 So, as Kavi said I have been working in this area for too many years started with very simple academic problems like scheduling problems and some of you seem to have been exposed to this already. So, I will be very careful in what I say. And then went on to look at the problem of how do you have system support built around the scheduling algorithms and you will see why that is required and what I mean by system support in the course of the lecture. Then we saw that there was not enough processing and architectural work to support these systems buses and connection protocols and all that. Then we found there are no not enough tools to support these architectural systems for real time purposes went into tools. So, I looked at the whole end to end spectrum of issues in the real time area. And here we have a nice robotics lab where we have put in some of those learnings to work in a slightly different context from what I have been doing before. So, you will probably see a fair amount of examples from the experience that we have gathered over the years. So, here is a question for you which of these would you consider as a real time event all of these involve time correct. The quiz is a real time event because it is at 7 o'clock. So, sunset today is at 6.42 actually that is a real time event. What if you do not get there at 6.30 that is arrival time which is a real time event. What if you get there at 6.45 you have missed it. What is the consequence of that nothing will go on sunrise tomorrow you just miss the beautiful opportunity. So, the quality of what you get from your visit to IIT is decrease somewhat from that single missing of a deadline, but nothing catastrophic happens right unless you are sort of an outdoors lover and you think that your whole experience is 0 because you have missed the sunset which is possible, but not likely. Only for the entertainment program. So, none of these are what we would call as what what kind of real time all of them are soft in some sense some of them are soft some of them are not quite soft some of them have a real deadline. The sunset is at 6.42 you go there at 6.45 it is not there. If you go to the quiz at 7.05 you can still participate in the quiz right it is not quite soft in the sense of the sunset, but it is still soft. So, can we characterize these differences between various types of real time not simply for the purpose of theoretical analysis, but also from system support scheduling and those kinds of points of view that is what we will do today. Let us take a look at the examples that Kavi introduced to you before which of these has real time components. They are all embedded in some sense they have embedded components in them, but which of them have real time embedded components summary in us because there are lots of sensors which are being processed. The car of course has real time components even the car if you look at it car has some critical real time components such as braking the automatic cruise control things like that. Also non embedded non real time, but embedded components like the ones that are used to move the window up and down the ones that control the the entertainment component of the car things like that. So, we have embedded we have real time we have real time embedded not everything that is embedded needs to be real time not everything that is real time needs to be embedded right. For example, if you look at the jet aircraft it has a very small embedded computer, but the real time part of it is very very important the number of cycles we have to do per second is very tightly controlled otherwise the aircrafts control will be unstable. Whereas, if you look at the submarine it has got both embedded and real time some are real time some are embedded, but not both. So, there is a combination of these things right. So, in this today's sequence you will see examples of both kinds of combinations non real time embedded non embedded real time and you can imagine the other combinations ok. So, the question then is what is real time? So, if you think of the term real time what are the key phrases that come to mind and so what are the key phrases that come to you play this game right I get I give you a word you tell me what comes to your mind immediately that is that sort of game is what we are playing now. When I say real time what are the key phrases that come to mind predictability time deadline performance latency time or response time priorities. So, everything we have considered so far are requirements priorities is a sort of an artifact which is embedded inside the system and how do you assign priorities is the question right. Any other reliability robustness control fast nobody mentioned fast, but fast is a relative term and that is what we will see now. So, for a long time and even today if you ask many people what they are doing they for example, when they are browsing the network the internet and ask them what kind of activity they involved in they would characterize that as real time activity because it is called interaction between humans and computer right. There is a certain sense in which is real time in the sense that the faster it is the better the responsive the user will be to the internet and back and forth. So, what we will do is to ask the question is fast good enough and from the kinds of responses that we got from you I think already sold in the idea that fast is not good enough for example, I will just go through these looking like a cartoon. The moment the environment changes what is the environment here for the mouse is uncontrolled it is not constrained it can just take its own sweet time to push the cheese out. What will be a constrained environment for this if the cheese is kept inside the mouse trap and there is a certain time that the mouse trap takes to close the door. If the mouse knows about it it can quickly go in and come out if it does not know about it will take it could take its own sweet time to bring the cheese out. So, knowledge of the environment is very critical for real time purposes you cannot say it work today well in this environment. So, it can be expected to work well in the other environment also that is where things go wrong usually the software is sort of taken from one box and put another not realizing that the boxes are very different the things surrounding that software component is very different the kinds of signals you get from the outside very different that is where most of the systems go wrong when they use reuse components. So, we have a fly here what is the real time constraint for a fly if it were to escape is there somebody with the fly swatter if there is there you have to know how fast somebody can swat the fly. So, you have to know about again characteristics of the environment. So, this is what the says the mouse trap fly swatter what you have is that the environment typically cannot be slowed down you have to work with what is there and design the system accordingly. So, that is