 1:
For better readability, references to matrix elements are made via their corre-sponding jobs/resources. So ( J j , R k ) identifies the matrix element corresponding to job J j andresource R k . The value of such an element in d is denoted by d ( J j , R k ) , in m by m ( J j , R k ) .Moreover, col ( R k ) denotes the index of the column of m corresponding to R k and row ( J j ) theindex of the row of m corresponding to J j .In order to obtain a square cost matrix, m is first filled with the opposite of the homologousvalues in d , increased by a constant D to ensure that m only contains positive values, and thenpadded with 0 rows or columns.Once m is set up, the Hungarian method is described by the following four steps: Step 1.
Subtract the smallest element in each row from all the elements of its row. Eachrow will contain at least one 0 element and no negative element.
Step 2.
Subtract the smallest element in each column from all the elements of its column.Each column will contain at least one 0 element and no negative element.
Step 3.
Check if an assignment is possible . An assignment is possible if and only if thereis a collection of N N distinct rows and N distinct columns. One way tocheck that is to proceed row by row selecting the row with the least number of 0 elementsand mark the (unmarked) column intersecting the first 0 element of that row. If finding a 0element in each row by only looking at unmarked columns is possible for every row, thenthe assignment is possible, and the return value, h , is computed as the sum of the valuesof elements in the d matrix corresponding to the 0 elements found in the m matrix. Step 4.
If no assignment is possible, transform m and go back to Step 1. To transform m ,first find a minimum set of rows and columns s that covers all the 0s in m . This can bedone by applying the method described by Munkres in [7], not shown here, in the interest of June 12, 2018 DRAFT9 brevity. Notice that, because no assignment is possible, | s | < N . Then, let θ be the smallestentry in m outside of the rows/columns in s . Subtract θ from each element in m outsideof the rows/columns in s , and add θ to each element in m that sits at the intersection ofrows/columns in s .The computational complexity of the Hungarian method is n , which is much smaller thanthe n ! complexity of the straightforward attack on the problem [7]. Notice that, alongside withcomputing h , H also constructs a set of job/resource pairs H , which will be needed later forcheck admissibility (see Section V). Notation 2:
In the examples that follow, we will use square brackets to signify relevant sections,with an indication of the associated resource and duration. For instance, with reference to a job J j , the expression [ R : 3][ R : 2] denotes a sequence of two critical sections (cid:104) z j, , z j, (cid:105) , where R j, = R , d j, = 3 , R j, = R , and d j, = 2 . Example 9:
Let us consider a set
Γ = { J , . . . , J } , whose jobs access a set of shared resources R = { R , . . . , R } , in the following way: J [ R : 1] J [ R : 1][ R : 1][ R : 1] J [ R : 3][ R : 2] J [ R : 1][ R : 1][ R : 1] J [ R : 1][ R : 1][ R : 2] J [ R : 2] Let us now compute the upper bounds on the blocking times.For J , we obtain R = { R } and Γ = { J , J } , thus the blocking time matrix d , with maxelement 1, and the corresponding cost matrix m , are as follows: d = m = Since m (cid:48) contains two 0s in two distinct rows/columns, we obtain B = d ( J , R ) = 1 .For J , we obtain R = { R , R , R } and Γ = { J , J , J } , thus matrix d , with max element3, and corresponding cost matrix before ( m ) and after Step 1 ( m (cid:48) ) are as follows: d = m = m (cid:48) = June 12, 2018 DRAFT0
Since m (cid:48) contains three 0s in three distinct rows/columns, at positions m (cid:48) ( J , R ) , m (cid:48) ( J , R ) and m (cid:48) ( J , R ) as indicated in bold, we can conclude that B = d ( J , R ) + d ( J , R ) + d ( J , R ) = 6 .With the other jobs we obtain: R = { R , R } , Γ = { J , J } d = m = m (cid:48) = Thus B = d ( J , R ) + d ( J , R ) = 3 . R = { R , R , R } , Γ = { J , J } d = m = Thus B = d ( J , R ) + d ( J , R ) = 4 . Finally, R = { R } , Γ = { J } , B = d ( J , R ) = 2 and B = 0 (trivially).The upper bounds found in Example 9 coincide with maximum blocking times. However,in general the blocking time could be less than the upper bound, as shown by the followingexample. Example 10:
