Added support for endpoint thresholds and budget limits#6
Added support for endpoint thresholds and budget limits#6
Conversation
|
Please split the one commit into multiple ones: One for threshold, one for limit, and another one for the new system calls. That makes reviewing a lot easier. The current code needs some cleaning up. For the threshold check the main costs seems to be I think the fastpath shouldn't use the expensive |
Yermin9
force-pushed
the
threshold_rfc
branch
from
f9f34c0 to
2e604cd
Compare
|
My apologies for taking a while, but I've now split this up into separate commits for Thresholds, Budget Limits and the new System call. |
| void receiveIPC(tcb_t *thread, cap_t cap, bool_t isBlocking, cap_t replyCPtr); | ||
| void reorderEP(endpoint_t *epptr, tcb_t *thread); | ||
|
|
||
| void setThreshold(endpoint_t * epptr, time_t threshold, bool_t budgetLimit); |
There was a problem hiding this comment.
budgetLimit should be part of the other commit.
| void replyFromKernel_error(tcb_t *thread); | ||
| void replyFromKernel_success_empty(tcb_t *thread); | ||
|
|
||
| void replyFromKernel_success_empty(tcb_t *thread); No newline at end of file |
There was a problem hiding this comment.
Please avoid unnecessary whitespace changes like these.
| </error> | ||
| </method> | ||
|
|
||
| <method id="EndpointSetThreshold" name="Endpoint_SetThreshold" manual_name="Endpoint Set Threshold" manual_label="cnode__endpoint_setThreshold"> |
There was a problem hiding this comment.
This should be an endpoint operation, not a cnode operation, that just overly complicates the API for no reason.
There was a problem hiding this comment.
Actually, the reason it is implemented as a CNode operation is probably because any invocation on an endpoint is treated as an IPC call, not a syscall.
With that limitation in mind, I think we should make it a reply object property and invocation instead.
There was a problem hiding this comment.
Reply objects have the same problem as endpoints, all invocations are treated as replies to an IPC call.
With the current kernel syscall+method decoding mess, there is no clean way to add endpoint, reply or notification methods.
There was a problem hiding this comment.
As you stated, I think I made it a Cnode operation because all endpoint operations are treated as IPC calls.
With the limitations on reply objects as well, what do you suggest?
| /* Perform addition, checking for overflow as we go */ | ||
| if (unlikely(getMaxTicksToUs() - NODE_STATE(ksConsumed) < threshold)) { |
There was a problem hiding this comment.
This overflow should be impossible by design, ksConsumed > getMaxTicksToUs() should be impossible.
|
|
||
| #ifdef CONFIG_KERNEL_MCS | ||
| void setThreshold(endpoint_t * epptr, time_t threshold, bool_t budgetLimit) { | ||
| /* Add the kernel WCET to the passed threshold value, unless we were passed 0*/ |
There was a problem hiding this comment.
The comment is in the wrong place, but why add WCET? A fastpath invocation should take nowhere near WCET time.
I'd assure that the threshold is at least WCET instead. Users need to measure the call time to tweak this setting anyway, don't make it harder by changing the value randomly.
| commitTime(); | ||
|
|
||
| /* Yield and wait for sufficient budget */ | ||
| if(!merge_until_budget(NODE_STATE(ksCurThread)->tcbSchedContext,endpoint_ptr_get_epThreshold(ep_ptr) + 2u * getKernelWcetTicks())) { |
There was a problem hiding this comment.
Don't add WCET everywhere please. The threshold value should be twice WCET already.
Please write a test for sel4test that checks that the budget works as expected and use that to test your implementation. E.g. configure a task with a certain budget/period and check if IPC calls fail and succeed when they should.
| /* The EXCEPTION_NONE_THRESHOLD_RESTART check is necessary, | ||
| * because for IPC threshold behaviour, we actually do want to set ThreadState_Restart | ||
| */ | ||
| if (unlikely( | ||
| thread_state_get_tsType(thread->tcbState) == ThreadState_Restart)) { | ||
| thread_state_get_tsType(thread->tcbState) == ThreadState_Restart | ||
| && status != EXCEPTION_NONE_THRESHOLD_RESTART | ||
| )) { |
There was a problem hiding this comment.
The original code was already obtuse, but with this change it gets even harder to understand what's happening.
It would make more sense if the code that sets the task to ThreadState_Restart would set it to ThreadState_Running instead if that's what's wanted (and also call replyFromKernel_success_empty()). Then this code can be removed altogether.
No problem and thanks. I recommend focussing on the threshold feature first and leaving the others for now, or have them in a separate PR to ease review. At least I'm ignoring the limit and new syscall features, because I don't agree with them. |
|
I should have the time now to follow this through. |
I'm working on a simplified version at the moment, so don't spend too much time on it. Should have something up this week. Trying to keep the good bits of your commits though and would greatly appreciate your feedback. There's probably a reason for everything you did, which I don't know, so I might be oversimplifying things too much.
If people didn't spend decades verifying the current code, I'd suggest to cleanup the syscall/invocation decoding code to something less messy and horrible. Then there would be no assumptions on which objects which syscalls are done, and adding a new invocation would be easy without slowing down everything else. As it is, I think I prefer either an endpoint or Reply invocation that requires both an endpoint and Reply cap. Then we can use the permissions on the reply cap to limit this call, as you would need something like read permission for the endpoint and write for the reply. Wherever I put it, it will slow down everything, but hopefully it can be limited to one extra if-check in a slow path somewhere. The other gnarl is how to bypass |
|
WIP can be found at: Indanz#2 Early version, haven't compiled it yet. I went for making it a reply invocation as I can do a quick check on the I fixed some other problems by improving the mainline kernel, not sure if that's being too optimistic. |
2 participants
No description provided.