the real world. So, going back to the slide that I skipped we have a computer world that we all use with PC based or laptop based whatever where the response time from the user is based on interactivity if it takes longer you get annoyed. For example, in the case of interactions with the internet studies have shown that about 8 seconds worth of delays can be tolerated by most humans. Because that is the time that you need to think about what to do with what is going to come to you beyond that you start to drop off. So, there is something called stickiness of websites for example, you stick to a website if the response of this of the website to you is about 8 seconds otherwise you give a different URL and go on. So, sites are very conscious about this this is not hard real time it has consequences for missing that deadline of 8 seconds not to you you may find the same camera and other web store, but for the company it is a consequence and if many of them happen in a row then it is going to lose some more of his revenues. So, all of this is computer time the important thing to realize here is that the computer controls the speed of the user it is not in your hands. Whereas, here the examples are industrial systems airplanes and you have seen the pictures before events occur in the environment at their own speed you have no control over them the reaction is too slow deadlines will be missed reaction can be damaged loss of human life and sometimes simply quality of service is reduced your experiences of a low quality. So, as opposed to user with following the computer speed here we have the computer following the user speed user meaning the environment. So, here is a caricature of what a normal real time system looks like we have sensors which produce data or events. So, event could have some data attached to it right speed of a car temperature of a room things like that. So, that is the data and computer system absorbs it consumes it and performs an action. So, for example, you sitting in this hall here there are sensors all around temperature sense all around it is not quite the case here let us assume which measures the temperature and if the temperature goes above 35 or 30 let us say kicks in the AC's turns them on and observes the temperature continuously. So, it goes below 28 stops them and so on that is basically what we are talking about and in general it could be distributed sensors could be all around the room or be aggregated the average goes below some threshold then the AC's will be stopped if the average goes above it will be turned on. So, you have a range which is comfortable that is what is being controlled and if the AC's take an hour to turn on or the control system take an hour to decide clearly our comfortable will go down. So, that is why these actions are be taken in a predefined time interval here it is not consequential catastrophically consequential, but in general it could be for example, applying brakes if you take your own free time you can imagine what is going to happen. So, I want to take you through a very specific real world example hopefully you can see the yeah it is quite clear there also this is what is called as an aircraft flight simulator before pilots are allowed to fly they have to log about 200 hours of their time on these flight simulators. So, these have to be as high fidelity as possible meaning that they should mimic the exact reactions of the aircraft and the environment in which the aircraft will fly and so quite a bit of care is taken to make sure that even the simulators react the same way as a flight would. So, here is what is happening there are three parts to this one is the user or pilot end that is this box is got lots of these components at this part is the simulator which is part of the server simulator in terms intern talks to something called hardware in the loop the wings the spoilers and the tanks for the fuel everything that will control the quality the stability of the aircraft which have to be controlled by positioning the aircrafts altitude slope of travel whole navigation system. So, what are the time constraints here time constraints have to be given in terms of responses to pilot inputs and pilot input is based on what perception of the state of the aircraft if the pilot wants to go to 10,000 meters or 10,000 feet high height then the pilot should be told what the current height is the pilot is told is 9,000 feet there is one more thousand to maneuver if the pilot is told is 9,000, but the actual height is 9,500 they will have a mistake in the control. So, there is obviously need to sample the aircraft state and give the correct state to the user. So, can you sort of guess what these numbers might be and where they are required first of all the joystick is sort of a caricature for all the different types of control. So, input comes through something like a joystick through a port it is read by the pilot or the client written to the network to be fed to the server the server maintains the flight dynamics meaning the current state of the aircraft nowhere which comes in turn from input from the actual position of the aircraft the various hardware in the loop components which are on this side. So, this is where the loop completes as far as the hardware is concerned this is where the loop completes as far as the input is concerned it will change the current position and other parameters. So, both of these contribute to the flight dynamics state computation. So, this has to be this loop has to be done every so often that is one very periodic activity and here the input might come be fed into this and come back here there are two types of timing constraints I mentioned one here in the context of the flight dynamics in addition to that there are two from the client's point of view. One is how soon can the pilot give a second input compared to the first input for example, all of you have done double clicking on the mouse right. If the second click is not immediate after the first click it would not be construed as a double click. So, there is a time constraint there you probably did not realize that in an explicit way the device driver knows that the second click is within a delta of the first click. So, consider that be one event since that is the operating system. Similarly here when should two inputs from the pilot be viewed as two inputs and not one input and as it turns out these timing constraints are all specified by the by an international organization based in Montreal. So, there they have specified these time constraints so that anybody can build a simulator and if you go from simulator of company X to Y you can still fly the aircraft same aircraft and these are also the same software that run on the flights themselves so everything is standardized. So, I will come to the numbers this will give you an idea this is 18 milliseconds in terms of saying that if two inputs come within 18 milliseconds the second input can be discarded the pilot is