quest a journey in space and time
play

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu - PowerPoint PPT Presentation

Nov 20, 2023 •225 likes •703 views

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

  1. Quest – A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science

  2. Goals • Develop system for high-confidence (embedded) systems – Mixed criticalities (timeliness and safety) • Predictable – real-time support • Resistant to component failures & malicious manipulation (Secure) • Self-healing • Online recovery of software component failures 2

  3. Target Applications • Healthcare • Avionics • Automotive • Factory automation • Robotics • Space exploration • Secure/safety-critical domains • Internet-of-Things (IoT) 3

  4. Case Studies • $327 million Mars Climate Orbiter – Loss of spacecraft due to Imperial / Metric conversion error (September 23, 1999) • 10 yrs & $7 billion to develop Ariane 5 rocket – June 4, 1996 rocket destroyed during flight – Conversion error from 64-bit double to 16-bit value • 50+ million people in 8 states & Canada in 2003 without electricity due to software race condition 4

  5. In the Beginning...Quest • Initially a “small” RTOS • ~30KB ROM image for uniprocessor version • Page-based address spaces • Threads • Dual-mode kernel-user separation • Real-time Virtual CPU (VCPU) Scheduling • Later SMP support • LAPIC timing FreeRTOS, Linux, Windows, Quest uC/OS-II etc Mac OS X etc 5

  6. From Quest to Quest-V • Quest-V for multi-/many-core processors – Distributed system on a chip – Time as a first-class resource • Cycle-accurate time accountability – Separate sandbox kernels for system components – Memory isolation using h/w-assisted memory virtualization – Also CPU, I/O, cache partitioning 6

  7. Related Work • Existing virtualized solutions for resource partitioning – Wind River Hypervisor, XtratuM, PikeOS, Mentor Graphics Hypervisor – Xen, Oracle PDOMs, IBM LPARs – Muen, (Siemens) Jailhouse 7

  8. Problem • Traditional Virtual Machine approaches too expensive – Require traps to VMM (a.k.a. hypervisor) to mux & manage machine resources for multiple guests – e.g., ~1500 clock cycles VM-Enter/Exit on Xeon E5506 8

  9. Traditional Approach (Type 1 VMM) ... VM VM VM VM VM Type 1 VMM / Hypervisor Hardware (CPUs, memory, devices) 9

  10. Contributions • Quest-V Separation Kernel [WMC'13, VEE'14] – Uses H/W virtualization to partition resources amongst services of different criticalities – Each partition, or sandbox , manages its own CPU cores, memory area, and I/O devices w/o hypervisor intervention – Hypervisor typically only needed for bootstrapping system + managing comms channels b/w sandboxes 10

  11. Contributions • Quest-V Separation Kernel Eliminates hypervisor intervention during normal virtual machine operations 11

  12. Architecture Overview 12

  13. Memory Partitioning • Guest kernel page tables for GVA-to-GPA translation • EPTs (a.k.a. shadow page tables) for GPA-to- HPA translation – EPTs modifiable only by monitors – Intel VT-x: 1GB address spaces require 12KB EPTs w/ 2MB superpaging 13

  14. Quest-V Linux Memory Layout 14

  15. Quest-V Memory Partitioning 15

  16. Memory Virtualization Costs • Example Data TLB overheads • Xeon E5506 4-core @ 2.13GHz, 4GB RAM 16

  17. I/O Partitioning • Device interrupts directed to each sandbox – Use I/O APIC redirection tables – Eliminates monitor from control path • EPTs prevent unauthorized updates to I/O APIC memory area by guest kernels • Port-addressed devices use in/out instructions • VMCS configured to cause monitor trap for specific port addresses • Monitor maintains device "blacklist" for each sandbox – DeviceID + VendorID of restricted PCI devices 17

  18. Quest-V I/O Partitioning Data Port: 0xCFC Address Port: 0xCF8 18

  19. Monitor Intervention During normal operation only one monitor trap every 3-5 mins by CPUID No I/O Partitioning I/O Partitioning (Block COM and NIC) Exception (TF) 0 9785 CPUID 502 497 VMCALL 2 2 I/O Instruction 0 11412 EPT Violation 0 388 XSETBV 1 1 Table: Monitor Trap Count During Linux Sandbox Initialization 19

  20. CPU Partitioning • Scheduling local to each sandbox – partitioned rather than global – avoids monitor intervention • Uses real-time VCPU approach for Quest native kernels [RTAS'11] 20

