Results 1 - 10
of
26
From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels?
"... The L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions which are deployed on a large scale and in safety-critical systems. In this paper we examine the lessons learnt in those 20 years about microkernel design ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
The L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions which are deployed on a large scale and in safety-critical systems. In this paper we examine the lessons learnt in those 20 years about microkernel design and implementation. We revisit the L4 design papers, and examine the evolution of design and implementation from the original L4 to the latest generation of L4 kernels, especially seL4, which has pushed the L4 model furthest and was the first OS kernel to undergo a complete formal verification of its implementation as well as a sound analysis of worst-case execution times. We demonstrate that while much has changed, the fundamental principles of minimality and high IPC performance remain the main drivers of design and implementation decisions. 1
Predictable Interrupt Management and Scheduling in the Composite Component-based System
, 2008
"... This paper presents the design of user-level scheduling hierarchies in the Composite component-based system. The motivation for this is centered around the design of a system that is both dependable and predictable, and which is configurable to the needs of specific applications. Untrusted applicati ..."
Abstract
-
Cited by 12 (4 self)
- Add to MetaCart
(Show Context)
This paper presents the design of user-level scheduling hierarchies in the Composite component-based system. The motivation for this is centered around the design of a system that is both dependable and predictable, and which is configurable to the needs of specific applications. Untrusted application developers can safely develop services and policies, that are isolated in protection domains outside the kernel. To ensure predictability, Composite needs to enforce timing control over user-space services. Moreover, it must provide a means by which asynchronous events, such as interrupts, are handled in a timely manner without jeopardizing the system. Towards this end, we describe the features of Composite that allow user-defined scheduling policies to be composed for the purposes of combined interrupt and task management. A significant challenge arises from the need to synchronize access to shared data structures (e.g., scheduling queues), without allowing untrusted code to disable interrupts or use atomic instructions that lock the memory bus. Additionally, efficient upcall mechanisms are needed to deliver asynchronous event notifications in accordance with policy-specific priorities, without undue recourse to schedulers. We show how these issues are addressed in Composite, by comparing several hierarchies of scheduling polices, to manage both tasks and the interrupts on which they depend. Studies show how it is possible to implement guaranteed differentiated services as part of the handling of I/O requests from a network device while avoiding livelock. Microbenchmarks indicate that the costs of implementing and invoking user-level schedulers in Composite are on par with, or less than, those in other systems, with thread switches more than twice as fast as in Linux.
Towards Effective User-Controlled Scheduling for Microkernel-Based Systems
, 2007
"... With µ-kernel based systems becoming more and more prevalent, the demand for extensible resource management raises – and with it the demand for flexible thread scheduling. In this paper, we investigate the benefits and costs of a µ-kernel that exports scheduling from the kernel to user level. A key ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
With µ-kernel based systems becoming more and more prevalent, the demand for extensible resource management raises – and with it the demand for flexible thread scheduling. In this paper, we investigate the benefits and costs of a µ-kernel that exports scheduling from the kernel to user level. A key idea of our approach is to involve the user level whenever the µ-kernel encounters a situation that is ambiguous with respect to scheduling, and to permit the kernel to resolve the ambiguity based on user decisions. A further key aspect is that we rely on a generic, protection domain neutral interface between kernel and applications. For evaluation, we have developed a hierarchical user level scheduling architecture for the L4 µ-kernel, and a virtualization environment running on its top. Our environment supports Linux 2.6.9 guest operating systems on IA-32 processors. Experiments indicate an application overhead between 0 and 10 percent compared to a pure in-kernel scheduler solution, but also demonstrate that our architecture enables effective and accurate user-directed scheduling.
Ten Years of Research on L4-Based Real-Time Systems
"... Microkernels are an intriguing technology for operating systems research in general and for real-time systems in particular. To gain experience and to explore new ground, the OS research group at Technische Universität Dresden has been developing L4/Fiasco, a real-time implementation of the L4 micro ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
(Show Context)
Microkernels are an intriguing technology for operating systems research in general and for real-time systems in particular. To gain experience and to explore new ground, the OS research group at Technische Universität Dresden has been developing L4/Fiasco, a real-time implementation of the L4 microkernel specification. Using this kernel, we built an architecture that supports legacy software and provides real-time guarantees. In this paper, we will describe and discuss the design decisions that led us to this architecture. Based on this system, we set out to explore interesting real-time research areas such as networking, disk scheduling and real-time graphics. The results have been published separately, but we will use this article to give a concise overview and present the rationale of our platform strategy as a whole. 1
An efficient implementation of the bandwidth inheritance protocol for handling hard and soft real-time applications in the Linux kernel
- in Proceedings of the 4 th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT 2008
, 2008
"... This paper presents an improvement of the Bandwidth Inheritance Protocol (BWI), the natural extension of the well-known Priority Inheritance Protocol (PIP) to resource reservation schedulers. The modified protocol allows for a better management of nested critical section, removes unneeded overheads ..."