simply over anxious. The second is that in the in the olden days you know what used to happen when you send a stock market buy command through the internet or if you go to a website to buy a book and they say yes I am willing to pay for the book people waited for a while the response did not come back they will press again they will have two books at the doorstep. Now, there is a warning saying until the window is changed do not press this button again. In fact, a lot of people lost money on the stock market by selling or buying too many times all of these cautionary things have happened over the years just by experience same thing here also it can have even more catastrophic consequences right. So, the second type of constraint is how long does it take for the system to respond to a user's input and that depends on the path that is taken for the input to go we made available to the flight dynamics box and the feedback coming back to the pilot through an AV module saying the input has been recognized. That whole path is about 150 milliseconds that is a constraint specified by the standardization committee and it is 200 milliseconds for commercial aircrafts 150 for fighter aircrafts I will come to that these numbers again. So, this is our kind of embedded real-time system for sure right this is called avionics and the avionics is the most difficult component of the software on a flight there are lots of others for example, which control the lights from the overhead lights for reading lights the entertainment system they are not obviously, as stringent or critical as these are. So, these are compartmentalized in the case of an aircraft there are separate processors which are run in replicated mode for these and not for the others. Let us take a more mundane non real-time example or what is seemingly non real-time and see where time constraints come from the previous case time constraints are given by somebody. This is often what happens we as software engineers have to pay the price of some control engineer sitting in some other room having decided for us. So, it is important you know some control theory also and for you do not have time in this today's sequence to do that in a regular course which is sinister long we have at least a few lectures in control theory. So, as to give us some confidence in being able to talk back to the control engineer saying look you may have some leeway in your decision making can you pass it to us and why would you do that you may be given more work than you can handle. So, in that case we can say I cannot do this, but if you change these numbers from x y z to x prime y prime z prime maybe I can when you try it. So, that is where this comes in and this is sort of a very simple example we have a lot of plastic solid plastic poured into this container here and heated through this coil when this contactor is turned is you know presses this point here through which power is supplied into this coil heats up this thing you know the usual method of heating and you measure the temperature through this sensor here and when the plastic is molten melt it sufficiently and it can be poured through this funnel into the injector and there is a plunger that can be pushed forward or back and the current position can only be pushed forward move the molten plastic into the form into like a mold to form a chair or whatever you want whatever this is designed for and remove the form the formed plastic thing know that the form is empty the whole process starts again. So, we have to keep the plastic at a proper temperature why if you heat it up too much by keeping the power through the coil for too long it will start to have bad properties it might blow up it might start to produce fumes who knows what right if it if it is kept in a low temperature for too long it will start to solidify the time it takes to bring it back into molten state will be that much larger and because it is a cyclic process where you cool done sufficiently heated up sufficiently we have to make sure that the temperature ranges that the system allows the container to be in is within a acceptable interval similarly for this when you say go forward it cannot be just going forward forward forward all the way here it will band into this that will cause some consequences also. So, we that is why we have these stoppers which and this is spring here. So, as soon as the stopper hits the point B it will be detected and the forward signal will be turned off and the spring allows that some amount of time to go forward still. So, now how long can you go forward the length of the spring determines that after you detect that the stopper has reached the point B you have this much amount of distance that can be covered minus the the contracted length of the spring and from the speed of the plunger you know how long it will take. So, from that you can determine how much time you have in terms of response time. So, similarly for the plastic also depending on the nature of the chemistry or the properties of the heating and cooling you can determine how long it has we will come to that little later. So, all of these imply that we have a computer control system typically and it is called properties which are above and beyond the normal properties. What are the normal properties of interest you know when you write a piece of software it has to be safe. Safe is nothing bad will happen of course, that is not enough right that makes something good happen it is called liveness property and something good will happen tomorrow is not may not be good enough for us. Something good should happen within a time constraint that is where timeliness comes in and this is where deadlines periodicity start time constraints interval constraints all of that comes in. For example, are the rescheduled events of the day have all of these examples periodicity the sun rises and sets periodically. We have a start time constraint for the quiz 7 o'clock we have an end time constraint for the path the entertainment program 10 o'clock why because there is a curfew lots because can be turned on beyond 10 o'clock we have an interval constraint also what was that to you. So, we have different types of constraints. So, we mentioned the term performance and I asked you what are the keywords that come to mind. So, response time was one nobody mentioned throughput, but typically when we have a system designed like an operating system we talk about throughput response time as a main performance criteria. Here we want to also achieve timeliness there is no point in having a deadline of 6 o'clock today and finishing that work by 1 o'clock in the afternoon. So, more precisely can you predict that the deadlines will be met or time constraints will be met my predictability was also mentioned during our chat earlier. Now, in some cases predictability will cost you something what is that something if I have to predict that I will finish my work by 5 o'clock I need to plan my activities planning