Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
HighTec EDV-Systeme
Feldmannstrae 98
D-66119 Saarbr
ucken
1 Introduction
Tasks and Handlers
Object Management in PXROS-HR
Time and Memory Management
Scheduling
2 Initialization
3 Tasks
Tasks
Access rights
Memory Protection of TriCore
4 Communication
Messages
Examples
Events
5 Object Id
Meaning
PXROS-HR means
P ortable
e X tendible
R ealtime
O perating
S ystem
-
H igh
R eliabilty
Realtime
Definition
A system can be called realtime, if its correctness is not solely subject to
the output values it creates, but also to the times when these output
values are available.
Soft realtime
Violation of time requirements for part of the events is tolerable
In case of deviations from defined deadlines, the result can still be
correct and may be processed.
Hard realtime
Violation of time requirement leads to unusable results or damage
In systems that are subject to hard realtime, the meeting of deadlines
has to be guaranteed; individual deadlines must not be missed.
Encapsulation
Model concept: tasks run on different processors
Tasks have their own independent resources
Error in one task does not affect the whole system
Communication between tasks only per messages and events
Tasks have client/server relations
PXROS-HR Concepts
PXROS-HR
Implements a safe environment to execute any applications
PXROS-HR Concepts
Features of PXROS-HR
Hardware requirements
Distinction between privileged and non-privileged modes
The highest privileged mode (supervisor mode) is reserved for the
PXROS-HR kernel
All tasks are executed in a less privileged mode (User-0 and User-1)
Memory protection mechanism with small granularity
The TriCore protection registers allow protection of memory areas of
any size
Features of PXROS-HR
Tasks
Have their own address space
Act as independent modules which process complex subprograms
Are arranged by priorities
Handlers
Act as interrupt service routines
Can be activated by hardware or software events
Interrupt tasks and operating system functions.
PXROS is object-based
Objects are converted from general, unused standard objects to
special objects
Objects can only be modified by PXROS functions
Modification is only possible if access to the object is available
Number of objects remains constant
Legende
Standardobjekt
Objektpool
Mailbox
Nachrichtenobjekt / Message
Delay-Job
Procedure
Request an object from PXROS
Use the special object
Release to operating system
Available as general object again
Time Management
Memory Management
Memory Classes
PXROS manages the working memory by means of memory classes
Different classes are possible for different parts of the application
A task can request memory from PXROS
Scheduling Procedures I
Definition
Scheduling means a strategy for allocating a shared resource to the
concurrent processes within a realtime system.
Targets
Meeting realtime requirements
Optimal utilisation of the processor
Scheduling Procedures II
Non-superseding scheduling
The active task occupies the processor until the processor is
voluntarily released by the task
Superseding scheduling
Tasks can be interrupted
The time of interruption is not predictable
The processor state must be saved
Priority scheme
Handler
Handlers have always a higher
priority than tasks
Task
The task priority controls the
scheduling behaviour
Initialization
Initialization
return ;
}
_PxInitcall ( __enable_asc );
Initialization workflow
I n i t H a r d w a r e I n S u p e r v i s o r ();
Initialization workflow
PxInit () schedules the first task in the system, the so called InitTask,
which runs in user 0 or user 1 mode. In this task the other tasks of the
system are created and started:
static void InitTask_Func ( PxTask_t myID , PxMbx_t myMailbox , PxEvents_t m y A c t i v a t i o n E v e n t s )
{
/* Start PXROS time base with HZ ( defined in clock . h ) ticks per second . */
TicksInit (1000);
/* Install Errorfunction */
P xS et Me s sa ge F un ( errmsg );
Initialization workflow
Having created and activated all other tasks the InitTask typically
reduces its priority to the lowest and runs an endless loop to keep the
controller busy, if no other task is ready:
PxTaskSetPrio ( PxGetId () , MINPRIO );
while (1)
{
;
}
In the first case you see in a PXVIEW recording how long the initask
became busy.
