optimal priority-free conditionally- preemptive real-time ... · 1 optimal priority-free...
TRANSCRIPT
TSpace Research Repository tspace.library.utoronto.ca
Optimal priority-free conditionally-preemptive real-time scheduling of
periodic tasks based on DES supervisory control
Xi Wang, Zhiwu Li, W.M. Wonham
Version Post-print/accepted manuscript
Citation (published version)
X. Wang; Z. Li; W. M. Wonham, "Optimal Priority-Free Conditionally-Preemptive Real-Time Scheduling of Periodic Tasks Based on DES Supervisory Control," in IEEE Transactions on Systems, Man, and Cybernetics: Systems , vol.PP, no.99, pp.1-17, 2016. doi: 10.1109/TSMC.2016.2531681
Publisher’s statement © © 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Copyright/License © © 20xx IEEE.
How to cite TSpace items
Always cite the published version, so the author(s) will receive recognition through services that track citation counts, e.g. Scopus. If you need to cite the page number of the author manuscript from TSpace
because you cannot access the published version, then cite the TSpace version in addition to the published version using the permanent URI (handle) found on the record page.
This article was made openly accessible by U of T Faculty. Please tell us how this access benefits you. Your story matters.
1
Optimal Priority-Free Conditionally-PreemptiveReal-Time Scheduling of Periodic Tasks Based on
DES Supervisory ControlXi Wang, ZhiWu Li, Senior Member, IEEE, and W. M. Wonham,Life Fellow, IEEE
Abstract—This study presents a general discrete event system1
(DES)-based hard periodic real-time task model. Based on super-2
visory control theory (SCT), an optimal priority-free real -time3
scheduling technique is proposed to process all the tasks running4
in uni-processor or multi-processor real-time systems (RTS).5
The preemption relation in this paper generalizes priority-based6
preemption. First, regular languages are utilized to describe the7
processor behavior related to each task’s execution. Thereafter,8
the languages are represented by DES generators. Finally, the9
global processor behavior is generated as the synchronous prod-10
uct of these DES generators. A novel preemption policy, namely11
conditional-preemption, is developed. Two sets of conditional-12
preemption specifications are developed, on the processor level13
and task level, respectively. Moreover, in order to control the14
system to be nonblocking and also limit the worst-case response15
time (WCRT) of the tasks, two corresponding sets of specifica-16
tions are presented. After generating the global specification as17
the synchronous product, by implementing SCT the calculated18
supervisor can provide all the safe real-time execution sequences.19
The supervisor calculation can be sped up by a three step20
algorithm. Finally, the real-time scheduling is implemented for21
real-world examples.22
Index Terms—Real-time system, scheduling, discrete-event23
system, supervisory control, limited preemptive, conditional-24
preemptive.25
I. I NTRODUCTION26
In past decades, most of the existing real-time scheduling27
algorithms are based on dynamic or fixed priorities [1]–28
[12]. The study in [7] shows that, with the tasks’ periods29
equal to their deadlines, the preemptive earliest deadlinefirst30
(EDF) scheduling algorithm is optimal. For uni-processor real-31
time system (RTS) scheduling, a timed discrete-event system32
(TDES)-based task model referred to as the Chen-Wonham33
(CW) model, is proposed in [13]. Based on supervisory control34
theory (SCT) [14]–[16], for non-preemptive scheduling, a35
supervisor [17], [18] that contains all the safe execution se-36
quences is found. In these sequences, all the possible EDF and37
This work was supported in part by the National Natural Science Foundationof China under Grant No. 61374068 and the Science and TechnologyDevelopment Fund, MSAR, under Grant No. 066/2013/A2.
X. Wang is with the School of Electro-Mechanical Engineering, XidianUniversity, Xi’an 710071, China, and also with the Systems Control Group,Department of Electrical and Computer Engineering, University of Toronto,Toronto, ON M5S 3G4, Canada (e-mail: [email protected]).
Z. W. Li is with the Institute of Systems Engineering, Macau University ofScience and Technology, Taipa, Macau, and also with the School of Electro-Mechanical Engineering, Xidian University, Xi’an 710071,China (e-mail:[email protected]).
W. M. Wonham is with Department of Electrical and Computer Engi-neering, University of Toronto, Toronto, ON M5S 3G4, Canada(e-mail:[email protected]).
fixed-priority (FP) sequences are included. If the supervisor is 38
empty, the RTS is claimed to be non-schedulable. Otherwise,39
users can choose any sequence to schedule the RTS. 40
Compared with non-preemptive scheduling, preemptability41
can provide more flexibility to real-time scheduling. In fully 42
preemptive systems, at any time, the execution of a running43
task can be interrupted by tasks with higher priorities, andit 44
continues when all tasks with higher priorities have completed 45
[19]. 46
However, for the real-time scheduling in a processor, both47
preemptive and non-preemptive scheduling policies are too48
conservative. Generally, users may customize specific preemp- 49
tion plans that are neither preemptive nor non-preemptive.50
Recently, several studies are devoted to different preemption 51
policies; these can be divided into two categories: 52
• Priority-based: Preemption thresholds scheduling (PTS)53
[20], under FP scheduling, allows a task to disable54
preemption up to a specified priority level. Each task is55
assigned a fixed priority and a preemption threshold, and56
only tasks with priorities higher than the threshold of the57
running task can preempt its execution. 58
• Task-based: Deferred preemptions scheduling (DPS) [21],59
under EDF scheduling, assigns each task a maximum60
interval that is free from preemption. 61
The two preemption policies are considered as the tradeoff62
between preemptive and non-preemptive real-time scheduling. 63
They can significantly improve the EDF and FP real-time64
scheduling algorithms, respectively. However, both policies are 65
still limited by priorities. In fact, for some real-time scheduling 66
requirements, priorities cannot be assigned to real-time tasks. 67
Moreover, to the best of our knowledge, no existing work68
can combine the two latter policies together into a real-time 69
scheduling strategy and find all the safe execution sequences. 70
For example, under FP or EDF scheduling, an RTS cannot be71
scheduled by satisfying PTS and DPS simultaneously. 72
In this paper, a discrete-event system (DES) real-time task73
model is presented to schedule the real-time tasks running74
in uni-processor or multi-processor systems. The preemption 75
relation in this paper generalizes priority-based preemption. 76
Regular languages are utilized to describe the processor77
behavior related to the execution and preemption of each78
task. Each language can be represented by a DES generator.79
The synchronous product [14] of these DES generators can80
integrate the models of the tasks running in a processor81
into a complex generator to represent the global processor82
behavior. For each processor, without considering the priori- 83
2
ties, this present study extends the PTS and DPS scheduling84
policies to two general conditional-preemption specifications.85
They are utilized to customize scheduling and preemption86
requirements conditionally, such as FP, PTS, DPS, preemptive87
scheduling, and non-preemptive scheduling. Moreover, the88
worst-case response time (WCRT) of a task can also be89
restricted by a specification. Thereafter, similar to the work90
in [13], all the safe execution sequences generated by the91
synchronized specifications with respect to the tasks running92
in each processor can be calculated offline by SCT. Users93
can choose any sequence to schedule the processor. The real-94
time scheduling with conditional-preemption is applied toreal-95
world uni-processor or multi-processor systems.96
The rest of this paper is organized as follows. Section97
II presents the terminology used throughout the paper.The98
system model and motivation are described in Section III.The99
priority-free real-time scheduling with conditional-preemption100
principles is defined in Section IV. The DES model for101
the periodic tasks and the RTS are proposed in Section V.102
The specifications are formalized and established in Section103
VI. By applying to real-world systems, Section VII reports104
methodologies for the real-time scheduling with conditional-105
preemption. Further relevant issues are discussed in Section106
VIII. Finally, Section IX states our conclusions.107
II. CONCEPTS ANDTERMINOLOGY108
A DES plant is agenerator109
G = (Q, Σ, δ, q0, Qm)
where110
• Q is the finitestateset,111
• Σ is the finiteevent set(alphabet), partitioned into the112
controllable eventsubsetΣc and theuncontrollable event113
subsetΣu;114
• δ : Y × Σ → Y is thepartial state transition function;115
• q0 is the initial state; and116
• Qm ⊆ Q is the subset ofmarker states.117
In accordance with [14],Σ+ denotes the set of all finite118
sequences of symbols inΣ. By adjoining the empty string119
ǫ, the set of strings over the alphabetΣ is written asΣ∗, i.e.,120
Σ∗ = Σ+ ∪{ǫ}. Functionδ can be extended toδ : Y ×Σ∗ →121
Y . We write δ(q, s)! to mean thatδ(q, s) is defined, where122
stateq ∈ Q and strings ∈ Σ∗. The length|s| of a string123
s ∈ Σ∗ is defined as124
|ǫ| = 0; |s| = k, if s = σ1σ2 · · ·σk ∈ Σ+.125
The closed behaviorof G is represented by126
L(G) := {s ∈ Σ∗|δ(q0, s)!}127
and themarked behavioris128
Lm(G) := {s ∈ L(G)|δ(q0, s) ∈ Qm} ⊆ L(G).129
Synchronous product[14] is a standard way to combine a130
finite set of DES into a single and more complex one. Suppose131
that we haven languages corresponding ton DES, Li ⊆ Σ∗i132
with Σ =⋃
i∈nΣi, n := {1, 2, . . . , n}. Thenatural projection133
Pi : Σ∗ → Σ∗i is defined by134
• Pi(ǫ) = ǫ, 135
• Pi(σ) =
{
ǫ, if σ /∈ Σi
σ, if σ ∈ Σi, 136
• Pi(sσ) = Pi(s)Pi(σ), s ∈ Σ∗, σ ∈ Σ. 137
The inverse image functionof Pi is 138
P−1
i : Pwr(Σ∗i ) → Pwr(Σ∗). 139
For H ⊆ Σ∗i , 140
P−1
i (H) := {s ∈ Σ∗|Pi(s) ∈ H}. 141
The synchronous productof L1, L2, . . . , Ln is denoted by 142
L1||L2|| · · · ||Ln with 143
L1||L2|| · · · ||Ln := P−11 L1 ∩ P−1
2 L2 ∩ · · · ∩ P−1n Ln. 144
Suppose that thespecification languageis represented by 145
E ⊆ Σ∗. Let C(E) be the family of sublanguages ofE that 146
are controllable with respect toG. C(E) is nonempty and is 147
closed under arbitrary unions. The (unique)supremalelement 148
within C(E), denoted by supC(E), always exists. 149
Suppose that a DES model is nonempty. Under supervi-150
sory control, all the uncontrollable events are automatically 151
enabled. After adjoining a particular subset of the controllable 152
events to be enabled, a set of allcontrol patternsis defined as 153
Γ = {γ ∈ Pwr(Σ)|γ ⊇ Σu} 154
wherePwr(Σ) is thepower setof Σ. A supervisory controlfor 155
G is any mapV : L(G) → Γ. DESG under the supervision of 156
V is written asV/G. Theclosed behaviorof V/G is defined 157
to beL(V/G) ⊆ L(G) described as 158
• empty stringǫ ∈ L(V/G), 159
• if s ∈ L(V/G), σ ∈ V (s), andsσ ∈ L(G) then sσ ∈ 160
L(V/G), 161
• no other strings belong toL(V/G). 162
The marked behaviorof V/G is 163
Lm(V/G) = L(V/G) ∩ Lm(G). 164
The control mapV is nonblockingfor G if 165
Lm(V/G) = L(V/G). 166
A languageK ∈ Σ∗ is controllable (with respect toG) if 167
KΣu ∩ L(G) ⊆ K 168
i.e., 169
(∀s, σ)s ∈ K & σ ∈ Σu & sσ ∈ L(G) ⇒ sσ ∈ K. 170
Let K ⊆ L(G) be nonempty and closed. There exists a171