  21. Predictability ● VCPUs for budgeted real-time execution of threads and system events (e.g., interrupts) ● Threads mapped to VCPUs ● VCPUs mapped to physical cores ● Sandbox kernels perform local scheduling on assigned cores ● Avoid VM-Exits to Monitor – eliminate cache/TLB flushes 21

  22. VCPUs in Quest(-V) Address Threads Space Main VCPUs I/O VCPUs PCPUs (Cores) 22

  23. VCPUs in Quest(-V) • Two classes Main → – for conventional tasks I/O → – for I/O event threads (e.g., ISRs) • Scheduling policies Main → – sporadic server (SS) I/O → – priority inheritance bandwidth- preserving server (PIBS) 23

  24. SS Scheduling • Model periodic tasks – Each SS has a pair (C,T) s.t. a server is guaranteed C CPU cycles every period of T cycles when runnable • Guarantee applied at foreground priority • background priority when budget depleted – Rate-Monotonic Scheduling theory applies 24

  25. PIBS Scheduling IO VCPUs have utilization factor, U V,IO • • IO VCPUs inherit priorities of tasks (or Main VCPUs) associated with IO events Currently, priorities are ƒ (T) for – corresponding Main VCPU – IO VCPU budget is limited to: • T V,main * U V,IO for period T V,main 25

  26. PIBS Scheduling • IO VCPUs have eligibility times, when they can execute t e = t + C actual / U V,IO • – t = start of latest execution – t >= previous eligibility time 26

  27. Example VCPU Schedule 27

  28. Example Replenishments amount , time Replenishment Queue Element VCPU 0 (C=10, T=40, Start=1) VCPU 1 (C=20, T=50, Start=0) IOVCPU (Utilization=4%) 20,00 02,00 02,40 18,50 02,50 02,80 02,90 16,100 00,00 18,50 18,50 02,90 02,90 02,90 16,100 02,130 00,00 00,00 00,00 00,00 16,100 16,100 02,130 02,140 (A) 1 10 17 2 1 10 1 16 2 1 10 12 8 Corrected Algorithm 0 10 20 30 40 50 60 70 80 90 100 110 (B) 1 10 17 2 1 10 17 2 1 10 17 Premature Replenishment 0 10 20 30 40 50 60 70 80 90 100 110 Interval [t=0,100] (A) VCPU 1 = 40%, (B) VCPU 1 = 46% 28

  29. Utilization Bound Test • Sandbox with 1 PCPU, n Main VCPUs, and m I/O VCPUs – Ci = Budget Capacity of Vi – Ti = Replenishment Period of Vi – Main VCPU, Vi – Uj = Utilization factor for I/O VCPU, Vj n − 1 Ci m − 1 Ti + ∑ ∑ √ 2 − 1 ) n ( 2 − Uj ) ⋅ Uj ≤ n ⋅ ( i = 0 j = 0 29

  30. Cache Partitioning • Shared caches controlled using color-aware memory allocator [COLORIS – PACT'14] • Cache occupancy prediction based on h/w performance counters – E' = E + (1-E/C) * m l – E/C * m o – Enhanced with hits + misses [Book Chapter, OSR'11, PACT'10] 30

  31. Linux Front End • For low criticality legacy services • Based on Puppy Linux 3.8.0 • Runs entirely out of RAM including root filesystem • Low-cost paravirtualization – less than 100 lines – Restrict observable memory – Adjust DMA offsets • Grant access to VGA framebuffer + GPU • Quest native SBs tunnel terminal I/O to Linux via shared memory using special drivers 31

  32. Quest-V Linux Screenshot 32

  33. Quest-V Linux Screenshot 1 CPU + 512 MB No VMX or EPT flags 33

  34. Quest-V Performance • Measured time to play back 1080P MPEG2 video from the x264 HD video benchmark • Mini-ITX Intel Core i5-2500K 4-core, HD3000 graphics, 4GB RAM mplayer Benchmark 34

  35. Quest-V Network Performance netperf UDP send netperf UDP receive ( netserver ) • Realtek gigabit NIC to remote host • Virtio enabled for Xen • IOP = I/O partitioning w/o blacklist 35

  36. Quest-V Performance 100 Million Page Faults 1 Million fork-exec-exit Calls 36

  37. Conclusions • Quest-V separation kernel built from scratch – Distributed system on a chip – Uses (optional) h/w virtualization to partition resources into sandboxes – Protected comms channels b/w sandboxes • Sandboxes can have different criticalities – Linux front-end for less critical legacy services • Sandboxes responsible for local resource management – avoids monitor involvement 37

