multicore virtualization for mixed-criticality systems dr. salvador trujillo [email protected]...
TRANSCRIPT
Multicore virtualization for Mixed-Criticality Systems
Dr. Salvador [email protected]
Santander, Spain. Sep 4th, 2013MultiPARTES FP7 Project
2
Once upon a time … All electronics deployed in monocore platforms
– Non-critical in specific platforms– Critical systems in specific platforms
Certification process for critical systems– Separation among critical and non-critical was physical– Designs (software and hardware) were more clearly defined
(less indeterminism)
Is this part of the past?
3
Changing situation Advent of multicore …
– Driven by consumer electronics market– Driven by demands to increase computation beyond monore– Driven by energy efficiency
Proliferation of devices ….– Automotive: 70-100 ECUs with wires totaling
50+ kg (weight, volume), – large energy consumption
Stringent market needs– More safety into electronics (SIL4 signaling,
safety brake, electronic steering, etc)– Security concerns (e.g. eCall system)– Near-zero energy consumption
Challenge
Is there a way to keep up with the proliferation of devices while reducing energy/weight/volume and
coping with stricter requirements at the same time?
4
Industry needs
MPT
Railways
Wind Power Space
Automotive
Surveillance+Computation power+Applications+Safety functions+Security concerns+Mixed attributes+Connectivity +Complexity+Productivity
—Engineering effort—Energy consumption—Time to market
5
MultiPARTES OverviewSystem
Sys1
HWi
SWA
Sys2
HWj
SWB
Sys3
HWk
SWC
Pre MultiPARTES TimesN subsystems, each with its specific hardware platform
SystemSys1
SWA
Sys2
SWB
HWiCorei Corej Corek
Sys3
SWC
Partitioning kernel
Ability to integrate several systems into a single hardware platform
Post MultiPARTES TimesSingle hardware platform shared by the subsystems by means of partitioning over multiple cores
6
Mixed-Criticality Systems Definition by Baumann, 2011
“Modern electronic systems used in industry (avionics, automotive, etc) combine applications with different security, safety, and real-time requirements. Systems with such mixed requirements are often referred to as mixed-criticality systems“
Definition by MultiPARTES, 2013 “A mixed criticality system is a system that can execute several applications
guaranteeing their mixed requirements of different real-time, security and safety”
7
MultiPARTES Project
Objective: Support mixed criticality systems based on heterogeneous multicore open source virtualization
Project details– IKERLAN-IK4 Project coordinator– 2.850.000 Euro Contribution– Sep 2011 Project start date – 36 months Duration
http://www.multipartes.eu/
8
We are not alone … Call 9 (2011)
– CERTAINTY Focus on safety & avionics– VIRTICAL Focus on consumer electronics & HW virtual.– T-CREST Focus on WCET– ParMERASA Focus on Probabilistic analysis
Artemis– RECOMP Focus on re-certification– ACROSS Focus on HW platform
National programs– ARAMIS (German) Focus on industrial application & certification
Call 10 (2013)– DREAMS MCS Integrated project– CONTREX Modeling energy efficiency of MCS– PROXIMA Industrial application of Probabilistic Analysis
9
MultiPARTES Contributions
Mixed-criticality based on Partitioning– There are other approaches for TSP
Hypervisor– Extending the XtratuM virtualization layer for
heterogeneous multicore Model-driven Methodology & Validation
– Provide tools and methodolody to accelerate engineering Industrial case studies
– Four cases studies (Alstom Wind, Visual Tools, etc)
10
MultiPARTES Partners
Industrial scenarios
Applied Research
market orientation is central and critical for the success
Academia
11
Collaborative spirit …
Mondragon, Sep 2011 Valencia, Dec 2011Madrid, Nov 2011
Vienna, Feb 2012 Madrid, May 2012 Bilbao, Jul 2012
12
… Collaborative spirit …
Paris, Oct 2012 Berlin, Jan 2013Brussels, Nov 2012
Brussels, Mar 2013 Barcelona, Apr 2013 Bilbao, Jun 2013
This is not mandatory … but it is really key to build a collaborative spirit
in a multi-cultural multi-national project
13
Project Status Current status
– Begin September 2011, end planned August 2014– Sep 2013 is beginning 3rd (last) year– 3/4 of deliverables either complete or under final review
Work done so far– Technical results were delivered: hypervisor, tool-chain, OS porting, – Validation of technical outcome is in progress– Work on demonstrators undergoing for evaluation
