Programmable Temporal Isolation in Real­Time and Embedded Execution Environments
Silviu S. Crăciunaş, Christoph M. Kirsch, Hannes Payer,
Harald Röck, Ana Sokolova
University of Salzburg, Austria
Outline

RTOS

Virtualization

Microkernels

Tiptoe design

Scheduler

Compact­fit memory management

I/O Channels
2 / 13
RTOS


Scheduling

Static time slicing 
Priorities

EDF
No temporal isolation
Protection

single address space

Co­located OS

POSIX API or non standard API?

Heterogeneous applications No spatial isolation
3 / 13
Virtualization


Benefits

Legacy software support

Device driver

Strict isolation Spatial isolation
Embedded systems are highly integrated

System VM is a black box – no control over threads

Interdomain communication
No temporal isolation
4 / 13
Microkernels


Minimal software layer on top of hardware

Fast IPC message passing

Manages light­weight isolated components
OS services and sensitive applications as servers


Spatial isolation
Protection
Microkernel as hypervisor

Type I hypervisor and paravirtualization

L4Linux, OK­Wombat, ...
No temporal isolation
5 / 13
tiptoe.cs.uni­salzburg.at
6 / 13
Temporal Isolation


Process model

Action is a piece of program code

Process as sequence of actions
Execution of an action is temporally isolated if the response time is determined by the code itself and its inputs independent of any concurrent activity
7 / 13
Scheduler



Variable bandwidth servers (VBS) for individual process actions

Generalization of constant bandwidth servers (CBS)

Bandwidth cap (U) as percentage of CPU time Virtual periodic resource (,)

Limit () 
Period () Processes dynamically adjust (,)


U
8 / 13
Scheduler


Process adjusts (,) to control its execution speed

Programmable temporal isolation

Response time variation (jitter) is at most 
Example: Controller loop with two actions

Read Sensors, calculate, and update actuators low latency

Update status, log state, send to terminal
less stringent
9 / 13
Experiment
1=320, 3550 , 2=500,5340 
10 / 13
Memory Management

Compact­fit (CF) memory management [ATC'08]

Allocator for object­based memory model

Predictable in time and space 
Integration goal

Processes specify allocation rate instead of CPU time

Controlled by VBS scheduler
11 / 13
I/O Channels



Communication link between two processes with a bandwidth cap
Data transfer is like an action

Data
– workload

Chunk size – limit

Rate
– period
Integration goal

Processes specify transfer rate of a data transfer

Controlled by VBS scheduler
12 / 13
Q&A
Thank you!
13 / 13