Asynchronous Event Handling and Real-Time Threads in the Real

Asynchronous Event Handling and Real- time Threads in the Real-time Specification for Java*

A.J. Wellings and A. Burns Department of Computer Science, University of York, YOlO 5DD, U .K. Email: {andy, burns}@cs.york.ac.uk

Abstract the controller via interrupts. For example, a robot may trip a switch when it reaches a certain position. This paper discusses the role and implementation of This is a signal to the controller that the power to asynchronous event handlers in the Real-time speci- the motor should be turn off, thereby bringing the fication for Java (RTSJ). For non-blocking handlers, robot to a halt. an implementation model whereby all heap-using han- The system designer often has a choice on whether dlers are serviced by a single thread and all no-heap to implement the control algorithm as a time trig- handlers are serviced by another server thread is pro- gered or event triggered one. Event triggered systems posed and schedulability analysis is derived. The are often more flexible whereas time triggered system model is shown to have bounded priority inversion. are more predictable (Kopetz, 1997; Burns, 2002). In General multiple-server models are needed for non- either case, the controller is usually represented as a blocking handlers but the support in the RTSJ is crit- thread. However, there are occasions where this is icised as lacking in configurability. A solution is pro- not appropriate. These include (Ousterhout, 2002; posed which allow the number of servers to be spec- van Renesse, 1998) when: ified, and the allocation of handlers to servers to be controlled. ."!It:;-+1.~ t:;A"t:;L!laL~.,+~--~1 UUJt:;l;""~1.:--+~ aLt:; LLLaLLyaLLU 3 ,-1.-:-LJl~Jl l;UJlLruJ---,--l., algorithms are simple and non blocking, and

1 Introd uction .the external objects are inter-related and their collective control requires significant communi- One of the main reasonsfor a real-time programming cation and synchronization between the con- language to support concurrency is to facilitate the trollers. modelling of parallelism in the real world (Burns and Wellings, 2001). For example, within embeddedsys- In the former case, using a thread per controller leads tem design,the controllers for real world objects such to a proliferation of threads along with the associated as conveyorbelts, enginesand robots are represented per thread overhead. In the latter case, complex com- as threads in the program. The interaction between munication and synchronization protocols are needed the real world objects and their controllers can be which can be difficult to design correctly and may either time triggered or event triggered. In a time lead to deadlock or unbounded blocking. triggered systems,the controller is activated periodi- An alternative to thread-based programming is cally. It sensesthe environment in order to determin- event-based programming. Each event has an asso- ing the status of the real-time object it is controlling. ciated handler. When events occur, they are queued Based on its findings, it writes to actuators which and a server thread takes an event from the queue are able to affect the behaviour of the object. For ex- and executes its associated handler to completion. ample, a robot controller may determine the position When the handler has finished, the server takes an- of a robot via a sensor and decide that it must cut other event from the queue, executes the handler and the power to a motor thereby bringing the robot to so on. The execution of the handlers may generate a halt. In an event triggered system, sensorsin the further events. With this model, there is only one environment are activated when the real world object thread -the server thread. There is no need for ex- enters into certain states. The events are signalled to plicit communication between the handlers as they .Javais a trademarkof SunMicrosystems. can simply read and write from shared objects with-

Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’02) 0-7695-1739-0/02 $17.00 © 2002 IEEE out contention. The disadvantage of controlling all The ReleaseParameters class is a base abstract class external objects by event handlers include: and gives the general parameters that all schedulable objects need. A schedulable object can have a .it is difficult to have tight deadlines associated deadline and a cost associated with each time it is with event handlers as a long-lived or blocking released for execution, along with handlers for their handler must terminate before the server can ex- overrun. The cost is the amount of execution time ecute any newly arrived high-priority handlers; that a scheduler should give to the object. If the object is still executing when either its deadline or its .it is difficult to execute the handlers on a multi- cost expires, an associated event handler is scheduled. processorsystem as the handlers assumeno con- It should be noted that the RTSJ does not require tention for shared resources. an implementation to support execution-time moni- One of the main examples often quoted as requiring toring. However, it does require it to detect missed an event-handling system is the implementation of a deadlines. Of course, a program can indicate that it graphical user interface. For example, standard Java is not concerned with a missed deadline by passing a supports threads but its Swing and AWT toolkits are null handler. Subclasses of the ReleaseParameters event based. class support periodic, aperiodic and sporadic release In an attempt to provide the flexibility of threads parameters. and the efficiency of event handling, the Real-Time The Scheduling Parameters is a null abstract Specification for Java (RTSJ) (Bollella et al., 2000) class. It has subclasses for the definition of prior- has introduced the notion of real-time asynchronous ity parameters and important parameters. All RTSJ events and associatedhandlers. However, the spec- implementations are required to support at least 28 ification is silent on how these events can be imple- unique real-time priority levels. However, there is mented and how their timing requirements can be no defined values for the importance parameters. guaranteed. As the RTSJ is likely to becomea stan- The only scheduler that the RTSJ requires is a pre- dard implementation language for real-time applica- emptive priority-based one. tions, a detailed assessmentof its facilities is timely. Essentially there are two types of schedulable ob- The goal of this paper is to explore how RTSJ real- jects: real-time threads and asynchronous event han- time events can be implemented and integrated with dlers. Each AsyncEvent can have one or more han- the scheduling of real-time threads. In section 2, and dlers. When the event occurs {indicated by a call to overview of the RTSJ event handling model is pre- the fire method), all the handlers associated with sented. The only schedulingpolicy required by RTSJ the event are scheduled for execution according to is priority-based scheduling; section 3, therefore, con- their Scheduling Parameters. Note that the firing siders a priority-based implementation of event han- of an event can also be associated with the occur- dlers. Section 4 then developsthe responsetime anal- rence of an implementation-dependent external ac- ysis for this implementation model. Section 5 extends tion by using the bindTo method. Subclasses of the the model by considering multiple serversand bound AsyncEvent class provide time-triggered events. Fig- event handlers. Finally, conclusions are presentedin ure 1 illustrates the event class hierarchy. Section 6. Each handler is scheduled once for each outstanding event firing. However, the handler can modify the number of outstanding events by using the methods 2 The Event Handling Model in the AsyncEventHandler class. Although an event handler is a schedulable entity Objects which are to be scheduledin RTSJ must im- {i.e. at some point it must be executed by a thread), plement the Schedulable interface and specify: the intention of the RTSJ is that it will not suffer the same overhead as an application thread. Conse- .their memory requirements via the class quently, it cannot be assumed that there is a sepa- MemoryParameters-not consideredin this pa- rate implementation thread for each handler, as more per; than one handler may be associated with a particular implementation thread. If a dedicated thread .their timing requirements via the class is required, the BoundAsyncEventHandler should be ReleaseParameters; used. However, other event handlers may also be .their scheduling requirements via the class associated with that thread. Figure 2 illustrates the event handler class and its relationship to other Scheduling Parameters; classes.