takes time to plan my activities I need to know how much time I have to allocate. So, I have to understand my application also that much better. I have to make sure the resources required for my activity will be there that takes some time as opposed to just starting the work as many of us do especially when things are urgent and hope and pray that things will happen by deadline and the right resources will be available at the time you need them and so on. So, predictability is important, but predictability does not come for free. We have designed the system in a way that predictability will be achieved or can be achieved predictability is not always required where it is not required there is no point in paying the price of predictability right. So, for example, if I am going to meet a friend and he is an understanding friend and he is at the airport and he when we decide that we will meet there at 6 o'clock. Now, from here to the airport can take between 15 minutes to 1 and a half hours. If I am meeting him at 6 o'clock I could leave even as late as 5 30 and if I am lucky and he is lucky we will meet there at 6 o'clock and if I am late it is ok he is still going to wait in a restaurant and it is all right. If I am taking a flight on the other hand especially at a an hour when the traffic is unpredictable I better leave at the worst case start time giving myself 1 hour and a half. So, if I am if I do not need that predictability as in the case of meeting a friend there is no point paying the price for it. If I if the consequence of not being there on time is high I should be doing something in the predictable way. So, which means that we have time constraints there are lot of colors attached to them lot of flavors to them we have to deal with them in different ways depending on a lot of things coming together. So, that leads us to the idea of types of real-time systems. So, when somebody says I work on real-time ask them what kind of real-time and what are the different dimensions along which you can characterize this what kind how tight are the deadlines deadlines are tight when something called laxity which is deadline minus computation time computation time being the activity execution time is small. So, if you have tight deadline we have to be very careful in how we spend the remaining time. So, this lax the word lax comes from being free being flexible the flexibility being less means that we should not take any other activity which might come in the way of meeting these deadlines. So, laxity is one of the components laxity by itself does not characterize everything the other one is how strict are the deadlines. I think by this time you would have sort of gotten the drift of that strictness is very important characteristic the deadlines are strict meaning that if I miss them there is a consequence or there is a catastrophic outcome if the deadlines are not being met then it is very strict. We need to characterize some of these more formally we will do that in a second. The last one is very important also from what I said at the beginning in terms of the fly swatter and the mouse trap and all that what are the characteristics of the environment? Well suppose there is a mouse an intelligent mouse in a lab as observing the mouse trap is characteristics based on what other mice have been caught right and it decides that it is going to catch the get the cheese out and not get caught by going in and out very quickly. If it does not realize that the mouse trap gets changed every day it is going to be you know having a bad deal. So, observing the environment is one thing realizing from that the environment is changeable is another thing. So, you have to put the resources required to do this observation also which is why logging is done typically why do you log you want to see how the system evolves over time has anything changed has the characteristic of the system changed over a period of time. So, you can start to design with a certain assumption, but those assumptions have to be validated at the time of flying and you should have built it to the system the backup plan plan B if you will. So, that if the consequences of the changes are substantial you can go to a plan B. This is what makes the whole system robust if you have a single very simple system it works only in you know condition which has x y and z combining together is very brittle system brittle meaning it will fall apart if something changes. However, you will notice that because systems are built with the worst case assumptions as the design criterion even brittle systems work for the most part. The only consequence or price you pay is a very large processor where a small processor might have done well enough or a system which has to go back to the drawing board whenever there is a small change. So, I understand all of this tightness, stiffness, dynamics. So, in in spite in independent of how these three three things come together designers want this system to be fast predictable reliable flexible. Flexibility in terms of being able to add more things reliable you know fast you know predictability are covered. So, I am going to introduce three words three terms three key ideas all of which are going to be used to formalize the notion of stiffness and to do this what we will do is to have a value time diagram as graph indicates. So, as time progresses what will be the value that you get. So, let us assume that for a moment ignore this minus plus lines there is a time called the deadline at which we want to finish something all right. So, how would the hard real time look hard real time will have a certain value or critical safety critical is the same has the same meaning. Before the deadline there is a value and the value could be here here depending on what the actual value is. And after the deadline at the deadline it comes to 0 and stays goes to very large negative value. Now, this is basically telling the designer that you better not miss the deadline. Even if one deadline is missed it means you are adding a very large negative value to all the other values. And so, overall consequence is that the value given by the system upon the missing of one critical deadline is very large negative value. Soft how do you think it will be something like that there is a value to meeting the deadline you get a slightly higher value before the deadline. So, this might be a good example a good example of this this might be doing the browser interaction 8 seconds is what I mentioned before. But, before that if it comes back you are very happy after that you start to drop off in your interest and after a while you basically give up because you are going on to another site right. Now, we need to be somewhat more precise about a third kind another kind of software time which leads us to a third kind of task or activity where the value drops to 0 at a deadline. So, now these values are dependent on the activity. Now, also we may have a combination of deadlines and