supervisory controlV for G such thatL(V/G) = K iff 172
K is controllable with respect toG; this is referred to as a 173
nonblocking supervisory control(NSC). Generally, ifmarking 174
is also considered, then we select a sublanguageM ⊆ Lm(G). 175
A marking nonblocking supervisory control(MNSC) with 176
respect toG exists, which is a mapV : L(G) → Γ with 177
the behavior 178
Lm(V/G) = L(V/G) ∩ M . 179
3
III. SYSTEM MODEL AND MOTIVATION180
In the literature of real-time scheduling, the existing pre-181
emption algorithms are defined based on (dynamic or fixed)182
priorities, which means that when several tasks are simul-183
taneously eligible to be processed, only a task with the184
highest priority is permitted to enter the processor. In order185
to relax this constraint and provide all the tasks an equal186
chance to be processed, an optimal policy, named priority-187
free scheduling policy, is presented. This policy allows users188
to define conditional-preemption requirements freely without189
assigning task priorities.190
A. System Model191
Suppose that an RTSS processes a set of independent syn-192
chronous/asynchronous periodic tasks, i.e.,S = {τ1, τ2, . . . ,193
τn}. For i ∈ n, taskτi ∈ S is in the form of a four-tuple194
τi = (Ri, Ci, Di, Ti)195
with196
• a release timeRi,197
• a worst-case execution time(WCET) Ci,198
• a hard deadlineDi, and199
• a period Ti with Ri ≥ 0 andCi ≤ Di ≤ Ti.200
HereRi, Ci, Di, andTi are non-negative integers representing201
the lengths of processor time units. A synchronous (resp.,202
asynchronous) taskτi has Ri = 0 (resp., Ri > 0). The203
processor utilization ofτi is Ui = Ci
Ti
.204
Suppose that an RTSS is a uni-processor system; and the205
total processor utilization ofS is US =n∑
i=1
Ui. Similarly,206
suppose that an RTSS is a multi-processor system that207
possesses a processor setΞ that consist ofs processors, i.e.,208
Ξ = {Ξ1, Ξ2, . . . , Ξs}. The processor utilization ofΞj is the209
sum of the processor utilization of all the tasks running in210
it, i.e., UΞj =
∑
i Ui, τi ∈ Ξj . In both uni-processor and211
multi-processor systems, a processor is not schedulable in212
case there is overload [1]. The present study allows a task213
to enter any processor randomly. However, once a task enters214
a processor, it cannot be shifted to another. In a processor,real-215
time scheduling policies can be divided into the following two216
categories:217
• preemptive: a running task can be interrupted by the218
execution of other released tasks;219
• non-preemptive: the execution of a running task cannot220
be interrupted.221
B. Motivation222
For some real-world preemption policies, the tasks running223
in a processor cannot be assigned with priorities. Next we224
present a motivating example.225
Suppose that a uni-processor RTSS executes four tasksτ1,226
τ2, τ3, and τ4. Their parameters are shown in Table I. We227
assume that the execution ofτ1 can be preempted only byτ2,228
τ2 only by τ4, andτ4 only by τ1, respectively; moreover,τ3229
cannot be preempted. No priorities can be assigned to these230
tasks. In this case, the EDF, FP, and PTS algorithms cannot be231
utilized to schedule this RTS. In order to solve such problems, 232
we discard the priorities and refer to the real-time scheduling 233
as priority-free. 234
TABLE I: Parameters of four tasks
task R C D Tτ1 0 3 9 9τ2 3 3 6 6τ3 0 1 4 5τ4 0 2 14 18
Based on the priority-free real-time scheduling, conditional- 235
preemption is presented in this study. By a preemption matrix 236
that will be defined later, users can define any preemption rela- 237
tion among all the tasks running in the same processor. WCET-238
based conditional-preemption specification is presented in this 239
study. Users can use it to designate how long after its execution 240
is started, a task can be preempted by other tasks. Moreover,241
the WCRT of a task can also be restricted by a specification.242
Finally, all the safe execution sequences generated by the243
synchronized specifications with respect to the tasks running 244
in each processor can be calculated offline by SCT. Users can245
choose any sequence to schedule the processor. 246
IV. PRIORITY-FREE HARD RTS WITH PERIODIC TASKS 247
Since both uni-processor and multi-processor real-time sys- 248
tems are considered, theoretical analysis in this section is 249
based on processors instead of real-time systems. 250
A. Priority-Free Real-Time Scheduling 251
Definition 1: [priority-free] A scheduling policy is said to 252
be priority-free if all the released tasks in a processor can be253
processed in any order. 254
From the perspective of an individual taskτi, in each hyper- 255
period [22], all the processor time units are partitioned into: 256
• busy time: the processor is occupied by other tasks, soτi 257
cannot be executed; 258
• running time: τi is in process; 259
• preemption time(if any): afterτi has started, its execution260
is interrupted by (a subset of) other tasks; and 261
• free time: the execution ofτi is completed orτi has not 262
arrived yet. These processor time units can be idle or263
utilized to execute other tasks. 264
Priority-free scheduling policy can be utilized to schedule 265
all the periodic tasks randomly, i.e., the busy time and the266
preemption time of each task can be occupied by other tasks.267
Moreover, in accordance with traditional real-time scheduling, 268
a task is not allowed to be interrupted if the system would269
thereby be left idle. In this case, the free time is also allowed 270
to be left idle only when no task in process. 271
Example. 272
For τ2 shown in Table I, a possible conditionally-preemptive273
real-time scheduling is illustrated in Fig. 1. By allowing 274
preemption of other tasks, the first nine processor time units 275
are partitioned into: 276
4
• busy time: time interval[3, 4];277
• running time: time intervals[4, 6] and [7, 8];278
• preemption time: time interval[6, 7]; and279
• free time: time intervals[0, 3] and [8, 9].280
The time intervals[0, 4], [6, 7], and [8, 9] can be occupied by281
other tasks running in the same processor. Moreover, only time282
intervals[0, 3] and [8, 9] could alternatively be idle.283
0 5
Fig. 1: Real-time scheduling of taskτ2.
B. Conditional-Preemption284
From the perspective of processor and individual tasks, two285
sets of general policies are presented, respectively. Theyapply286
to any specific conditional-preemption plans.287
1) Matrix-based conditional-preemption:288
In this study, the priority-based preemption policy is ex-289
tended to a general matrix-based policy. From the perspective290
of each processor, its preemption matrix is defined to describe291
the preemption relations among the tasks running in it.292
Definition 2: [preemption matrix] Ann × n matrix P is293
said to be apreemption matrixif Pi,j = 1 (resp.,Pi,j = 0)294
represents that a taskτi is allowed (resp., not allowed) to be295
preempted byτj .296
Proposition 1: Preemption matrixP can provide up to297
2n2−n conditionally-preemptive real-time scheduling plans.298
Proof: Sinceτi cannot be preempted by itself, we have299
Pi,i = 0 for all i ∈ n. If i 6= j, Pi,j can be either0 or 1.300
Since there aren2 − n ∗’s in an n× n matrix P , thenP can301
provide up to2n2−n scheduling plans.302
Example.303
Suppose that a processor executes all the tasks shown in304
Table I. Its preemption matrixP is in the form305
P =
0 ∗ ∗ ∗∗ 0 ∗ ∗∗ ∗ 0 ∗∗ ∗ ∗ 0
306
where∗, either0 or 1, can be predefined by users. According to307
preemptive real-time scheduling, each task can be preempted308
by other tasks. Thus, all the∗’s in P are replaced by1, as309
shown inP1. In contrast, according to non-preemptive real-310
time scheduling, no task can be preempted by other tasks.311
Thus, all the∗’s in P are replaced by0, as shown inP2.312
Matrix P3 describes that313
• τ1 can be preempted byτ2, τ3, andτ4;314
• τ2 can be preempted byτ3 andτ4; and315
• τ3 can be preempted byτ4.316
This is in accordance with the FP real-time scheduling by317
assigning priorities to tasksτ1, τ2, τ3, andτ4 in an increasing318
order. Similarly, we can assign priorities to tasksτ1, τ2, τ3,319
andτ4 in a decreasing order, as shown inP4.320
By applying PTS to assign preemption threshold to each321
task,P3 can be revised to beP5 as an example. The preemp-322
tion matrix for the motivating example isP6. 323
P1 =
0 1 1 11 0 1 11 1 0 11 1 1 0
P2 =
0 0 0 00 0 0 00 0 0 00 0 0 0
324
P3 =
0 1 1 10 0 1 10 0 0 10 0 0 0
P4 =
0 0 0 01 0 0 01 1 0 01 1 1 0
325
P5 =
0 0 1 10 0 0 10 0 0 10 0 0 0
P6 =
0 1 0 00 0 0 10 0 0 01 0 0 0
326
Definition 3: [matrix-based conditional-preemption] A pre-327
emption policy is said to bematrix-based conditionally- 328
preemptiveif it can be represented by a preemption matrix. 329
2) WCET-based conditional-preemption: 330
In this study, the task-based preemption policy is ex-331
tended to a general policy named WCET-based conditional-332
preemption. The execution of taskτi takesCi time units. From 333
the perspective of an individual task, between any two adjacent 334
processor time units the execution ofτi can be preempted 335
by a subset of other tasks. With respect to taskτi, any two 336
such subsets can be different from each other. Evidently, DPS 337
studied in [21] can be considered as an application of the338
presented conditional-preemption policy. 339
In case that WCET-based conditional-preemption relations340
do not exist, the preemption relations defined in the ma-341
trix are applied to the real-time scheduling throughout the342
execution. Otherwise, the real-time scheduling should take 343
both the WCET-based conditional-preemption and matrix-344
based conditional-preemption into account simultaneously. 345
Example. 346
According toP1 in the last example,τ2 can be preempted 347
by τ1, τ3, andτ4, which represents that the execution ofτ2 can 348
be interrupted byτ1, τ3, or τ4 immediately upon their arrival. 349
As shown in Table I, we haveC2 = 3, i.e., the execution of 350
τ2 takes three time units. Thus we can define two different351
WCET-based conditional-preemption plans for the execution 352
of τ2, such as 1) between the first two time units, onlyτ1 and 353
τ3 can interrupt the execution ofτ2; and 2) between the last 354
two time units, onlyτ1 andτ4 can interrupt the execution of 355
τ2. 356
V. DES MODEL FORREAL-TIME SYSTEMS 357
In this research, regular languages are utilized to describe 358
the processor behavior related to the periodic real-time tasks’ 359
execution. Thereafter, each language will be followed by360
a DES generator representation. Finally, the synchronized361
language, represented by a more complex DES generator, is362
utilized to describe the global processor real-time scheduling 363
behavior. In a synchronized DES generator, all the enabled364
events can occur without considering their priorities. Thus, 365
5
if two or more events are eligible simultaneously, their syn-366
chronous product allows them to occur in any order. Since367
synchronous product can provide all the possible sequences368
that are not related to priorities, conditional-preemption is369
possible.370
Example.371
Suppose that we have three DES generatorsGa, Gb, and372
Gc. As depicted in Fig. 2, their alphabets areΣi = {σi, σd},373
i ∈ {a, b, c}. Consequently,Lm(Gi) = (σiσd)∗. The syn-374
chronous product,Ga||Gb (resp.,Ga||Gb||Gc), is illustrated375
in Fig. 3(a) (resp., 3(b)), which has all the 4 (resp., 6) paths,376
in which σi can occur in any random sequence.377
i
d
Fig. 2: DES modelGi.
b
a
a
b
d
(a) Ga andGb
b
a
c
b
ac
ac
d
b
b
a
c
(b) Ga, Gb, andGc
Fig. 3: Synchronous product.
