LCE: Realtime, present and future
At the moment, realtime development is concentrated in three areas. The first is the ongoing work to mitigate problems with software interrupts; that has been covered here before and has not changed much since then. On the memory management front, the SLUB allocator is now the default for realtime kernels. A few years ago, SLUB was considered hopeless for the realtime environment, but it has improved considerably since then. It now works well when allocating objects from the caches. Anytime it becomes necessary to drop into the page allocator, though, behavior will not be deterministic; there is little to be done about that.
Finally, the latest realtime patches include a new option called PREEMPT_LAZY. Thomas has been increasingly irritated by the throughput penalty experienced by realtime users; PREEMPT_LAZY is an attempt to improve that situation. It is an option that applies only to the scheduling of SCHED_OTHER tasks (the non-realtime part of the workload); it works by deferring context switches after a task is awakened, even if the newly-awakened task has a higher priority. Doing so reduces determinism, but SCHED_OTHER was never meant to be deterministic in the first place. The benefit is a reduction in context switches and a corresponding improvement in SCHED_OTHER throughput.
When SLUB and PREEMPT_LAZY are enabled, the realtime kernel shows a 60% throughput increase with some workloads. Someday, Thomas said (not entirely facetiously), realtime will be faster than mainline, especially for workloads involving a lot of networking. He is looking forward to the day when the realtime kernel offers superior network performance; there should be some interesting conversations with the networking developers when that happens.
The realtime kernel, he claimed in summary, is at production quality.
Looking at all the code that has been produced in the realtime effort, Thomas concluded that, at this point, 95% of it has been upstreamed into the mainline kernel. What is missing before the rest can go upstream is "mainline sellable" solutions for memory management, high-resolution timers (hrtimers), and software interrupts. The memory management work is the most complex, and the patches are still "butt ugly." A significant amount of cleanup work will be required before those patches can make it into the mainline.
The hrtimer code, instead, just requires harassing the maintainer (a certain Thomas Gleixner) to get it into shape; it's just a matter of time. There needs to be a "less horrible" way to solve the software interrupt problem; the search is on. The rest of the realtime tree, including the infamous locking patches, is all nicely self-contained and should not be a problem for upstreaming.
So what is coming in the future? The next big feature looks to be CPU isolation. This is not strictly a realtime need, but it is useful for some realtime users. CPU isolation gives one or more processors over to user-space code, with no kernel overhead at all (as long as that code does not make any system calls, naturally). It is useful for applications that cannot wait even for a deterministic interrupt response; instead, they poll a device so that they can respond even more quickly to events. There are also high-performance users who pour vast amounts of money into expensive hardware; these users are willing to expend great effort for a 1% performance gain. For some kinds of workloads, the increased cache locality offered by CPU isolation can give an improvement of 3-4%, so it is unsurprising that these users are interested. A number of developers are working on this problem; some sort of solution should be ready before too long.
Also coming is the long-awaited deadline scheduler. According to Thomas, this code shows that, sometimes, it is possible to get useful work out of academic institutions. The solution is close, he said, and could possibly even be ready for the 3.8 merge window. There is also interest in doing realtime work from a KVM guest system. That will allow us to offload our realtime automation tasks into the cloud. Thomas clearly thought that virtualized realtime was a bit of a silly idea, but there is evidently a user community looking for this capability.
Where are the contributors?
Given that things seem so close, Thomas asked himself why things were taking so long; the realtime effort has been going for some eight years now. The answer is that the problems are hard and that the manpower to solve them has been lacking. Noting that few developers have been contributing to the realtime tree, Thomas started to wonder if there was a lack of interest in the concept overall. Perhaps all this work was being done, but nobody was using it?
An opportunity to answer that question presented itself when kernel.org went down for an extended period in 2011. It became necessary to provide an alternative site for people wanting to grab the realtime patches; that, in turn, was the perfect opportunity to obtain download statistics. It turns out that most realtime patch set releases saw about 3,000 downloads within the first three days. About 30% of those went to European corporations, 25% to American corporations, 20% to Asian corporations, 5% to academic institutions, and 20% "all over." 75% of the downloads, he said, were done by users at identifiable corporations constituting a "who's who" of the industry.