  38. Quest-V Status • About 11,000 lines of kernel code • 200,000+ lines including lwIP, drivers, regression tests • SMP, IA32, paging, VCPU scheduling, USB, PCI, networking, etc • Quest-V requires BSP to send INIT-SIPI-SIPI to APs, as in SMP system – BSP launches 1 st (guest) sandbox – APs “VM fork” their sandboxes from BSP copy 38

  39. Current & Future Work • Online fault detection and recovery • Technologies for secure monitors – e.g., Intel TXT + VT-d • SLIPKNOT for IoT – SecureLy Isolated Predictable Kernels for Networks of Things • Inter-sandbox real-time communication & migration (4-slot async comms etc) See www.questos.org for more details 39

  40. Internet of Things ● Number of Internet-connected devices > 12.5 billion in 2010 ● World population > 7 billion (2014) ● Cisco predicts 50 billion Internet devices by 2020 Challenges: • Secure management of vast quantities of data • Reliable + predictable data exchange b/w “smart” devices 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privateering on the space frontier? The NewSpace quest for private property in outer space

Privateering on the space frontier? The NewSpace quest for private property in outer space

Privateering on the space frontier? The NewSpace quest for private property in outer space Matthew Johnson PhD Candidate (University of Technology, Sydney Arts and Social Sciences) NewSpace NewSpace A more expansive, positive,

96 views • 9 slides
BEDC Quest to Become the Best Kathryn Mallon, PE Deputy Commissioner BEDC is on a Journey to

BEDC Quest to Become the Best Kathryn Mallon, PE Deputy Commissioner BEDC is on a Journey to

BEDC Quest to Become the Best Kathryn Mallon, PE Deputy Commissioner BEDC is on a Journey to Excellence Our goal is to become g the best Capital Program Delivery organization in y g the US 2 2 Performance Goals Established Performance

395 views • 24 slides
Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18 Journey below Unlike for time, it makes sense to talk about sublinear space. This models computations on input that does not fit in memory. To make

663 views • 19 slides
Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic

Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic

Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic journey times Modelling Route analysis Traveller segmentation Visualisation and interaction Raw observation vs modelling Moving from what

668 views • 28 slides
S Space-in-Time and Time-in-Space Self-Organizing Maps i Ti d Ti i S S lf O i i M for

S Space-in-Time and Time-in-Space Self-Organizing Maps i Ti d Ti i S S lf O i i M for

S Space-in-Time and Time-in-Space Self-Organizing Maps i Ti d Ti i S S lf O i i M for Exploring Spatiotemporal Patterns Gennady Andrienko & Natalia Andrienko http://geoanalytics.net htt // l ti t Sebastian Bremm, Tobias Schreck,

632 views • 29 slides
Lecture 14 Space-Time The Wedding of Time and Space Announcements References: Today:

Lecture 14 Space-Time The Wedding of Time and Space Announcements References: Today:

Lecture 14 Space-Time The Wedding of Time and Space Announcements References: Today: Wedding of Space and Time: Time dilation, Length Contraction March (Ch 10), Lightman (Ch 3) Next time: Energy and Mass: E = mc 2 March (Ch

450 views • 4 slides
Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Intro QUEST Technical Progress Closure Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm 1 , B. Debusschere 1 , M. Eldred 1 , R. Ghanem 2 , O. Ghattas 3 , R. Moser 3 , E. Prudencio 3 , D. Higdon 4

510 views • 28 slides
Metrization Theorem Space-Time Analogs . . . How the (Non- . . . for Space-Times: Constructive

Metrization Theorem Space-Time Analogs . . . How the (Non- . . . for Space-Times: Constructive

Causality: A Reminder Urysohns Problem: . . . Space-Time Models: . . . Space-Time Analog of . . . Metrization Theorem Space-Time Analogs . . . How the (Non- . . . for Space-Times: Constructive . . . Constructive . . . A Constructive

831 views • 16 slides
The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

Part IV Part IV The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System ASP-DAC 2001, tutorial 3 ASP-DAC'01 Olivier Coudert IV-1 DSM Dilemma SOC DSM Time to market Higher resistance Abstraction

774 views • 66 slides
The Quest for Average Response Time Tom Henzinger IST Austria Joint work with Krishnendu

The Quest for Average Response Time Tom Henzinger IST Austria Joint work with Krishnendu

The Quest for Average Response Time Tom Henzinger IST Austria Joint work with Krishnendu Chatterjee and Jan Otop Observations r request g grant t tick x neither = {r,g,t,x} Behaviors = Observation Sequences x t t x x r x x t x x x r

827 views • 47 slides
QUESTINTOUR S.R.O. Exclusive know - how in the field of audio tours QuestinT our mobile app.

