Home | History | Annotate | Download | only in devices 
      1 page.title=Avoiding Priority Inversion
      2 @jd:body
      3 
      4 <!--
      5     Copyright 2013 The Android Open Source Project
      6 
      7     Licensed under the Apache License, Version 2.0 (the "License");
      8     you may not use this file except in compliance with the License.
      9     You may obtain a copy of the License at
     10 
     11         http://www.apache.org/licenses/LICENSE-2.0
     12 
     13     Unless required by applicable law or agreed to in writing, software
     14     distributed under the License is distributed on an "AS IS" BASIS,
     15     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     16     See the License for the specific language governing permissions and
     17     limitations under the License.
     18 -->
     19 <div id="qv-wrapper">
     20   <div id="qv">
     21     <h2>In this document</h2>
     22     <ol id="auto-toc">
     23     </ol>
     24   </div>
     25 </div>
     26 
     27 <p>
     28 This article explains how the Android's audio system attempts to avoid
     29 priority inversion, as of the Android 4.1 release,
     30 and highlights techniques that you can use too.
     31 </p>
     32 
     33 <p>
     34 These techniques may be useful to developers of high-performance
     35 audio apps, OEMs, and SoC providers who are implementing an audio
     36 HAL. Please note implementing these techniques is not
     37 guaranteed to prevent glitches or other failures, particularly if
     38 used outside of the audio context.
     39 Your results may vary, and you should conduct your own
     40 evaluation and testing.
     41 </p>
     42 
     43 <h2 id="background">Background</h2>
     44 
     45 <p>
     46 The Android AudioFlinger audio server and AudioTrack/AudioRecord
     47 client implementation are being re-architected to reduce latency.
     48 This work started in Android 4.1, continued in 4.2 and 4.3, and now more
     49 improvements exist in version 4.4.
     50 </p>
     51 
     52 <p>
     53 To achieve this lower latency, many changes were needed throughout the system. One
     54 important change is to assign CPU resources to time-critical
     55 threads with a more predictable scheduling policy. Reliable scheduling
     56 allows the audio buffer sizes and counts to be reduced while still
     57 avoiding artifacts due to underruns.
     58 </p>
     59 
     60 <h2 id="priorityInversion">Priority Inversion</h2>
     61 
     62 <p>
     63 <a href="http://en.wikipedia.org/wiki/Priority_inversion">Priority inversion</a>
     64 is a classic failure mode of real-time systems,
     65 where a higher-priority task is blocked for an unbounded time waiting
     66 for a lower-priority task to release a resource such as [shared
     67 state protected by] a
     68 <a href="http://en.wikipedia.org/wiki/Mutual_exclusion">mutex</a>.
     69 </p>
     70 
     71 <p>
     72 In an audio system, priority inversion typically manifests as a
     73 <a href="http://en.wikipedia.org/wiki/Glitch">glitch</a>
     74 (click, pop, dropout),
     75 <a href="http://en.wikipedia.org/wiki/Max_Headroom_(character)">repeated audio</a>
     76 when circular buffers
     77 are used, or delay in responding to a command.
     78 </p>
     79 
     80 <p>
     81 In the Android audio implementation, priority inversion is most
     82 likely to occur in these places. And so we focus attention here:
     83 </p>
     84 
     85 <ul>
     86 
     87 <li>
     88 between normal mixer thread and fast mixer thread in AudioFlinger
     89 </li>
     90 
     91 <li>
     92 between application callback thread for a fast AudioTrack and
     93 fast mixer thread (they both have elevated priority, but slightly
     94 different priorities)
     95 </li>
     96 
     97 <li>
     98 within the audio Hardware Abstraction Layer (HAL) implementation, e.g. for telephony or echo cancellation
     99 </li>
    100 
    101 <li>
    102 within the audio driver in kernel
    103 </li>
    104 
    105 <li>
    106 between AudioTrack callback thread and other app threads (this is out of our control)
    107 </li>
    108 
    109 </ul>
    110 
    111 <p>
    112 As of this writing, reduced latency for AudioRecord is planned but
    113 not yet implemented. The likely priority inversion spots will be
    114 similar to those for AudioTrack.
    115 </p>
    116 
    117 <h2 id="commonSolutions">Common Solutions</h2>
    118 
    119 <p>
    120 The typical solutions listed in the Wikipedia article include:
    121 </p>
    122 
    123 <ul>
    124 
    125 <li>
    126 disabling interrupts
    127 </li>
    128 
    129 <li>
    130 priority inheritance mutexes
    131 </li>
    132 
    133 </ul>
    134 
    135 <p>
    136 Disabling interrupts is not feasible in Linux user space, and does
    137 not work for Symmetric Multi-Processors (SMP).
    138 </p>
    139 
    140 
    141 <p>
    142 Priority inheritance
    143 <a href="http://en.wikipedia.org/wiki/Futex">futexes</a>
    144 (fast user-space mutexes) are available
    145 in Linux kernel, but are not currently exposed by the Android C
    146 runtime library
    147 <a href="http://en.wikipedia.org/wiki/Bionic_(software)">Bionic</a>.
    148 We chose not to use them in the audio system
    149 because they are relatively heavyweight, and because they rely on
    150 a trusted client.
    151 </p>
    152 
    153 <h2 id="androidTechniques">Techniques used by Android</h2>
    154 
    155 <p>
    156 We started with "try lock" and lock with timeout. These are
    157 non-blocking and bounded blocking variants of the mutex lock
    158 operation. Try lock and lock with timeout worked fairly well for
    159 us, but were susceptible to a couple of obscure failure modes: the
    160 server was not guaranteed to be able to access the shared state if
    161 the client happened to be busy, and the cumulative timeout could
    162 be too long if there was a long sequence of unrelated locks that
    163 all timed out.
