Virtualization Technology in Real-Time Embedded Systems · PDF fileA RTOS (Real-Time OS) like uCOS-II is used to run real-time ... Runs on a single ARM9 processor, instead of the traditional

Virtualization Technology in Real-

Time Embedded Systems

Zonghua Gu, Zhejiang University

Virtualization A Virtual Machine (VM) "abstracts" the computing

resources of a physical machine into virtual resources Introduces a level of indirection between virtual

resources and physical resources

A Virtual Machine Monitor (VMM) (or Hypervisor)is a software layer that implements the mapping from virtual resources to physical resources

Benefits of Virtualization

Migration of legacy software to new HW platforms No need for porting (except possible

paravirtualization)

Server Consolidation Run multiple VMs on a single HW platform

Runtime migration of VMs For fault-tolerance/load balancing, etc.

Isolation among multiple VMs Increased protection and reliability

Facilitates safety-critical certification DO-178B for avionic systems; ISO 26262 for

automotive systems

Hypervisor Types

Type 1: runs on bare HW (our focus)

Type 2: runs on a host OS

Taken from Aguiar et al 2010

Full vs. Para Virtualization

Full virtualization: guest OS is unmodified; sensitive instructions raise exceptions that are handled by the hypervisor Ex. VMWare, QEMU

Para-virtualization: guest OS is modified to replace sensitive instructions with hypercalls into the hypervisor Ex. Xen, UML (User-

Mode Linux)

Taken from Fornaeus 2010

Intel Virtualization Technology

Intel VT-x for IA-32 and Intel 64: provides the basic framework that virtual

machine monitors (VMMs) need to operate efficiently.

Intel VT-d for Directed I/O: facilitates virtualization of I/O devices, such

as remapping DMA accesses into segment memory locations, filtering and remapping interrupts.

Intel VT-c for Connectivity: runs in conjunction with Intel Ethernet

controllers that support filtering and mapping network traffic to specific queues 'owned' by a particular VM.

Virtualization on Intel Atom

Processors

Intel Atom Silverthorne processor family

(Z520, Z530, Z540, Z550) supports VT-x

Intel Atom PineView processor family

(N4xx, D5xx) does not support VT-x

Must use para-virtualization

In general, full virtualization is not

desirable for embedded systems due to

runtime overhead; para-virtualization is

preferred.

But full virtualization is needed for legacy

OSes, or closed-source OSs like

Embedded Virtualization

Virtualization has traditionally been applied to servers and desktop workstations

Recently, both industry and academia showed increased interest in virtualization for embedded systems

Many companies offer embedded virtualization products: For mobile phones: OK-Labs, VirtualLogix,

VMWare… For safety-critical systems: WindRiver,

Acontis Technology, SysGO, OpenSynergy, LynuxWorks…

Embedded Systems Characteristics

Embedded systems have resource constraints: memory/processing Must minimize code size and runtime

overhead

Embedded systems have diverse processor architectures and embedded OSes Intel, PowerPC, ARM, MIPS Most embedded processors do not have HW

support for virtualization

Case Study: OK-Labs A GPOS (General-Purpose OS) like Windows or Linux is used to run

GUI and other diverse applications

A RTOS (Real-Time OS) like uCOS-II is used to run real-time applications (networking protocol stack, etc.)

Integrate both on a single processor with virtualization technology

e.g.: Motorola Evoke QA4 feature phone Runs on a single ARM9 processor, instead of the traditional application

processor + baseband processor

Taken from OK-Labs documentation

Case Study: WindRiver

WindRiver Hypervisor

supports Linux, VxWorks; Intel and

PowerPC processors

Taken from WindRiver documentation

Case Study: WindRiver’cont

Supports a range of Intel processors, from Xeon to Atom

Automation pyramid: virtualization can be applied at all levels in factory automation

Taken from WindRiver documentation

Case Study: ARINC 653 Standard for

Avionics Software specification for space and time partitioning in Safety-critical

avionic systems MILS (Multiple Independent Levels of Security) Separation Kernel serves

as “hypervisor”

Spatial and temporal separation among partitions to achieve fault isolation

Each partition has fixed memory size and temporal duration

Within a partition (shared address space) Multiple tasks; periodic/aperiodic, with deadline

Across partitions (isolated address spaces) TDMA scheduling, with fixed allotment of CPU time for each partition

Virtualization product from Lynuxworks is based on ARINC 653.

