Priority Inversion

Priority inversion
• Priority inversion is one of the issues that
must be addressed during the analysis and
design of real time systems.
• In a pre-emptive system, at any point of time,
only the highest priority executes.
• But due to some reasons, if a high priority task
is blocked because of some lower priority task,
Then a priority inversion is said to have
occurred.
 Priority Inversion
• It can happen in two ways

- Bounded priority inversion

- Unbounded priority inversion
 Bounded Priority Inversion
• T H , TL
• How long is TH blocked?
• Bounded priority inversion is said to occur
when a high priority task is blocked for a
deterministic period of time with in
limit(bound)
 Unbounded priority inversion
• TH, TM , TL

• This is the case when higher priority task will

not be able to provide its services for a
unknown period of time.
• This could cause failure to the system
 Preventing priority inversion
• To avoid occurrence of priority inversion,
some schemes have been developed.
• Schemes aim at reducing the unbounded
priority inversion to bounded one.
• 2 prominent schemes are
- Priority Inheritance Protocol (PIP)
- Priority Ceiling Protocol (PCP)
 Priority Inheritance Protocol
• In this protocol, the priority of a task using a
shared resource shall be made equal to the
priority of the highest priority task that is
blocked for the resource at the current instant
 Priority Inheritance Protocol
 Priority inheritance protocol solves the problem of
priority inversion. Under this protocol, if a higher
priority task TH is blocked by a lower priority task
TL, because TL is currently executing critical
section needed by TH, TL temporarily inherits the
priority of TH.
 When blocking ceases (i.e., TL exits the critical
section), TL resumes its original priority.
Unfortunately, priority inheritance may lead to
10
deadlock.
Priority Inheritance Protocol – Deadlock
Assume T2 > T1 (i.e., T2 has high priority)
 Priority Ceiling Protocol(PCP)
• Priority ceiling protocol solves the priority inversion
problem without getting into deadlock.
• For each semaphore, a priority ceiling is defined,
whose value is the highest priority of all the tasks that
may lock it.
• When a task Ti attempts to execute one of its critical
sections, it will be suspended unless its priority is
higher than the priority ceiling of all semaphores
currently locked by tasks other than Ti.
12
 Priority Ceiling Protocol (Contd.)

• If task Ti is unable to enter its critical section

for this reason, the task that holds the lock
on the semaphore with the highest priority
ceiling is said to be blocking Ti and hence
inherits the priority of Ti.
• As long as a task Ti is not attempting to enter
one of its critical sections, it will preempt
every task that has a lower priority.
13
 Priority Ceiling Protocol -- properties
• This protocol is the same as the priority
inheritance protocol, except that a task Ti can also
be blocked from entering a critical section if any
other task is currently holding a semaphore whose
priority ceiling is greater than or equal to the
priority of task Ti.
• Prevents mutual deadlock among tasks
• A task can be blocked by lower priority tasks at
most once
14
Priority Inheritance Protocol – Deadlock
Assume T2 > T1 (i.e., T2 has high priority)
Priority Celiling Protocol - Example
• For the previous example, the priority ceiling
for both CS1 and CS2 is the priority of T2.
• From time t0 to t2, the operations are the same as
before.
• At time t3, T2 attempts to lock CS1, but is
blocked since CS2 (which has been locked by T1)
has a priority ceiling equal to the priority of T2.
• Thus T1 inherits the priority of T2 and proceeds
to completion, thereby preventing deadlock
situation. 16
 Priority Inversion - Real-world Example
• Mars Pathfinder mission (July 4, 1997)
• VxWorks (real-time OS), preemptive priority scheduling of
threads (e.g., RMS)
• Priority inversion involving three threads:
– Information bus task (T1), meteorological data gathering
task (T3), communication task (T2). Priority order:
T1>T2>T3
– Shared resource: information bus (used mutex)
• Same situation as described in the previous example had
occurred
• Findings: Priority ceiling protocol was found to be disabled
initially, then it was enabled online and the problem was
corrected
17
 Mars Rover
• The concepts of priority inversion are not
limited to research
• Mars Rover was a project by NASA to explore
the surface of MARS.
• It Consists of 2 major software block
- Landing software
- Land mission software
Mars rover
 Landing software
• Is very critical. Any fault in this part would
make the rover crash on the mars surface.

• Landing of the Rover was perfect

 Land mission software
• This is used by the controller to analyze the
environments in Mars, collect data and
transmit them back to earth.
• During the execution of land mission software,
the system started resetting itself
mysteriously.
• So data could not be collected and sent to
earth.
 Priority inversion problem in
Mars Rover
• There was an information bus which was to be used by a high
priority task.
• Another low priority task also required the bus.
• When ever the reset occurred, the low priority task had
acquired the mutex and was later pre-empted by the high
priority task.
• But it could not use the bus because, the mutex was acquired by
lower priority task
• In between an intermediate priority task used to run pre-
empting the lower priority task
• So the higher priority task could not get the mutex
 Priority inversion problem in
Mars Rover
• System had a watch dog timer
• Watch dog timer is used to reset a system if it
hangs for sometime.
• Here watch dog timer noticed that the higher
priority task could not access the bus for a
long time and hence reset the entire system.
 Solution
• Mutex when being created were created as
plain vanilla mutex
• It was decided to enable PCP feature of the
mutex.
• Using debug support feature, the PCP flag was
set to true instead of false.
• Problem never happened again.