AutoV: An Automotive Testbed for Real-Time...
Transcript of AutoV: An Automotive Testbed for Real-Time...
AutoV: An Automotive Testbed for Real-Time Virtualization
Meng Xu Insup Lee
PRECISE Center University of Pennsylvania
Trend: Multicore & Virtualization• Automotive systems are becoming more and more complex à Requires high performance and strong isolation • Virtualization on multicore help handle such complexity
à Increase performance and reduce cost
2
Note:Ifthisslideisok,Iwillmakethefigureclearerandaddtheanima9ontoshowtheCPSisbecomingmoreandmorecomplex
Real-time virtualization• Challenge: Interference affects the timing isolation • Shared components are the source of interferences • Real-time virtualization aims to achieve timing isolation
– e.g., Real-Time Xen (RT-Xen)
3
VMM
Sharedmul9coreplaBorm
… … …
Disk
Network
CPU
Private cache
Shared cache
Memory
I/O devices…ISR
[EMSOFT’14]
[RTSS’13][RTAS’17]
*WorkingreenaredoneinRT-XenbyPenn&WUSTL.
Real-time virtualization• Challenge: Interference affects the timing isolation • Shared components are the source of interferences • Real-time virtualization aims to achieve timing isolation
4
Intra-VMinterference
VMM
Sharedmul9coreplaBorm
Inter-VMinterference
… … …
Disk
Network
CPU
Private cache
Shared cache
Memory
I/O devices…ISR
[EMSOFT’14]
[RTSS’13][RTSS’17]
[IWQoS’13] [RTCSA’15]
Doesreal-9mevirtualiza9onprovidethe9mingisola9onneededforautomo&vesystems?
• Real-time community has real-time virtualization, but has no access to – Real automotive platforms – Real automotive applications
How to evaluate?• Real-time community has real-time virtualization
5
Bridgeclipart
Real-9mecommunity Automo9vecompanies
AutoV
clipart
AutoV: An automotive testbed for real-time virtualization
• AutoV – Evaluate the timing isolation provided by the real-time virtualization
for automotive
• Autonomous racing car – Provide automotive applications as the evaluation workloads
• RT-Xen: Real-time Xen – Provide state-of-art timing isolation mechanisms for virtualization
6
Content• Introduction
• Autonomous racing car
• RT-Xen
• AutoV
• Evaluation
7
Autonomous racing car• F1/10 racing car developed by PRECISE Racing
– Fast mode: Drive straight with PD controller
– Brake mode: Anti-lock braking – Turn mode: Detect the corner and apply a constant steering angle
8
Fast Brake
Fast
F1/10 racing car from PRECISE Racing
9ThisvideowascapturedbyF1/10organizerinESWeek’16.
Architecture of the racing car
10
OS:Linux
Middleware:ROS
Applica9ons Networkcommunica9on
corelidar control actuator driver
microcontroller
LIDAR
USB
Embeddedboard
GPIO
Content• Introduction
• Autonomous racing car
• RT-Xen
• AutoV
• Evaluation
11
Real-time capabilities of RT-Xen• Real-time CPU scheduling [EMOSFT’ 14]
– Global / Partitioned, EDF / RM – Global EDF: RTDS scheduler since Xen 4.5
• Dynamic shared cache management [RTAS’ 17] – Strong isolation in last level cache (LLC) – Dynamically reconfigure LLC when demand changes – Based on Intel Cache Allocation Technology hardware
12
CPU
Private cache
Shared cache
Memory
I/O devicesDisk
Net. …ISR
[EMSOFT’14]
[RTSS’13]
[RTAS’17]
[IWQoS’13] [RTCSA’15]