Research Issues

Real-time CPU scheduling

Power-aware scheduling

Real-time IO

Security

…

The Xen Virtual Machine

Open source virtualization software

developed by Univ of Cambridge in

2003

Runs on x86 and ARM

Uses para-virtualization for high-

performance

The Xen Scheduler

Xen has two schedulers:

Simple Earliest Deadline First (SEDF)

scheduler

Gust VM with earliest deadline gets highest

priority

Credit scheduler.

A proportional share scheduler with a load

balancing feature for SMP systems.

Boosting mechanism

Preferentially schedule I/O bound VMs that receive

event notifications

Neither scheduler is suitable for hard real-

time systems

Real-Time CPU Scheduling in VM

Environment

Hypervisor schedules multiple OSes

OS schedules multiple application tasks

Hypervisor and OS are unaware of each other’s scheduling algorithm Especially true for full-virtualization

How to make real-time guarantees to application tasks in virtualized environment?

For a hybrid workload, how to achieve real-time guarantees for hard real-time tasks and high throughput for soft real-time tasks?

Hierarchical Scheduling Framework Multiple levels of scheduling: OS-level and Application-level

Each level can adopt different scheduling algorithms Static Cyclic(SC), Fixed-Priority (FP), Earliest Deadline First

(EDF)…

A set of periodic tasks can be abstracted as a single equivalent periodic task for schedulability analysis

CPU

OS Scheduler

Application

Scheduler

Task Task

Application

Scheduler

Task Task

Application

Scheduler

Task Task

Taken from Shin et al RTSS’03

Resource Supply Bound

Resource supply during an interval of length t sbfR(t) : the minimum possible resource supply by resource

R over all intervals of length t

For a single periodic resource model, where CPU is periodically available for 2 time units out of every 3 time units, i.e.,Γ(3,2), sbf Γ(t) looks like:

0 1 2 3 4 5 6 7 8 9 10

tsupply

0

2

4

6

8

10

12

14

16

18

20

1 4 7 10 13 16 19 22 25 28

supply

demand

Schedulability Condition A periodic workload set W is schedulable under

scheduling algorithm SA over a periodic resource model Γ(Π,Θ) if and only if

i.e., CPU demand does not exceed CPU supply for

any time interval [0,t]

)t(sbf t)SA,dbf(W, 0t

time

Adapting HSF to VM Environment

Two-level scheduling

Hypervisor-level scheduler schedules

multiple VMs

VM-level scheduler schedules application

tasks

Challenges:

HSF only applies to single-processor; need

to extend to multicore processors

World-switch among multiple VMs is

expensive

Need to minimize context-switch frequency and

latency

Reducing Runtime Overheads

Reduce world-switch times

Tag TLB by ASID to avoid TLB flushes

Better caching of VMCB state

Reduce world-switch frequencies

Direct device assignment to VMs

Implement more functions in the guest

OS through para-virtualization

Virtualization on Multicore

Processors

Integrating multiple cores on a single-chip causes sharing of many on-chip resources, including bus, memory hierarchy, etc., thus causing challenges to real-time predictability Need to extend real-time scheduling algorithms for joint

scheduling of CPU, bus and memory

How to make real-time guarantees with dynamic load-balancing?

Bus

CPU1 CPU2 CPU3

L1$

L2$

Memory

L1$ L1$

Shared

Resources

Power-Aware Scheduling

Power-aware scheduling in virtualized environment is challenging: VM only sees virtual HW; may issue

conflicting power requests Consider 2 VMs on the same physical CPU;

One VM may ask its virtual CPU to increase voltage/frequency w/DVS; another VM may ask its virtual CPU to decrease voltage/frequency

Hypervisor needs to reconcile conflicting power requests One solution: “fake” DVS effects by

increasing/decreasing CPU allocation in the scheduler

Real-Time IO

Xen’s split-driver IO model A special privileged domain called Dom0

contains device driver backends

Each user domains (DomU) contains device driver front-ends

Device IO interrupt handling goes through Dom0

To improve real-time responsiveness Avoid device virtualization if possible Dedicated device for each VM

Put device drivers in DomU

Summary

Virtualization for embedded systems is

an increasingly popular research topic

MOE-Intel Grant at ZJU

Embedded Real-Time Virtualization on

the Intel Atom Processor