Let Γ be { J , . . . , J } and let its jobs access resources in R = { R , R } , in thefollowing way: J [ R : 4][ R : 5] J [ R : 4][ R : 3] J [ R : 1][ R : 3] J [ R : 1] For J we obtain R = { R , R } and Γ = { J , J , J } , thus matrix d , with max element d ( J , R ) = 4 , and corresponding cost matrix before Step 1 ( m ) and after Step 2 ( m (cid:48) ) are asfollows: d = m = m (cid:48) =
03 3 0
Since m (cid:48) does not contains three 0s in three distinct rows/columns, the first row and the lastcolumn alone cover all of its 0s. The smallest value in the remaining cells is 1 (indicated inbold). Therefore after Step 3 we obtain m (cid:48)(cid:48) by adding 1 to the cell at the intersection of the June 12, 2018 DRAFT1 covering rows/columns (underlined), and subtracting 1 from the cells outside of the coveringrows/columns. m (cid:48)(cid:48) =
02 2 Because m (cid:48)(cid:48) contains three 0s in different rows/columns, as indicated in bold, we determine B = d ( J , R ) + d ( J , R ) = 3 + 3 = 6 .However, this upper bound refers to an impossible resource allocation, one associated withan inadmissible z-chain (cid:104) z , , z , (cid:105) (while J holds R , z , obstructs z , ).If each job can hold multiple resources at a time, the same method can be used to computea bound by simply using Γ iN and R iN as parameters. Example 11:
Let us consider an application
Γ = { J , . . . , J } . Let jobs in Γ access a set ofshared resources R = { R , . . . , R } , in the following way: J [ R : 1] J [ R : 3 [ R : 1]] J [ R : 3][ R : 2] J [ R : 3 [ R : 1]] J [ R : 4 [ R : 1]] J [ R : 2] We observe that z , ⊂ z , , z , ⊂ z , , and z , ⊂ z , , which is compatible with resourceordering R < R < R < R . Let us now focus on B . We observe that R = { R , R , R } , R N = { R , R , R , R } , Γ = { J , J , J } , and Γ N = { J , J , J , J } . We obtain the followingblocking time matrix: d = whereupon we can easily identify B = 3 + 3 + 4 + 2 = 12 .Notice that when each job can hold multiple resources at a time, using a bound such as thisone could lead to a significant overestimation of the blocking time, since we are consideringsome resources, in particular those belonging to R iN \ R i , whose potential for causing blockingreally depends on the whole z-chain. This can be seen in Example 11, where R ∈ R iN \ R i June 12, 2018 DRAFT2 only appears, within Γ N , in J , and it does so in a section contained by z , . Therefore, if J hasn’t entered z , before J is activated, J cannot be blocked because of R .V. C HECKING A DMISSIBILITY
To check that the bound found by the Hungarian method is matched by a possible resourceallocation that can block J i , we can start from the set H produced by H, in order to constructa z-chain Z corresponding to the selection of cells in the blocking time matrix that yields thebound. We do so incrementally, by making sure that the so-constructed Z is induction compatible.Once we have Z , we shall scan it by ascending priority in order to check that each elementsatisfies FLO. If that is the case, Z is admissible, thus the bound corresponds to a possibleresource allocation that can block J i , and the blocking time matches the bound. If, however,we cannot construct an admissible Z , the admissibility check fails. By following this procedure,we can prove that the bound obtained for Example 11 corresponds to an admissible z-chain,therefore B = 12 is the actual blocking time of J . The A DMISSIBLE function defined inFigure 7 implements a polynomial-time, heuristic procedure for checking admissibility. The Z produced by it satisfies by construction NBJ, NBR (because z ∈ Z correspond to elements in H associated with all-different resources and jobs) and induction compatibility (because of the R ∈ R I condition). Moreover, lines 19-27 ensure that FLO, FHO and LSM also hold. It shouldbe noticed, however, that such a procedure is sound but not complete, as the following exampleshows. Example 12:
Let us consider an application
Γ = { J , . . . , J } . Let jobs in Γ access a set ofshared resources R = { R , . . . , R } , in the following way: J [ R : 1] J [ R : 2] [ R : 2 [ R : 1]] J [ R : 2] We observe that z , ⊂ z , which is compatible with resource ordering R < R . Let us nowfocus on B . We observe that R N = { R , R } and Γ N = { J , J } . We obtain the followingblocking time matrix: d = with H = { ( J , R ) , ( J , R ) } and h = 4 . Such a value corresponds indeed to the exact valueof B , since there exists an admissible Z = (cid:104) z , , z , (cid:105) where the allocation of resources to jobs June 12, 2018 DRAFT3 is R /J , R /J and d ( Z ) = 4 . However, the admissibility check fails, because A DMISSIBLE only finds the left-most section z ,k with duration d ,k = d ( J , R ) = 2 , which is z , , and doesnot consider other options. However, given (cid:104) z , , z , (cid:105) , z , is not induction compatible, thus (cid:104) z , , z , (cid:105) is not admissible.In general, a complete admissibility check with nested sections may require several backtracks,which increase its complexity and thus lose its purpose. It seems therefore more effective to trya simple heuristic method first and then, if that fails, proceed with the exact method we willpresent next. Also notice that A DMISSIBLE is complete if any of the following conditions holds: • R i = R iN (as it is the case in the absence of nested sections); or • ∀ ( J j , R ) ∈ H , there is only one z j,p ∈ β j such that R j,p = R and d j,p = d ( J j , R ) .VI. E XACT C OMPUTATION
To compute J i ’s maximum blocking time B i we can apply A ∗ [9], which is a heuristic-based,exact search algorithm [10]. A ∗ is defined in general for graphs. However, we can gain insimplicity and efficiency by exploiting the tree structure of the search space resulting from theabsence of nested sections.The data structure used by A ∗ is a search tree , where each node is associated with anadmissible z-chain that uniquely defines a (partial) allocation of resources to jobs. Nodes canbe extended by extending the z-chain, leading to more nodes. The root of the search tree is the empty node , where no resources are allocated. The gain g of a node is equal to the duration ofthe z-chain. Terminal ( leaf ) nodes are those associated with z-chains that have no admissibleextensions. An optimal solution corresponds to a node associated with a z-chain with the longestduration. Only terminal nodes represent optimal solutions. The likelihood of a node to lead toan optimal solution is estimated by the duration of the z-chain (gain) plus the estimated durationof its longest extension ( heuristic value ), considering the remaining jobs and resources.A key aspect of A ∗ is that the search tree is not all generated blindly at start, because thatwould mean creating and keeping in memory an exponentially large number of nodes. Instead,only one node is expanded at a time. The node is selected among a set of candidate nodes forexpansion, called fringe , according to the estimated gain. Definition 7 (Estimated gain):
The estimated gain of a solution through a given node is f ( node ) = node.g + node.h . June 12, 2018 DRAFT4 function A DMISSIBLE ( Γ , d, H , h ) (cid:46) Determine if H corresponds to an admissible z-chain Z ← ∅ d ← R I ← R i while ∃ ( J j , R ) ∈ H such that R ∈ R I and d ( J j , R ) > do k ← found ← false while found is false do if R j,k = R and d j,k = d ( J j , R ) then found ← true d ← d + d ( J j , R ) Z ← Z + (cid:104) z j,k (cid:105) R I ← R I ∪ { R j,q | z j,q ⊂ z j,k } \ { R } else k ← k + 1 if d < h then return false j ← | Γ | R Z ← ∅ while j > i do if ∃ z j,p ∈ Z then for q = 1 to p do if R j,q ∈ R Z then return false (cid:46) Violation of FLO R Z ← R Z ∪ { R j,s | z j,s ⊇ z j,p } j ← j − return true Fig. 7. Admissibility check for nested sections
June 12, 2018 DRAFT5 RR iN R in R H R Z Fig. 8. Relations among resource sets.
Definition 8 (Fringe):
The fringe [10] is the ordered collection of nodes that have beengenerated but not yet expanded.