Real-time capabilities of RT-Xen• Real-time CPU scheduling [EMOSFT’ 14]
– Global / Partitioned, EDF / RM – Global EDF: RTDS scheduler since Xen 4.5
• Dynamic shared cache management [RTAS’ 17] – Strong isolation in last level cache (LLC) – Dynamically reconfigure LLC when demand changes – Based on Intel Cache Allocation Technology hardware
13
CPU
Private cache
Shared cache
Memory
I/O devicesDisk
Net. …ISR
[EMSOFT’14]
[RTSS’13]
[RTAS’17]
[IWQoS’13] [RTCSA’15]
• Xen scheduler – VM runs on VCPUs – Xen schedules VCPUs on PCPUs
• Credit scheduler: Round-robin with proportional share – No real-time guarantee for VCPUs
Xen scheduler
14
Xenscheduler
…
OSsched
…
OSsched
…
OSsched
Task VCPU PCPU
RT-Xen scheduler• A set of real-time schedulers
– Earliest Deadline First (EDF) and Rate Monotonic (RM) algorithm – Global and partitioned scheduling
• Global EDF has been incorporated in Xen as the RTDS scheduler since 2015 – RTDS: Real-Time Deferrable Server
• RTDS scheduler is re-written for Xen 4.7 – Time-driven scheduling à Event-driven scheduling – Less implementation overhead
15
GlobalScheduling
FixedPriority
Par99onedScheduling
DynamicPriority
Periodic Deferrable
Periodic Deferrable
Deferrable Periodic
Deferrable Periodic
Sporadic
PollingWork
ConservingPeriodic
CapacityReclaimingPeriodic
gDM
gEDF pEDF
pDM
GlobalScheduling
FixedPriority
Par99onedScheduling
DynamicPriority
Periodic Deferrable
Periodic Deferrable
Deferrable Periodic
Deferrable Periodic
Sporadic
PollingWork
ConservingPeriodic
CapacityReclaimingPeriodic
gDM
gEDF pEDF
pDM
GlobalScheduling
FixedPriority
Par99onedScheduling
DynamicPriority
Periodic Deferrable
Periodic Deferrable
Deferrable Periodic
Deferrable Periodic
Sporadic
PollingWork
ConservingPeriodic
CapacityReclaimingPeriodic
gDM
gEDF pEDF
pDM
GlobalScheduling
FixedPriority
Par99onedScheduling
DynamicPriority
Periodic Deferrable
Periodic Deferrable
Deferrable Periodic
Deferrable Periodic
Sporadic
PollingWork
ConservingPeriodic
CapacityReclaimingPeriodic
gDM
gEDF pEDF
pDM
RTDS scheduler• A VCPU is specified as (period, budget)
– The VCPU will get budget time at the beginning of every period – The VCPU’s budget decreases when a task runs on it
• The scheduler schedules VCPUs based on priority – The VCPU with earlier deadline has higher priority – Ready queue holds all VCPUs with budget – Depleted queue holds VCPUs that run out of budget in the period
16
Sortedbypriority
RunQ
Sortedbynextrelease9me
DepleteQ
VCPU(10,4)
Budget
0 5 10 9me
Content• Introduction
• Autonomous racing car
• RT-Xen
• AutoV
• Evaluation
17
Architecture of the racing car on RT-Xen
18
microcontroller
LIDAR
USB
Embeddedboard
GPIO
Real-9mehypervisor(RT-Xen)
core
Linux
VM0
Linux
VM1
Linux
VM2
Applica9ons Networkcommunica9onNonreal9metasks
lidarcontrolleractuator driver core…
Content• Introduction
• Autonomous racing car
• RT-Xen
• AutoV
• Evaluation
19
Evaluation goal• Can safety-critical automotive applications run in
virtualization environment?
• Can the interference jeopardize the safety of automotive applications?
• Can RT-Xen eliminate the interference and guarantee the safety?
