Guidelines for using Adaptive Platform interfaces
4 Execution Management
4.1 Execution State
The Execution State characterizes the internal lifecycle of any Process.
Each Process needs to report changes in its Execution State to Execution Management,
Please note that Service Discovery can introduce nondeterministic delays and thus is advised to be done after reportingkRunningstate; thus, the Process may not have completed all its initialization when thekRunningstate is reported by the Process.
Execution Management initiates Process termination by sending the SIGTERMsignalto a Process.
Execution Management doesnot require an explicit notificationof actual Process
termination by the process itself.
4.2 Deterministic Execution
Execution Management supports a fully deterministic multithreaded execution of a Process, so processing agiven set of input data always produces a consistent output within a bounded time, i.e. the behavior is reproducible.
强调可重现性,保证每次相同输入算出的结果都一样。
Expected use casesof the AUTOSAR Adaptive Platform where such determinism is required includeredundant executionin aSoftware Lockstep frameworkfor systems with high safety goals (up toASIL D) andreuse of verified software. For more details see [2], section “Deterministic Execution”.
目标:功能安全&软件复用
全确定性的要求:
A Process that can be executed fully deterministically must be designed, implemented and integrated in a way such that it is independent of processor load caused by other functions and calculations, sporadic unrelated events, race conditions, deviating random numbers, etc.
需要实现隔离和资源保证
不满足确定性的可能原因:
Non-deterministic behavior may arise from different reasons;
for example :
insufficient computing resources,
or uncoordinated access of data,
potentially by multiple threads running on multiple processor cores. The order in which the threads access such data will affect the result, which makes it non-deterministic.
确定性类型:
Full deterministic execution includes:
·Time Determinism: The output of the calculation is always produced before a given deadline.Theresource demands of the Process need to be described in a standardized way, so the integrator can assign sufficient resources to the Process(see subsection “Real-Time Resources” in [2]).
·Data Determinism: Given the same input and internal state, the calculation always produces the same output. The rest of this section will describe how to achieve Data Determinism.
通过标准的方式 在集成前描述进程需要的资源 让集成人员去部署分配。来保障资源可靠。
EM的确定性实现机制:
Execution Management providesDeterministicClientlibrary functions to support deterministic execution:
·Control of a process-internal cycle by wait point APIWaitForNextActivation()([SWS_EM_01301]). The Process shall execute one cycle when the API returns and then call the API again to wait for the next activation.A return value of the API controls the internal lifecycle (e.g. init, run, terminate) of the Process,which must be prepared accordingly ([SWS_EM_01302], [SWS_EM_01303] and [SWS_EM_01304]).
被控制的确定性进程,调用EM提供的等待点,来实现确定的执行时序。
并且,通过其API的返回值,决定接下来进入哪一部分的逻辑。(初始化、执行计算、还是收拾收拾结束进程)
· A blocking deterministic worker pool APIRunWorkerPool()([SWS_EM_01305]) for the execution of a set of container elements ([SWS_EM_01306]) which ar processed in parallel or sequentially by the same worker runnable object (i.e. application function).冗余计算
· APIsGetActivationTime()([SWS_EM_01310]) andGetNextActivationTime()([SWS_EM_01311]) to provide activation time stamps which don't change until the Process reaches its next wait point.如果你要时间戳
· APIGetRandom()to provide random numbers ([SWS_EM_01308]). If used from within the worker pool, the random numbers are assigned to specific container elements to allow deterministic redundant execution. 如果你要随机数,也可以给你一个大家都一样的随机数,来得到相同的冗余结果。
保障确定性,进程开发所需要受到的限制:
To ensure deterministic behavior, only a “deterministic subset” of all available APIs may be used by the deterministic user Process,including the worker runnable objects:
· The Process isnot allowed to create threads on its ownby using normal POSIX mechanisms or access any other POSIX APIs directly, to avoid the risk of inducing indeterministic behavior.
·Only a “deterministic subset” of all available ara::com mechanisms are allowed to be used by the Process.A detailed list of such APIs and mechanisms will be provided at a later point in time.
· Only the following ara::exec interfaces may be used:
o DeterministicClient
o ExecutionClient
·No other ARA interfaces are allowed to be accessed by the user Process.
使用工作进程池所需受到的限制(目前我不是很关心,因为这不是目前的痛点)
If the worker pool APIRunWorkerPool()is used, the worker runnable object which processes the container elements, i.e. the jobs to be computed, needs to satisfy certain implementation rules to ensure Data Determinism:
·The runnable object is not allowed to exchange any information while it is running,i.e. it doesn't access data which can be altered by other instances of the runnable object to avoid race conditions.
Rationale: The runnable object instances can physically run in parallel or sequentially in any order. The timing between individual workers is not guaranteed. The Operating System is scheduling threads individually. Concurrent influencing of the same data will result in indeterminate results.
· No locks and synchronization points except common joins for all workers by returning fromRunWorkerPool()(e.g. no Semaphores/Mutexes, no locking/blocking).
Rationale: locking/blocking makes Process runtime in-deterministic. Workers are provided to increase the utilization of runtime. If synchronization is needed, a return from RunWorkerPool() is necessary.
The worker pool cannot be used to process multiple different tasks in parallel. The use of multiple potentially different explicit functions (worker runnable objects) could add unnecessary complexity and can lead to extremely heterogeneous runtime utilization, as each worker may have different computing time. This would complicate the planning of resource deployment, which is necessary for black-box integration.