A. DES Model for Periodic Tasks378
For any taskτi ∈ S arriving periodically, its execution is379
represented by a DES generatorGi with marked language380
Lm(Gi) and (prefix) closed languageL(Gi) satisfying381
L(Gi) = Lm(Gi) (1)
that describes all possible executions and random preemptions382
of task τi.383
1) Regular language representation:384
The alphabet(event labels), written asΣi to describe the385
behavior ofGi, is the disjoint union ofΣoi andΣe, i.e.,Σi =386
Σoi∪Σe, with Σoi ∩ Σe = ∅, Σoi = {γi, αi, βi}, and Σe =387
{c1, c2, . . . , ci, . . . , cn, t}, where388
• Σoi is the operation event set of taskτi, with389
– γi: release event,390
– αi: the execution ofτi is started, and391
– βi: the execution ofτi is completed;392
• Σe is the execution event set, with393
– (i ∈ n) ci: τi is running in the processor, and394
– t: no task is running in the processor, i.e., the395
corresponding processor time unit is idle.396
For anyσ ∈ Σe, the occurrence ofσ takes a single processor397
time unit. The marked languageLm(Gi) describes all the398
possible execution sequences of taskτi’s execution within a 399
periodTi. We have 400
Lm(Gi) = LRi (γiL
Ti )∗. (2)
This expression contains two parts: 401
• LRi : the processor behavior before taskτi is released; and 402
• LTi : the processor behavior within a periodTi between 403
the occurrence of two adjacentγi’s. 404
The events occurring withinsr ∈ LRi take Ri time units in 405
total, i.e., 406
LRi = {sr| |sr| = Ri}. (3)
If τi is a synchronous task, thenLRi is empty. Otherwise, 407
the set of stringsS1 ⊆ (Σe − {ci})∗ represents the possible408
system behavior. SublanguageLRi could be idle or other tasks 409
being processed earlier thanγi. For anyσ ∈ Σi, let #σ(sr) 410
represent the number of occurrences ofσ in a stringsr. We 411
have 412
LRi = {sr|#t(sr) +
n∑
j=1,j 6=i
#cj(sr) = Ri}. (4)
In a periodTi, eventsαi and βi must occur only once. 413
Since their occurrences are instantaneous (take no time), and 414
the events occurring withins ∈ LTi takeTi time units in total, 415
the length of every string in a period equalsTi + 2. Formally, 416
LTi = {s| |s| = Ti + 2}. (5)
For anys ∈ LTi representing the complete execution of task417
τi, the number ofci’s is Ci, i.e., 418
#ci(s) = Ci. (6)
In a periodTi, i.e., in LTi , the processor runsTi processor 419
time units that are occupied by all the execution events.420
Formally,s satisfies 421
#t(s) +
n∑
j=1
#cj(s) = Ti. (7)
Any string s ∈ γiLTi contains a substrings′ = γis
eβi, in 422
which se represents the system behavior since the arrival of423
τi until its execution is completed. Thus the response time of424
task τi is the processor time spent between the occurrences425
of γi andβi. Since the occurrence ofαi is instantaneous, the 426
response time ofτi in s is 427
Pi = |se| − 1. (8)
The set of strings,S1 ⊆ (Σe − {t, ci})∗, occurring earlier 428
than αi is utilized to represent the busy time. Moreover,429
the preemption time, occurring betweenαi andβi randomly, 430
is represented by a set of stringsS2 ⊆ (Σe − {t, ci})∗. 431
Furthermore, a set of stringsS3 ⊆ (Σe−{ci})∗ that occur later 432
than βi, is utilized to represent the free time. Consequently,433
for any s ∈ LTi , s is structurally represented by 434
s = s1αi(s2cis2) . . . (s2ci)βis3 (9)
6
with s1 ∈ S1, s2 ∈ S2, ands3 ∈ S3, respectively. The strings435
in (Σe−{t, ci})∗ represent the system behavior corresponding436
to the random preemption by other tasks. Strings2 occurs437
betweenαi and ci or any two adjacentci’s and represents438
that the execution ofτi can be preempted at any time. After439
the occurrence of the lastci, βi occurs immediately to not440
delay the response time.441
Strings in(Σe−{ci})∗ represent the system behavior in the442
free time. These processor time units can be idle, or utilized to443
execute other tasks. In order to satisfy the hard deadlineDi,444
all the ci’s must occur beforeβi. Thus, before the occurrence445
of βi, the preemption time cannot be longer thanDi − Ci.446
Formally, stringss1 ands2 within Eq. (9) form sublanguages447
S1 andS2 that also satisfy Eqs. (10) and (11) as follows:448
S1 = {s1|0 ≤n
∑
j=1,j 6=i
#cj(s1) ≤ Di − Ci} (10)
S2 = {s2|0 ≤n
∑
j=1,j 6=i
#cj(s2) ≤ Di − Ci} (11)
By Eq. (7), the free time cannot be longer thanTi − Ci.449
Formally, sublanguageS3 in Eq. (9) must also satisfy450
S3 = {s3|0 ≤ #t(s3) +
n∑
j=1,j 6=i
#cj(s3) ≤ Ti − Ci}. (12)
Example.451
The closed and marked languages to describe the processor452
behavior to execute taskτ1 are453
L(G1) = Lm(G1)454
and455
Lm(G1) = LR1 (γ1L
T1 )∗.456
SublanguageLT1 satisfiesLR
1 = ǫ, ∀s ∈ LT1 , |s| = 8,457
#c1(s) = 2, and #t(s) +3∑
j=1
#cj(s) = 6. String s is458
structurally represented by459
s = s1α1s2c1s2c1β1s3460
with s1 ∈ S1, s2 ∈ S2, ands3 ∈ S3 as follows.461
• S1 = {s1 ∈ {c2, c3}∗|0 ≤3∑
j=2
#cj(s1) ≤ 4},462
• S2 = {s2 ∈ {c2, c3}∗|0 ≤3∑
j=2
#cj(s2) ≤ 4}, and463
• S3 = {s3 ∈ {c2, c3, t}∗|0 ≤ #t(s3) +3∑
j=2
#cj(s3) ≤ 4}.464
So far, the regular language description of processor behavior465
related to each task’s execution is well defined. The next step466
is to utilize an appropriate DES model to represent the regular467
language satisfying Eqs. (1)-(12) simultaneously.468
2) DES generator representation:469
The DES generator for taskτi is represented by470
Gi = (Qi, Σi, δi, q0i, Qmi)471
where472
• Qi is the finitestateset, 473
• Σi is the alphabetwith Σi = Σoi∪Σe it can also be 474
partitioned intoΣi = Σci∪Σui, with 475
– Σci = {αi, c1, c2, . . . , ci, . . . , cn}: controllable event 476
subset and 477
– Σui = {βi, γi, t}: uncontrollable eventsubset; 478
• δi : Qi × Σi → Qi is the (partial) transition function, 479
• q0i is the initial state, and 480
• Qmi is the subset ofmarker states. 481
The controllability of αi (resp. i ∈ n, ci) endows the uni- 482
processor with the authority to choose and execute (resp.483
interrupt) any task among all the released ones. Disabling the 484
controllable eventαi is utilized to delay the execution of task485
τi for the purpose of avoiding blocking. The general DES486
model for real-time periodic tasks is presented in Fig. 4. The 487
subscript of each state’s name consists of two parts. All the488
states and transitions are defined by: 489
• statesy0i,0, y0i,1, . . ., y0i,Ri−1 form the state set before490
the task releases for the first time; 491
• statey0i,Ri: τi releases; 492
• for the other states excepty0i, , the first subscript is the 493
past processor time unit after the arrival of taskτi in 494
the current period, and the second is the corresponding495
operation related toτi or the amount of processor time496
units already utilized to processτi. These states are497
defined as 498
– (i ∈ n, 0 ≤ j ≤ Di − Ci) yj,αi: the processor is 499
ready to processτi, 500
– (i ∈ n, Ci ≤ j ≤ Di) yj,βi: the execution ofτi is 501
complete, 502
– (0 ≤ j ≤ Ti, 0 ≤ k ≤ Ci) yj,k: during the firstj 503
processor time unit after the release ofτi, k time 504
units have been utilized to processτi, 505
– yTi,βi= y0i,Ri
, 506
– yTi,βi= y0i,Ri
, Di = Ti ⇒ yDi,βi= y0i,Ri
, and 507
– the states with outgoing arrows are the marker states508
Qm; 509
• the state with a double arrow is the initial and marker510
statey0i,0; 511
• ci (resp.,cj) represents the execution ofτi (resp.,τj ∈ S, 512
j 6= i); and 513
• the functionδi satisfies 514
– (0 ≤ p ≤ Ri−1) δ(y0i,p, t) = y0i,p+1: the processor 515
time units are idle; 516
– (0 ≤ p ≤ Ri − 1) δ(y0i,p, cj) = y0i,p+1: τj ∈ S, 517
j 6= i is in process; 518
– δ(y0i,Ri, γi) = y0i,αi
: τi is released; 519
– (0 ≤ p ≤ Di−Ci) δ(yp,αi, αi) = yp,0: at stateyp,αi
, 520
the execution ofτi is started; 521
– (Ci ≤ p ≤ Di) δ(yp,Ci, βi) = yp,βi
: at stateyp,Ci, 522
the processingof τi is completed; 523
– (0 ≤ p ≤ Di − 1, 0 ≤ k ≤ Ci − 1) k ≤ p, 524
δ(yp,k, ci) = yp+1,k+1: τi is in process; 525
– (0 ≤ p ≤ Ti − 1, q 6= ci), δ(yp,q, cj) = yp+1,q: 526
τj ∈ S, j 6= i is in process; 527
– (Ci ≤ p ≤ Ti − 2), δ(yp,βi, t) = yp+1,βi
: after the 528
occurrence ofβi, the processor time units are idle;529
7
and530
– δ(yTi−1,βi, t) = y0i: the last processor time unit in531
Ti is idle.532
ii ic
ii
ii
ii
i
, jt c
, jt c
jc
jc
jc
jc
jc
jc
ic
ic
ic
ic
ic
ic
ic
, jt c
0, iy
1, iy
1,i i iD Cy
, 1i iC Cy
1, 1i iC Cy
2, 1i iD Cy
1, 1i iD Cy
1,i iC Cy
,i iC Cy
1,i iD Cy
,i iD Cy
1,i iCy
,i iCy
1,i iDy
,i iDy
1,i iTy
,i i iD Cy
0,0y
1,0y
1,0i iD Cy
,0i iD Cy
1,1y
2,1y
,1i iD Cy
1,1i iD Cy
0 ,0iy0 ,1i
y
0 , ii Ry
0 , 1ii Ry , jt c, jt c
jc
jc
Fig. 4: General DES model for taskτi.