3 Implemention Issues At the other extreme, a single server real-time thread could be used to execute all event handlers. The key challenge in implementing event handlers is This approach is illustrated in Figure 3. to limit the number of threads without jeopardising There are two main issues associated with this ap- the schedulability of the overall system. Further- proach: more, the RTSJ requires pre-emptive priority-based I. the order of the event handler queue scheduling of all schedulable objects. If interpreted strictly, this requires a high priority event handler to 2. the priority of the server pre-empt a low priority event handler. This severely To enable effective schedulability analysis, the event limits the freedom of the implementation and, ar- handler queue should be priority ordered. Note that guably, removesone of the motivations for an event for event firing, zero, one or more handlers may be handling paradigm (i.e. that communicating han- added to the queue. The handlers might have differ- dlers are non-pre-emptible and, therefore, do not re- ent priorities. It is also necessary to check that the quire synchronization). inter-arrival time of the release of the handlers has This section considers only sporadic and periodic not been violated; however, this is not the concern of events handlers; aperiodic event handlers can be im- this paper . plemented using standard aperiodic server technol- The priority of the server needs to reflect the pri- ogy such as sporadic servers or deferrable servers ority of the handler it is executing. Hence, the (Lehoczkyet al., 1987). From a scheduling perspec- server's priority must be dynamically changed. Fur- tive, each of these handlers has an inter-arrival time, thermore, as an executing low priority handler is a deadline and a priority. Here it is assumed that not pre-emptible by a high priority handler (in this the priorities have been set by the programmer, per- model), it is necessary to implement a priority inher- haps using a deadline monotonic priority assignment itance algorithm in order to get usable bounds for algorithm (Leung and Whitehead, 1982). the priority inversion. The priority of the server can, At one extreme of the possible implementation therefore, be defined to be the maximum of the pri- strategies is the approach which allocates a dis- ority of the handler it is currently executing and the tinct thread (real-time or no-heap real-time, depend- priority of the handler at the front of the event han- ing on the handler) for each handler and schedules dler queue*. Note that although the priority of the the threads in competition with application-defined server is changing, it is still essentially a fixed priority threads. Whilst this is simple to implement and is system albeit with priority inheritance- adequate for systems with a small number of events, * A similar approachcan be usedif EDF schedulingis em- it is expensivefor a large number of events. ployedinstead of priority-basedscheduling.

Unfortunately, there are somesignificant disadvan- 4 Response Time Analysis tages with this approach. .For fixed priority systems,response time analysis can 1. Potentially Unbounded Priority InversIOn b d t d t . e use o e ermme weerh th th e se t ofth rea d s mee t The server causespriority inversion. A high pri- their deadlines (Audsley et al., 1993). Table I gives ority event handler will not be executed imme- a standard set of notations used for analysing these diately. Instead it is blocked until the server fin- systems. The responsetime equation for an arbitrary ishes executing the current handler. Priority in- thread i is given below; heritance allows this blocking to be bounded (see Section 4) but only if the handlers themselves ~ = Ci + Bi + Ii do not block (e.g., issue a sleep or wait method call). Multiple servers are needed to avoid this that is, problem (seeSection 5). 2. No-Heap Event Handlers Ri = Ci + Bi + .L. r ~ 1 Cj (I) The RTSJ allows real-time threads and asyn- JEhp(.) chronous event handlers to indicate that they. . .11 t h Th . bl whIch can be solved by constructmg a recurrence re- WI no access eap memory. IS ena es I . h. them to safely pre-empt the garbage collector . atIons Ip; The single server model presented above will fail when there is a mixture of heap and no-heap R?+l = Ci + Bi + L r -1:R~ 1 Cj (2) event handlers. For example, the server execut- jEhp(i) J ing an event handler which uses the heap can inherit a no-heap event handler's priority. How- the recurrence iteration starts with R? equal to Ci. ever, the thread is a real-time thread and, there- This equation needsto be modified to capture the fore, can still be pre-empted by the garbage col- model of event handling presented in Section 3 (for lector. Consequently, the no-heap handler will simplicity the analysis is shown for just one real-time be delayed when garbage collection occurs. The server, i.e. there is no mixture of heap and no-heap solution to this problem (when handler do not handlers, and there are no delaysfrom garbagecollec- block) is to have two server threads (a real-time tion). Furthermore, the analysis assumesthat event thread and a no-heap real-time thread) and two handlers do not suspendthemselves. priority ordered queues (one for real-time han- The approach is to model each event handler as dlers and one for no-heap handlers). an individual thread with its own computation time,~

EventHandler Queue "'-"J

HandlerServer

Figure 3: Handling events via a single server

I Notation I ~~scription- --I Worst-case blocking time for the thread (if applicable) Worst-case computation time (WCET) of the thread Deadline of the thread I The interference time the thread suffers from higher priority threads I Number of threads in the system I Priority assigned to the thread (if applicable) Worst-case response time of the thread Minimum time betweenthread releases{e.g. thread perIod) hp(i) I The set of threads with priority higher than thread i