All told, there were 2,250 corporations that downloaded the realtime patch set while this experiment was taking place. Of all those companies, less than 5% reported back to the realtime developers in any way, be it a patch, a bug report, or even an "it works, thanks" sort of message. A 5% response rate may seem good; it should be enough to get the bugs fixed. But a further look showed that 80% of the reports came from Red Hat and the Open Source Automation Development Laboratory; add in Thomas's company Linutronix, and the number goes up to 90%. "What," he asked the audience, "are the rest of you doing?"
Thomas's conclusion is that something is wrong. Perhaps we are seeing a return of the embedded nightmare in a new form? As in those days, he does see private reports from companies that are keeping all of their work secret. Private reports are better than nothing, but he would really like to see more participation in the community: more success reports, bug reports, documentation contributions, and fixes. Even incorrect fixes are a great thing; they give a lot of information about the problem and ease the process of making a proper fix.
To conclude, Thomas noted that some people have complained that his roadmap slides are insufficiently serious. In response, he said, he took a few days off and took a marketing course; that has allowed him to produce a more suitable roadmap that looks like this:
![[Thomas's new roadmap]](https://static.lwn.net/images/2012/rt-roadmap-bcn.png)
Perhaps the best conclusion to be drawn from this roadmap is that Thomas is unlikely to switch from development to marketing anytime in the near future. That is almost certainly good news for Linux users — and probably for marketing people as well.
[Your editor would like to thank the Linux Foundation for funding his
travel to Barcelona.]
| Index entries for this article | |
|---|---|
| Kernel | Realtime |
| Conference | LinuxCon Europe/2012 |
Posted Nov 13, 2012 2:37 UTC (Tue)
by bronson (subscriber, #4806)
[Link] (37 responses)
Now I need to hunt around for a project that requires realtime.
Posted Nov 13, 2012 11:13 UTC (Tue)
by man_ls (guest, #15091)
[Link] (35 responses)
Apart from that, I suppose that automation of critical functions is an obvious field of application, but is it really? Our favorite kernel might be used in cars but the real stuff, not IVI: driving the motor and such. And also avionics would require real time. But in a world where JavaScript is used to drive copters I am not so sure...
Posted Nov 13, 2012 13:56 UTC (Tue)
by KSteffensen (guest, #68295)
[Link] (11 responses)
I think there's too much safety hysteria in the automotive business to actually let the cars be driven by a computer.
Posted Nov 13, 2012 14:07 UTC (Tue)
by hummassa (subscriber, #307)
[Link] (10 responses)
http://abcnews.go.com/blogs/technology/2012/05/google-sel...
Posted Nov 13, 2012 14:37 UTC (Tue)
by KSteffensen (guest, #68295)
[Link] (9 responses)
Next big hurdle will be the debate the first time one of these is involved in an accident.
Posted Nov 13, 2012 14:45 UTC (Tue)
by hummassa (subscriber, #307)
[Link] (8 responses)
They already ran about 300,000 miles, with only two accidents: one, the autonomous driving system was offline (i.e., the car was being driven by the human driver) and two, the car was rear-ended. Apparently, they are safer than me (I usually go some 40,000 miles between minor crashes and scrapes, and I have some 400,000 miles total in twenty years of driving, with ten incidents).
Posted Nov 13, 2012 15:02 UTC (Tue)
by KSteffensen (guest, #68295)
[Link] (7 responses)
I'm quite willing to believe that on the average these things are far more safe than human drivers since they so rarely have to text their girlfriends or fiddle with the radio or whatever. I do think they will have to prove their safety far more rigorously than the average human driver, though.
Posted Nov 13, 2012 15:20 UTC (Tue)
by rvfh (guest, #31018)
[Link] (2 responses)
(disclaimer: I was born and have lived most of my life in Europe.)
Posted Nov 13, 2012 15:23 UTC (Tue)
by niner (subscriber, #26151)
[Link]
Posted Nov 14, 2012 11:58 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (3 responses)
I think a Turing-like test should suffice: If during a driving test, a driving license examiner cannot tell whether a computer or a person is driving the car, and it looks as if the entity in question ought to pass, then – if it was actually the computer driving – the setup is OK.
Posted Nov 21, 2012 19:02 UTC (Wed)
by ceswiedler (guest, #24638)
[Link] (2 responses)
Posted Nov 22, 2012 11:17 UTC (Thu)
by Otus (subscriber, #67685)
[Link]
That's not the purpose of most driving tests. Usually the purpose is to see if someone is good enough that they'll learn the rest on their own without being too much of a danger to others.