20
Evaluation setup• Straight hallway
• Expected car behavior – Drive straight for 5 seconds and brake
• Two types of workload – Racing car application – Interference tasks
• Interference task – CPU-intensive tasks – Future work: Consider other types of interferences (e.g., cache and
memory)
• Two scenarios – Solo: When only the racing car application runs – Interference: When both the racing car application and the interference
tasks run
21
[ExpCS’07]:Quan9fyingtheperformanceisola9onproper9esofvirtualiza9onsystems
22
Racingapplica9ons NetworkInterference
Xenscheduler:CreditorRTDS
Linux
VM0
Linux
VM2…
Linux
VM1
…
Linux
Linux
Virtualiza9on
23
Soloscenario Interferencescenario
Linux
Xen:Creditscheduler
RT-Xen:RTDSscheduler
24
Soloscenario Interferencescenario
Linux
25
Soloscenario Interferencescenario
Linux
Xen:Creditscheduler
RT-Xen:RTDSscheduler
26
Soloscenario Interferencescenario
RT-Xen:RTDSscheduler
27
Soloscenario Interferencescenario
Linux
Xen:Creditscheduler
RT-Xen:RTDSscheduler
Evaluation goal• Can safety-critical automotive applications run in
virtualization environment? – Yes
• Can the interference jeopardize the safety of automotive applications? – Yes
• Can RT-Xen eliminate the interference and guarantee the safety? – Yes
28
Conclusion• AutoV: An Automotive Testbed for Real-Time Virtualization • Evaluation demonstrates
– Automotive systems’ integration requires the timing isolation – Real-time virtualization is a promising technique to achieve the
timing isolation
• Challenges – How much evaluation should be done to claim that the real-time
virtualization can be used for automotive systems? – How to manage the other resources, e.g., I/O, network?
• Future work – Evaluate other mechanisms of RT-Xen, e.g., dynamic cache management – Make it available to others so that our community can develop more complex applications
29
Benchmarktoevaluatethereal-9mevirtualiza9onforautomo9vesystemsAbridgebetweenthereal-9mevirtualiza9oncommunityandtheautomo9vecommunity
Acknowledgement• Autonomous racing car collaborators
– University of Pennsylvania: Radoslav Ivanov, Nguyen Hung, Bipeen Acharya, Kyoungwon Kim, Sarvesh Patkar, James Weimer
• RT-Xen collaborators – University of Pennsylvania: Linh Thi Xuan Phan, Oleg Sokolsky – Washington University in St. Louis: Sisu Xi, Chenyang Lu, Chris Gill
• AutoV collaborators – University of Pennsylvania: Karthik Methuku, Nitesh Singh
30
CheckoutAutoVheps://sites.google.com/site/autovtestbed/
Thank You
31
• Website: https://sites.google.com/site/autovtestbed/
32
Backup slides
33
Real-time capabilities of RT-Xen• Real-time CPU scheduling [EMOSFT’ 14]
– Global / Partitioned, EDF / RM – Global EDF: RTDS scheduler since Xen 4.5
• Dynamic shared cache management [RTAS’ 17] – Strong isolation in last level cache (LLC) – Dynamically reconfigure LLC when demand changes – Based on Intel Cache Allocation Technology hardware
34
CPU
Private cache
Shared cache
Memory
I/O devicesDisk
Net. …ISR
[EMSOFT’14]
[RTSS’13]
[RTAS’17]
[IWQoS’13] [RTCSA’15]
Shared cache interference• A task uses the cache to reduce its execution time • Concurrent tasks may access the same cache area
à extra cache misses à increase WCET à violate safety
35
VirtualMachineMonitor
VM1 VM2
Cache
P3 P4P1 P2
1 2 4 3
Collision
Intra-VM interference Inter-VM cache interference
1 2
4 3
Tasks:
Candropitifitistoomuch!
vCAT: Dynamic cache management using CAT Virtualization
• Achieve strong shared cache isolation for tasks within the same VM and tasks in different VMs
36
Physicalcache
Tasks
VMM
s s
VM2 (Medium critical)
ca-scheduler
VM1 (Most critical)
partition sched.
vCAT: Dynamic cache management using CAT Virtualization
• Achieve strong shared cache isolation for tasks within the same VM and tasks in different VMs
• Support the dynamic cache management in VM and VMM
37
Physicalcache
Tasks
VMM
VM2 (Medium critical)
ca-scheduler
VM1 (Most critical)
partition sched.
vCAT: Dynamic cache management using CAT Virtualization
• Achieve strong shared cache isolation for tasks within the same VM and tasks in different VMs
• Support the dynamic cache management in VM and VMM • Support cache sharing among non-real-time VMs and tasks
38
Physicalcache
Tasks
VMM
S S
VM2 (Medium critical)
ca-scheduler
VM1 (Most critical) VM 3 & 4 (Low critical)
EDF scheduler RM schedulerpartition sched.
