Supporting I/O and IPC via fine-grained OS isolation for mixed-criticality real-time tasks
- PDF / 2,480,357 Bytes
- 42 Pages / 439.37 x 666.142 pts Page_size
- 15 Downloads / 155 Views
Supporting I/O and IPC via fine‑grained OS isolation for mixed‑criticality real‑time tasks Namhoon Kim1 · Stephen Tang1 · Nathan Otterness1 · James H. Anderson1 · F. Donelson Smith1 · Donald E. Porter1
© Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Efforts towards hosting safety-critical, real-time applications on multicore platforms have been stymied by a problem dubbed the “one-out-of-m” problem: due to excessive analysis pessimism, the overall capacity of an m-core platform can easily be reduced to roughly just one core. The predominant approach for addressing this problem introduces hardware-isolation techniques that ameliorate contention experienced by tasks when accessing shared hardware components, such as DRAM memory or caches. Unfortunately, in work on such techniques, the operating system (OS), which is a key source of potential interference, has been largely ignored. Most real-time OSs do facilitate the use of a coarse-grained partitioning strategy to separate the OS from user-level tasks. However, such a strategy by itself fails to address any data sharing between the OS and tasks, such as when OS services are required for interprocess communication (IPC) or I/O. This paper presents techniques for lessening the impacts of such sharing, specifically in the context of 𝖬𝖢𝟤 , a hardware-isolation framework designed for mixed-criticality systems. Additionally, it presents the results from micro-benchmark experiments and a large-scale schedulability study conducted to evaluate the efficacy of the proposed techniques and also to elucidate sharing vs. isolation tradeoffs involving the OS. This is the first paper to systematically consider such tradeoffs and consequent impacts of OS-induced sharing on the one-out-of-m problem. Keywords Real-time · Mixed-criticality · Hardware management · Multi-core systems · I/O · Interprocess communication
* Stephen Tang [email protected] Extended author information available on the last page of the article
13
Vol.:(0123456789)
Real-Time Systems
1 Introduction The desire to host real-time workloads on multicore platforms in safety-critical application domains has been stymied by a problem dubbed the “one-out-of-m” problem (Erickson et al. 2015; Kim et al. 2017b): when certifying the real-time correctness of a system running on m cores, analysis pessimism can be so excessive that the processing capacity of the “additional” m − 1 cores is entirely negated. In effect, only “one core’s worth” of capacity can be utilized even though m cores are available. In domains such as avionics, this problem has led to the common practice of simply disabling all but one core. The roots of the one-out-of-m problem are directly traceable to interference due to contention for shared hardware components: as noted in a recent FAA report (Certification Authorities Software Team 2016), interference creates effects that are difficult to predict, and when this happens, analysis pessimism is the inevitable result. Given these roots, the predominant approach f
Data Loading...