    164 </p>
    165 
    166 
    167 <p>
    168 We also use
    169 <a href="http://en.wikipedia.org/wiki/Linearizability">atomic operations</a>
    170 such as:
    171 </p>
    172 
    173 <ul>
    174 <li>increment</li>
    175 <li>bitwise "or"</li>
    176 <li>bitwise "and"</li>
    177 </ul>
    178 
    179 <p>
    180 All of these return the previous value and include the necessary
    181 SMP barriers. The disadvantage is they can require unbounded retries.
    182 In practice, we've found that the retries are not a problem.
    183 </p>
    184 
    185 <p>
    186 <strong>Note</strong>: Atomic operations and their interactions with memory barriers
    187 are notoriously badly misunderstood and used incorrectly. We include
    188 these methods here for completeness but recommend you also read the article
    189 <a href="https://developer.android.com/training/articles/smp.html">
    190 SMP Primer for Android</a>
    191 for further information.
    192 </p>
    193 
    194 <p>
    195 We still have and use most of the above tools, and have recently
    196 added these techniques:
    197 </p>
    198 
    199 <ul>
    200 
    201 <li>
    202 Use non-blocking single-reader single-writer
    203 <a href="http://en.wikipedia.org/wiki/Circular_buffer">FIFO queues</a>
    204 for data.
    205 </li>
    206 
    207 <li>
    208 Try to
    209 <i>copy</i>
    210 state rather than
    211 <i>share</i>
    212 state between high- and
    213 low-priority modules.
    214 </li>
    215 
    216 <li>
    217 When state does need to be shared, limit the state to the
    218 maximum-size
    219 <a href="http://en.wikipedia.org/wiki/Word_(computer_architecture)">word</a>
    220 that can be accessed atomically in one-bus operation
    221 without retries.
    222 </li>
    223 
    224 <li>
    225 For complex multi-word state, use a state queue. A state queue
    226 is basically just a non-blocking single-reader single-writer FIFO
    227 queue used for state rather than data, except the writer collapses
    228 adjacent pushes into a single push.
    229 </li>
    230 
    231 <li>
    232 Pay attention to
    233 <a href="http://en.wikipedia.org/wiki/Memory_barrier">memory barriers</a>
    234 for SMP correctness.
    235 </li>
    236 
    237 <li>
    238 <a href="http://en.wikipedia.org/wiki/Trust,_but_verify">Trust, but verify</a>.
    239 When sharing
    240 <i>state</i>
    241 between processes, don't
    242 assume that the state is well-formed. For example, check that indices
    243 are within bounds. This verification isn't needed between threads
    244 in the same process, between mutual trusting processes (which
    245 typically have the same UID). It's also unnecessary for shared
    246 <i>data</i>
    247 such as PCM audio where a corruption is inconsequential.
    248 </li>
    249 
    250 </ul>
    251 
    252 <h2 id="nonBlockingAlgorithms">Non-Blocking Algorithms</h2>
    253 
    254 <p>
    255 <a href="http://en.wikipedia.org/wiki/Non-blocking_algorithm">Non-blocking algorithms</a>
    256 have been a subject of much recent study.
    257 But with the exception of single-reader single-writer FIFO queues,
    258 we've found them to be complex and error-prone.
    259 </p>
    260 
    261 <p>
    262 Starting in Android 4.2, you can find our non-blocking,
    263 single-reader/writer classes in these locations:
    264 </p>
    265 
    266 <ul>
    267 
    268 <li>
    269 frameworks/av/include/media/nbaio/
    270 </li>
    271 
    272 <li>
    273 frameworks/av/media/libnbaio/
    274 </li>
    275 
    276 <li>
    277 frameworks/av/services/audioflinger/StateQueue*
    278 </li>
    279 
    280 </ul>
    281 
    282 <p>
    283 These were designed specifically for AudioFlinger and are not
    284 general-purpose. Non-blocking algorithms are notorious for being
    285 difficult to debug. You can look at this code as a model. But be
    286 aware there may be bugs, and the classes are not guaranteed to be
    287 suitable for other purposes.
    288 </p>
    289 
    290 <p>
    291 For developers, we may update some of the sample OpenSL ES application
    292 code to use non-blocking algorithms or reference a non-Android open source
    293 library.
    294 </p>
    295 
    296 <h2 id="tools">Tools</h2>
    297 
    298 <p>
    299 To the best of our knowledge, there are no automatic tools for
    300 finding priority inversion, especially before it happens. Some
    301 research static code analysis tools are capable of finding priority
    302 inversions if able to access the entire codebase. Of course, if
    303 arbitrary user code is involved (as it is here for the application)
    304 or is a large codebase (as for the Linux kernel and device drivers),
    305 static analysis may be impractical. The most important thing is to
    306 read the code very carefully and get a good grasp on the entire
    307 system and the interactions. Tools such as
    308 <a href="http://developer.android.com/tools/help/systrace.html">systrace</a>
    309 and
    310 <code>ps -t -p</code>
    311 are useful for seeing priority inversion after it occurs, but do
    312 not tell you in advance.
    313 </p>
    314 
    315 <h2 id="aFinalWord">A Final Word</h2>
    316 
    317 <p>
    318 After all of this discussion, don't be afraid of mutexes. Mutexes
    319 are your friend for ordinary use, when used and implemented correctly
    320 in ordinary non-time-critical use cases. But between high- and
    321 low-priority tasks and in time-sensitive systems mutexes are more
    322 likely to cause trouble.
    323 </p>
    324 
    325