Skip to main content


Corporate InformationResearch & Development

January 23, 2017

Report from Presenter

TRON Symposium 2016 was held in Tokyo Midtown from 14th to 16th in December, 2016. This symposium focused on technology for embedded systems, such as TRON series operating system, IoT and open data. The author made a presentation titled "Domain Function and Scheduling Method to Achieve Safety in Embedded System" at a paper session in this symposium.

There is a growing demand for safety on embedded real-time systems. For example, the conformity to the safety standard has been recently required in procurement requirement. In such systems, safety-related tasks must run with specific deadline since their processes, such as process handling system failure, prevent catastrophic damage to life, the environment and property. On the other hand, many real-time operating systems (RTOS) have a function to manage interrupt handlers which are activated by RTOS in response to hardware interrupts. When a hardware interrupt occurs, an interrupt handler is executed immediately by interrupting the task execution .The problem is deadline miss of safety-related tasks caused by interference from non-safety-related interrupt handlers with safety-related tasks (Figure 1).

Fig. 1

Fig. 2

To solve this problem, we proposed a domain function and a scheduling method. In this domain function, domains are categorized into safety domains and normal domains. Every task and every interrupt handler belongs to one domain (Figure 2). Safety-related tasks and interrupt handlers belong to safety domains and non-safety-related ones belong to normal domains. Our scheduling method is based on the preemptive and priority-based scheduling. In the preemptive and priority-based scheduling, the task with the highest priority in the system is selected and executed. Our scheduling method schedules tasks and interrupt handlers in consideration of not only their priorities but also safety types, i.e. safety or normal domain to which they belong, and object types, i.e. task or interrupt handler. With this method, a task in a safety domain can be executed before an interrupt handler in a normal domain (Figure 3). By this proposed method, we achieved non-interference to the safety-related tasks, such that they do not get interrupts from the non-safety-related interrupt handlers, while the interrupt handler interrupts the tasks in the same domain for hardware-triggered processing (Figure 4).

Fig. 3

Fig. 4

The future work is an optimization of this scheduling method for the better real-time performance. Currently, our scheduling method needs longer activation time of interrupt handlers than original interrupt handlers. We will challenge the improvements of the activation time.


TRON stands for The Real-time Operating system Nucleus.
  • Page top