start times these are called deadline intervals. So, this is the example of this was sunset that we saw earlier. The finishing should be the activity should be done within between a start time and an end time otherwise it has no value. Another dimension of this which is important to realize is that whose value are we talking about let us take an example of a final exam right. For JEE joint entrance exam for IIT for example the exam starts at 9 o'clock nobody is allowed to go into the hall after 9 and if you have spent your last 5 years of school going through coaching classes for coaching classes for coaching classes for JEE and you go to the exam hall 9 at 9.15 what is the value to you very large negative value is catastrophic people have known to do this right sleep late and then get up late on the day miss the whole exam you feel shattered it is a critical task for you. How about the IIT system what is the loss for IIT system of this one guy going late nothing there are 4 million people of some very large number of people taking the exam. So, one guy missing it is not going to be having any large consequence. So, the value is dependent on the perspective what we are talking about here is value to the system the system is what everybody sees the task is what you see as the invoker of the task. The system should make sure that the the task that it picks up for execution have the largest value to the system and the uses of the system. So, remember this the semantics and the perspective that has to go into this. Okay can you think of a firm real-time example an example of a firm real-time activity firm is one where after the deadline it has no value to anyone. So, typically in multimedia what happens is that a sequence of frames are being processed by some frame processor let us say and if you take your sweet time to process a frame the next subsequent frames will be delayed also. So, there will be there will be a cascading effect of one deadline missed over the others. So, what is usually done is to drop a frame go on to the next one and as humans can easily you know fill the gap in a sequence of the say movie frames or whatever. So, it is okay to do that that is a firm real-time application. Okay similarly you have seen probably these conveyer belts when you when you get off an aircraft and you have checked in the luggage right and you are sitting next to and you are just walking in from the aircraft and you see a luggage going through. Sometimes you run and pick up the luggage before the thing is gone otherwise what do you do? You wait for it to come back again that is an example of again a firm real-time application because you have to pick it up if you miss that deadline I think wrong will happen there is chance for the back to be picked up again afterwards. So, this is a good example to take because in firm application firm real-time applications typically the cases that one miss will not lead to a consequence two misses may not lead to consequence multiple misses together will lead to a consequence. Okay suppose in the case of firm in the case of conveyer belt you have to pick up the luggage before the luggage leaves the conveyer belt rather moves around to a point where luggage is not visible anymore because it goes back through the in a holding area the loading area rather and comes back again. So, there is a certain amount of time given to you to pick up the luggage if you miss that deadline you miss the firm deadline because there is a certain value to picking up the luggage before it comes back again because you have to wait for a little longer. So, the value is how soon can you pick it up after the deadline is zero value but the point I was making importantly was that this task will be re-executable or can we try it again the next time the luggage the that part of the conveyer belt which has your luggage comes back in front of you if you miss that time again because you are talking to somebody else and were distracted it will come back again. So, the point is there is a certain value to getting the luggage off the conveyer belt the value will keep dropping in some sense as time progresses because you are standing there doing nothing but after the deadline you have to wait for another task execution to happen to try this again with a smaller value soft example is what I mentioned before the browsing of the web. If you get an immediate response you get a large value you feel happy about it you can do other things not simply wait for the browser to come back you give a URL you know it takes its time to bring the page in front of you the sooner that happens the faster the next interaction can be from your side and like I said the studies are shown the eight seconds to be here good time by which to try to get the page back to the user after that studies show that the dropping off rate is very very large slope is very high okay so I will get the idea the main take away from the slide is that real-time systems come in lots of different colors shapes sizes flavors and there is no point in saying that I am working on this real-time application and so I can also work on this other application the the kinds of requirements you need to understand each one of them could be very different the platform used for soft real-time cannot be used unless it is properly tailored for hard real-time application and vice versa okay so this is two broads base but I am going to introduce some terms very quickly I want to use them a task is nothing but a running program service being performed some function being executed requires some resources these are important to understand resources not only CPU time which is called execution time but also some other resources like buffers sensor values network time and so on so typically what happens is a sensor is here in some part of the car the actuators here in some other part of the car for example if you if you sense that within one meter of the car there is a another vehicle some obstacle that is being sensed by lots of sensors they're all physically distributed across the different the periphery of the car the actuator will break or accelerate depending on what the decision of the control system is that is sitting here the sensors all around control system is inside the the brakes are at the wheels so typically you have a physically naturally distributed real-time application that you normally see which means that any activity which has a an interval of time within which it has to execute from the time you sense that there is an obstacle or a car near you to the time you have to react to it might be bounded this is not a single monolithic task a sensing task control task activated task all of that has to happen within the deadline so for this to happen I need to have the sensing processor have time on its end the control task having control processor having time at its end and the braking processor having time at its end and the communication path be available so it's an