Table 1: Standard notation

however, the non-pre-emptible nature of their execu- as well as other handlers. tion has to be taken into account. Consider the responsetime of an arbitrary thread/handler. Its inter- Ii = LjEhpt(i) r !J;;1 aj + ferenceoccurs from high priority threads plus higher priority event handling. There is also an added com- L,Ehph(i) r !Jj!;1 a, + maxkElphak (3) ponent from the non-pre-emptive time of the server. This is the maximum of all low priority event han- where hpt( i) is the set of threads whose priority is dlers. Even for threads, this non pre-emption time higher than thread/handler i and hph(i) is the set of must be included even though they do execute pre- handlers whosepriority is higher than thread/handler emptively. To illustrate this consider a thread that i. lph(i) is the set of handlers whose priority is lower pre-empts a lower priority handler. Then let a high than or equal to thread/handler i. Hence, the worst- priority hander be released. It will pre-empt the casenon-pre-emption time is the maximum of all the thread but it cannot execute until the lower prior- low priority handlers. ity handler has completed. Priority inheritance raises The above is an adequate conservativemodel and the priority of the original handler so that it does ex- provides a reasonable tight bound on the response ecute before the thread. Hence the execution time of time for non-blocking handlers if the execution time lower priority handlers must be included for threads of handlers is reasonableshort. A tighter result is obtained by noting that a handler cannot be pre-empted by a higher priority handler once it has started ex-

Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’02) 0-7695-1739-0/02 $17.00 © 2002 IEEE ~ ecuting (although it can be pre-empted by a higher higher priority handlers will arrive and pre-empt T . priority thread). To account for this we must first Each of these will result in two context switches calculate the worst case response time (Rt}. ) for exe- and hence the handler under consideration will suffer cuting the first 'tick' (~)of the handler: these overheads. If there are no application threads with priorities interleaved with the handler priorities R'F1 - + Bi + EjEhPt(i) r ~R~ l~ .- Cj + then it may be that a reduced overhead load can be used in the analysis -but this will depend on the i~!!:t G, + maxkE'ph Gk L,Ehph(i) i r T, (4) particular characteristics of the application. Events are usually associated with interrupts and This is solved using the recurrence method. The full hence placing the event handlers in the queue can response time is now obtained by a minor change to be considered to be performed at the highest prior- this equation (note no more interference is obtained ity. Furthermore, as the queue must be protected, from the handlers). the server must access it at the highest priority and ceiling priority inheritance used. The additional in- Ro Ci + Bi + }:::;jEhpt(i) r ~Ro Ri = Cj + terference these interrupt handlers have on each application threads is given by: L,Ehph(i) r ~R~ l C/ + maxkE/ph Ck (5) r- Ri

to solve this, the recurrence equation starts with the kErL Tk value Rf" . where r is the set of handlers, IH is the cost of .handling the interrupt (and returning to the running 4.1 ModellIng Overheads thread, having entered the associated handlers into Equations (3) and (5) have two main limitations the queue and, if necessary,raising the priority of the server). It can also include the cost of taking the 1. they does not take into account context switch associatedevent handlers out of the queue. times, and therefore, part of the motivation for This representation assumesthat all interrupt han- event handlers is lost dlers give rise to the same cost; if this is not the case 2. they does not model the time taken to put/take then IH must be defined for each k. the event handlers into/from the queue.

With normal pre-emptive scheduling of threads, 5 Multiple Servers and Bound it is usual to account for the overheads of context Event Handlers switching by adding to the execution time of each thread the cost of switching to, and the cost of switch- The RTSJ allows an implementation of asynchronous ing from, the thread. Although the scheduling analy- event handlers to usemore than one serverthread and sis assumes that the worst case occurs when all higher for there to be a dynamic association of handlers to priority threads are released together, once context threads. A possible model is depicted in Figure 4: switches are incorporated, the worst case actually oc- This general model has two main drawbacks: curs when each higher priority thread pre-empts the thread under consideration. .related handlers must now assume that there With the non-pre-emptive handler model described may be some contention for shared software re- above it would appear that less context switches will sources occur (as all handlers are being executed by the .the worst-caseresponse times of the handlers is same thread). Indeed the average number of con- not dramatically improved as no knowledge of text switches will be much lower than one would ob- handler to server allocation can be assumed.The serve if each handler had its own thread. However in non-pre-emption time, say for a three server sys- the worst case, the single thread model behaves no tem, is the minimum of the three maximum val- better than the multi-thread approacht. To under- uesof the lower priority event handlers. To avoid stand this, consider a handler of priority p with an this priority inversion, a new server thread could application thread T of priority p + 1. Clearly T runs be created everytime the priority of the handler before the handler; but during its execution other at the head of the queue is greater that the pri- tThere is some reduction in overhead due to non-pre- orities of the current servers. However,this more emption, but this is alreadytaken care of in equation(5). dynamic approach is more difficult to analyse.

