Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC



Similar documents
Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

System Software and TinyAUTOSAR

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to

A hypervisor approach with real-time support to the MIPS M5150 processor

Experience with the integration of distribution middleware into partitioned systems

Do AUTOSAR and functional safety rule each other out?

Virtualization. Dr. Yingwu Zhu

Full and Para Virtualization

COS 318: Operating Systems. Virtual Machine Monitors

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

9/26/2011. What is Virtualization? What are the different types of virtualization.

Parallels Virtuozzo Containers

How to Perform Real-Time Processing on the Raspberry Pi. Steven Doran SCALE 13X

Enabling Technologies for Distributed Computing

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015

evm Virtualization Platform for Windows

System Software Integration: An Expansive View. Overview

Servervirualisierung mit Citrix XenServer

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

Enabling Technologies for Distributed and Cloud Computing

Safety and Security Features in AUTOSAR

Basics of Virtualisation

Secure data processing: Blind Hypervision

Linux A multi-purpose executive support for civil avionics applications?

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

Pros and Cons of HPC Cloud Computing

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Real-Time Operating Systems for MPSoCs

Virtualization Technology

Parallels Virtuozzo Containers

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Introduction to Virtual Machines

Fachbereich Informatik und Elektrotechnik SunSPOT. Ubiquitous Computing. Ubiquitous Computing, Helmut Dispert

Virtualization. Jukka K. Nurminen

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Unifying Information Security

The QEMU/KVM Hypervisor

Introduction to the NI Real-Time Hypervisor

Virtualization. Pradipta De

MultiPARTES. Virtualization on Heterogeneous Multicore Platforms. 2012/7/18 Slides by TU Wien, UPV, fentiss, UPM

Migrating to ESXi: How To

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

POSIX. RTOSes Part I. POSIX Versions. POSIX Versions (2)

AUTOSAR Software Architecture

VMware ESXi 3.5 update 2

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Architectures for Distributed Real-time Systems

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

Chapter 5 Cloud Resource Virtualization

Monitoring Databases on VMware

User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools

Product Information Services for Embedded Software

Virtualization: Hypervisors for Embedded and Safe Systems. Hanspeter Vogel Triadem Solutions AG

Mobile Operating Systems Lesson 05 Windows CE Part 1

Flight Processor Virtualization

Open Source Software

Runtime Verification for Real-Time Automotive Embedded Software

Embedded OS. Product Information

KVM in Embedded Requirements, Experiences, Open Challenges

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

System Structures. Services Interface Structure

Embedded PC The modular Industrial PC for mid-range control. Embedded PC 1

Thomas Fahrig Senior Developer Hypervisor Team. Hypervisor Architecture Terminology Goals Basics Details

12. Introduction to Virtual Machines

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

Mentor Embedded IVI Solutions

Unisys ClearPath Forward Fabric Based Platform to Power the Weather Enterprise

Java Environment for Parallel Realtime Development Platform Independent Software Development for Multicore Systems

XtratuM hypervisor redesign for LEON4 multicore processor

Achieving Real-Time Performance on a Virtualized Industrial Control Platform

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Chapter 3: Operating-System Structures. Common System Components

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Intel Virtualization Technology (VT) in Converged Application Platforms

Beyond Virtualization: A Novel Software Architecture for Multi-Core SoCs. Jim Ready September 18, 2012

IOS110. Virtualization 5/27/2014 1

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

Virtual Machines. COMP 3361: Operating Systems I Winter

Safety and security related features in AUTOSAR

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC

The Microsoft Windows Hypervisor High Level Architecture

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

VtRES Towards Hardware Embedded Virtualization Technology: Architectural Enhancements to an ARM SoC. ESRG Embedded Systems Research Group

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Bosch Video Management System High Availability with Hyper-V

Optimize Server Virtualization with QLogic s 10GbE Secure SR-IOV

Leveraging Thin Hypervisors for Security on Embedded Systems

Virtual Machines.

A lap around Team Foundation Server 2015 en Visual Studio 2015

Industrial Application of MultiPARTES

Transcription:

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC 1 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Introduction Overview of presentation This presentation is concerned with what drives the use of hypervisors in the automotive domain, and what an automotive-class hypervisor might look like The main overall driver is convergence Hardware is becoming less diverse. Fewer processor types. Software is converging on a smaller number of operating systems. AUTOSAR (international de facto automotive software standard) Linux Applications are converging on a smaller number of ECUs Coupled with a much wider range of application requirements Increased safety and security 2 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Problem overview Car electrical/electronic (E/E) systems are getting more complex. Software trends More complex More diverse Dynamic Highly connected Safe Secure Reliable Hardware trends More processors (multicore, manycore) More memory Faster, more diverse networks COTS and CE convergence 3 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Problem overview E/E system complexity needs to be reduced E/E Complexity Too many ECUs Merge to Domain Control Units High speed inter-dcu links Legacy for control/sense Key questions What s in a DCU? How are virtual ECUs isolated? How is the system coordinated? How is legacy supported? Fast backbone gigabit range IP Gateway DCU DCU DCU Engine ECU ECU CAN/LIN CAN/LIN ECU ECU USB, etc. Lidar Video Radar 4 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Using hypervisors Hypervisor introduction The purpose of the hypervisor is to allow multiple ECU images to run on the same ECU, with appropriate levels of separation and scheduling guarantees Allows different parts of the E/E system to be combined on a smaller number of ECUs. The hypervisor is a thin layer that sits between the hardware and the images. It provides a virtual machine (VM) in which the image runs This is also called a type-1 hypervisor. Type-2 hypervisors run on top of an existing OS or RTOS In addition to separation, it also provides abstractions to allow access to hardware devices and inter-vm communications. 5 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Hypervisors as part of the solution Abstract architecture of ETAS hypervisor system For protected systems Safe, secure inter- VM comms Virtual Machine Virtual Machine ECU image. Hypervisor MPU abstraction VM-VM Comms VDE Virtual Device Emulator arbitrates shared hardware Exceptions Services Shared IO VDE IO via HV. Slow. Direct IO. Fast. Own IO Own IO CPU, MPU Shared IO CPU, MPU Own IO Own IO Implementation on Aurix and ARM processors 1:1 CPU to VM mapping. Lower latency. Easier scheduling 6 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Reasons for using hypervisors Hypervisor introduction Reduce integration costs Less need to port old applications to new operating systems. AUTOSAR facilitates semi-portable application code. Hypervisor solution competes with AUTOSAR for application integration. If you have 2 or more systems, which is better? Integrate using AUTOSAR Integrate using a hypervisor So you need to compare systems integrated with AUTOSAR with those integrated with a hypervisor 7 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Integrating Systems Original systems a1 a2 b1 b2 <- Applications RTE(a) BSW(a) ECUa RTE(b) BSW(b) ECUb <- Communications <- OS and drivers Integrate with AUTOSAR Integrate with Hypervisor a1 a2 b1 b2 a1 a2 b1 b2 RTE(ab) RTE(a) RTE(b) ECUab BSW(ab) BSW(a) BSW(b) Hypervisor ECUab 8 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Reasons for using hypervisors Hypervisor introduction Integration with AUTOSAR May be hard to handle different versions of the same OS Different OS s cannot be handled (e.g. AUTOSAR and Linux) What is the cost of re-configuring the RTE and BSW? How is mixed criticality handled? Integration with hypervisor Better spatial separation Better temporal separation Better API separation VM restart compared to complete ECU restart Better security Faster boot time Some costs rise Common code is duplicated in each VM rather than shared These lead to much better support for safety systems and mixed criticality systems. 9 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Overview of real-time problems Hardest requirements are typically in engine control A key performance indicator is interrupt latency Typical high end controller Around 40,000 interrupts per second AUTOSAR tends to concentrate interrupt onto one core Overheads too high if CAT2 ISRs are used Around 120 interrupt sources Around <5us interrupt latency, fastest case Clock speed around 300 MHz 2MB FLASH <512MB RAM 2 or 3 cores Shared RAM, FLASH and peripherals CPU loads are often in excess of 90% How do you build a hypervisor in such a small system and how do you guarantee its real-time properties? 10 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Current VM scheduling approaches Simplest approach: 1 VM per core. Approach adopted by ETAS hypervisor No VM scheduling to worry about Scheduling of HV internal operations at highest interrupt priority Low interrupt latency Cyclic (Arinc 653) Predictable Fair (avoids starvation) Long interrupt latency Hypervisor implements VM processes All processes in all VMs scheduled by hypervisor Bad for portability and legacy compatibility Hypervisors scheduler may not support AUTOSAR, legacy and Linux scheduling policies. 11 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Future VM scheduling approaches Multiple VMs per core are required A scheduling model is needed which is Fair to the VMs (no starvation) Enforces temporal separation Has low interrupt latency Can be modelled and reasoned about Has low run-time overheads Proposed priority space assignment Burns, Evripidou, Morgan Partitions have a Synchronous Mode that runs when budgets permit Interrupts take time from the Asynchronous Mode budget until their budget is used up The hypervisor always has the highest priority 12 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

What so special about automotive? Automotive has many domain-specific requirements Low interrupt latency Small footprint Static configuration Hard real time Some requirements are contradictory and need configuration to resolve them. For example, static vs. dynamic configuration should be statically configurable. Configuration allows some requirements to be removed. E.g. Diagnostics might be configurable. How many of these requirements are supported by current commercial hypervisors? Very few. Certification Comprehensive peripheral support Dynamic configuration Feature download Soft real time Boot loaders Safety Diagnostics Portability Calibration Security Configuration Multicore Shared-device abstractions 13 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Future work An automotive hypervisor for 2018 onwards? Support all relevant use cases and requirements More than one VM per core, with predictable timing. more VMs than cores More than one core per VM, with predictable timing. support for multi-core VMs. VM migration Migrate VMs to avoid overloaded or faulty hardware Timing model System becomes a composition of VMs, with known timing behaviour Communications (RTE++) System-wide inter-vm communications mechanism 14 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

Thanks for listening Thank you for your attention Dr Gary Morgan ETAS/ESC gary.morgan@etas.com +44 (0)1904 562584 15 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information