Abstract
-
Cited by 7 (5 self)
- Add to MetaCart
(Show Context)
This paper presents an improvement of the Bandwidth Inheritance Protocol (BWI), the natural extension of the well-known Priority Inheritance Protocol (PIP) to resource reservation schedulers. The modified protocol allows for a better management of nested critical section, removes unneeded overheads in the management of task block and unblock events, and introduces a run-time deadlock detection mechanism at no cost. Also, an implementation of the new protocol on the Linux kernel is presented, along with experimental results gathered while running some synthetic application load. Presented results prove the effectiveness of the proposed solution in reducing latencies due to concurrent use of resources and in improving temporal isolation among groups of independent tasks. Also, we show that the introduced overhead is low and negligible for the applications of interest. 1
Robust Real-Time Multiprocessor Interrupt Handling Motivated by GPUs
"... Abstract—Architectures in which multicore chips are augmented with graphics processing units (GPUs) have great potential in many domains in which computationally intensive real-time workloads must be supported. However, unlike standard CPUs, GPUs are treated as I/O devices and require the use of int ..."
Abstract
-
Cited by 6 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Architectures in which multicore chips are augmented with graphics processing units (GPUs) have great potential in many domains in which computationally intensive real-time workloads must be supported. However, unlike standard CPUs, GPUs are treated as I/O devices and require the use of interrupts to facilitate communication with CPUs. Given their disruptive nature, interrupts must be dealt with carefully in real-time systems. With GPU-driven interrupts, such disruptiveness is further compounded by the closed-source nature of GPU drivers. In this paper, such problems are considered and a solution is presented in the form of an extension to LITMUS RT called klmirqd. The design of klmirqd targets systems with multiple CPUs and GPUs. In such settings, interruptrelated issues arise that have not been previously addressed. I.
Timeslice donation in component-based systems
- in OSPERT’10
, 2010
"... Abstract—An operating system that uses a priority-based scheduling algorithm must deal with the priority inversion problem, which may manifest itself when different components access shared resources. One solution that avoids priority inver-sion is to inherit the priority across component interactio ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
(Show Context)
Abstract—An operating system that uses a priority-based scheduling algorithm must deal with the priority inversion problem, which may manifest itself when different components access shared resources. One solution that avoids priority inver-sion is to inherit the priority across component interactions. In this paper we present our implementation of a timeslice donation mechanism that implements priority and bandwidth inheritance in the NOVA microhypervisor. We describe an algorithm for tracking dependencies between threads with minimal runtime overhead. Our algorithm does not limit the preemptibility of the kernel, supports blocked resource holders, and facilitates the abortion of inheritance relationships from remote processors. I.
Towards Real Multi-Criticality Scheduling
"... Abstract—Componentised systems, in particular those with fault confinement through address spaces, are currently emerging as a hot topic in embedded systems research. This paper extends the unified rate-based scheduling framework RBED in several dimensions to fit the requirements of such systems: We ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Abstract—Componentised systems, in particular those with fault confinement through address spaces, are currently emerging as a hot topic in embedded systems research. This paper extends the unified rate-based scheduling framework RBED in several dimensions to fit the requirements of such systems: We have removed the requirement that the deadline of a task is equal to its period. The introduction of inter-process communication reflects the need to communicate. Additionally we also discuss server tasks, budget replenishment and the low level details needed to deal with the physical reality of systems. While a number of these issues have been studied in previous work in isolation, we focus on the problems discovered and lessons learned when integrating solutions. We report on our experiences implementing the proposed mechanisms in a commercial grade OKL4 microkernel as well as an application with soft real-time and best-effort tasks on top of it. Keywords-real-time, temporal isolation, microkernel, components, implementation I.
The Limitations of Fixed-Priority Interrupt Handling in PREEMPT RT and Alternative Approaches ∗
"... Threaded interrupt handling is a common technique used in real-time operating systems since it increases system responsiveness and reduces priority inversions. The PREEMPT RT Linux kernel patch introduces aggressive threaded interrupt handling into the Linux kernel. However, under PREEMPT RT, interr ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Threaded interrupt handling is a common technique used in real-time operating systems since it increases system responsiveness and reduces priority inversions. The PREEMPT RT Linux kernel patch introduces aggressive threaded interrupt handling into the Linux kernel. However, under PREEMPT RT, interrupt handling threads must be assigned a single fixed scheduling priority. This can become a significant limitation when an interrupt-generating device is shared by threads of differing priorities. In this paper, we show that there is no good option for assigning a single fixed priority to an interrupt handling thread in such cases. We then survey alternative approaches from academic literature and commercial real-time operating systems to inspire new solutions in PREEMPT RT. 1
Lazy Queueing and Direct Process Switch — Merit or Myths?
"... The L4 microkernel, like many first and second generation microkernels, was designed to maximise best-effort performance. One component of its functionality critical to overall system performance is its interprocess communication primitive. L4 uses two techniques to minimise communication costs: dir ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
The L4 microkernel, like many first and second generation microkernels, was designed to maximise best-effort performance. One component of its functionality critical to overall system performance is its interprocess communication primitive. L4 uses two techniques to minimise communication costs: direct process switching and lazy queue management. These techniques improve performance at the expense of real-time predictability of the scheduler. Now that L4 is being adopted in the embedded space, which features real-time requirements, we must determine if there is continued merit in using the optimisations. In this paper we quantitatively analyse the two optimisations using different kernel implementations and measure the performance improvements of the optimisations directly, and indirectly using the Re-aim benchmark suite. We find that the system-level performance improvements are marginal for this Unix-like workload. 1.