\ "" / Event Handler Queue (Priority Ordered) \ ~ 'x;~INextHandlerexecuteHandler

end loop

\ "~

Figure 4: Handling events via multiple servers

The main advantagesof this approach over the single (Dibble, 2002) where each queue has an associated server one is that: server. If the handlers do not block, the analysis model is quite simple but pessimistic. To analysethe .it has a better mapping for a multiprocessor sys- responsetime of a particular handler, it must be as- tem sumed that all other handlers at the same priority .if a handler blocks waiting for 1/0 (or calls the level are ahead of it in the queue. Again, to cir- cumvent unbounded priority inversion when the han- sleep or wait methods), other handlers may still dlers block, it is necessaryto dynamically create new be served. However, if all handlers block, signif- servers(or take them from a pool) as, and when, nec- icant priority inversion still occurs. essary. Bound asynchronous event handlers extend this The main disadvantageof this approach is that the model by requiring that the same server always exe- application's programmer is not aware of the map- cutes the handler. The argument for this is to reduce ping; and consequentlyit must still assumethat there the latency on allocating a server. However, in the may be contention for shared resourcesbetween han- general casethis would appear to have negligible ben- dlers. Thrthermore, the model would seemto violate efit. Of course, in the extreme case where only one the requirements for bound event handlers. handler is bound to a particular handler, the model is equivalent to having an explicit real-time thread.

5.2 Obtaining More Control on Event Handling Implementations 5.1 Multiple Queues and Multiple In order to obtain the full benefit of asynchronous Handlers event handling, the programmer needs to be able to A more flexible model can be obtained by having mul- exercisemore control over the allocation of handlers tiple queues of executable handlers, as depicted in to server threads. One way of achieving this is to Figure 5. Here, the scheduler is responsible for de- allow the programmer to specify the maximum num- ciding which handler should be placed in which queue ber of server threads for bound event handlers. Each according to any feasibility analysis it can perform. server thread can then be given an id. For example, One possibility is to have a queue per priority level consider an addition to the RealtimeSystem class

~ J D--0--0-0 1":INextHandexecuteHandler~er ~/ end loop ~ EventHandier Queue "'--/

Figure 5: Handling events via multiple queues and multiple servers

package javax.realtime; used in standard pre-emptive scheduling in defining public class RealtimeSystem non-pre-emption groups -see (Wang and Saksena, 1999; Davis et al., 2000; Saksena and Wang, 2000).

public int getNoBoundEHServers ( ) ; public void setNoBoundEHServers ( 6 Conclusions int num) ; This paper has considered the rationale for, and } the implementation of, sporadic and periodic asynchronous event handlers in the Real- Time Specifi- Servers are numbered from O .. cation for Java. Although there are no restrictions getNoBoundEHServers() -1. The construc- placed on the structure or content of event han- tors for a BoundEventHandler can then be modified dlers, to obtain their full benefit, the code of han- to take an optional parameter indicating which dlers should be kept as short as possible and should server to use. This allows the programmer to ensure not block. This is because event handlers are im- that, for example: plemented by server threads and one high-priority .handlers in separate serversdo not need to syn- handler allocated to a server cannot pre-empt an ex- chronized their actions; ecuting low-priority handler allocated to the same server. Consequently, to avoid unbounded priority .handlers with tight deadlines can be kept sepa- inversion, servers must be created dynamically (or al- rate from handlers with long execution time; located from a pool). Ideally, handlers which require significant computation time, or which block, should .handlers which block can be allocated to indi- release sporadic threads which can be scheduled in a vidual threads; true pre-emptive manner. .heap and no-heap handlers can be bound to sep- An implementation model whereby all heap-using arate threads. handlers are serviced by a single thread and all no- heap handlers are serviced by another server thread Analysis on how to find the minimum number of has been proposed and schedulability analysis has handlers and how to map deadline requirements to been derived. A general multiple-server model has these handlers can be obtained by apply the approach been criticised as lacking in configurability and a so-

Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’02) 0-7695-1739-0/02 $17.00 © 2002 IEEE ~ lution has been proposed which allows Burns, A. and Wellings, A. J. (2001). Real-Time Systems and Programming Languages:, 3rd edn, 1. the number of serversto be specified, and Addison Wesley.

2. the allocation of bound handlers to serversto be Davis, R., Merriam, N. and Tracey, N. (2000). How controlled. embedded applications using an rtos can stay Such an approach has the following advantages: within on-chip memory limits, Proceedings for the Work in Progress and Industrial Experience .handlers in separate serverscan be organised so Sessions, 12th EuroMicro Conference on Real- that they do not need to synchronized their ac- Time Systems, Royal Institute of Technology, tions -thus allowing one of main benefits from Technical Report Number TRITA-MMK 2000, event-basedsystems; pp. 43-50. .handlers with tight deadlines can be kept sepa- Dibble, P. (2002). Real-time Java platform program- rate from handlers with long execution time; ming, Sun Microsystems Press.

.handlers which block can be allocated to indi- Kopetz, H. (1997). Real-Time Systems: Design Prin- vidual threads; ciples for Distributed Embedded Applications, Kluwer International Series in Engineering and .heap and no-heap handlers can be bound to sep- Computer Science. arate threadR- Lehoczky, J. P., Sha, L. and Strosnider, J. K. (1987). These advantages have to be traded against the Enhanced aperiodic responsiveness in a hard priority inversion that is inevitably introduced when real-time environment, Proceedings of the IEEE more than one handler of different priority is allo- Real-Time Systems Symposium, pp. 261-270. cated to a single server thread. Such an approach might be formalised in the RTSJ as a new scheduler Leung, J. and Whitehead, J. (1982). On the complex- which allows the non-pre-emptive schedulingof event ity of fixed-priority scheduling of periodic, real- handlers. time tasks, Performance Evaluation (Nether- lands) 2(4): 237-250.

7 Acknow ledgements Ousterhout, J. (2002). Why threads are a bad idea (for most purposes), The authors gratefully acknowledge the comments of http: / /www.home. pacbell. net/ ouster /threads. ppt, Greg Bollella, Peter Dibble and Doug Locke on an Sun Microsystems Laboratories. earlier version of this paper . Saksena, M. and Wang, Y. (2000). Scalable real-time design using premption thresholds, Proceedings of the 21st IEEE Real-Time Systems Sympo- References sium, IEEE, pp. 25-34. Audsley, N. et al. (1993). Applying new scheduling van Renesse, R. (1998). Goal-oriented programming, theory to static priority pre-emptive scheduling, or composition using events,or threads consid- Software Engineering Journal 8(5): 284-292. ered harmful, Proceedings of the Eighth ACM Bollella, G., Brosgol, B., Dibble, P., Furr, S., SIGOPS European Workshop, also available Gosling, J., Hardin, D. and Turnbull, M. (2000). at http: / /www. cs. corn ell. edu/lnfo /People/rvr / - The Real- Time Specification for Java, Addison- papers/ event/event.ps. Wesley. Wang, Y. and Saksena, M. (1999). Scheduling Burns, A. (2002). Real-time systems, Encyclopedia fixed priority tasks with preemption thresh- of Physical Science and Technology, Volume 14, old, Proceedings, IEEE International Confer- Academic Press, pp. 45-54. ence on Real- Time Computing Systems and Ap- plications, pp. 328-335.