end-to-end provisioning of the resources and not simply one CPU requiring a certain amount of time unfortunately we won't have time here to talk about how this time is going to be divided but you'll get a feel for it as you go okay is that clear so that sort of gives us a good introduction to real-time systems hopefully even those of you are working on real-time see the the different dimensions in a slightly broader perspective than you've been used to so let's quickly go through the real-time constraints how do we express these constraints you know we can say this is a deadline this is a start time and so on predictability simply is the idea that the system is temporarily feasible meaning that functional feasibility is easy system can provide the functionality required you just check the code see if it for this given input produce the right output will it produce the right output by or within the time constraints the answer is yes you call that system to be feasible temporarily with respect to that task and this time constraint as I mentioned before time constraints as far as many of us are concerned might come out of thin air somebody gives it to you and says do this but they don't so whenever that thought comes to your mind look at the remember that plastic example as a starting point the constraints come from the nature of the environment in which something is working so what usually happens is we identify the events derive the model and then finally specify the time constraints using the control law and so forth by the way I mentioned the term control law what I am saying actually is the following if I don't understand the environment fully then I can't control it properly that's the statement which is easy to verify right so the question is how often should I check the environment so suppose here's a simple example suppose I have to keep the pilot up to date with a maximum discrepancy of one kilometer per hour how often should I sample the speed of the aircraft think about it suppose the maximum speed is 500 kilometers per hour from that I can determine how long it will take for the aircraft to fly one kilometer at least at that rate I should sample because if I sample now the next sample will come a period later that distance covered in that duration of two sample arrivals should not be more than one kilometer you see that so that that's where the environment comes in environment here is the speed of the aircraft the aircraft itself and the speed with which it flies but there's something subtler than that that has to be understood for example suppose my period is defined like this so what I am saying is you sample that the velocity of the aircraft here send the output but before the end of that period this is a periodic activity within that period you sample and also finish the actuation whatever is required to to respond to the sample value now it's quite possible that in this period I do the task here I am somehow lucky enough to finish the work at the beginning of the period unfortunately if I am unlucky in the next period to finish it here what is the maximum spread between the finish times of two consecutive instances twice a period assume that the execution time is 0 from the time I put out one actuator command to the next time I put out another actuator command this the distance of in terms of time would be two two times a period okay see in that duration I don't want these the environment to have changed more than one kilometer per hour so which is why usually sampling is done at twice a required rate so I should now see how long the it takes for the aircraft to fly in the worst case half a kilometer to provide us an accuracy of one kilometer there's another way of deriving this coming from like Nyquist criterion which some of you may relate to also okay so that's what I mean by derivation modeling of the dynamics and then specifying the time constraints the only way then if you don't have a fast enough processor to sample this at the required rate is to say that the aircraft fly at a slower speed which is obviously the wrong decision to make the other way is the better way is to say that I'll provide the aircraft with a faster processor okay so periodic means activities occur repeatedly and this is often the the normal mode of operation things arrive finish work next sample comes and so on this is not to say that there are no there are no other dimensions or semantics of periodic tasks in radar processing for example samples come at us at a very high rate of high frequency okay which means small periods and typically what you do is to aggregate these radar signals over several stages the first stage samples looks at every sample coming in creates a track second stage aggregates the tracks of multiple observed phenomena flights and things which are being observed in the sky for example the radar the third one produces an alarm so there's a fairly large sequence of pipeline activities each stage produces outputs if you look at the last bit of alarm generation there is also based on these periodic inputs but its period is much larger than the actual incoming sensory input period so things get complicated as we go into real systems but typically period means within that period you get the input and produce the output also so if you think of alarms alarms can occur at any time there's no arrival pattern so you should be looking at a periodic task slightly more carefully because if an a periodic task like an alarm or a braking event is a hard real-time alarm you have to be ready for its arrival anytime you can't say after the alarm comes I'll see if I can do it if I can't do it I'll say sorry right doesn't work can't work that way so what do you do the next best thing is to look at it as a periodic activity which has some a periodic characteristics these are course periodic activities they have the a periodic activity semantics like they can arrive at any time however once an alarm comes the next alarm won't happen for some amount of time called the minimum inter arrival time so which means that you can in a way in a very simplistic way assume that the periodicity of this periodic task is this minimum inter arrival time you don't have to be prepared every second along the way you need to be prepared once an alarm comes for another alarm which is min m int minimum inter arrival time away is that clear so our aircraft simulator that we talked about before the minimum inter arrival time is 18 milliseconds which is what the specification is which says that if the pilot gives another input within that interval it can be discarded by design by definition so the question then is who initiates these actions periodic or a periodic and there are two broad types of possibilities and things in between and these are analogs of what we do in normal real normal non real time systems also these are called polling driven interrupts versus polling given device processing versus interrupt driven device processing you