Towards temporal and spatial isolation in memory hierarchies for mixed-criticality systems with hypervisors (original) (raw)
Related papers
A Memory Arbitration Scheme for Mixed-Criticality Multicore Platforms
In mixed-criticality systems, applications of different crit- icality levels share the same computing platform. To avoid spatial and temporal interference of the applications, the computing platform must implement measures for spatial and temporal isolation. In this paper we show how the enhancement of a static memory arbiter by a second, dynamic arbitration layer facilitates the interference-free integration of mixed-criticality applications with different performance requirements. This paper (a) compares the performance tradeoffs of the new dual-layer arbiter and a COTS arbiter and (b) evaluates the performance of an XtratuM hypervisor system running on a platform with this dual-layer arbiter.
Scheduling Policies and System Software Architectures for Mixed-criticality Computing
OpenBU, 2018
Mixed-criticality model of computation is being increasingly adopted in timing-sensitive systems. The model not only ensures that the most critical tasks in a system never fails, but also aims for better systems resource utilization in normal condition. In this report, we describe the widely used mixed-criticality task model and fixed-priority scheduling algorithms for the model in uniprocessors. Because of the necessity by the mixed-criticality task model and scheduling policies, isolation, both temporal and spatial, among tasks is one of the main requirements from the system design point of view. Different virtualization techniques have been used to design system software architecture with the goal of isolation. We discuss such a few system software architectures which are being and can be used for mixed-criticality model of computation
A Dual-Layer Bus Arbiter for Mixed-Criticality Systems with Hypervisors
In mixed-criticality systems, applications with different levels of criticality are integrated on the same computational platform. Without a proper isolation of the different applications of such a mixed-criticality system certification gets expensive, because it has to be shown that application components of lower criticality do not hamper the correct operation of the critical applications. Therefore, all components -even the less critical ones -have to be certified for the highest criticality level. For single core platforms the use of hypervisors promises to shield applications of different criticality from each other. Timing problems may emerge when the hypervisor is ported to a multicore platform where different cores access the global memory concurrently. We show, that full temporal isolation of applications executing on different cores is only achievable if the hypervisor is run on appropriate hardware. The presented duallayer bus arbiter enables critical applications to preserve isolation properties and also improves the execution performance of noncritical applications.
Designing Mixed Criticality Applications on Modern Heterogeneous MPSoC Platforms
2019
Multiprocessor Systems-on-Chip (MPSoC) integrating hard processing cores with programmable logic (PL) are becoming increasingly common. While these platforms have been originally designed for high performance computing applications, their rich feature set can be exploited to efficiently implement mixed criticality domains serving both critical hard real-time tasks, as well as soft real-time tasks. In this paper, we take a deep look at commercially available heterogeneous MPSoCs that incorporate PL and a multicore processor. We show how one can tailor these processors to support a mixed criticality system, where cores are strictly isolated to avoid contention on shared resources such as Last-Level Cache (LLC) and main memory. In order to avoid conflicts in last-level cache, we propose the use of cache coloring, implemented in the Jailhouse hypervisor. In addition, we employ ScratchPad Memory (SPM) inside the PL to support a multi-phase execution model for real-time tasks that avoids ...
European project cluster on mixed-criticality systems
Modern embedded applications already integrate a multitude of functionalities with potentially different criticality levels into a single system and this trend is expected to grow in the near future. Without appropriate preconditions, the integration of mixed-criticality subsystems can lead to a significant and potentially unacceptable increase of engineering and certification costs. There are several ongoing research initiatives studying mixedcriticality integration in multicore processors. Key challenges are the combination of software virtualization and hardware segregation and the extension of partitioning mechanisms jointly addressing significant extra-functional requirements (e.g., time, energy and power budgets, adaptivity, reliability, safety, security, volume, weight, etc.) along with development and certification methodology. This paper provides a summary of the challenges to be addressed in the design and development of future mixedcriticality systems and the way in which some current European Projects on the topic address those challenges.