QUESTINTOUR S.R.O. Exclusive know - how in the field of audio tours QuestinT our mobile app.

QUESTINTOUR S.R.O. Exclusive know - how in the field of audio tours QuestinT our mobile app. Original quest tours With us, every excursion becomes an unforgettable journey! Quest tour is the best way to discover the fabulous city with a thousand

446 views • 17 slides
Cartography or Geospatial Shama Rashid 23-Nov-2009 The Space-Time Cube Revisited from a

Cartography or Geospatial Shama Rashid 23-Nov-2009 The Space-Time Cube Revisited from a

Cartography or Geospatial Shama Rashid 23-Nov-2009 The Space-Time Cube Revisited from a Geo-Visualization Perspective Menno Jan Kraak International Cartographic Conference, 2003 60s Hgerstrands space-time model: Space-Time

541 views • 27 slides
Analysis of the controllability of space-time fractional diffusion and super diffusion equations

Analysis of the controllability of space-time fractional diffusion and super diffusion equations

Objectives of the talk Space-time fractional order operators Controllability results for space-time fractional PDEs A new notion of boundary control Open problems Analysis of the controllability of space-time fractional diffusion and super

1.06k views • 62 slides
The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices 2 Goals High-confidence (embedded) systems Mixed criticalities timeliness and safety Predictable

635 views • 51 slides
Discovering the Tomb Journey back in time to 1922. To a time when aeroplanes were very small and

Discovering the Tomb Journey back in time to 1922. To a time when aeroplanes were very small and

w/c 1 st June - Howard Carter Discovering the Tomb Journey back in time to 1922. To a time when aeroplanes were very small and did not fly far. To a time when people travelling to Egypt from Britain went by ship. It took 2 weeks! Howard

373 views • 21 slides
The Quest for Quarks Quest for Quarks p. 1/2 The Frontiers of Matter (in 1932) The periodic

The Quest for Quarks Quest for Quarks p. 1/2 The Frontiers of Matter (in 1932) The periodic

The Quest for Quarks Quest for Quarks p. 1/2 The Frontiers of Matter (in 1932) The periodic chart orders the chemical elements according to their properties. It provides clues to the underly- ing atomic structure. The fundamental

421 views • 29 slides
Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable

572 views • 45 slides
Welcome to London, Ontario Welcome to London, Ontario A Few Facts & Figures. . . A Few Facts

Welcome to London, Ontario Welcome to London, Ontario A Few Facts & Figures. . . A Few Facts

Welcome from the Welcome from the Ontario Recycler Workshop Ontario Recycler Workshop City of London City of London Thursday, November 24 Jay Stanford, Director, 9:30 a.m. to 3:30 p.m. Environmental Programs & Solid Waste 1 2

554 views • 43 slides
Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization

Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization

Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization Group, Dept. of Informatics University of Bergen, Norway www.ii.UiB.no/vis Motivation Increasing amounts of scientific data time-dependent

572 views • 41 slides
Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop

Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop

Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop David Marshall 14 January 2005 Clean Air Task Force The Clean Air Task Force (CATF) is a nonprofit organization dedicated to restoring clean air

513 views • 15 slides
CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo

CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo

CSE 421/521 - Operating Systems Roadmap Fall 2011 Multilevel Feedback Queues Estimating CPU bursts Lecture - VI CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo September 15 th , 2011

442 views • 5 slides
EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant

EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant

EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant Prof., Dept. of EECS Office: 3040 Eaton, 236 Nichols Email: heechul.yun@ku.edu Research Areas Operating systems and architecture

889 views • 55 slides
Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers

Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers

Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers July 2019 Scott Corfe, Research Director, SMF 1 Overview What are the opportunities for local government from 4IR technologies? What are

259 views • 23 slides
A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line

A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line

A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line Worlds largest container fleet Truely global business 325 offices in 125 countries 25.000 employees (7,600 seafarers) 14.5% world

397 views • 38 slides

More recommend