14
Project Goals
1. To develop a multicore platform virtualization layer for critical and secure embedded systems.
2. To propose a methodology to enforce the rapid development and production of new applications based on partitioned systems
3. To provide different views to be compatible with specific standards in different sectors
4. To develop methods and tools to support the application development
Multicore virtualization (WP3)
Model-driven method (WP5)
Tool-chain & validation (WP4)
HW virtualization analysis (WP6)
15
WhatPartitioning layer for Mixed-criticality Systems
Hypervisors
16
An hypervisor offers a virtual CPU to the partitions
Basic properties
• Space isolation• Temporal isolation• Predictability• Safety
• Static resource allocation• Fault isolation and management
• Security• Partition support
17
Virtual devices: the hypervisor virtualises basic devices– CPU Registers, Interrupts, Clock, Memory, …..
Dedicated devices: Other devices are not virtualised. They are directly managed by partitions
What is virtualised?
From monocore to multicore
18
Hypervisor mimics the behaviour of the underlaying hardware:
• Offers as many virtual CPUs as real CPUs has the board
• Allows the partitions to be mono or multi-core
• Initialises the real CPUs and offers the vCPU0 to the partitions
• Partitions are in charge of initialise all the vCPUs
From homogeneous to heterogeneous
19
Different processors to perform complementary operations:• Two instances of the virtualisation layer• One system configuration (global model) that generates 2
configuration file• Synchronisation need
• Scheduling plan• Communication • Partition management
21
Scheduling
How partitions are scheduled?
• Several plans• System modes
• Each plan • Specifies the temporal
allocation of vCPUs to CPUs
22
System configuration
How the system is specified? • Static resource allocation• Configuration file (XML file)
Conf. file
xml-parser generation Conf. vector
Model• Subjects• Exported resources• Operations
23
Current status
MultiPARTES virtualization layer supports– Homogeneous Multicore– Heterogeneous Multicore
XM is working on the project platforms– Homogeneous Multicore: tested.– Heterogeneous Multicore: currently under test
XM preliminary performance– 0.15%-5% of overhead depending on scenarios
• Partition context switch• Register context switch• Etc …
24
HowModel-driven engineering for Mixed-criticality Systems
25
Model-driven approach• Models for applications and platform• Non functional requirements:
• Annotations on models• Safety, security and real-time
• Transformations for analysis and artifacts generation
Methodology and toolset:rapid development and production of new applications based on partitioned systems
26
Objectives of toolset
Tool support for system partitioning– Consider non-functional requirements:
real-time, security, safety Reuse of applications and platforms
– Description independent of a particular system Types of applications
– Modelled: full model is available: UML + Marte– Non-modelled: only is available the source code
or the final executable
27
Basis of the tool
Input information:– Platform and Application models – Partitioning constraints
Activities:– Propose a system partitioning– Meet the constraints,
including real-time, safety, and security Outcomes:
– Code skeletons, XtratuM configuration files, make file
28
Forest of m, MM, MT …Applications
model
Transformation to tool format
Neutral model
Transformation to neutral
model
XtratuM Configuration files
Source code
Platform model
Partitioning
tool
Deployment model
Partitioning restrictions
model
Transformation to
restrictions
Transformation to source code
System generation files
Transformation to
configuration files
Transformation for system generation
ValidationTool
29
Revisiting Major OutcomeMulticore virtualization (WP3)
Model-driven method (WP5)
Tool-chain & validation (WP4)
HW virtualization analysis (WP6)
Visual (Availability)
Wind power (Safety)
Aerospace (Dependability)
Automotive (Security)
30
Conclusions
Challenging field with industrial interests (there is some competition going on …)
Collaborative effort together with other projects (DREAMS, PROXIMA, etc)
Transferring advance technology to the industry
A new breed of embedded systems is being conceived
31
Future work
What is still missing– Complete technology
• hypervisor assessment• validation tools• model-driven tools• HW virtualization mechanisms
– Evaluate technology by use cases– Foster dissemination & exploitation
Beyond our project– From multicore to manycore … does it make sense in industry? Where?– Certification of the approach. Work together with certification body? – Availability of commercial HW, HW mechanisms– Ease integration of legacy code– Analyze interaction of different attributes (safety, security, etc)– Etc …
Multicore virtualization (WP3)
Model-driven method (WP5)
Tool-chain & validation (WP4)
HW virtualization analysis (WP6)
32
Questions are welcome
©2013 IKERLAN. All rights reserved
33
15 min of fame are over … An outlook on the work we are doing
– Industrial application– Mixed-criticality integration– Partitioning– Model-driven Engineering
Research projects together– Opportunities in H2020?