Example.533
The DES modelG2 corresponding to tasksτ2 is depicted534
in Fig. 5. SinceR2 = 3, eventγ2 occurs at the end of the535
third processor time unit. After each period ofτ2 is finished,536
γ2 occurs immediately to repeat the process.537
22
2
2c 2c
2
2
1 3 4, , ,t c c c
2
22c 2c
2c 2c
1 3 4, , ,t c c c
1 3 4, , ,t c c c
2
2
2c 2c
2c
2c
2c
2c
1
3 4
,,
t cc c
1 3
4
,c cc
1 3 4, , ,t c c c
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1
3 4
,,
t cc c
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
1 3
4
,c cc
Fig. 5: DES modelG2.
B. DES Task Model Creation in TCT538
The software package TCT1 is a tool utilized to create539
the DES generator related to each task. Thereafter, the DES540
model for RTS is established as the synchronous product [13]541
of the generated DES models. Further operations to edit the542
models and/or compute the supervisor can also be executed in543
TCT. The procedures utilized in this study are summarized in544
Appendix 1. All the operations in TCT and the names of the545
1http://www.control.utoronto.ca/DES
generated files are recorded in an annotated file MAKEIT.TXT.546
In TCT, G1, G2, G3, andG4 are named as TASK1, TASK2, 547
TASK3, and TASK4, respectively. As an example, TASK2 is548
reported in Appendix 2. Furthermore, fori ∈ n, eventsγi, αi, 549
andβi are renamedi0, i1, andi2, respectively. Eventsci andt 550
are represented byi9 and0, respectively. The system behavior551
corresponding to each processor is calculated by synchronous 552
product. Suppose that we have an RTSS that possesses only553
one processor; three examples are discussed below. 554
1) Plan 1: τ1 and τ2 in process: 555
Suppose that tasksτ1 andτ2 are processed inS, denoted by 556
S1. It is generated by the proceduresync provided by TCT. 557
Since tasksτ3, τ4 /∈ S1, within τ1 andτ2, we can eliminatec3 558
andc4 (events 39 and 49) by relabeling them to bec2 (event 559
29) andc1 (event 19), respectively. Thereafter, the DES model560
representingS1 can be generated by synchronous product. In561
TCT, S1 is represented by SYS1 that contains 71 states and562
98 transitions. The corresponding TCT procedures are: 563
TEST1 = relabel (TASK1, [[39, 29], [49, 29]]) (42, 72) 564
TEST2 = relabel (TASK2, [[39, 19], [49, 19]]) (28, 45) 565
SYS1 =sync (TEST1, TEST2) (71, 98)2 566
2) Plan 2: τ1, τ2, and τ4 in process: 567
Suppose that tasksτ1, τ2, and τ4 are processed in RTSS, 568
denoted byS2. Named to be SYS2 in TCT, it can be generated569
in a similar way, i.e., 570
TEST1 = relabel (TASK1, [[39, 29]]) (42, 102) 571
TEST2 = relabel (TASK2, [[39, 19]]) (28, 63) 572
TEST4 = relabel (TASK4, [[39, 19]]) (69, 173) 573
SYS2 =sync (TEST1, TEST2, TEST4) (170, 279) 574
3) Plan 3: τ1, τ2, τ3, and τ4 in process: 575
Suppose that all four tasksτ1, τ2, τ3, andτ4 are processed in 576
RTS S, denoted byS3. Represented by SYS3 in TCT,S3 can 577
be generated in a similar way, i.e., 578
SYS3 = sync (TASK1, TASK2, TASK3, TASK4) (952, 579
2056) Blockedevents = [0] 580
There is a blocked event 0 (t) in SYS3 (S3), which 581
represents that in the real-time scheduling, there is no idle 582
time unit. This means that the processor utilization ofS3 is 583
U3 ≥ 1. According to the study in [3],S3 is non-schedulable 584
if U3 > 1. By calculating the processor utilization ofS3, we 585
obtainU3 = 3/9 + 3/6 + 1/5 + 2/14 > 1. Thus,S3 is non- 586
schedulable. In the modeling phase, “bad decisions” made by587
synchronous product may block the priority-free conditionally- 588
preemptive real-time scheduling. As a solution, in the rest589
of this paper, SCT is utilized to supervise the RTS to be590
nonblocking. 591
VI. SPECIFICATIONS FOROPTIMAL PRIORITY-FREE 592
CONDITIONALLY -PREEMPTIVE REAL-TIME SCHEDULING 593
In accordance with [14], all possible behaviors in a proces-594
sor are generated by a DES, called theplant. A processor under 595
control is a subset of the generated languages with respect596
2All the original message “Blocked events = None” in the original MAKEITfile are eliminated for readability.
8
to certain constraints that are contained in some specification597
languages. In order to schedule the processor to be non-598
blocking and conditionally-preemptive, we shall impose the599
synchronous product of proper specifications on the behavior600
of the processor. For each task running in a processor, four601
types of specifications are defined:602
• Nonblocking specifications: nonblocking preemptive603
scheduling of real-time tasks;604
• Matrix-based conditional-preemption specifications: the605
preemption relation among all the tasks;606
• WCET-based conditional-preemption specifications: dur-607
ing the execution of each task, the exact preemption plan608
between two adjacent time units; and609
• WCRT-based conditional-preemption specifications: the610
WCRT in all the periods.611
A. Nonblocking Specifications612
In order to control the RTS to be nonblocking, the specifi-613
cationSNi for τi should allow the occurrence of anys ∈ Σ∗
i ,614
i.e., L(SNi ) = Σ∗
i . The procedureallevents can be utilized615
to generate a DES representingΣ∗i . As shown in Fig. 6, the616
nonblocking specification for taskτi is a generator with only617
one state at which allσ ∈ Σi are enabled.618
i
Fig. 6: Nonblocking specification for taskτi.
B. Matrix-Based Conditional-Preemption Specifications619
In a processor, all the possible preemptions that may occur620
during the execution ofτi are defined in thei-th row of the621
preemption matrixP . More precisely, taskτi can be preempted622
by τj in casePi,j = 1. The preemption occurs between the623
occurrence ofαi andβi. Thus, a specificationSPi is defined624
for each taskτi with a generator625
SPi = (QP
i , ΣPi , δP
i , qP0i, Q
Pmi).626
Here627
• QPi : the state set contains two states:628
– y0: τi is not in process; and629
– y1: τi is in process;630
• ΣPi =
⋃
i∈nΣi: the set of all the events appearing in the631
processor;632
• δPi : the (partial) transition function:633
– δPi (y0, σ) = y0, σ ∈ Σe − {ci}: τi is not in process,634
the time unit can be taken by other tasks or idle;635
– δPi (y1, ci) = y1: τi is in process;636
– δPi (y1, cj) = y1: τi can be preempted byτj , i.e.,637
Pi,j = 1;638
– δPi (y0, αi) = y1: the execution ofτi is started; and639
– δPi (y1, βi) = y0: the execution ofτi is completed;640
• QPmi = {qP
0i} = {y0} is the initial and marker state.641
The DES model of specificationSPi for τi is illustrated in Fig.642
7, wherecj represents the execution of taskτj that is allowed643
to preempt the execution ofτi.644
{ }e i
c ,i j
c c
i
i
0y 1y
Fig. 7: Matrix-based conditional-preemption specification.
C. WCET-Based Conditional-Preemption Specifications 645
In this section, we define the exact preemptionplans be- 646
tween two adjacent time units (ci’s) of taskτi. A specification 647
SCi is defined for each taskτi with a generator 648
SCi = (QC
i , ΣCi , δC
i , qC0i, Q
Cmi). 649
Here 650
• QCi : the state set containingCi + 2 states; 651
• ΣCi =
⋃
i∈nΣi: the set of all the events appearing in the652
processor; 653
• δCi : the (partial) transition function: 654
– δCi (0i, σ) = 0i, σ ∈ Σe − {ci}: τi is not in process; 655
and the time unit can be occupied by other tasks or656
idle; 657
– δCi (0i, αi) = y0: τi is arrived; 658
– δCi (yi, ci) = yi+1: τi is in process; 659
– δCi (yi, cj) = yi: τi is preempted by the execution of660
τj ; 661
– δCi (yCi+1, βi) = 0i: the execution ofτi is completed; 662
• QCmi = {qC
0i} = {0i} is the initial and marker state. 663
The DES model of specificationSCi for τi is shown in Fig. 8. 664
i
i{ }
e ic
ic i
ci
c0i
0y 1y iC
y1i
Cy
{ }e i
c
{ }e i
c
1
e
1iC
e
Fig. 8: WCET-based conditional-preemption specification.
D. WCRT-Based Conditional-Preemption Specifications 665
The preemption of real-time execution increases the re-666
sponse time of taskτi. In order to constrain that the execution667
time of taskτi to be no longer than a value WCRTWi, i.e., in 668
a periodTi, the execution betweenγi andβi is limited to be 669
not greater thanWi time units. A specificationSWi is defined 670
for each taskτi with a generator 671
SWi = (Qi, Σi, δi, q0i, Qmi). 672
Here 673
• QWi : the state set containingWi + 2 states; 674
• ΣWi = Σi−{t}: the set of all the events exceptt appearing 675
in Gi; 676
• δWi : the (partial) transition function: 677
– δWi (0i, σ) = 0i, σ ∈ Σe − {ci}: τi is not in process; 678
and the time unit can be taken by other tasks or idle;679
– δWi (0i, γi) = y0: τi is arrived; 680
9
– (cj ∈ Σe)δ(yi, cj) = yi+1: τj is in process;681
– (1 ≤ j ≤ W + 1)δWi (yj , βi) = 0i: the execution of682
τi is completed;683
• QWmi = {qW
0i} = {0i}: the initial and marker state.684
The DES model of specificationSWi for τi is shown in Fig. 9.685
By Theorem 1 (Theorem 3.5.2 in [14]),K can be found by686
the proceduresupcon (see Appendix 1).687
i
i
{ }e
t0
i0y 1y y
{ }e
t { }e
t
1y{ }
e ic
ii
Fig. 9: WCRT-based conditional-preemption specification.