PXROS Tasks
Independent subsystem
Can wait for 32 events
Has its own mailbox
Program code runs in an infinite loop
Has its own stack and local variables
Is separated from other tasks by encapsulation
Has its own protected address space
Tasks have a unique ID/reference
PXROS Tasks
PXROS Tasks
typical tasks
tasks
Control (high priority)
Monitoring
Communication
Evaluation and background checks (low priority)
Task States
States
waiting awaits events and messages
ready is ready and awaits activation
active is processed
Task Function
Task Creation
Access rights I
One of the main task properties are the tasks access rights:
PXACCESS_HANDLERS
The right to execute PxHndcalls and install interrupt
handlers with system priveleges
PXACCESS_INSTALL_HANDLERS
The right to install interrupt handlers which are executed
as PXROS handlers like delay jobs and normal interrupts
PXACCESS_INSTALL_SERVICES
The right to install PXROS services as handlers
Access rights II
PXACCESS_REGISTERS
The right to execute system functions with access to
special core registers
PXACCESS_SYSTEMDEFAULT
The right to allocate from the system default resources
PXMcSystemdefault and PXOpoolSystemdefault
PXACCESS_SYSTEM_CONTROL
The right to execute special system function like
PxTaskSuspend which can influence the system behaviour
PXACCESS_RESOURCES
The right to access resources which are not owned by the
task itself.
PXACCESS_NEW_RESOURCES
The right to define new resources
Protection Registers I
Memory Protection
Encapsulate components using (2 code and 4 data) protection registers
in supervisor and user mode.
Each protection register configures
upper bound
lower bound
control (read, write, execute)
TriCore offers hardware based memory protection.
Protection Registers II
It is possible to create additional protected areas for a task, e.g. for the
memory of an external device:
static const P x P r o t e c t R e g i o n _ T D i s p l a y T a s k R e g i o n s [] = {
{( PxUInt_t ) DISPLAY_MEMORY_START , ( PxUInt_t ) DISPLAY_MEMORY_END , WRProtection } ,
{0 , 0 , 0};
};
...
. ts_protect_region = DisplayTaskRegions ,
Supervisor
Access to: all on-chip peripherals, external
peripheral devices, core SFR.
User-1
Access to: non protected on-chip peripherals
and external peripheral devices.
User-0
No access to: peripheral devices and core SFR.
Supervisor
Access to: all on-chip peripherals, external
peripheral devices, core SFR.
User-1
Access to: non protected on-chip peripherals
and external peripheral devices.
User-0
No access to: peripheral devices and core SFR.
Supervisor
Access to: all on-chip peripherals, external
peripheral devices, core SFR.
User-1
Access to: non protected on-chip peripherals
and external peripheral devices.
User-0
No access to: peripheral devices and core SFR.
Communication Mechanisms
Exchange of Messages
Data exchange between tasks is done by sending messsages to
mailboxes
Messages must be allocated or received before they can be used
Mailboxes can never overflow
Signalling Events
Reporting status changes
Events are signalled and stored for each task
Transmission from task to task or
From handler to task
A task can await messages and events simultaneously
Messages
Messages
Only the task which currently uses the message has read/write
access to the content
Messages are either stored in mailboxes or used by tasks
The owner of a message can set write protection for the content
Mailbox
Mailbox
Model
Message Management
Message Design
Requesting Messages
Receiving Messages
ReceiveMsg
Task always receives messages from a
SendMsg
PxMsgReceive
mailbox
PxMsgRequest
Mailbox can be the private mailbox of the
PxMsgGetData
liefert Zeiger
auf Datenbereich task, or a general, public mailbox
PxMsgGetData
liefert Zeiger
auf Datenbereich
Daten auslesen
When message is received, authorisation
und auswerten
Nachrichtendaten
ausfllen
for access to data in message must be
Datenbereich neu
ausf.llen
PxMsgRelease
obtained
PxMsgSend
Task can await messages and events
PxMsgSend
simultaneously at the mailbox
After use, always release message or pass
on
Characteristics
Messages - Procedure I
Messages - Procedure II
Mailbox handler
Message Pools
Message pools
You may use a mailbox as a message pool to ensure the availability of
messages.