Definition 9 (Node): A node in the search tree is a data structure (cid:104)Z , R Z , Γ Z , R H , Γ H , R in , Γ in , g, h (cid:105) where: Z is the set of critical sections that have been explored so far in the current branch of thesearch tree, encoding an allocation of resources in R iN to jobs in Γ iN ; R Z is the set of resources associated with sections in Z ; Γ Z is the set of jobs associated with sections in Z ; R H is R iN \ R Z ; Γ H is Γ iN \ Γ Z ; R in is in ( J i , Z ) ; Γ in is the set of jobs in Γ H containing sections that are maximal with respect to R i and areassociated with resources that do not belong to R Z ; g is the total duration of all sections in Z (gain); h is the heuristic value associated with node .The relations among sets of resources relevant to Definition 9 are illustrated in Figure 8. The heuristic value associated with a node is the bound on the maximum blocking time produced R Z , Γ Z , as well as other fields of the node structure, could be derived from Z , but are kept separate for efficiency. June 12, 2018 DRAFT6 function B LOCKING -T IME ( Γ , i ) R iN ← R ELEVANT -R ESOURCES (Γ , i ) Γ iN ← { J j | j > i and J j uses resources in R iN } h ← H (Γ iN , R iN ) n ← (cid:104)∅ , ∅ , ∅ , R iN , Γ iN , R i , Γ i , , h (cid:105) fringe ← (cid:104) n (cid:105) while true do n ← R EMOVE -F IRST ( fringe ) if n.h = 0 then return n.g else I NSERT -A LL (E XPAND ( n ), fringe ) Fig. 9. Blocking time computation: main function by jobs in node. Γ H via resources in node. R H , and it can be determined in polynomial timeusing the method seen in Section IV. Notice that node.h is 0 if and only if node is a leaf node.The exact algorithm for computing the maximum blocking time B i of a job J i is shown inFigure 9. Initially, the fringe only contains the empty node (cid:104)∅ , ∅ , ∅ , R iN , Γ iN , R i , Γ i , , h (cid:105) , with h equal to the upper bound obtained using the method seen in Section IV. The fringe getspopulated by new nodes until an optimal solution is reached. To ensure an optimally efficientexploration of the search tree, the elements in the fringe must be kept ordered by descending f .To this end, two functions are defined to manipulate fringe elements: • R EMOVE -F IRST ( fringe ), which returns the first node in the fringe and at the same timeremoves it from the fringe; • I NSERT -A LL ( nodes , fringe ), which inserts in the fringe a set of nodes, ensuring that thefringe is kept ordered by descending f , and resolving ties arbitrarily but always primarily Henceforth, we will use the dot notation to identify elements of a node: node. Z , node. R Z , etc. June 12, 2018 DRAFT7 function E XPAND ( n ) successors ← ∅ for all z j,p in S UCCESSORS ( n ) do s ← a new node s. Z ← n. Z ∪ { z j,p } s. R Z ← n. R Z ∪ { R j,p } s. Γ Z ← n. Γ Z ∪ { J j } s. R H ← n. R H \ { R j,p } s. Γ H ← n. Γ H \ { J j } s. R in ← n. R in ∪ in ( J i , z j,p , n. R in ) s. Γ in ← { J k ∈ s. Γ H | β k ( s. R in ) \ β k ( n. R Z ) (cid:54) = ∅} s.g ← n.g + d j,p if s. Γ in = ∅ then s.h ← else s.h ← H ( s. Γ H , s. R H ) add s to successors if s.h = 0 and f ( s ) = f ( n ) then return successors if successors = ∅ then n.h ← add n to successors return successors Fig. 10. Blocking time computation: node expansion in favor of leaf nodes, and, secondarily, in favor of newest nodes. In order to optimize memory usage, the fringe could be set to contain at most one leaf node, and nothing after that. In thisway, each time a new node n is produced, if the last node of the fringe is a leaf node with an estimated gain that exceeds orequals f ( n ) , then n can be simply discarded; else if n is a leaf node then all nodes with an estimated gain no larger than f ( n ) are removed from the fringe and n is appended to the fringe, becoming its last element; else n is inserted in the fringe beforeany other node with a lower or equal value of f . This technique implements a simplified form of memory-boundedness [10].However, we will keep in the fringe structure all the generated and yet unexpanded nodes, in order to be able to ensure thatthe same z-chain is not explored twice (see function S UCCESSORS , line 6).