Realistically most people who pass a driving test are going to be bad drivers for a long while. (Unless they are testing for a license in another state/country and have already driven a lot.)
Posted Nov 22, 2012 11:24 UTC (Thu)
by mpr22 (subscriber, #60784)
[Link]
Posted Nov 13, 2012 14:29 UTC (Tue)
by Chris_Lesiak (subscriber, #4179)
[Link] (8 responses)
Posted Nov 13, 2012 14:42 UTC (Tue)
by man_ls (guest, #15091)
[Link] (4 responses)
Posted Nov 13, 2012 21:48 UTC (Tue)
by dlang (guest, #313)
[Link] (2 responses)
I have built a CNC machine, so I have first-hand experience here.
It depends how the system fails.
If they fail by not scheduling for 100ms (or even 1s), there is probably no problem besides delaying the work.
If they fail by sending the wrong commands out to the equipment, things can be worse.
But these do not require real-time scheduling to operate.
Posted Nov 13, 2012 22:36 UTC (Tue)
by man_ls (guest, #15091)
[Link] (1 responses)
Posted Nov 13, 2012 22:58 UTC (Tue)
by dlang (guest, #313)
[Link]
These things rely far less on precise timing than you think.
Just about all of the DIY devices rely on stepper motors, which move a specific distance when pulsed, not normal motors run for a specific amount of time.
If the pulses are late, things move a little slower. If there is enough momentum in the system, it's possible for that momentum to cause the equivalent of 'jumping a tooth on a gear' and being slightly out of position, the solution to this problem is to slow the machine down a bit.
synchronization between different pieces is a matter of either moving one motor, then a different motor, then the first one again, or in setting up the movement for both motors and sending a 'move now' pulse. In either case, slight delays don't break anything.
Posted Nov 14, 2012 12:07 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
Some time ago I consulted for a leading machine tool manufacturer here in Germany for a day or two and, after my actual work was done, was invited to take a guided tour of the shop floor. I was surprised to find out that they had these huge CNC machines attached to Linux-based controllers. I asked the guy who was showing me around whether they were using real-time Linux, and the answer was no, the normal generic Linux kernel worked fine as far as they were concerned. Considering that they are selling these gadgets to clients all over the world, and that any failure would probably cost them dearly, that put things into perspective for me …
Posted Nov 21, 2012 9:32 UTC (Wed)
by mb (subscriber, #50428)
[Link] (2 responses)
Posted Nov 21, 2012 9:40 UTC (Wed)
by dlang (guest, #313)
[Link] (1 responses)
That page was big on the 'how to' but utterly lacking in the 'why go to this effort'
Posted Nov 22, 2012 13:35 UTC (Thu)
by mb (subscriber, #50428)
[Link]
Ehm what?
> what would matter is if there is anything showing that this makes a difference in the part being machined.
If it would make a difference to the machined parts, either the previous RTAI based implementation or the new Linux-RT-preempt based implementation would be seriously broken.
> That page was big on the 'how to' but utterly lacking in the 'why go to this effort'
We do this, because it simplifies the software a lot and gets rid of all those ugly RTAI kernel modules.
Posted Nov 13, 2012 14:29 UTC (Tue)
by epa (subscriber, #39769)
[Link] (10 responses)
Posted Nov 13, 2012 16:19 UTC (Tue)
by gregkh (subscriber, #8)
[Link] (6 responses)
I could go on and on. Linux is used for lots of things like this, and has been for years (something like over 85% of the US power production is controlled directly by Linux machines). A lot of these systems use the real-time patches, and others don't, but to think that Linux isn't being used in these type of situations is wrong.
Posted Nov 15, 2012 11:34 UTC (Thu)
by epa (subscriber, #39769)
[Link] (5 responses)
Posted Nov 16, 2012 18:29 UTC (Fri)
by jtc (guest, #6246)
[Link] (4 responses)
It's also requires neither a soft nor hard real-time kernel. :-)
[On a complete tangent: Is anyone else getting completely sick of that constantly changing Perforce ad. that adorns the top and upper right side of almost every page on LWN. I find it quite distracting and have to move another window to cover the right side of the page each time I open a new lwn page, so that I don't have the ad. screaming at me all the time while I'm reading! They've been running this ad. for many weeks - it's about time the found a new sponsor. Argghh!]