Mixed-criticality scheduling with memory regulation Conference Paper
2016
The state-of-the-art models and schedulability analysis for mixed-criticality multicore systems overlook lowlevelaspects of the system. To improve their credibility, we therefore incorprate, in this work, the effects of delays from memory contention on a shared bus. Specifically, to that end, we adopt the predictable memory reservation mechanism proposed by the Single Core Equivalence framework. Additionally, we explore how the reclamation, for higher-criticality tasks, of cache resources allocated to lower-criticality tasks, whenever there is a criticality (mode) change in the system, can improve schedulability. Mixed-criticality scheduling with memory regulation Muhammed Ali Awan∗, Konstantinos Bletsas∗, Pedro Souto†∗, Benny Akesson∗, Eduardo Tovar∗, Jibran Ali∗ ∗CISTER/INESC-TEC, ISEP/IPP, Portugal †Faculty of Engineering, University of Porto, Portugal Abstract—The state-of-the-art models and schedulability analysis for mixed-criticality multicore systems overlook low-level aspec...
Hypervisor-Based Multicore Feedback Control of Mixed-Criticality Systems
IEEE Access, 2018
One of the most promising approaches to mixed-criticality systems is the use of multi-core execution platforms based on a hypervisor. Several successful EU Projects are based on this approach and have overcome some of the difficulties that this approach introduces. However, interference in COTS systems due to the use of shared resources in a computer is one of the unsolved problems. In this paper, we attempt to provide realistic solutions to this problem. This paper proposes a feedback control scheme implemented at hypervisor level and transparent to partitions (critical and non-critical). The control scheme defines two controller types. One type of controller is oriented towards limiting the use of shared resources by limiting bus accesses for non-critical cores. A second type measures the activity of a critical core and acts on non-critical cores when performance decreases. The hypervisor uses a performance monitor unit that provides event counters configured and handled by the hypervisor. This paper proposes two control strategies at hypervisor level that can guarantee the execution of critical partitions. Advantages and drawbacks of both strategies are discussed. Control theory requires to identify the process to be controlled. In consequence, the activities of the critical partitions must be identified in order to tune the controller. A methodology to deal with controller tuning is proposed. A set of experiments will show the impact of the controller parameters. INDEX TERMS Cyber-physical systems, feedback control, hypervisor, mixed-criticality systems.
RT-CASEs: Container-Based Virtualization for Temporally Separated Mixed-Criticality Task Sets
2019
This paper presents the notion of real-time containers, or rt-cases, conceived as the convergence of container-based virtualization technologies, such as Docker, and hard real-time operating systems. The idea is to allow critical containers, characterized by stringent timeliness and reliability requirements, to cohabit with traditional non real-time containers on the same hardware. The approach allows to keep the advantages of real-time virtualization, largely adopted in the industry, while reducing its inherent scalability limitation when to be applied to large-scale mixed-criticality systems or severely constrained hardware environments. The paper provides a reference architecture scheme for implementing the real-time container concept on top of a Linux kernel patched with a hard real-time co-kernel, and it discusses a possible solution, based on execution time monitoring, to achieve temporal separation of fixed-priority hard real-time periodic tasks running within containers with...
2015
The use of multicore processors in general-purpose real-time embedded systems has experienced a huge increase in the recent years. Unfortunately, critical applications are not benefiting from this type of processors as one could expect. The major obstacle is that we may not predict and provide any guarantee on real-time properties of software running on such platforms. The shared memory bus is among the most critical resources, which severely degrades the timing predictability of multicore software due to the access contention between cores. To counteract this problem, we present in this paper a new approach that supports mixed-criticality workload execution in a multicore processor-based embedded system. It allows any number of cores to run less-critical tasks concurrently with the critical core, which is running the critical task. The approach is based on the use of a dedicated Deadline Enforcement Checker (DEC) implemented in hardware, which allows the execution of any number of ...