Real-time virtualization – how hard can it be?

Download Real-time virtualization – how hard can it be?

Post on 12-Apr-2017

44 views

Category:

Technology

0 download

TRANSCRIPT

Title 44pt sentence caseAffiliations 24pt sentence case20pt sentence case ARM 2017 Real-time virtualization how hard can it be?Felix Baum, Mentor GraphicsEmbedded WorldJon Taylor, Embedded technology manager, ARM16th March 2017 ARM 2017 2Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualizationWhile there are many virtualization solutions available on the market, the majority were designed a while ago for single core, top-end processors and most of them were built for other markets, industries and goals: Server market to move packets around Desktop market to share IT infrastructure Military/aerospace market to comply with standardsMentor Embedded Hypervisor was designed for modern multi-core SoCs for industrial and automotive devices with certification, real time and performance requirements. ARM 2017 3Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization use casesThe set of features and capabilities offered by Mentor Embedded Hypervisor is designed to address the various consolidation use cases facing device manufacturers Automotive Converged IVI systems and consolidated IVI and cluster architectures Advanced driver assistance system (ADAS) platforms Industrial Integrated robotics systems Payment processing platforms ARM 2017 4Text 54pt sentence case Thanks for readingFor more information on real-time virtualisation visit arm.comSign-up for the latest news and information from ARM ARM 2017 5Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization as separation enforcementSafety: Protecting the world from the deviceSecurity: Protecting the device from the worldMixed criticality: Protection of security or safety-critical parts of the device from other parts of the deviceISO26262-6 requires freedom from interference - if two systems can interfere with each other, they must be certified to the highest ASIL level of the two.Secure separation aims to eliminate such interference. ARM 2017 6Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization requirements Type 1 (bare metal) hypervisor Sub 10K LOC code base Exploit hardware virtualization extensions for security and efficiency Hypervisor with a security focus Strong isolation and containment of guests Secure-critical information & software Multi-core and multi-guest enabled with flexible scheduling Dedicate guests to cores in a variety of configurations Core virtualization using priority-based, pre-emptive scheduler with round-robin time-slicing support Support AMP and SMP guests Extensive device model flexibility & performance Directly-assign devices for performance (NICs, I/O, etc.) and virtual device model (for sharing between VMs) ARM 2017 7Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization on Cortex-R52Unicore implementation Can easily support multiple unicore virtual machines (i.e. CPU virtualization) VMs can run RTOS and/or Bare Metal Environments (BME)Cortex-R52 SoCCore 0 Peripherals / memoryHypervisorVM 2 BMEVM 1 RTOSEach VM has restricted access to memory / peripherals via virtualization extensions / HV MPU configurationVMs scheduled on Core 0 by configured HV scheduling policies ARM 2017 8Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization on Cortex-R52Multicore implementationCortex-R52 SoCCore 0 Peripherals / memoryHypervisormasterVM 2 BMEVM 1 RTOSEach VM has restricted access to memory / peripherals via virtualization extensions / HV MPU configurationCore 1HypervisorSlaveMEMF MEMFMaster HV loads / starts all Slave HV imagesHV images communicate using IPC provided by MEMF VM 3 RTOSVMs scheduled on any virtualized core by configured HV scheduling policies ARM 2017 9Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization on ARMv8-AMulticore implementation Traditional hypervisor can run SMP across all managed cores VMs can support SMP or UP guests VMs can support all OS typesCortex-A SoCCore 0 Peripherals / memoryHypervisorVM 2 BMEVM 1 SMP LinuxEach VM has restricted access to memory / peripherals via virtualization extensions HV MPU configuration Core 1VM 3 RTOSVMs scheduled on any virtualized core by configured HV scheduling policies ARM 2017 10Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization: Device modelsDriver model: Direct The guest owns the device Driver in the VM controls device Recommended model Fastest, native performanceDriver