Posted Nov 16, 2012 18:40 UTC (Fri)
by dlang (guest, #313)
[Link] (3 responses)
LWN doesn't go after individual sponsors, they subscribe to an advertisement service that puts the ads in place based on their own criteria.
Posted Nov 16, 2012 19:12 UTC (Fri)
by Trelane (subscriber, #56877)
[Link] (2 responses)
At the Professional Hacker level or above:
Posted Nov 16, 2012 21:06 UTC (Fri)
by jtc (guest, #6246)
[Link] (1 responses)
Damn. I'm a "starving hacker". I'll have to upgrade once I find a job.
Thanks for the info.
Posted Nov 16, 2012 21:07 UTC (Fri)
by Trelane (subscriber, #56877)
[Link]
Posted Nov 13, 2012 16:41 UTC (Tue)
by dashesy (guest, #74652)
[Link] (2 responses)
BTW, one more example I can add is DAQs.
Posted Nov 19, 2012 3:20 UTC (Mon)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Posted Nov 19, 2012 15:36 UTC (Mon)
by dashesy (guest, #74652)
[Link]
Posted Nov 13, 2012 19:42 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link]
Posted Nov 13, 2012 23:01 UTC (Tue)
by iarenaza (subscriber, #4812)
[Link]
Posted Nov 16, 2012 18:20 UTC (Fri)
by jtc (guest, #6246)
[Link]
If Gleixner, when he quoted those download statistics ("About 30% of those went to European corporations, 25% to American corporations, 20% to Asian corporations, 5% to academic institutions"...), had also disclosed who those corporations were, this probably would give a good real-world answer to your question - or at least to the question: "What kinds of applications is the Linux realtime kernel being used or considered for these days?". Has he released this info? I suspect not - I suppose he's justifiably paranoid about being sued for breach of privacy or something like that.
" Linux audio used to be mentioned often, but these days it appears that CONFIG_PREEMPT is enough; is it?"
I can't answer that, but I will speculate that since music and MIDI recording and playback requires hard realtime capability, any companies considering using Linux for this would tend to favor the realtime kernel over the mainline kernel, since although the mainline kernel, perhaps, does fine x% of the time, the realtime kernel is likely (or certain, perhaps) to do fine y% of the time, where y% is significantly greater than x%.
Posted Nov 16, 2012 10:41 UTC (Fri)
by dmk (guest, #50141)
[Link]
Posted Nov 13, 2012 22:51 UTC (Tue)
by tdwebste (guest, #18154)
[Link]
It would be very interesting to replace IEC61508 certified RTOS with linux-RT.
Posted Nov 14, 2012 9:00 UTC (Wed)
by alejluther (subscriber, #5404)
[Link] (5 responses)
At the end, there was a question to Thomas Gleixner "Do you consider RT Preempt will make other solutions like Xenomai obsolete?"
"Yes, I do believe so" was the reply.
The answer made me smile since it makes clear what is the mindset of people like Thomas: they love challenges whatever the complexity!
I will not bet against him but moving the Fully-Preemptible Real-Time Linux kernel one step further means HARD real time. The main problems against is the kernel is too big and all we know bugs are out there. Xenomai and other solutions like RTLinux/RTAI are based on simplicity so bugs can be minimized. RTOS vs GPOS is all about determinism and RTOS can achieve this because the code is small enough for verification.
RT Preemtp has brought some sort of revolution with design changes like IRQ threads. IMHO making the RT Preempt hard real time could just be achieved with another revolution which would make happy professor Andrew Tanenbaum (and Linus a bit grumpy).