poll you ask the question is there another character from the keyboard is another character from the keyboard periodically you go and ask we have something to do versus devices like discs which are interrupt driven when the work is done they send an interrupt until that time you don't have to worry about which the device has something to give you so same thing happens here also except that in our case they call event driven for the interrupt driven activity interrupt being the event arrival which triggers the system to look at it as a as a new arrival or to be converted into tasks for processing the other is called time driven or time triggered which is the polling based approach because the polling itself is driven by time so that is basically the difference so event driven or event triggered is similar to interrupt driven activity and time driven or time triggered is called normally as polling driven activity see which is better so here is a reactor and you would like to keep the temperature at most here after that the reactor will blow up these are plastic container being heated up as time progresses as the coil is being as electricity goes to the coil it will get heated up and what you would like to do is not reach here and then say oh let us turn the power off too late because it takes us a certain inertia for the system to react so you want to be prepared for it so you want to set up another threshold above which if the temperature goes you want to immediately stop the power from going through the coil and how much should this time be this is the time for the system to react right so if you know something about the characteristics of the coil and the reaction time for recognizing that this temperature has been reached you can then come up with this time again environment driving the time constraints so here you are this is the profile of the temperature change as time progresses you are heating now so temperature rises you come to this point you want to turn off the heater this is an event you respond to it in an event driven system you will respond when that event happens in a time driven system what you do is you periodically wake up and ask the question what is the current temperature that is these circles so here you wake up ask the question what is the temperature temperature is below the threshold nothing is done goes back to sleep another event another timer interrupt goes off at the beginning of the next period you ask the question what is the time what is the temperature at this time temperature is above threshold so you turn off the heater now so the heater turn off happens here in the case of an event driven system in the case of time driven system it happens slightly later and then afterwards you in the case of a time driven system you wake up again ask the question what is the temperature it says I am below threshold nothing happened nothing needs to be done so question now is what should be this period so it depends on how long it takes for the system to go from for the reactor to go from here to here what is the worst case scenario this event this signal this trigger happens just about here at this point it happens there when the next period occurs it will be from here to there right that is the period so the time that it takes for the signal system to come back and ask the question what is the current temperature will be here next if in that interval if the temperature is I likely to go beyond that then you have lost it so what we have to do is ask the question what is the profile of this temperature increase in such a way that having just missed having just sense to have in just sense of temperature which is below threshold what is the worst case increase in temperature in a certain duration and make sure that you will sample it again soon enough that that high temperature point is not reached again environment driving the periodicity constrained definition so which is better time driven or event driven see usually what happens is the answer which is it depends is the right answer but one has to be looking at the other factors finally at the end of the day you have to design a system which way will you go is the question and to answer this question you have to ask when this event happens other events that are possible for example in one of the worst electrical grid power failure in australia in the late 90s 1200 events happened at the same time they all had one origin a trip event led to failure cascading from one part of the system to another and they had not planned on some so many arrivals at the same time so the whole grid came to a halt and subsequent to that in in the state of new york in the us similar sort of thing happened there's so much of interaction between one grid one power grid another in different states that led to most of the eastern coast of the US coming to a blackout state so event driven systems so people who work on event driven systems were criticized for having not thought about this worst-case scenario now the question is can a time driven system plan this could have planned this better and it depends if the time driven system forgot didn't pick up the right kind of event to deal with for example in this case because one event was responsible for all the others if that had been dealt with first all the others would have been discarded but what usually happens is the following you're doing something very urgent somebody knocks on the door you have to spend some time saying come in or go away while you're doing that somebody else knocks on the door so that's a cascading of just interrupt not processing but recognizing this itself takes time and because in systems interrupt handling is given the highest priority just the recognition the recognition itself takes time and with thousand 300 interrupts coming in as a barrage can imagine the consequence of that so design is very important if you have the software design is not correct and the underlying algorithms are not correct whether you do time driven or event driven doesn't matter so with that I'm going to just give you another scenario where time driven works rather poorly so the moral of the story is that one of these is not always better than the other if you choose one design the rest of the system according to that and it's also possible to marry the two you have some a periodic activities some periodic activities chosen correctly so the one sort of some rule I would likely take away from this is that make all the time critical safety critical tasks as periodic or sporadic as the case may be because they have you can give a guarantee you can execute the task in a very predictable fashion even if anything else happens their execution will be guaranteed things which are soft and firm go away to even to even driven design so periodic will ensure that and and of course on top of that periodic activity should have a higher deadline I mean higher criticalness or importance compared to a periodic let me repeat this