June 12, 2018 DRAFT8 function S UCCESSORS ( n ) (cid:46) Determine all admissible extensions to n extensions ← ∅ for all J j in n. Γ in do (cid:46) NBJ for all z j,p in β j ( n. R in ) \ β j ( n. R Z ) do (cid:46) NBR, LSM if ∃ ˆ n ∈ fringe such that n. Z + (cid:104) z j,p (cid:105) ⊆ ˆ n. Z then (cid:46) Avoid considering the same z-chain twice discard z j,p and continue R s ← { R j,s | z j,s ⊇ z j,p } for all z h,q | z h,r ∈ n. Z , h < j, q < r do if R h,q ∈ R s then discard z j,p and continue (cid:46) FHO for all J l ∈ n. Γ Z such that j < l do R q ← { R l,q | z l,r ∈ n. Z , z l,q ⊇ z l,r } for all o < p do if R j,o ∈ R q then discard z j,p and continue (cid:46) FLO add z j,p to extensions return extensions Fig. 11. Blocking time computation: identification of admissible extensions E XPAND (Figure 10) creates a set of (non-leaf) successor nodes corresponding to the admis-sible extension found by S
UCCESSORS (Figure 11).If S
UCCESSORS ( node ) = ∅ , then node is marked as a leaf node: node.h ← , and reinsertedin the fringe. Otherwise, node is removed from the fringe and the set of successor nodes createdby E XPAND ( node ) is added to the fringe.The algorithm terminates when the element removed from the fringe is a leaf node, wherebythe maximum blocking time is returned as that node’s gain. Remark 1:
Termination of the methods used is proven in [9], [7].Before we illustrate the method with an example, it is worthwhile commenting on the method’s
June 12, 2018 DRAFT9 optimality.
Remark 2:
Since h is defined as an upper bound, it never underestimates the blocking time,and therefore it is an admissible heuristic according to Hart et al. [9]. Because h is admissible,the tree-search A ∗ method is provably optimal , thus it returns the maximum blocking time (notsimply a bound), as well as optimally efficient , thus no other optimal algorithm that uses h asa heuristic is guaranteed to expand fewer nodes [9].To illustrate the procedure, let us consider the following example. Example 13:
Let us consider an application
Γ = { J , . . . J } . Let jobs in Γ access a set ofshared resources R = { R , . . . , R } , in the following way: J [ R : 1] J [ R : 6 [ R : 4 [ R : 2]]] J [ R : 5] [ R : 13 [ R : 10]] J [ R : 3 [ R : 1]] [ R : 1] [ R : 12 [ R : 9]] J [ R : 4] [ R : 13 [ R : 12]] [ R : 7] We observe that nesting of critical sections is compatible with resource ordering R < R We have f ( n ) = 26 , f ( n ) = 10 , and f ( n ) = 33 , therefore f ringe = (cid:104) n , n , n ( (cid:63) ) (cid:105) . Thefirst node in the fringe is n and is not a leaf node. Its only possible extension satisfying NBJ For convenience, ( (cid:63) ) marks the first leaf node in the fringe. June 12, 2018 DRAFT1 and NBR is z , , which is also limited-scope maximal (LSM). However, since R , = R , , z , violates FHO. Since n has no admissible extensions, we set n .h to , obtaining f ( n ) = 12 with n a leaf node. The f ringe becomes (cid:104) n , n ( (cid:63) ) , n (cid:105) .The first node in the fringe is n and is not a leaf node. Its possible LSM extensions satisfyingNBJ and NBR are z , and z , , which satisfy FHO, because n . Z only contains one sectionwhich is not preceded by any other section, as well as FLO, because the only job in n . Γ Z is J ,which has higher priority than J and J . Therefore, z , and z , are both admissible extensions.Two new nodes are created accordingly: • n = (cid:104){ z , , z , } , { R , R } , { J , J } , { R , R } , { J , J } , { R , R , R , R } , { J , J } , , (cid:105) ; • n = (cid:104){ z , , z , } , { R , R } , { J , J } , { R , R } , { J , J } , { R , R , R } , { J } , , (cid:105) ,with f ( n ) = f ( n ) = 26 .We now have f ringe = (cid:104) n , n , n ( (cid:63) ) , n (cid:105) . The first node in the fringe is n and is not aleaf node. It has 4 possible admissible extensions: z , , z , , z , , and z , , corresponding to4 new nodes: n , . . . , n . Two of these nodes are leaf nodes: n , with f ( n ) = 13 , and n ,with f ( n ) = 16 , whereas the other two nodes are expandable, with f ( n ) = f ( n ) = 26 .The new fringe is therefore (cid:104) n , n , n , n ( (cid:63) ) , n , n , n (cid:105) , with n . Z = (cid:104) z , , z , , z , (cid:105) . We haveonly one admissible extension to n , which is z , , thus obtaining a last (leaf) node, n , whoseassociated z-chain is n . Z = (cid:104) z , , z , , z , , z , (cid:105) , yielding for J a blocking time B = n .g = d ( n . Z ) = 26 .We shall notice how, in order to find the maximum blocking time, we had to explore 11nodes, as shown in Figure 12, whereas an uninformed search of the space would mean evaluating (cid:81) j> ( | β j | + 1) = 4 × × × possibilities.VII. C ONCLUSION We have introduced a polynomial method for bounding the blocking time, and exact methodfor computing the blocking time under PIP. There is surely margin for further optimizations.For example, dynamic programming techniques can be used to cache partial results on theadmissibility of z-chains. Nevertheless, the approach we propose already offers two majorbenefits: it shows that establishing a bound can be done in polynomial time, whereas literaturehas only offered, to the best of our knowledge, exponentially-complex methods, and it definesan exact method, which was something missing altogether. Moreover, the proposed method isoptimally efficient. A further contribution is the first complete characterization of blocking under June 12, 2018 DRAFT2 PIP, which could lay the ground for further analyses and a better understanding of the theoryand practice of such a key component of many real-time systems.R EFERENCES [1] L. Sha, R. Rajkumar, and J. P. Lehoczky, “Priority inheritance protocols: An approach to real-time synchronization,” IEEETrans. Comput. , vol. 39, no. 9, pp. 1175–1185, Sep. 1990.[2] A. Silberschatz, P. B. Galvin, and G. Gagne, Operating System Concepts - International Student Version, 9th Edition .Wiley, 2014.[3] G. C. Buttazzo, Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications , 3rd ed. SpringerPublishing Company, Incorporated, 2011.[4] R. Rajkumar, Synchronization in Real-Time Systems: A Priority Inheritance Approach . Norwell, MA, USA: KluwerAcademic Publishers, 1991.[5] R. Tarjan, “Depth-first search and linear graph algorithms,” SIAM Journal on Computing , vol. 1, no. 2, pp. 146–160, 1972.[6] H. W. Kuhn, “The Hungarian method for the assignment problem,” Naval Research Logistics Quarterly , vol. 2, no. 1-2,pp. 83–97, 1955.[7] J. Munkres, “Algorithms for the assignment and transportation problems,” Journal of the Society for Industrial and AppliedMathematics , vol. 5, no. 1, pp. 32–38, 1957.[8] M. Dell’Amico and S. Martello, “Linear assignment,” in Annotated Bibliographies in Combinatorial Optimization ,F. Maffioli, M. Dell’Amico, and S. Martello, Eds. Wiley, 1997, pp. 355–371.[9] P. E. Hart, N. J. Nilsson, and B. Raphael, “A formal basis for the heuristic determination of minimum cost paths,” IEEETransactions on Systems Science and Cybernetics , vol. 4, no. 2, pp. 100–107, July 1968.[10] S. Russell and P. Norvig, Artificial Intelligence: A Modern Approach , 3rd ed. Upper Saddle River, NJ, USA: PrenticeHall Press, 2009., 3rd ed. Upper Saddle River, NJ, USA: PrenticeHall Press, 2009.