model: Shared One of the guests owns the device Driver in that VM controls device The rest of the VMs share the device Helps to keep hypervisor code smallDriver model: Virtualized Hypervisor owns the device Driver in hypervisor controls device Each VM owns a second level driver Hypervisor provides data assurance ARM 2017 11Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseEmbedded virtualization: Beyond toolchainDebug support JTAG and agents need to be supportedSoftware tracing and analysis via agents with synchronized data support ARM 2017 12Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseHard real-time requirementsWill the system meet its deadlines?What happens if an error occurs?How much does worst case performance vary?Determinism ARM 2017 13Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseCortex-A and hard real timeCortex-A - system and software designers have to consider carefully: MMU page table walks can take 1000s of cycles Cache warmth can affect determinism Memory mapped access to GIC Can depend on other bus traffic Peripherals share memory busCortex-R52 - hardware provides more features for hard real-time: MPU always takes single cycle to check permissions TCMs can be used to guarantee single cycle memory access System register access to GIC Guaranteed single cycle access Low latency peripheral port ARM 2017 14Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseHard real-time and virtualization Cortex-R52 is the first ARMv8-R processor, bringing together hard real-time and virtualizationComplete OSs and tasks can be virtualizedCortex-R52Safe task ATask DTask CSafe task BMonitor / hypervisorRTOS RTOS ARM 2017 15Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence case14x faster MPU reconfiguration for spatial separation Real-time software separation at OS level is feasible with faster context switching Cortex-R52 can switch a whole OS as fast as Cortex-R5 can switch a task OS switch similar to task switch but with more state to save/restore New ARMv8-R programming model supports flexible size and alignment of MPU regionsMOV r0,#0MCR RGNR,r0ISBMRC r1,DRACRMRC r2,DRBARMRC r3,DRSRSTM r4!,{r1-r3}ADD r0,r0,#1CMP r0,#16BNE loopx1616866631108601 cyclesMRC r1,PRBAR0MRC r2,PRLAR0MRCMRCr3,PRBAR1STM r5!,{r1-r4}MRC r1,MAIR0MRC r2,MAIR1STM r5!,{r1,r2}x8110311244 cyclesr4,PRLAR10ARMv7-R (Cortex-R5) ARMv8-R (Cortex-R52) ARM 2017 16Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseTiming separation adds to freedom from interferenceRTOS ATimer (t0)Timer (t1)Interrupt taken to HypRTOS BTimer (t2)SlackTiming not to scaleOS switchSystem EventOS switchRTOS tick handlerRTOS task switchOverrun due to system event in previous tick ARM 2017 17Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseRTOS ATimer (t0)Timer (t1)Interrupt taken to HypRTOS BTimer (t2)SlackTiming not to scaleOS switchSystem EventOS switch OS switchRTOS ARegular RTOS context switchAnd resumption of taskOverrun now resumedTiming separation adds to freedom from interference ARM 2017 18Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseInterrupts in multi-core Cortex-R52 systemsSoCL2GIC DistributorCPU Core 1GIC CPU InterfaceCPU Core 0HypervisorIRQGuest OSInterrupt routingAXI (mem mapped)Control registersHardware InterruptsFIQGIC virtual CPU InterfaceGIC CPU InterfaceHypervisor Guest OSInterrupt routingFIQ vFIQGIC virtual CPU InterfaceIRQGuest OSvIRQ vFIQGp 0 Gp 1Gp 0 Gp 1 ARM 2017 19Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseBuilding a complete systemASIL BASIL DCortex-R52Memory PeripheralsHyp HypRTOS RTOSBMETask TaskTaskTask TaskTaskPeripheralsSoftwareHardware ARM 2017 20Title 40pt sentence caseBullets 24pt sentence casebullets 20pt sentence caseConclusions Virtualization is a key tool for managing growing complexity of embedded systems Consolidation of software from multiple sources onto a single processing platform Maintaining separation and therefore freedom from interference Fulfilling key requirements in safety-related and/or security applications Hard real-time deadlines impose additional requirements Type-1 (bare metal) virtualization is required Hypervisors will be written to make best use of the hardware platform ARM Cortex-R52 processor provides new capabilities to enable hard real-time virtualizationThe trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.Copyright 2017 ARM Limited ARM 2017 Meet the experts Felix and Jon will be answering questions on the ARM stand (Hall 3, stand 342) at 2pm today