TECHNOLOGY IN SYSTEMS
Hypervisors and Operating Systems for Multicore
Hypervisors Ease the World of Multicore Processors
Making the move to a multicore architecture involves some challenges for software developers. Some interesting technologies are becoming available that can aid in this transition.
ROBERT DAY, LYNUXWORKS
Page 1 of 1
In the realm of high-performance embedded 32-and 64-bit devices, it is becoming increasingly difficult to buy a single core processor. This means that systems that have been traditionally based around unicore processors are now facing a move to a multicore part. This has created some interesting challenges for the hardware developers, but even more for software engineers, as a large part of hardware change involves the migration of legacy software, often having been designed and optimized to run in unicore systems.
The majority of 32-bit and above embedded systems use real-time operating systems (RTOS) to help with the different functions that need to take place on the device. The RTOS will help with accessing peripherals, will offer communication and networking stacks and disk access routines, all of which allows the software engineer to really focus on the applications that are specific to the embedded device that he is building.
When moving to a multicore device, there are a number of ways that the use of the legacy RTOS can help with software migration. Having to rewrite applications to use another OS can be a laborious and risky process, and so having options to reuse the legacy RTOS is appealing.
There are a number of options open to developers when faced with new multicore hardware and maintaining the existing RTOS API for the legacy applications. Option one is to simply use the multicore chip as a single core device. Although this seems a little crazy, it is commonly being done if either each core in the multicore CPU is equivalent in performance to the legacy unicore processor, or if the original system had enough performance bandwidth to run fine even with a decrease in processor performance of the individual core in the multicore processor. The RTOS and applications will run as if they were running in a single core system and ease the migration of the RTOS and applications dependent on it.
The second option is to run multiple copies of the original RTOS on the different cores. This is not as simple as if they were discreet processors, as much of the internal peripherals and memory are shared. So, having an RTOS that has been specifically designed to run in an asymmetric multiprocessing mode (AMP) will actually make this task easier, although there is still new work required to configure the RTOS onto the cores and across the shared resources. Even when this has been accomplished, there are still issues with the sharing of the applications across the two distinct copies of the RTOS, as decisions now need to be made about which application, task, process or thread needs to be moved from the original CPU to the second core, and then how those components will communicate and synchronize with those running on the first core.
A more interesting but less commonly available approach is to use a symmetric multiprocessing (SMP) version of the original operating system. An SMP implementation typically requires that the multicore processor have multiple functionally identical cores that all utilize a single physical RAM, and that access to all regions of RAM is equally fast for all cores. It also requires that all the cores be completely or mostly (in multicore packages) independent and have no hierarchy between the cores. The advantages of the SMP approach over AMP are that the partitioning of the applications or processes is largely taken care of by the OS, as is the use of shared devices and memory; the RAM footprint for the OS is reduced as only one copy of the OS is running, and better performance and load balancing across the multiple cores is achieved (Figure 1).
AMP vs. SMP on a multicore platform.
A separation kernel/embedded hypervisor is a new type of software technology that has emerged as a very interesting alternative or complement to the AMP/SMP RTOS when moving to a multicore environment. The separation kernel is a small operating system that runs on multicore hardware and partitions or separates the resources (processors, memory and peripherals) for the applications to use. When the separation kernel also contains hypervisor technology, these partitions can now run “guest” operating systems rather than just applications each having access to the resources available to their own partition. This allows for a flexible AMP/SMP combination, but more importantly, it allows for different guest operating systems to be run on the same multicore hardware system. So, legacy OSs and applications can be run in one partition, and new OSs and/or applications can be run in other partitions.
This technology provides a virtualized hardware environment for the guest operating systems, and presents each partition with a processor, memory and peripherals as if they were the only physical parts of system. This allows for some very creative division of the physical hardware (including the multicore processors) into multiple virtual domains. It also leads to a new concept in the embedded device space, that of using a desktop OS and a traditional RTOS on the same hardware. In the past, the desire to have desktop functionality on an embedded device has leaned toward using the “embedded” versions of OSs like Windows and Linux, which has often led to a compromise in real-time performance and determinism, or a compromise or cut-down in desktop functionality.
