Real-Time Programming

Real-Time Constraints

A real-time system must produce correct results within a defined time bound. The classification depends on what happens when a deadline is missed.

Categories

| Type | Deadline Miss Consequence | Example | |---|---|---| | Hard | System failure, catastrophic | Airbag deployment, ABS braking, pacemaker | | Firm | Result is worthless, no catastrophe | Video frame rendering, radar sweep | | Soft | Degraded quality, still usable | Audio streaming, UI responsiveness |

Key Metrics

• Worst-Case Execution Time (WCET): maximum time a task can take
• Jitter: variation in execution timing between invocations
• Latency: delay from event occurrence to response start
• Determinism: predictability of timing behavior

RTOS Concepts

A Real-Time Operating System provides deterministic scheduling, inter-task communication, and resource management.

Tasks (Threads)

Tasks are independent units of execution with their own stack. Each task has a priority and state:

           create
  Ready <------------ Blocked
    |                    ^
    | scheduler          | wait (semaphore,
    v  dispatches        |  queue, delay)
  Running ---------------+
    |
    | delete / complete
    v
  Terminated

Scheduling Algorithms

| Algorithm | Description | Used In | |---|---|---| | Preemptive priority | Highest-priority ready task runs immediately | FreeRTOS, Zephyr | | Round-robin | Equal-priority tasks share time slices | FreeRTOS (same priority) | | Rate Monotonic (RMS) | Shorter period = higher priority (static) | Safety-critical systems | | Earliest Deadline First | Closest deadline runs next (dynamic) | Research, some RTOS |

Rate Monotonic Schedulability Test

For n periodic tasks with periods T_i and execution times C_i:

Utilization U = sum(C_i / T_i) <= n * (2^(1/n) - 1)

For n -> infinity: U <= ln(2) ~ 0.693

Practical: if total CPU utilization < 69.3%, RMS guarantees all deadlines are met.

FreeRTOS

The most widely deployed RTOS, running on billions of devices. Open-source, supports ARM Cortex-M, RISC-V, Xtensa, and more.

Task Creation

// FreeRTOS task example (C API, as FreeRTOS is C-based)
void sensor_task(void *pvParameters) {
    for (;;) {
        read_sensor();
        vTaskDelay(pdMS_TO_TICKS(100)); // Sleep 100ms, yield CPU
    }
}

xTaskCreate(sensor_task, "Sensor", 256, NULL, 2, NULL);
// Parameters: function, name, stack_size, params, priority, handle

Queues

Thread-safe FIFO for passing data between tasks or from ISRs to tasks:

  Producer Task  ---->  [ | | | | ]  ---->  Consumer Task
                         Queue (N items)

Queues block the sender when full and the receiver when empty (with optional timeout).

Semaphores

Binary semaphore: signaling mechanism (ISR signals task). Starts empty.

ISR:  xSemaphoreGiveFromISR(sem, &woken);   // Signal
Task: xSemaphoreTake(sem, portMAX_DELAY);   // Wait for signal

Counting semaphore: tracks multiple available resources.

Mutexes

Mutual exclusion for shared resource protection. Unlike semaphores, mutexes support priority inheritance to mitigate priority inversion.

Task A (low priority):    Take mutex -> access shared resource -> Give mutex
Task B (high priority):   Take mutex (blocks if A holds it)
                         A's priority is temporarily raised to B's level

Zephyr RTOS

A modern, scalable RTOS backed by the Linux Foundation. Features:

• Device tree for hardware description (borrowed from Linux)
• Kconfig-based build system
• Extensive driver model and networking stack
• Bluetooth, Wi-Fi, Thread, LoRaWAN support
• Memory protection via MPU
• Supports 500+ boards across ARM, RISC-V, x86, Xtensa

Embassy (Async Embedded Rust)

Embassy is an async runtime for embedded Rust, offering an alternative to traditional RTOS patterns using Rust's async/await.

