Summary of Experimental Results

Our first objective of the experimental evaluation was to study whether the reduction of pessimism in our blocking analysis approach compared to prior spin locks analysis techniques results in higher schedulability. For F|N locks, for which prior analyses are available, our evaluation results show increased schedulability (often by a significant margin) under our analysis over a wide range of different configurations. The schedulability results depicted in Figures 6.5 and 6.6 illustrate this result for two representative configurations.

0

Figure 6.13: Schedulability for m = 16, U = 0.3n, 32 shared resources, rsf = 0.75, N^max = 1, and short critical sections.

In our experiments, FIFO-ordered spin locks typically led to higher schedu-lability results than priority-ordered spin locks, although priority-ordering appears to be preferable in a number of configurations. Highest schedulability results are achieved with either PF|N and PF|P locks, but the improvements over FIFO-ordered spin locks (if any) are typically marginal. Our results on the impact of allowing preemptions while spinning do not exhibit a clear trend favoring either of these options. Unordered spin locks consistently led to the lowest schedulability results, which highlights the importance of strong ordering guarantees to bound worst-case behavior. However, our results also show that unordered spin locks are “good enough” in a range of scenarios

0

Figure 6.14: Schedulability under preemptable spin locks for m = 16, U = 0.1n, 8 shared resources, rsf = 0.25, N^max = 10, and short critical sections.

0

Figure 6.15: Schedulability under FIFO- and priority-ordered spin locks for m = 16, U = 0.1n, 32 shared resources, rsf = 0.10, and short critical sections.

(e.g., with low contention).

The results from the qualitative comparison of spin locks in Chapter 5 (actual worst-case blocking durations) are in line with our experimental results. In particular, the dominance of FIFO- and priority-ordered spin locks over unordered ones conforms to the observation that unordered spin locks generally yield the lowest schedulability (under our novel analysis approach).

Further, in our experiments, PF|* spin locks always yield schedulability

results at least as high as FIFO- or priority-ordered spin lock, which is in line with the dominance of PF|* spin locks over both FIFO- and priority-ordered spin locks.

6.8 Summary

We presented a novel blocking analysis approach for P-FP systems supporting eight different types of spin locks, most of which were not supported by prior analyses. Notably, we provided an analysis for unordered spin locks that can be safely used even if the ordering policy of a spin lock is not known (e.g., AUTOSAR mandates spin locks, but does not specify a particular

type).

One important aspect of our approach is that the objective function of the MILP maximizes the blocking, and the constraints can only reduce the objective value (i.e., blocking bound). Constraints can be proven individually and the soundness of the analysis follows from the soundness of the individual constraints. Crucially, the soundness of the analysis does not depend on whether any particular set of constraints is imposed, but rather only on whether the constraints used are correct. In fact, omitting some of the presented constraints (or even all of them) will still yield sound (albeit likely more pessimistic) results.

The primary aim of our approach was to support a range of spin lock types not supported in prior work and to eliminate the pessimism inherent in prior analyses. Although our approach is asymptotically less pessimistic than prior analyses (where available), it cannot be guaranteed to yield tight blocking bounds (except for special cases, see Section 7.3.3). Moreover, we do not claim the set of constraints presented to be complete, in the sense that it may be possible to find additional constraints to further reduce analysis

pessimism.

Despite not necessarily being tight, the results of a large-scale experimental evaluation covering a broad range of different scenarios show that our analysis commonly yields improved—often by a significant margin—schedulability compared to prior analyses.

The evaluation results also allow for a comparison of the different spin lock types on a common basis. Based on our results, we suggest four improvements to the support of spin locks in AUTOSAR:

1. AUTOSAR should specify the concrete type of spin lock. Not specify-ing the spin lock type requires makspecify-ing safe, but pessimistic assumptions for analyzing the system (e.g., assuming unordered spin locks), nega-tively impacting schedulability.

2. AUTOSAR should specify support for FIFO-ordered spin locks. Our evaluation results show that FIFO-ordered spin locks (together with PF|* locks) typically yield the highest schedulability results over a wide range of different scenarios. In addition,

3. AUTOSAR should specify support for priority-ordered spin locks, since there exist workloads supported by priority-ordered spin locks, but not FIFO-ordering alone. Importantly, request-priorities should be configurable independently of scheduling priorities.

4. Strong ordering guarantees can reduce worst-case blocking and allow-ing preemptions while spinnallow-ing may be required by latency-sensitive applications. The AUTOSAR API for spin locks should hence be extended to explicitly support preemptable spinning without sacrificing ordering guarantees as we point out in Section 2.4.2.

Note that we suggested that AUTOSAR should specify support for FIFO-and priority-ordered spin locks, but not PF|N or PF|P locks although they

achieved consistently highest schedulability in our experimental evaluation.

The reason is that PF|N or PF|P typically offer only marginal (if any) benefits over pure FIFO- or priority-ordered spin locks, and potentially introduce ad-ditional implementation and runtime overhead — both undesirable properties in resource-constrained embedded systems.

The blocking analysis presented in this chapter does not support nested requests. Lifting this restriction while maintaining the same accuracy in-herently increases the computational complexity of the blocking analysis problem, as we show in the next chapter.

Chapter 7

Analysis Complexity of Nested Locks ¹

7.1 Introduction

In the previous chapters, we assumed that lock requests are not nested, that is, at any time, a job can hold at most one lock. Nesting of requests, however, can be desirable for performance reasons (e.g., to enable fine-grained locking in shared data structures), or may even be an implicit effect of modularization in sufficiently large software stacks (e.g., calls to library functions or system calls can involve lock acquisitions, and hence nesting of requests).

Extending our blocking analysis presented in the previous chapter to nested spin locks seemed a natural next step, but posed significant challenges, especially maintaining reasonably low computational cost² while accounting for new blocking effects enabled by nesting. In fact, as we show in this chapter by reductions from a matching problem, the decision variant of

1This chapter is based on [134].

2Polynomial runtime for F|N locks, see Section 6.6.2.