Theorem 1: [14] Let E ⊆ Σ∗ and let K = supC(E ∩688
Lm(G)). If K 6= ∅ there exists amarking nonblocking689
supervisory control(MNSC) forG such thatLm(V/G) = K.690
E. Specification Creation in TCT691
The corresponding TCT operations to create specifications692
are listed in Appendix 3. In TCT, SN1, SN2, SN3, and SN4693
are the nonblocking specificationsSN1 , S
N2 , S
N3 , andS
N4 , re-694
spectively. SP1 (resp. SP2) is the non-preemptive specification695
SP1 (resp.SP
2 ) for task τ1 (resp.τ2).696
The matrix-based conditional-preemptions are created for697
the PTS example (P5) and motivating example (P6).698
PTS example (P5):699
SP134:τ1 can be preempted byτ3 andτ4; and700
SP24:τ2 can be preempted byτ4.701
Motivating example (P6):702
SP12:τ1 can be preempted byτ2;703
SP24:τ2 can be preempted byτ4; and704
SP41:τ4 can be preempted byτ1.705
WCET-based conditional-preemption specifications:706
SC1: only the last time unit ofτ1 can be preempted byτ2;707
SC2: only the first time unit ofτ2 can be preempted byτ1;708
SC3:only the last time unit ofτ1 can be preempted byτ4;709
SC4: only the first time unit ofτ2 can be preempted byτ4.710
WCRT-based conditional-preemption specifications:711
SR1: the WCRT of taskτ1 is W1 = 4; and712
SR4: the WCRT of taskτ4 is W4 = 2.713
VII. SUPERVISORSYNTHESIS714
So far, the priority-free scheduling policy with conditional-715
preemption can be described in regular language that can be716
represented by DES. It is well known that SCT can be used717
to find the supremal controllers that provide the minimally718
restricted controller of the systems. TCT is based on SCT,719
a well-recognized theory in DES modeling and control. By720
utilizing the proceduresync in TCT, all the specifications can721
be integrated into a unique one. The proceduresupcon in722
TCT finds all the safe execution sequences within an RTS723
satisfying the synchronized specification. An offline technique724
is developed in Algorithm 1 to achieve this goal. Users need725
not be concerned with the mathematical calculations; and by726
utilizing TCT, all the safe execution sequences can be provided 727
in the supervisor. Each sequence can be utilized by users to728
schedule the RTS. All the EDF, FP, and other sequences can729
be found in the supervisor (Super). 730
Algorithm 1 Supervisory control of RTS1. Build Plant bysync;2. Build Spec bysync;3. Super =supcon (Plant, Spec).
By comparison, under EDF real-time scheduling the tasks731
with the earliest deadlines are assigned with the highest732
priority. Moreover, EDF scheduling chooses only one task733
among them to execute without considering other possibilities. 734
Other released tasks have no chance to be executed by the735
processor. 736
A. Example. 1. 737
In this study, as illustrated in Fig. 10, an example motor738
network similar to the one studied in [13] is considered as739
an RTS. Suppose that four electric motors are controlled by a740
uni-processor. Their deadlines and periods are represented by 741
D and T, respectively. These parameters coincide with those742
of the tasks in the previous examples as 743
• Motor 1: τ1, 744
• Motor 2: τ2, 745
• Motor 3: τ3, and 746
• Motor 3: τ4. 747
The work plans of the motor network also coincide with the748
RTS models presented in Section V. SinceR2 = 3, Motor 749
2 will be ready three ms later than other tasks. We take750
the three work plans ofS, i.e., S1, S2, and S3, to find all 751
the safe execution sequences under priority-free conditionally- 752
preemptive scheduling. 753
Motor 1
D: 9 ms
T: 9 ms
Motor 2
D: 6 ms
T: 6 ms
Computation:
Motor 1: 3 ms Motor 2: 3 ms
Motor 3: 1 ms Motor 4: 2 ms
Motor 3
D: 4 ms
T: 5 ms
Motor 4
D: 14 ms
T: 18 ms
Fig. 10: A motor network example.
B. Supervisory Control ofS1754
Sinceτ1, τ2 ∈ S1, we only consider the specifications cor-755
responding to tasksτ1 andτ2. The scheduling corresponding756
to P1 is preemptive. Thus, we only need to control the RTS to757
be nonblocking. Denote this specification by PS1. According758
to Algorithm 1, in TCT, it is calculated by 759
PS1= sync (SN1, SN2) (1, 11) 760
All the safe preemptive execution sequences are calculated761
by the proceduresupcon, i.e., 762
10
PSUP1 =supcon (SYS1, PS1) (71, 98)763
The marker states in PSUP1 represent that the correspond-764
ing task is ready to be released, which is redundant information765
for the users. Thus they are unmarked as follows.766
PSUP1 =edit (PSUP1, [mark -[all]]) (71, 98)767
The safe execution sequence set in PSUP1 is represented768
by a DES with 84 states and 130 transitions. By projecting769
out all events butαi, i.e.,770
PMPSUP1 =project (PSUP1, Image [11, 21]) (6, 7)771
we can obtain the preemptive release map ofS1. All the772
safe release sequences are shown in Fig. 11. In PSUP1, by773
projecting out all events butci, i.e.,774
PJPSUP1 =project (PSUP1, Image [19, 29]) (24, 33)775
we can obtain the preemptive scheduling map ofS1, as shown776
in Fig. 12(a), that contains all the safe execution sequences777
of c1 and c2. The computed supervisor is shown in Table778
II, in which RM and SM represent the release map and the779
scheduling map, respectively. The numbers of the states and780
transitions are recorded in the form (number of states, number781
of transitions). By Algorithm 1, several other examples by782
considering different specifications are also listed in Table II.783
All the release maps are isomorphic with the release map784
depicted in Fig. 11. Moreover, all the scheduling maps are de-785
picted in Fig. 12. This means that, based on a supremal release786
map, according to different preemption plans, the priority-787
free conditionally-preemptive scheduling policy can provide788
different results. To the best of our knowledge, no other789
scheduling algorithms can schedule an RTS by considering790
P3 and SC1 simultaneously.791
21
2
2 121
Fig. 11: Release map ofS1.
TABLE II: Uni-processor scheduler behaviors ofS1
Spec Super RM SMP1 (71, 98) (6, 7) (24, 33)P2 (58, 70) (6, 7) (20, 21)P3 (69, 87) (6, 7) (24, 27)P4 (69, 87) (6, 7) (24, 27)P1, SC1, SC2 (68, 90) (6, 7) (23, 27)P3, SC1 (65, 82) (6, 7) (22, 24)
For comparison, the preemptive EDF scheduling result of792
S1 by Cheddar [23] is depicted in Fig. 13, which can also793
be found in Fig. 12(a). The execution sequence in Fig. 13794
seems like a non-preemptive scheduling sequence. Evidently,795
none of the exact preemptive scheduling sequences in Fig.796
12(a) can be generated by EDF. In case that att = 9 in Fig.797
13, τ2 (with the earliest deadline) cannot arrive on time, and798
then according to the multiple sequences, users can choose799
another available sequence shown in Fig. 12(a) to schedule800
task τ1 first. Thus, recalculating the scheduling sequences is801
unnecessary. However, att = 9, there is no EDF sequence802
to executeτ1 first. If τ2 cannot arrive on time, the EDF 803
scheduling cannot scheduleS1 successfully. The supervisory804
control technique provides a larger number of safe execution 805
sequences as compared with EDF scheduling. The WCRT of806
τ1 in the scheduling sequence shown in Fig. 13 isW1 = 6. By 807
comparison, in the scheduling map shown in Fig. 12(a), when808
tasksτ1 andτ2 are released simultaneously, they can preempt809
another randomly. In all these sequences, we haveW1 ≤ 6. 810
C. Supervisory Control ofS2811
Since τ1, τ2, τ4 ∈ S1, we only consider the specifications812
corresponding to tasksτ1, τ2, andτ4. According to Algorithm 813
1, several supervisors are calculated and listed in Table III. 814
The release maps are isomorphic with each other, as shown in815
Fig. 14. The scheduling maps ofS2 are depicted in Fig. 15. 816
To the best of our knowledge, no sequence in Figs. 15(b) and817
15(d) can be achieved by other scheduling algorithms. 818
TABLE III: Uni-processor scheduler behaviors ofS2
Spec Super RM SMP5 (128, 186) (9, 12) (34, 41)P5, SC3, SC4 (119, 173) (9, 12) (32, 37)P6 (145, 21) (9, 12) (44, 54)P6, SC1 (140, 204) (9, 12) (39, 47)
1
1
2
4
4
4
2 1
1
2
2
2
Fig. 14: Release map ofS2.
For comparison, the PTS scheduling result ofS2 is depicted 819
in Fig. 16, and it can also be found in Fig. 15(a). Evidently,820
SCT provides a greater number of safe execution sequences821
as compared with PTS scheduling. The WCRT ofτ4 in 822
the scheduling sequence shown in Fig. 16 isW4 = 2. In 823
comparison, in all the sequences shown in Fig. 15(a), the824
WCRT of τ4 varies from two to eight. This means that the825
WCRT in the conditional-preemption scheduling may increase. 826
In this case, by also considering SR4 as a specification, we827
obtain a supervisor with 83 states and 118 transitions. The828
corresponding release map is isomorphic with the one shown829
in Fig. 14. Two scheduling sequences are depicted in Fig. 17;830
they form a subset of the safe executions shown in Fig. 15(a).831
The sequence in Fig. 16 can be found in Fig. 17. 832
11
2c 2c
2c
1c
1c
1c2c2c
2c
2c 2c
1c
1c
2c 2c
1c
1c
2c 2c
1c
1c
2c 2c
1c
1c
2c 2c
1c
1c
1c
2c 2c
1c
(a) P1
2c 2c
2c
1c
1c
1c2c2c
2c
2c1c
2c1c
2c
1c2c
1c
1c
2c 2c
1c
(b) P2
2c 2c
2c
1c
1c
1c2c2c
2c
2c 2c1c
2c 2c1c
2c2c
2c 2c
1c2c 2c
1c
1c
2c 2c
1c
(c) P3
2c 2c
2c
1c
1c
1c2c2c
2c
2c
1c
1c
2c
1c
1c
1c
1c
2c
1c
1c
2c
1c
1c
1c
2c 2c
1c
(d) P4
2c 2c
2c
1c
1c
1c2c2c
2c
2c
1c
1c
2c 2c
1c
1c
2c
1c
2c
1c2c 2c
1c
1c
2c 2c
1c
(e) P1, SC1, and SC2
2c 2c
2c
1c
1c
1c2c2c
2c
2c1c
2c 2c1c
2c
2c
1c2c 2c
1c
1c
2c 2c
1c
(f) P3 and SC1
Fig. 12: Scheduling map ofS1.
0 5 1510 20 25 30 35
Fig. 13: Preemptive scheduling map ofS1.
2c
1c 2c
2c2c
1c4c4c
1c 1c 2c 2c 2c
1c
2c
1c2c
1c
2c
1c
2c
1c2c
Fig. 17: PTS and WCRT scheduling map ofS2.