Example Messages
Description
PXROS message exchange
I/O server and client
Asynchronous communication
Example Messages
Task1
Client for I/O server
Infinite loop
Assigns output to Task2
Task2
I/O server
Infinite loop
Awaits jobs at mailbox and processes them
Events
Events
Events - Procedure
Object Ids
6 Time Management
Delay Job
Timeouts
Periodical Events
Examples
7 Object Management
Object Management
8 Handlers
Handlers
Installing handlers
9 Name Server
Time Management
Time Management
Delay Job
PxDelayRequest
PxDelaySched(t=100)
Request delay object / alarm
Scheduler plans delay job
Abbrechen?
Example - Description
Description
PXROS event mechanism
Two tasks sending messages to each other
Task 1
Infinite loop
Signals event EV_MESSAGE to Task2 ten times and awaits event
EV_MESSAGE
Awaits event EV_CONTINUE
Timeouts
PxToInit(100,EV_TO)
Periodical Events
Description
PXROS event mechanism
Two tasks sending messages to each other
Using timeout services
Task 1
Infinite loop
Signals event EV_MESSAGE to Task2 ten times and awaits event
EV_MESSAGE
Awaits event EV_CONTINUE
Task 2
Infinite loop
Waits 1 second at most for event EV_MESSAGE
If EV_MESSAGE is received, it is passed on to Task1
If waiting period has expired, signal EV_CONTINUE to Task1
Description
PXROS message exchange
I/O server and client for I/O server
Asynchronous communication
Task2 starts periodical event handler and creates appropriate output
Task1
Client for I/O server
Infinite loop
Assigns output to Task2
Task2
I/O server
Infinite loop
Awaits jobs at mailbox and processes them
Object Management
Object Pools
Realer Objektpool
Virtueller Objektpool
Handlers
PXROS-HR services
Name Server
Types
typedef union {
unsigned char part [4];
unsigned int id ;
} PxNameId_t;
Services
Register Data at the Name Server
PxError_t PxNameRegister(PxNameId_t, PxSize_t, void const )
Change the registered data
PxError_t PxNameReRegister(PxNameId_t, PxSize_t, void const )
Query the registered data
PxError_t PxNameQuery(PxNameId_t, PxSize_t, void , PxSize_t )
11 Error handling
13 PxMonitor
15 PXview
Error handling
There are several ways how PXROS signals the occurrance of an error:
The object identifier contains an error value.
A PXROS function returns an error of type PxError_t
A PXROS error code is stored in the tasks context
The function PxRegisterRead for example returns the content of the
given register or 0 if the task has no right to access the register. But
this function may return a 0 as register content.
In this case, a call of PxGetError() returns the last PXROS error code
PxSetError() clears this value.
Error function
if ( MyId == id )
// I caused the trap -> severe error !
PxPanic ();
if ( id == N o t I m p o r t a n t T a s k I d )
{
P x T a s k S u s p e n d _ P x h n d ( id );
P x T a s k S i g n a l E v e n t _ H n d ( MyId , E V _ K I L L _ T H E _ N O T _ I M P O R T A N T _ T A S K )
return true ;
}
// We could not solve the problem , let the trap handler force a software reset
return false ;
}
PxMonitor
PxMonitor benefits
The reloaded task can exchange communication data like mailbox ids via
the nameserver and can interact with the base system sending messages
to these mailboxes.