// Embassy async embedded -- no heap allocation, no threads

PROCEDURE MAIN(spawner)
    p ← INIT_PERIPHERALS(defaults)

    // Spawn concurrent tasks -- no heap allocation, no threads
    SPAWN(BLINK_TASK, p.PA5)
    SPAWN(SENSOR_TASK)

ASYNC TASK BLINK_TASK(pin)
    led ← OUTPUT_PIN(pin, level ← LOW, speed ← LOW)
    LOOP
        TOGGLE(led)
        AWAIT TIMER(500 ms)   // Non-blocking delay

ASYNC TASK SENSOR_TASK()
    LOOP
        // Read sensor, process data
        AWAIT TIMER(100 ms)

Embassy advantages over traditional RTOS:

• Zero-allocation async tasks (each task is a state machine)
• Compile-time task safety (no stack overflow from undersized stacks)
• Rust ownership model prevents data races without runtime checks
• HAL drivers with native async support (UART, SPI, I2C with DMA)

Interrupt Handling

Interrupt Service Routine (ISR)

ISRs execute in response to hardware events. They must be:

• Short: do minimal work, defer processing to tasks
• Non-blocking: never wait, sleep, or call blocking functions
• Reentrant-safe: use only ISR-safe APIs

Interrupt Priority and Nesting

ARM Cortex-M NVIC supports priority levels (lower number = higher priority on Cortex-M):

Priority 0 (highest) ──> System critical (fault handlers)
Priority 1            ──> Time-critical (motor control)
Priority 2            ──> Communication (UART RX)
Priority 3            ──> Background (sensor polling)
  ...
Priority 15 (lowest)  ──> Non-critical

Nested interrupts: a higher-priority interrupt can preempt a lower-priority ISR. The Cortex-M NVIC supports this natively via tail-chaining and late-arrival optimization.

Interrupt Latency

Time from interrupt assertion to first ISR instruction:

| Component | Cycles (Cortex-M4) | |---|---| | Recognition | 1 | | Stacking (push registers) | 12 | | Vector fetch | Varies | | Total minimum | ~12-15 cycles |

Tail-chaining eliminates unstacking/restacking when switching between ISRs.

ISR Pattern: Defer to Task

GLOBAL DATA_READY ← ATOMIC_BOOL(FALSE)

ISR EXTI0()
    // In ISR: minimal work
    CLEAR_INTERRUPT_FLAG()
    ATOMIC_STORE(DATA_READY, TRUE, Release)

// In main loop or task:
LOOP
    IF ATOMIC_SWAP(DATA_READY, FALSE, Acquire) THEN
        PROCESS_DATA()   // Heavy work done outside ISR
    WAIT_FOR_INTERRUPT()  // Sleep until next interrupt

Critical Sections

Code regions where interrupts are disabled to ensure atomic access to shared state.

// Disable interrupts for the duration of the block
CRITICAL_SECTION DO
    // Access shared state safely
    data ← BORROW_MUTABLE(SHARED_DATA)
    data ← data + 1
// Interrupts automatically restored

Critical sections must be kept as short as possible to minimize interrupt latency.

Mutex Alternatives in no_std Rust

// Global shared state protected by interrupt-disabling mutex
GLOBAL COUNTER ← MUTEX(0)

ISR TIM2()
    CRITICAL_SECTION DO
        count ← BORROW_MUTABLE(COUNTER)
        count ← count + 1

Priority Inversion

A high-priority task is blocked by a low-priority task holding a shared resource, while a medium-priority task preempts the low-priority task -- effectively inverting priorities.

High   ████░░░░░░░░░░████████   (blocked waiting for mutex)
Medium ░░░░████████████░░░░░░   (runs, preempts Low)
Low    ████░░░░░░░░░░░░████░░   (holds mutex, preempted by Medium)
                         ^ mutex released

Solutions

| Solution | Mechanism | |---|---| | Priority inheritance | Low task temporarily gets high task's priority | | Priority ceiling | Mutex is assigned the priority of its highest user | | Lock-free algorithms | Atomics, wait-free data structures | | Disable interrupts | Simple but increases latency |

Key Takeaways

• Hard real-time systems have absolute deadlines; soft systems tolerate occasional misses.
• RTOS primitives (tasks, queues, semaphores, mutexes) enable structured concurrent programming.
• Embassy brings Rust's async/await to embedded, offering zero-allocation concurrency without a traditional RTOS.
• ISRs must be short and non-blocking; defer heavy processing to tasks.
• Priority inversion is a real hazard; use priority inheritance or lock-free designs.
• Critical sections protect shared state but must be minimized to preserve system responsiveness.