D. Example. 2.833
Suppose that we have another motor network, denoted by834
S4 that executes the five tasks listed in Table IV. Suppose835
that in a uni-processor system, the preemption matrix takes836
the following form837
P =
0 ∗ ∗ ∗ ∗∗ 0 ∗ ∗ ∗∗ ∗ 0 ∗ ∗∗ ∗ ∗ 0 ∗∗ ∗ ∗ ∗ 0
838
which can provide220 matrix-based conditionally-preemptive839
real-time scheduling plans. It is unnecessary to calculateall840
the scheduling plans simultaneously. However, each of them841
can be represented by specifications and the corresponding842
supervisors can be calculated by SCT. 843
TABLE IV: Parameters of five tasks
task R C D Tτ1 0 2 9 9τ2 0 2 10 10τ3 0 2 12 12τ4 0 2 14 16τ5 3 2 16 18
844
1) Uni-processor system: 845
In a uni-processor system, the RTS processing these tasks846
is represented by a DES generator with 15572 states and847
31333 events. Instead of calculating the supervisors of all848
the 220 plans, we arbitrarily choose the following eight plans849
to calculate the corresponding supervisors. The corresponding 850
supremal supervisors, release maps, and scheduling maps are 851
recorded in Table V. 852
12
2c
1c 2c
2c2c
1c
1c 2c 2c1c
4c
1c
4c 4c
4c
4c
4c
1c4c
4c
1c4c
4c
4c
4c2c
4c
4c
2c 2c 2c
1c
2c
1c2c
1c
2c
1c
2c
1c2c
(a) P5
2c
1c 2c
2c2c
1c
1c 2c 2c1c
4c
1c
4c4c
4c
1c4c
4c
1c4c
4c2c
4c
4c
2c 2c 2c
1c
2c
1c2c
1c
2c
1c
2c
1c2c
(b) P5, SC3, SC4
1c
1c
1c2c
2c
2c
2c 1c
2c
2c 1c
1c
2c
2c
2c
2c
2c
2c
1c
4c4c
1c
2c
4c
1c
1c
1c
1c
1c
1c
1c
4c
1c
4c
2c
2c
2c4c
2c2c
2c
2c
2c
2c1c
2c
2c
2c2c 2c
4c
4c
4c
4c
(c) P6
1c
1c
1c2c
2c
2c 1c
2c
1c
1c
2c
2c
2c
2c
2c1c
4c4c
1c
2c
4c
1c
1c
1c
1c
1c
1c
1c
4c
1c
4c
2c
2c
2c4c
2c2c
2c
2c
2c
2c 2c2c
4c
4c
4c
4c
(d) P6, SC1
Fig. 15: Scheduling map ofS1.
0 5 1510 20 25 30 35
Fig. 16: PTS scheduling map ofS2.
P1 =
0 1 1 1 11 0 1 1 11 1 0 1 11 1 1 0 11 1 1 1 0
P2 =
0 1 1 1 11 0 1 1 10 0 0 0 01 1 1 0 11 1 1 1 0
853
P3 =
0 1 0 0 00 0 1 0 00 0 0 1 00 0 0 0 11 0 0 0 0
P4 =
0 1 0 0 01 0 1 1 11 1 0 1 11 1 1 0 11 1 1 1 0
854
P5 =
0 0 1 0 01 0 1 1 11 1 0 1 11 1 1 0 11 1 1 1 0
P6 =
0 0 0 1 01 0 1 1 11 1 0 1 11 1 1 0 11 1 1 1 0
855
P7 =
0 0 0 0 11 0 1 1 11 1 0 1 11 1 1 0 11 1 1 1 0
P8 =
0 0 0 0 00 0 0 0 00 0 0 0 00 0 0 0 00 0 0 0 0
856
The numbers of the states in the release maps of each857
scheduling plan are close to each other. However, the schedul- 858
13
TABLE V: Uni-processor scheduler behaviors
P Super RM SMP1 (15572, 31333) (522, 787) (2632, 5921)P2 (13051, 24466) (521, 785) (2354, 4364)P3 (6700, 10480) (520, 774) (1503, 1935)P4 (13508, 25868) (522, 787) (2385, 4602)P5 (13321, 25536) (522, 787) (2353, 4538)P6 (13011, 24428) (522, 787) (2339, 4326)P7 (13676, 26076) (522, 787) (2427, 4649)P8 (5140, 7396) (515, 764) (1279, 1528)
ing maps differ greatly. The preemption matrixP1 (resp.,P8)859
represents that the RTS is under the preemptive (resp., non-860
preemptive) real-time scheduling; and the supervisor provides861
the most flexible (resp., restricted) behaviors. The preemption862
matrix P2 indicates that the real-time scheduling plan is that863
the execution ofτ3 cannot be preempted by any other task.864
The preemption matrixP3 represents that the execution ofτ1865
can be preempted byτ2, τ2 by τ3, τ3 by τ4, τ4 by τ5, and866
τ5 by τ1, respectively. Importantly, the release maps forP4,867
P5, P6, andP7, are isomorphic with the release map forP1.868
However, the scheduling maps are differ substantially from869
one another. The reason is thatP4, P5, P6, andP7 show that870
the execution ofτ1 can only be preempted byτ2, τ3, τ4, and871
τ5, respectively.872
2) Multi-processor system:873
Suppose that the tasks are running in an RTS that possesses874
two processors and their corresponding preemption-matrices875
are identical. We need to calculate the processor behavior876
based on each processor individually. Suppose that tasksτ1877
andτ2 are running in processorΞ1, andτ3 andτ4 are running878
in processorΞ2. Taskτ5 is a newly arrived task and is allowed879
to enter any processor. By applying preemption matrixP4880
to both Ξ1 and Ξ2, the corresponding supremal supervisors,881
release maps, and scheduling maps are recorded in Table VI.882
If task τ5 entersΞ1 (resp.,Ξ2), the corresponding new system883
behavior is represented byΞ′1 (resp.,Ξ′
2).884
TABLE VI: Multi-processor scheduler behaviors of ofS2
Ξ Super RM SMΞ1 (183, 209) (20, 21) (45, 54)Ξ2 (87, 101) (8, 9) (18, 22)Ξ′
1 (253, 313) (25, 26) (62, 76)Ξ′
2 (344, 424) (32, 35) (76, 98)
E. Example. 3.885
Consider a manufacturing cell as an example. As shown886
in Fig. 18, a robotR is utilized to transport two types of887
workpieces, W1 and W2, to a conveyor. Two pieces of W1888
(resp., W2) are released to the input bufferB1 (resp.,B2)889
simultaneously in every six (resp., three) seconds. The robot890
R has capacity one; and transporting each piece takes one891
second. Thus, we define two tasksτ1 = {0, 2, 6, 6} (resp.,892
τ2 = {0, 2, 3, 3}) to represent the transportion of the two893
pieces of W1 (resp., W2) byR, respectively. Consequently,894
we have a systemS = {τ1, τ2}. 895
Suppose that the preemption matrix with respect toS is 896
P1 =
(
0 01 0
)
. 897
The scheduling can be considered as an FP scheduling, i.e.,898
task τ1 cannot be preempted byτ2; and τ2 is allowed to be 899
preempted byτ1. In other words, the robot must transport the900
two W1’s in two adjacent seconds, but it is not necessary for901
transporting W2. By utilizing SCT, the supervisor calculated 902
by supcon is represented by a DES with 21 states and 27903
transitions. As shown in Fig. 19, the release (resp., scheduling) 904
map is represented by a generator with three (resp., six) states 905
and three (resp., six) transitions. As shown in Fig. 19(b), no 906
preemption scheduling sequences are found. This requires that 907
the robotR must transport the workpieces in the following908
order periodically: 909
W2, W2, W1, W1, W2, W2. 910
1B
2BR
Co
nve
yor
Fig. 18: Manufacturing cell.
2
2
1
(a) Release map
2c 2c
2c
2c
1c
1c
(b) Scheduling map
Fig. 19: FP scheduling.
Suppose that the preemption matrix is 911
P2 =
(
0 11 0
)
, 912
i.e., the real-time scheduling is preemptive. This means that 913
the robot can transport W1 and W2 in any order. By using SCT914
to calculate the supervisor, it is represented by a DES with 37 915
states and 55 transitions. As shown in Fig. 20, the release916
map (resp., scheduling map) is represented by a generator917
with four (resp., ten) states and five (resp., 14) transitions. 918
The scheduling map in Fig. 20(b) provides nine safe execution 919
sequences. 920
If we also require that, based onP2, the WCRT of taskτ1 921
beW1 = 5, i.e., the two W1’s must be transported in the first922
five seconds after their release, then we obtain a supervisor923
that is represented by a DES with 63 states and 91 transitions. 924
The release map is isomorphic with the map depicted in 20(a);925
and the scheduling map is displayed in Fig. 21. 926
14
2
2
1
21
(a) Release map
2c
1c
1c
2c
2c
1c
2c
2c
1c
1c
2c
2c
1c
2c
(b) Scheduling map
Fig. 20: Preemptive scheduling.
2c
1c
1c
2c
2c
1c1c
2c
2c1c
2c
2c
1c
1c
2c
2c
1c 2c
Fig. 21: Preemptive scheduling withW1 = 5.
VIII. D ISCUSSION927
A. Computational Complexity and Calculation Speed up928
The real-time scheduling is based on the computation of929
the supremal controllable sublanguage with respect to a finite930
DES. According to [13] and [24], the computation of the931
supremal controllable sublanguage with respect to a finite932
DES can be completed in polynomial time. Similar to [13],933
the computational complexity of the presented method in this934
article is characterized by 1) the modeling of a processor time935
unit as a distinct event in the DES framework and 2) the936
exponential growth in the number of states when synchronous937
product is utilized to combine individual tasks into the plant.938
The computational complexity of the supremal sublanguage939
of a specification isO(m2n2), wherem and n are the sizes940
of the final state set of the plantG and the specification941
S, respectively. Similar to [13], this remains a challenge in942
“scaling up” the proposed method for the real-time scheduling943
based on SCT. In the worst case, the synchronous product of944
two discrete-event systems, withx andy states, respectively,945
results in a more complex system withx · y states. A method946
to speed up the calculation is to reduce the number of states in947
the plant and specification. In order to achieve this goal, we948
divide the calculations into three steps. Each step considers949
different specifications as follows.950
• Step 1: nonblocking and matrix-based conditional-951
preemption specifications,952
• Step 2: nonblocking and WCET-based conditional-953
preemption specifications, and954
• Step 3: nonblocking and WCRT-based conditional-955
preemption specifications.956
As the commutative diagram shown in Fig. 22, Algo-957
rithm 1 is revised to be Algorithm 2, in which NS,958
PS, CS, and RS represent nonblocking specifications,959
matrix-based conditional-preemption specifications, WCET-960
based conditional-preemption specifications, and WCRT-based961
conditional-preemption specifications, respectively.962
S1 = sync (NS, PS)
sync (S1, CS)
sync (S2, RS)
S2
S3
supcon (Plant, S1)Super1
supcon
(Super1, CS)
Super2
Super3
supcon
(Super2, RS)
supcon (Plant, S2)
supcon (Plant, S3)
Fig. 22: Commutative diagram.
Algorithm 2 Supervisory control of RTS1. Build Plant bysync;2. Build S1, S2, and S3 bysync;3. Super1 =supcon (Plant, S1);4. Super2 =supcon (Super1, S2);5. Super3 =supcon (Super2, S3).
