EVANGELISM AND FORMATION OF THE SOCIAL BODY AT A PUEBLO DE INDIOS OF THE KINGDOM OF THE NEW GRANADA

A job of task Ti can incur arrival blocking when, upon its release, a lower-priority job running on the same processor is either executing non-preemptively or holding a local resource with a priority ceiling of at least Ti’s priority.

Similarly, the use of non-preemptive FIFO spin locks for global resources can cause a job of Ti to incur arrival blocking when a lower-priority job issues a request to a global resource. In this case, the lower-priority job non-preemptively spins until gaining access and then executes the request without giving T_i’s job a chance to execute.

We first split the total arrival blocking B_i into the blocking times B_i,q due requests from other tasks for each resource lq:

∀Ti: ∀q, 1 ≤ q ≤ nr: Bi ≥ Bi,q. (C15)

We then further split the per-resource arrival blocking times into blocking times due to requests for l_q from each processor P_k:

∀Ti : ∀q, 1 ≤ q ≤ nr : Bi,q=

m

X

k=1

Bi,q,k. (C16)

To constrain these per-resource, per-processor arrival blocking times for T_i, we first define a decision variable Zi,q that is set to 1 if critical sections of other tasks accessing resource l_q can cause a job of T_i to incur arrival blocking. To consider arrival blocking due to a local resource lq, we enforce that Z_i,q is set to 1 if T_i can incur blocking due to a local lower-priority task Tx accessing lq and Ti’s priority does not exceed lq’s ceiling. The ceiling of lq

can only be higher than or equal to T_i’s priority if there is a task (which can also be Ti), TH, that accesses `q, has at least Ti’s priority and is assigned to the same processor:

∀T_i : ∀q : ∀T_x, N_x,q > 0 ∧ T_x6= T_i : ∀T_H, N_H,q> 0 : (C17) Z_i,q≥ 1 − (2 − V_x,i− V_i,H) − (1 − X_i,x) − X_i,H.

The latter three terms in the constraint disable it (i.e., let it degenerate to Zi,q≥ 0) if the tasks Ti, TH and Txare not assigned to the same processor, if T_x does not have a lower priority than T_i, or if l_q’s ceiling is lower than T_i’s priority, respectively. To understand this constraint, first observe that the terms −(2 − V_x,i− V_i,H), −(1 − X_i,x) and −X_i,H cannot take any positive values. Hence, if either one of these terms takes a value of −1 or less, then the right hand side of the inequality evaluates to 0 or less, which effectively degenerates the constraint to Zi,q ≥ 0 (since Zi,q is a binary variable).

Further, in order for `<sub>q</sub>’s ceiling to be at least T<sub>i</sub>’s priority, there must be a task TH assigned to the same processor (which can be Ti itself) that also accesses `_q. If T_i, T_x and T_H are not assigned to the same processor, then Vx,i or Vi,H) (or both) are set to 0, and the term −(2 − Vx,i− Vi,H) evaluates to −1 or −2, which disables the constraint. Similarly, the term −(1 − X_i,x) evaluates to 0 if Ti has a higher priority than Tx, and −1 otherwise, which disables the constraint. Finally, −X_i,H disables the constraint if T_H has a lower priority than Ti (and thus TH’s requests for `q cannot raise `q’s ceiling

to at least T_i’s priority).

If lq is a global resource, Ti can incur arrival blocking due to a local lower-priority task T_x using l_q. Further, if l_q is a global resource, there exists a remote task TH using lq. The the below constraint forces Zi,q to 1 in this case:

∀Ti: ∀q : ∀Tx, Nx,q > 0 ∧ Tx 6= Ti: ∀TH, NH,q > 0 :

Zi,q≥ 1 − (1 − Vx,i) − VH,i− (1 − Xi,x). (C18)

The decision variable Zi,q enables us to specify constraints for B_i,q,k. If lq is a local resource, B_i,q,k has to be set to at least the longest critical section length of any local lower-priority task for lq, if requests for lq can cause Ti

to incur arrival blocking (i.e., Z_i,q = 1). This can be expressed with the following constraint:

∀Ti: ∀Tx : ∀k, 1 ≤ k ≤ m : (C19)

B_i,q,k ≥Lx,q− Lx,q · (1 − A_x,k) − Lx,q · (1 − Zi,q)

− Lx,q· (1 − A_i,k) − Lx,q· Xx,i.

In case lq is a remote resource and requests for lqcan cause Tito incur arrival blocking, Bi,q,k has to be set to at least the longest critical section length of any request for lq from processor P_k:

∀T_i: ∀T_x: ∀k, 1 ≤ k ≤ m : (C20)

B_i,q,k≥L_x,q − L_x,q· (1 − A_x,k)

− L_x,q · (1 − Z_i,q) − L_x,q· A_i,k.

Note that these bounds on B_i,q,k constitute lower bounds on the maximum duration of arrival blocking rather than specifying the actual blocking

in-curred. To find a feasible solution, the MILP solver has an “incentive” to lower each Bi,q,k as close to zero as possible, and Constraints C19 and C20 force B_i,q,k to be large enough to reflect the worst-case non-preemptive and local blocking as determined by the MSRP analysis (i.e., Constraints C19 and C20 ensure that B_i ≥ max{β_i^NP, β^loc_i }). Thus, for our goal of determin-ing a valid partitiondetermin-ing, constraindetermin-ing Bi from below suffices to ensure the schedulability of a partitioning.

This concludes the derivation of our MILP formulation of the partitioning problem with spin locks. The key property of our approach is that it is optimal with regard to Gai et al .’s analysis of the MSRP [72]: any partitioning implied by a solution to Constraints C1–C20 also passes the MSRP schedulability analysis reviewed in Section 2.5.1, and conversely, it can be shown that any task set and partitioning that pass the MSRP schedulability analysis also satisfies Constraints C1–C20.

This equivalence stems from Constraint C8 matching the basic response-time recurrence, and the fact that, by construction, Bi ≥ max{β_i^NP, β_i^loc} and I_i+ S_i ≥ β_i^rem+P

Th,πh<πi∧P (Ti)=P (Th)

lRi+jh

ph

m· (e_h+ β_h^rem). This ensures that the MILP solution is never “optimistic” (i.e., unschedulable under the MSRP analysis), while also ensuring that a schedulable task set implies a valid MILP solution. We formally state these soundness and completeness properties of our partitioning approach in the following.

Theorem 1 (Soundness). A task set with a partitioning and priority as-signment implied by a solution to the MILP is schedulable under the MSRP analysis.

Proof. Any solution to the MILP satisfies Constraint C8 (definition of re-sponse time) and Constraint C7 (schedulability), matching the contributions to response time under the MSRP analysis and task set schedulability, re-spectively. Further, the lower bound on the maximum interference, spin

delay and arrival blocking in the MILP match the respective terms in the

MSRP analysis. The claim follows. 

Theorem 2 (Completeness). If there exists a partitioning and priority assignment for a task set such that schedulability can be guaranteed under the MSRP analysis, then the MILP yields a partitioning and priority assignment under which schedulability can be guaranteed under the MSRP analysis.

Proof. By definition of the MILP, the variables encoding partitioning and priority assignment (i.e., the A and π variables) are only constrained to take valid assignments (i.e., such that each task is assigned to exactly one processor, and each task is assigned exactly one unique priority) and to yield response-time bounds not exceeding the deadlines (Constraint C7). Since the contributions to the response-time bound matches the respective terms

in the MSRP analysis, the claim follows. 

Next, we outline straight-forward extensions of our MILP formulation.