Now using a separation kernel with an embedded hypervisor, a “true” and fully featured desktop OS can run in one partition, maybe utilizing multiple cores in a device that has more than two cores, and a true RTOS can run in its partition. This scenario relies on the fact that the underlying separation kernel and hypervisor have real-time performance and determinism, and if that is the case then this new hybrid embedded system will have all the functionality, connectivity and applications found on a traditional desktop system, but will also offer the real-time characteristics of a true RTOS. This definitely shows a real advantage to using multicore parts, and actually allows the consolidation of multiple physical systems down into one.
A fully featured separation kernel and hypervisor can enable a number of different scenarios for the use of guest operating systems. The first is to allocate a dedicated core for the guest operating system, effectively offering a supervised AMP environment. Advantages over a normal AMP solution include the ability to partition shared memory and resources easily and effectively for each guest OS, the ability to utilize inter-partition communication to allow the different guests and their applications to communicate with each other without having to using external communication devices, and also to have different types of guest operating systems with different resource requirements to effectively coexist on the same hardware. The second scenario is to allow multiple guests to share a single core. This offers the same ability to partition resources as the supervised AMP, but now allows OSs and applications that don’t need all of the processing power of the core to share with another OS and application. This configuration is particularly useful when moving a system or systems to a more powerful processor.
The final configuration is to allow guest operating systems to run in SMP mode across multiple cores in the system. The number of cores and the resources allocated are still defined by the hypervisor, but the SMP guest OS can now take advantage of extra processing power when needed. This last scenario is very useful when moving a dual-core SMP system to a 4-core or above processor. All of these configurations help provide a very flexible implementation on multicore hardware, but where it gets really cool is when all of them can be implemented simultaneously on the same system. So an SMP guest could share two cores with a small guest OS, and on the same system a unicore guest could be given its own dedicated core. Figure 2 shows a conceptual system configuration on a 4-core system.
A modern separation kernel and hypervisor offer the most flexible use of a multicore device.
Embedded developers are always worried about the performance hit of running extra software in the system, and hence are naturally interested in what the potential performance downside of running an extra hypervisor layer would be. There are a number of optimizations that can be made to a hypervisor to make it less intrusive. The first is to take advantage of hardware virtualization capabilities that are built into many new processors. These have been designed to allow hypervisors to run guest operating systems very efficiently. The second is to make modifications to the guest operating system to optimize its running on the hypervisor, in a technique known as paravirtualization. This obviously requires access to the source and the low-level parts of the guest operating system, but this is often available for either RTOS or open-source desktop OSs. The results that have been studied for LynxSecure separation kernel and hypervisor from LynuxWorks have shown less than 5% performance degradation (typically less than 2%) for a paravirtualized guest OS verses a native version without LynxSecure running on the same hardware.
The final interesting application for a separation kernel and embedded hypervisor is also a driving factor in the design and implementation of some of these technologies—the area of security. Being able to partition processors and resources on the same system allows developers to securely isolate the applications and data in one partition from other partitions. In the defense world there have been requirements to host multiple systems on the same hardware that contain information or communications running at different levels of security classification, commonly known as multiple independent levels of security (MILS). A secure separation kernel provides the partition and domain isolation, and the hypervisor adds the ability to run different OSs within those partitions. This allows OSs with no inherent security features to be run in a secure system, with the separation kernel isolating them away from the other “trusted” components that are resident on the same hardware.
Requirements for security are not limited to the defense industry. Many devices that are “connected” to the internet also need to offer protection against malicious attacks. The separation kernel not only helps those devices utilize multicore hardware, but at the same time add security functionality to their system.
Modern operating systems can aid the migration of legacy embedded software from a single core to a multicore device. The use of a separation kernel and embedded hypervisor allows the migration of legacy applications and also their original operating systems with minimal overhead, while at the same time allowing the system to be securely partitioned. This new technology offers the most flexible approach and allows for easy future integration of more cores or more features into the embedded system.
San Jose, CA.