For example, the scheduling ofS1 based onP3 and SC1 963
can be calculated in the first two steps as listed in Table VII.964
Moreover, if we require that the WCRT of taskτ1 is W1 = 4, 965
only one such sequence exists, which is shown in Fig. 23.966
Accordingly,S1 can be scheduled in orderτ1τ2τ1τ2τ2. 967
TABLE VII: Uni-processor scheduler behaviors ofS1
Plant Spec Super RM SMSYS1 NS Super1 (69, 87) (6, 7) (24, 27)Super1 P3 Super2 (65, 82) (6, 7) (22, 24)Super2 SC1 Super3 (45, 52) (5, 5) (15, 15)
1c
2c2c
2c1c
1c
1c2c2c2c
1c1c 2c
2c2c
Fig. 23: Scheduling map ofS1 with P3, SC1, and SR1.
B. Comparison with the CW Model 968
In [13], a TDES model is proposed to represent periodic969
real-time tasks. A task is represented by a TDES 970
Gi = (Qi, Σi, δi, q0i, Qmi) 971
whereΣi consists of 972
• t: tick event, 973
• γi: the release event ofτi, 974
• αi: the execution ofτi is started, and 975
• βi: the execution ofτi is finished. 976
Suppose that after beingenabled, eventsγi, αi, andβi should 977
wait for tγi, tαi
, and tβiticks, respectively, until they are 978
eligible to occur. Formally, the timer bounds are 979
15
• γi :=
[0, 0],
if τi releases atr1,1
[Ti − tαi− tβi
, Ti − tαi− tβi
],
if (∀j > 1) τi releases atri,j
,980
• αi := [0, Di − tβi], and981
• βi := [tβi, tβi
].982
In the CW model [13],tβi= Ci. The regular languages983
utilized to describe the tasks represented by TDES/DES are984
different. In comparison, in the TDES (resp. DES) model, the985
processor execution of taskτi is represented byt (resp.ci).986
Consequently, in the TDES (resp. DES) model, the execution987
of different tasks is considered as the same (resp. different)988
events. Hence, in thesynchronous product, they will occur989
simultaneously (resp. separately). Forpreemptivereal-time990
scheduling,becasue ofthe nature of the real-time scheduling,991
the execution of two or more tasks within a uni-processor992
cannot happen simultaneously. Thus, the CW TDES model993
cannot be utilized to schedule real-time tasksconditionally-994
preemptively.995
Remark:996
Suppose that we have two substringss1 = c1c1 ands2 = c2997
under condition that existsw1, v1 ∈ Σ∗1, w1s1v1 ∈ L(G1) and998
existsw2, v2 ∈ Σ∗2, w2s2v2 ∈ L(G2). The execution ofs1 and999
s2 within a uni-processor needs to take three time units. Let1000
L1 = {s1} ⊂ Σ′∗1 and L2 = {s2} ⊂ Σ′∗
2 with Σ′1 = {c1} ⊂1001
Σ1 and Σ′2 = {c2} ⊂ Σ2, respectively. Theirsynchronous1002
product is L1||L2 = {c2c1c1, c1c2c1, c1c1c2}; it represents all1003
the possible executions correctly. Similarly, according to the1004
TDES model presented in [13],c1 and c2 are both replaced1005
by the tick event t. Thus, we can obtains1 = tt, s2 = t,1006
L1 = {s1} ⊂ Σ′∗1 , L2 = {s2} ⊂ Σ′∗
2 , Σ′1 = {t} ⊂ Σ1, and1007
Σ′2 = {t} ⊂ Σ2. The synchronous productof L1 and L2 is1008
L1||L2 = ∅. Evidently, this model cannot actually represent1009
real-time scheduling.1010
C. Comparison with (Time) Petri Nets Models1011
Recently, preemptive time Petri nets (pTPN) are developed1012
in [25], [26], and [27] to dynamically schedule real-time1013
systems. These studies have significant improvements in real-1014
time scheduling based on time Petri nets. However, the real-1015
time scheduling in [25], [26], and [27] can only be applied1016
to the FP real-time scheduling. To the best of our knowledge,1017
conditional-preemption is not addressed in these studies.For1018
example, by using the models proposed in [25], [26], and [27],1019
no fixed priority can be assigned to the tasks running in the1020
motivating example of the present paper. Consequently, the1021
real-time scheduling based on SCT is more general than the1022
pTPN model.1023
Real-time scheduling can also be modeled by Petri nets1024
(PN) with time constraints [28], [29]. However, the proposed1025
approach in [28] faces the schedulability conditions of the1026
offline scheduling problems; and finding the optimal offline1027
periodic schedule is a challenge. The problems of [28] are1028
addressed in [29]. However, it is arguable whether or not1029
that a PN with time constraints is a sufficiently general1030
model to schedule real-time systems. Furthermore, not all the1031
conditional specifications considered in the present paperare 1032
addressed in the PN model with time constraints. 1033
In comparison, in this study, by utilizing SCT offline, all the 1034
safe execution sequences can be found if any exist. Otherwise, 1035
the supervisor of the system is empty. On the basis, we con-1036
clude that the developed conditionally-preemptive scheduling 1037
algorithm is more general than the scheduling based on (time) 1038
Petri nets models. 1039
IX. CONCLUSION 1040
This study reports a formal constructive method for real-1041
time periodic tasks via a DES model. For both uni-processor1042
and multi-processor systems, the behavior of a processor1043
can be established by the synchronous product of the DES1044
models of all tasks running in it. The tasks can be sched-1045
uled without considering their priorities. This paper presents 1046
two sets of conditional-preemption specifications, i.e., matrix- 1047
based conditional-preemptions, and WCET-based conditional- 1048
preemptions. Moreover, in order to control the system to be1049
nonblocking and also limit the WCRT of the tasks, two corre-1050
sponding sets of specifications are developed. The formal SCT 1051
of DES can be considered as a rigorous analysis and synthesis1052
tool to schedule the RTS satisfying the hard deadlines. The1053
proceduresync in TCT is utilized to generate the plant and1054
global specifications. By utilizing the proceduresupcon, all 1055
the conditionally-preemptive safe execution sequences can be 1056
calculated. These sequences can provide more choices than the 1057
EDF, PTS, DPS scheduling algorithms and the TDES SCT-1058
based real-time scheduling proposed in [13]. In order to speed 1059
up the calculation, a commutative diagram is proposed to1060
calculate the supervisors in three steps. The off-line scheduling 1061
algorithm presented in this study can be applied in a practical 1062
context to schedule the real-world uni-processor and multi- 1063
processor systems. In future work, we will focus on the real-1064
time conditionally-preemptive scheduling of sporadic tasks. 1065
REFERENCES 1066
[1] L. Sha, T. Abdelzaher, K. E.Arzen, A. Cervin, T. Baker, A. Burns, 1067
G. Buttazzo, M. Caccamo, J. Lehoczky, and A. K. Mok, “Real time 1068
scheduling theory: A historical perspective,” Real-time systems, vol. 28, 1069
no. 2, pp. 101–155, 2004. 1070
[2] R. I. Davis, “A review of fixed priority and EDF schedulingfor hard 1071
real-time uniprocessor systems,”ACM SIGBED Review, vol. 11, no.1, 1072
pp. 8–19, 2014. 1073
[3] C. L. Liu and J. W. Layland, “Scheduling algorithms for multiprogram- 1074
ming in a hard real time environment,”J. Assoc. Comput. Mach., vol. 1075
20, no. 1, pp. 46–61, Jan. 1973. 1076
[4] M. S. Fineberg, and O. Serlin, “Multiprogramming for hybrid computa- 1077
tion,” in Proc. AFIPS Fall Joint Computing Conference, pp. 1–13, 1967. 1078
[5] J. Y. T. Leung, and J. Whitehead, “On the complexity of fixed- 1079
priority scheduling of periodic real-time tasks, ”Performance Evaluation 1080
(Netherlands), vol. 2, no. 4, pp. 237–250, 1982. 1081
[6] A. K. Mok, “ Fundamental design problems of distributed systems for1082
the hard-real-time environment,” Ph.D. Thesis, Department of Electrical1083
Engineering and Computer Science, Massachusetts Institute of Technol- 1084
ogy, Cambridge, Massachusetts, 1983. 1085
[7] M. L. Dertouzos, “Control robotics: the procedural control of physical 1086
processes,”in Proc. IFIP cong., pp. 807–813, 1974. 1087
[8] S. Baruah, R. Howell, and L. Rosier, “Algorithms and complexity 1088
concerning the preemptive scheduling of periodic real-time tasks on one 1089
processor,”Real-Time Syst., vol. 2, pp. 301–324, 1990. 1090
[9] R. R. Howell, M. K. Venkatrao, “On non-preemptive scheduling of 1091
recurring tasks using inserted idle time,”Inform. Comput. J., vol. 117, 1092
no. 1, pp. 50–62, 1995. 1093
16
[10] J. J. Li, L. C, Shu, J. J. Chen, and G. H. Li, “Energy-efficient scheduling1094
in nonpreemptive systems with real-time constraints,”IEEE Trans. Syst.1095
Man Cybern.: Syst., vol. 43, no. 2, pp. 332–344, 2013.1096
[11] Y. N. Xia, M. C. Zhou, X. Luo, S. C. Pang, and Q. S. Zhu, “A stochastic1097
approach to analysis of energy-aware DVS-enabled cloud datacenters,”1098
IEEE Trans. Syst. Man Cybern.: Syst., vol. 45, no. 1, pp. 73–83, 2015.1099
[12] D. Li, M. Li, X. Meng, and Y. Tian, “A hyperheuristic approach1100
for intercell scheduling with single processing machines and batch1101
processing machines,”IEEE Trans. Syst. Man Cybern.: Syst., vol. 45,1102
no. 2, pp. 315–325, 2015.1103
[13] P. C. Y. Chen and W. M. Wonham, “Real-time supervisory control of1104
a processor for non-preemptive execution of periodic tasks,” Real-Time1105
Syst., vol. 23, pp. 183–208, 2002.1106
[14] W. M. Wonham,Supervisory control of discrete-event systems, Depart-1107