Posted Nov 15, 2012 10:26 UTC (Thu)
by tglx (subscriber, #31301)
[Link] (4 responses)
Your assumption is, that Xenomai, RT-Linux and RTAI are fulfilling the requirements of hard real-time. I agree that the RTOS code base part of those is small, but it's complex enough that I have serious doubts about the ability to formally verify them. Aside of that all those systems are so interwoven with Linux itself, that you'll have a real hard time to prove that there is no undesired influence possible from the "idle task Linux" to the "safe RTOS". Just look at the obvious lack of fault isolation and explain me how that is fulfilling the requirements. While Preempt-RT might look more complex in the first place, I dare to claim that building an hybrid system, which fully relies on facilities of the "idle taks Linux" in all its glory without having full isolation in all aspects, is just introducing a different level of hard to understand and hard to verify complexity. As long as nobody can point me to real proof of why any of the above solutions is verifiably more real-timeish than Preempt-RT, I definitely stand to my word, that Preempt-RT will make those obsolete or already has done so at least partially. Thanks
Posted Nov 15, 2012 13:00 UTC (Thu)
by simlo (guest, #10866)
[Link] (2 responses)
Safety critical != hard real time
Safety critical means that the system is certified and verified and maybe even mathematical proven to be correct. This implies small code and very often hard realtime.
Hard real time means that there per design is an upper boundary to latency. But we all know that a system might not work as designed. Therefore a system can be hard real time by design but fail due to bugs.
Thus by these definitions neither preempt realtime, RT-Linux nor Xenomia can be be safety critical but all can claim "hard real time" - but only if they have made sure that all code paths blocking scheduling of higher priority tasks and interrupts, have an upper boundary.
And for a practical note: The theoretical upper boundary is not magnitudes higher than what you can measure in tests.
Posted Nov 15, 2012 17:29 UTC (Thu)
by tglx (subscriber, #31301)
[Link] (1 responses)
Though hard real-time systems must be designed in a way that they guarantee not to ever miss a deadline, simply because missing a single deadline is considered a fatal full system failure. So how do you guarantee that by other means than by mathematical proof?
> And for a practical note: The theoretical upper boundary is not magnitudes higher than what you can measure in tests.
None of those systems including Preempt-RT can specify their theoretical upper boundary, except in safe ranges which make them not at all different :)
Thanks
Posted Dec 9, 2012 7:41 UTC (Sun)
by gmatht (guest, #58961)
[Link]
Posted Nov 15, 2012 13:24 UTC (Thu)
by alejluther (subscriber, #5404)
[Link]
That's a good point. But I talked about RTAI or RTLinux because the Xenomai reference. My experience is with RTLinux internals and the virtualization made there is just the simplest one, so you do not have isolation. You know there are today solutions based on full virtualization even with hardware help which, I guess, is a must for real full isolation.
The good part of RTLinux technique (I think RTAI did not follow the rule of "keep simple" strictly) is you can use it with some microcontrollers which will not have support for hardware virtualization.
Don't take me wrong. I think you are doing a fantastic job and with your mindset, maybe you prove me wrong in the future. I just wanted to point out the challenge (probably) needs another revolution regarding kernel design. By the way, the kernel modularity could be the starting point.
LCE: Realtime, present and future
Speaking of which, what kind of applications require real time these days? Linux audio used to be mentioned often, but these days it appears that CONFIG_PREEMPT is enough; is it?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Also, I am unsure these cars would work in Europe with crazy drivers and difficult-to-compute timings at some crossings.
Real time for what?
Real time for what?
I do think they will have to prove their safety far more rigorously than the average human driver, though.
Real time for what?
Real time for what?
Naturally. There's a driving examiner in the front passenger seat; getting an accurate picture of someone's everyday driving in such conditions is more or less impossible.
Real time for what?
Here's an example: Linux CNC
Real time for what?
Cool! Those look pretty critical to me: having catastrophic consequences if they fail -- at least causing damage to property, and probably to operators.
Real time for what?
Real time for what?
I was thinking more along the lines of plasma cutters or robots, also mentioned in the link: failing to switch off the plasma may have bad consequences. Or a cutting machine which needs precise synchronization between different pieces. But perhaps most of these machines are designed to be fail-safe.
Real time for what?
Real time for what?
Real time for what?
Real time for what?
http://wiki.linuxcnc.org/cgi-bin/wiki.pl?Debian_Wheezy_Li...
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
https://lwn.net/op/FAQ.lwn#subs
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
Real time for what?
LCE: Realtime, present and future
LCE: Realtime, present and future
IEC6150
LCE: Realtime, present and future
LCE: Realtime, present and future
tglx
LCE: Realtime, present and future
LCE: Realtime, present and future
tglx
Most systems also have no proof that a kernel panic won't occur.
LCE: Realtime, present and future