Shared libraries
Steps
Change PXROS calls and structures
Assign data to tasks
Use nameserver for former global data used by several tasks
Separate task into own projects / libraries
Use the MPU
Set tasks to user 0 mode, where possible
Restrict access rights
Encapsulate remaining global data
PXROS
Object ids are pointer to system memory
Most functions return an error code
Tasks do not need special rights to use PXROS services
Task-global data stored in common data area
Global data used by different tasks
PXROS-HR
Object ids are an index to internal tables plus an error code
Most functions return an object identifier
Task need appropriate access rights to use some PXROS-HR features
Task-global data stored in task specific data area
Global data may not be used by different tasks
In PXROS-HR task specific global data like task stack, other task
ids or mailboxes, are collected into an own data area
Thie data area is assigned to the task by the linker description file
In the task specification the base and end address of this area are
entered into a task context structure
PXROS-HR sets the appropriate MPU register pair to these values
to prevent task access beyond these borders
Example
# pragma section . L e d S e r v e r _ d a t a _ b e g i n 4 aw
static int L e d S e r v e r _ d a t a _ b a s e [0];
# pragma section
...
PxUInt_t GlobalVar ;
...
# pragma section . L e d S e r v e r _ d a t a _ e n d 4 aw
static int L e d S e r v e r _ d a t a _ e n d [0];
# pragma section
static const P xT as kC o nt ex t _T L e d S e r v e r _ C o n t e x t =
{
. protection [0] = // read only area inherited by creator
{
. lowerBound = 0 ,
. upperBound = 0 ,
. prot = N o A c c e s s P r o t e c t i o n
},
. protection [1] =
{
. lowerBound = ( PxUInt_t ) LedServer_data_base ,
. upperBound = ( PxUInt_t ) LedServer_data_end ,
. prot = WRProtection
}
};
const PxTaskSpec_T L edServe r_Spec =
{
...
. ts_context = & LedServer_Context ,
...
};
UserTask:
extern PxTask_t PartnerId ;
extern PxMbx_t PartnerM ailbox ;
...
P x T a s k Si g n a l E v e n t s ( PartnerId , EV_WAKEUP );
Err = PxMsgSend (& Msg , Pa rtnerMai lbox );
...
# define P a r t n e r I d _ N A M E S E R V E R I D (( PxNameId_t ){ _ _ P a r t n e r I d _ N A M E S E R V E R I D })
# define P a r t n e r M a i l b o x _ N A M E S E R V E R I D (( PxNameId_t ){ _ _ P a r t n e r M a i l b o x _ N A M E S E R V E R I D })
Creator:
CPartnerId = PxTaskCreate ( PXOpoolTaskdefault , & Partner_Spec , PARTNER_PRIO , P A R T N E R _ A C T I V A T I O N _ E V E N T S );
if ( PxTaskIdError ( CPartnerId ) != PXERR_NOERROR )
PxPanic ();
if ( PxNameR egister ( PartnerId_NAMESERVERID , sizeof ( PxTask_t ) , & CPartnerId ) != PXERR_NOERROR )
PxPanic ();
_mbx = PxTaskGetMbx ( CPartnerId );
if ( PxNameR egister ( PartnerMailbox_NAMESERVERID , sizeof ( PxMbx_t ) , & _mbx ) != PXERR_NOERROR )
PxPanic ();
User:
if ( PxNameQuery ( PartnerId_NAMESERVERID , sizeof ( PxTask_t ) ,& PartnerId ,0) != PXERR_NOERROR )
PxPanic ();
if ( PxNameQuery ( PartnerMailbox_NAMESERVERID , sizeof ( PxMbx_t ) ,& PartnerMailbox ,0) != PXERR_NOERROR )
PxPanic ();
In the first steps it might be useful to let all task access the
complete memory
In this step the task specific data areas will be configured and
passed to the MPU
Additional protection areas for the appropriate tasks must be
configured
In the first steps it might be useful to let all task run in user 1 mode
In this step all tasks with no access to peripherals run in user 0 mode
Task that have non time critical access to peripherals run in user 0
mode, too
These tasks use the PxRegister ... functions
In the first steps it might be useful to give all access rights to all
tasks
In this step the access rights are reduced to the rights needed
PXview