ment of Electrical and Computer Engineering, University ofToronto,1108
2015. Available at http://www.control.utoronto.ca/DES.1109
[15] P. J. Ramadge and W. M. Wonham, “Supervisory control of aclass of1110
discrete event processes,”SIAM J. Contr. Optim., vol. 25, no. 1, pp.1111
206–230, 1987.1112
[16] A. Dhananjayan, T. S. Kiam, “A metric temporal logic specification1113
interface for real-time discrete-event control,”IEEE Trans. Syst. Man1114
Cybern.: Syst., vol. 44, no. 9, pp. 1204–1215, 2014.1115
[17] J. Ye, Z. W. Li, and A. Giua, “Decentralized supervisionof Petri nets1116
with a coordinator,”IEEE Trans. Syst. Man Cybern.: Syst., vol. 45, no.1117
6, pp. 955-966.1118
[18] D. You, S. G. Wang, M. C. Zhou, “Synthesis of monitor-based liveness-1119
enforcing supervisors for S3PR With ξ-Resources,”IEEE Trans. Syst.1120
Man Cybern.: Syst., vol. 45, no. 6, pp. 967-975.1121
[19] G. C. Buttazzo, M. Bertogna, and G. Yao, “Limited preemptive schedul-1122
ing for real-time systems. A survey,”IEEE Trans. Ind. Inform., vol. 9,1123
no. 1, pp. 3–15, 2013.1124
[20] Y. Wang and M. Saksena, “Scheduling fixed-priority tasks with pre-1125
emption threshold,” inProc. Proceedings of the Real-Time Computing1126
Systems and Applications, pp. 328–335, 1999.1127
[21] S. Baruah, “The limited-preemption uniprocessor scheduling of sporadic1128
task systems,”Real-Time Syst, 2005. in Proc, 17th Euromicro Conf.1129
Real-Time Syst., pp. 137–144, 2005.1130
[22] J. Y. T. Leung and M. L. Merrill, “A note on preemptive scheduling1131
of periodic real-time tasks,”Inform. Proc. Letters, vol. 11, no.3, pp.1132
115-1118, 1980.1133
[23] F. Singhoff, J. Legrand, L. Nana, and L. Marce, “Cheddar: A flexible1134
real time scheduling framework,” inProc. Int. ACM SIGAda Conf., pp.1135
1–8, 2004.1136
[24] P. J. Ramadge and W. M. Wonham, “The control of discrete event1137
systems,”Proceedings of the IEEE, vol. 77, no. 1, pp. 81-98, 1989.1138
[25] L. Carnevali, L. Ridi, and E. Vicario, “Putting preemptive time Petri1139
nets to work in a V-Model SW life cycle,”IEEE Trans. Softw. Eng.,1140
vol. 37, no. 6, pp. 826-844, 2011.1141
[26] I. Bicchierai, G. Bucci, L. Carnevali, and E. Vicario, “Combining UML-1142
MARTE and preemptive time Petri nets: an industrial case study,” IEEE1143
Trans. Ind. Inform., vol. 9, no.4, pp. 1806-1818, 2013.1144
[27] L. Carnevali, A. Pinzuti, and E. Vicario, “Compositional verification for1145
hierarchical scheduling of real-time systems,”IEEE Trans. Softw. Eng.,1146
vol. 39, no. 5, pp. 638-657, 2013.1147
[28] N. Q. Wu and M. C. Zhou, “Modeling, analysis and control of dual-arm1148
cluster tools with residency time constraint and activity time variation1149
based on Petri nets,”IEEE Trans. Autom. Sci. Eng., vol. 9, no. 2, pp.1150
446-454, 2012.1151
[29] Y. Qiao, N. Q. Wu, and M. C. Zhou, “Real-time scheduling of single-arm1152
cluster tools subject to residency time constraints and bounded activity1153
time variation,”IEEE Trans. Autom. Sci. Eng., vol. 9, no. 3, pp. 564-577,1154
2012.1155
Appendix 1.1156
Synthesis procedures in TCT [14]:1157
DES2 = allevents (DES1) is a marked one-state DES selflooped1158
with all the events of DES1.1159
DES= create(DES) is a new discrete-event system (DES). Option1160
1 allows fast user input via a sequence of prompts, resultingin direct1161
creation of a .DES file. Option 2 allows the user to create a text1162
(.ATS) file with any ASCII text editor; this file can be converted to1163
a .DES file using the TCT procedure FD.1164
True/False =isomorph (DES1, DES2) tests whether DES1 and1165
DES2 are identical up to renumbering of states (but with initial state1166
held fixed at 0); if so, their state correspondence is displayed.1167
DES2= project (DES1, [NULL/IMAGE EVENTS]) is a generator 1168
of the projected closed and marked languages of DES1, under the 1169
natural projection specified by the listed Null or Image events. In 1170
decentralized control, DES2 could be an observer’s local model of 1171
DES1. 1172
DES2 = relabel (DES1, [OLD-NEW EVENT LABEL PAIRS]) 1173
coincides with DES1, except for a mapping of specified event labels 1174
in DES1; unmapped labels are unchanged. Not for use with vocalized 1175
DES. 1176
DES3= supcon(DES1, DES2) is a trim generator for the supremal1177
controllable sublanguage of the marked legal language generated 1178
by DES2 with respect to the plant DES1. DES3 provides a proper1179
supervisor for DES1. 1180
DES3 = sync (DES1, DES2) is the (reachable) synchronous1181
product of DES1 and DES2. 1182
Appendix 2. 1183
Corresponding TCTMAKEIT file for TASK3 and TASK4: 1184
TASK2 = create (TASK2, [mark 0, 1, 2, 3, 4, 9, 10, 15, 16, 21,1185
22], [tran [0, 0, 1], [0, 19, 1], [0, 39, 1], [0, 49, 1], [1, 0, 2], [1, 19, 1186
2], [1, 39, 2], [1, 49, 2], [2, 0, 3], [2, 19, 3], [2, 39, 3], [2, 49, 3], [3, 1187
20, 4], [4, 19, 10], [4, 21, 5], [4, 39, 10], [4, 49, 10], [5, 19,11], [5, 1188
29, 6], [5, 39, 11], [5, 49, 11], [6, 19, 12], [6, 29, 7], [6, 39,12], [6, 1189
49, 12], [7, 19, 13], [7, 29, 8], [7, 39, 13], [7, 49, 13], [8, 22, 9], [9, 1190
0, 15], [9, 19, 15], [9, 39, 15], [9, 49, 15], [10, 19, 16], [10,21, 11], 1191
[10, 39, 16], [10, 49, 16], [11, 19, 17], [11, 29, 12], [11, 39,17], [11, 1192
49, 17], [12, 19, 18], [12, 29, 13], [12, 39, 18], [12, 49, 18],[13, 19, 1193
19], [13, 29, 14], [13, 39, 19], [13, 49, 19], [14, 22, 15], [15, 0, 21], 1194
[15, 19, 21], [15, 39, 21], [15, 49, 21], [16, 19, 22], [16, 21,17], [16, 1195
39, 22], [16, 49, 22], [17, 19, 23], [17, 29, 18], [17, 39, 23],[17, 49, 1196
23], [18, 19, 24], [18, 29, 19], [18, 39, 24], [18, 49, 24], [19, 19, 1197
25], [19, 29, 20], [19, 39, 25], [19, 49, 25], [20, 22, 21], [21, 0, 3], 1198
[21, 19, 3], [21, 39, 3], [21, 49, 3], [22, 21, 23], [23, 29, 24], [24, 1199
29, 25], [25, 29, 26], [26, 22, 3]]) (28, 81) 1200
Appendix 3. 1201
The generated files for the specifications are recorded. 1202
1. Nonblocking specifications: 1203
SN1 = allevents (TASK1) (1, 8) 1204
SN2 = allevents (TASK2) (1, 8) 1205
SN3 = allevents (TASK3) (1, 8) 1206
SN4 = allevents (TASK4) (1, 8) 1207
2. Matrix-based conditional-preemption specifications: 1208
SP1 =create (SP1, [mark 0], [tran [0, 0, 0], [0, 11, 1], [0, 29, 0],1209
[0, 39, 0], [0, 49, 0], [1, 12, 0], [1, 19, 1]]) (2, 7) 1210
SP2 =create (SP2, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 39, 0],1211
[0, 49, 0], [0, 21, 1], [1, 22, 0], [1, 29, 1]]) (2, 7) 1212
SP4 =create (SP4, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 29, 0],1213
[0, 39, 0], [0, 41, 1], [1, 42, 0], [1, 49, 1]]) (2, 7) 1214
SP12 =create (SP12, [mark 0], [tran [0, 0, 0], [0, 11, 1], [0, 29,1215
0], [0, 39, 0], [0, 49, 0], [1, 12, 0], [1, 19, 1], [1, 29, 1]]) (2, 8) 1216
SP24 =create (SP24, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 21,1217
1], [0, 39, 0], [0, 49, 0], [1, 22, 0], [1, 29, 1], [1, 49, 1]]) (2, 8) 1218
SP41 =create (SP41, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 29,1219
0], [0, 39, 0], [0, 41, 1], [1, 19, 1], [1, 42, 0], [1, 49, 1]]) (2, 8) 1220
SP134 =create (SP134, [mark 0], [tran [0, 0, 0], [0, 11, 1], [0,1221
29, 0], [0, 39, 0], [0, 49, 0], [1, 12, 0], [1, 19, 1], [1, 39, 1],[1, 49, 1222
1]]) (2, 9) 1223
3. WCET-based conditional-preemption specifications: 1224
SC1 =create (SC1, [mark 0], [tran [0, 0, 0], [0, 11, 1], [0, 29, 0],1225
[0, 39, 0], [0, 49, 0], [1, 19, 2], [1, 29, 1], [1, 39, 1], [1, 49,1], [2, 1226
19, 3], [2, 39, 2], [2, 49, 2], [3, 12, 0], [3, 19, 3], [3, 29, 3],[3, 39, 1227
3], [3, 49, 3]]) (4, 17) 1228
SC2 =create (SC2, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 21, 1],1229
[0, 39, 0], [0, 49, 0], [1, 19, 1], [1, 29, 2], [1, 39, 1], [1, 49,1], [2, 1230
19, 2], [2, 29, 3], [2, 39, 2], [2, 49, 2], [3, 29, 4], [3, 39, 3],[3, 49, 1231
3], [4, 19, 4], [4, 22, 0], [4, 39, 4], [4, 49, 4]]) (5, 20) 1232
SC3 =create (SC1, [mark 0], [tran [0, 0, 0], [0, 11, 1], [0, 29, 0],1233
[0, 39, 0], [0, 49, 0], [1, 19, 2], [1, 29, 1], [1, 39, 1], [1, 49,1], [2, 1234
17
19, 3], [2, 29, 2], [2, 39, 2], [3, 12, 0], [3, 19, 3], [3, 29, 3],[3, 39,1235
3], [3, 49, 3]]) (4, 17)1236
SC4 =create (SC2, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 21, 1],1237
[0, 39, 0], [0, 49, 0], [1, 19, 1], [1, 29, 2], [1, 39, 1], [1, 49,1], [2,1238
19, 2], [2, 29, 3], [2, 39, 2], [2, 49, 2], [3, 29, 4], [3, 19, 3],[3, 39,1239
3], [4, 19, 4], [4, 22, 0], [4, 39, 4], [4, 49, 4]]) (5, 20)1240
4. WCRT-based conditional-preemption specifications:1241
SR1 = create (SR1, [mark 0], [tran [0, 0, 0], [0, 10, 1], [0, 29,1242
0], [0, 39, 0], [0, 49, 0], [1, 19, 2], [1, 29, 2], [1, 39, 2], [1,49, 2],1243
[2, 12, 0], [2, 19, 3], [2, 29, 3], [2, 39, 3], [2, 49, 3], [3, 12,0], [3,1244
19, 4], [3, 29, 4], [3, 39, 4], [3, 49, 4], [4, 12, 0], [4, 19, 5],[4, 29,1245
5], [4, 39, 5], [4, 49, 5], [5, 12, 0]]) (6, 25)1246
SR4 =create (SR4, [mark 0], [tran [0, 0, 0], [0, 19, 0], [0, 29, 0],1247
[0, 39, 0], [0, 40, 1], [1, 19, 2], [1, 29, 2], [1, 39, 2], [1, 49,2], [2,1248
19, 3], [2, 29, 3], [2, 39, 3], [2, 42, 0], [3, 42, 0]]) (4, 15)1249