now make sure your periodic activities have a higher criticalness or importance as they are dealt with by the system you mentioned priority in the case of systems that is the number the priority number assigned to safety critical activities should be made higher than other activities okay and they can be designed to be time time triggered things which are not time critical like firm and soft you can have them either periodic or a periodic but the important thing is their priority as a system recognizes should be smaller this is not easy to get I'll tell you why when we come to the scheduling algorithms this design requires some amount of tailoring customizing the priority levels in a systematic way so TT can be viewed as periodic triggering ET is a periodic triggering you can marry the two not for the same event but for different events you convert the a periodic events into sporadic so that they are held handled in a way hard real-time activities are okay so the reason people prefer time triggered is because a stable number of invocations you know precisely how many interrupts will come because you know they're going to come at this you know regular interval event triggered are invoked only when needed of course the problem is that when you have a high number of invocations the competition demands on the change dynamically okay I already talked about president's constraint I mentioned this sensing happening somewhere computation happening somewhere else activation happening somewhere basically president's constraint connecting these activities so we have to worry about how this is done there's mutual explosion example would be the bus when I'm using the bus nobody should use it when I'm using a chunk of memory which I'm updating nobody should read it so those are examples of mutual exclusion time constraints we know so scheduling is the job involved job of planning the activity such that timing is kept and on top of that you have to have allocation allocation decides where the task should execute okay so for example there is a notion of fireballing in many critical applications I mentioned this before avionics processors avionics processing is kept confined to a small number of highly predictable processors which are run in replicated mode so that they're completely predictable this is fireball from the rest of the system you don't want a malfunctioning processor which controls the reading lights to affect the avionic system okay so that is allocation you allocated the system tasks to processors in such a way certain criteria are met often if you allocate wrongly or sub optimally the amount of processing power might be much larger than required but sometimes you pay the price because you know that things are predictable follow me if you have a leeway of allocating multiple tasks to the same processor thereby reducing the number of processors or reducing the total processing capacity you should there are ways of doing that so for example suppose there is a software term activity such as controlling the temperature in this room how does it work we look at the temperature the value is below 25 degrees turn off the air conditioner the value is above 35 degrees turn on the air conditioner otherwise do nothing which of these three possible parts turn off turn on do nothing do you think is going to happen more often do nothing however if I have to provide the resources for it in the worst case I will take the worst case of on off or do nothing which will be one of on or off turning on or off if I design the system differently whereby I just look at the temperature value spawn another task do the turning on or off I suppose the turning on or off within this task like I call a servant task to say you now do the work of turning on you do the work of turning off then my job is very small not only that I can allocate that a periodic task to another processor completely which is very close to the air conditioner so these are ways by which you can come up with a design which allocates specific tasks to process a design for that task as opposed to having a general purpose processor doing everything so this is why embedded systems are slightly more complicated because you have to design processors which are specific to specific sensors or actuators and there is not much point in putting all of the processing just because it involves CPU with one single processor okay this is what I just mentioned temperature sensor takes an input CPU processor that output goes to heater or air conditioner basically what I just told you leave the temperature too high turn off the heater we had because this is for the for a for a place where this heating required we have enough heat around us so cooling is what we need here so generally speaking there are lots of sensors lots of heaters or air conditioners a single computer controlling them so what do we have to do we have to schedule them by assigning priorities or some other way um or do it in such a way that all the tasks will be done so one easy way is sense this sense this sense this sense this and then do processing of all of them together and then send the command to the heater one heater to heater three to four if you do that then what we have is something like ground robin on the other hand in one part of the room gets hotter much faster than other people sitting next to that part will be feeling the change in temperatures much more than anybody else so you don't want to do a ground robin there might be a notion of urgency attached to it which is why we need something like priorities so these are typically interrupt driven systems that we have for mostly software turn applications for example for reasons we have seen before and the way these work is that these sensors have attached processors and they look at the temperature periodically in a very device specific way and when some setting is crossed then they send an interrupt to the device the the central processor so when the interrupt comes you know that some action has to be taken you don't have to look at the value to see if the action has to be taken you know that when interrupt comes action has to be taken so this is like having a secretary in front of your office who will screen a whole incoming interrupts which otherwise it would be knocking on your door and if there is a knock on the door now you know that work has to be done okay but this makes the system slightly harder to debug because interrupts can come on top of interrupts and so on okay now next is set of slides which I am going to skip now but I would like you to go through this these give different ways of programming the the sensor processing so as to achieve a required deadline or period of 100 milliseconds what I would like you to do is when we take a lunch break or sometime the afternoon they have a free time go through these slides if you have any questions ask me tomorrow as to why we have to design these things very carefully okay let's do a stretch break