39
F1/10 racing car from PRECISE Racing• Fast mode: Drive straight with PD controller • Brake mode: Anti-lock braking • Turn mode: Detect the corner and apply a constant steering
angle
40
Fast Brake
Fast
• To answer the following two questions – Can racing application run in virtualization environment? – Can the interference jeopardize the safety of automotive
applications?
• Evaluation setup: Xen with credit scheduler – Each VM has 4 VCPUs pinned to 4 cores – Each core has 3 VCPUs
41
Xenhypervisorwithcreditscheduler
Linux
VM0
Racingapplica9ons Networkcommunica9on
Linux
VM2
Interference
…
Linux
VM1
• To answer the following question – Can RT-Xen eliminate the interference and guarantee the safety?
• Evaluation setup: Xen with RTDS scheduler – Each VM has 4 VCPUs pinned to 4 cores – Each core has 3 VCPUs
42
RT-Xen:RTDSscheduler
Linux
VM0
Racingapplica9ons Networkcommunica9on
Linux
VM2
Interference
…
Linux
VM1
43
44
45
Scratchpad slides
46
Middleware:ROS
OS:UbuntuwithvanillaLinuxkernel
Architecture Overview of The Car
47
TennsyIMUCameraLIDAR DepthCamera
GPIO
USB USB
ROSnodes
roscore ros_master ros_lidar
48
RTOS
VM0
…microcontrollerLIDAR Camera
USBUSB
Embeddedboard
GPIO
Real-9mehypervisor(RT-Xen)
RTOS
VM1
…
RTOS
VM2
…
Applica9ons Networkcommunica9onCARTS
Challenges: Evaluation is hard • Automotive applications are usually proprietary software,
not accessible by researchers • Autonomous driving cars are usually very expensive
– A lidar for Google’s self-driving car is $8K - $30K
49
50
Autonomousdrivingroute(Length:812k,averagespeed:8.7mph)
Real-time capabilities of RT-Xen• Real-time CPU scheduling [EMOSFT’ 14]
– Global / Partitioned, EDF / RM – Global EDF: RTDS scheduler since Xen 4.5
• Dynamic shared cache management [RTAS’ 17] – Strong isolation in last level cache (LLC) – Dynamically reconfigure LLC when demand changes – Based on Intel Cache Allocation Technology hardware
• Private cache analysis [RTSS’ 13] – Analyze the impact of private cache interference
• Real-time communication architecture (RTCA) [IWQoS’ 13] – Prioritize the local inter-domain communication
52
CPU
Private cache
Shared cache
Memory
I/O devicesDisk
Net. …ISR
[EMSOFT’14]*
[RTSS’13][RTSS’17]
[IWQoS’13] [RTCSA’15]
53
GlobalScheduling
FixedPriority
Par99onedScheduling
DynamicPriority
Periodic Deferrable
Periodic Deferrable
Deferrable Periodic
Deferrable Periodic
Sporadic
PollingWork
ConservingPeriodic
CapacityReclaimingPeriodic
gDM
gEDF pEDF
pDM
Functionalities of F1/10 car
• Lidar – Input: Distance at different angle – Output: Heading, distance to wall – Computation intensive: Noise filtering
• Controller – Output: Steering, and throttle – Computation centric: PID controller
• Actuator & Driver – Output: Pulse Width Modulation (PWM)
54
lidar controller actuator driver core
α
d
show show
55
Soloscenarios Interferencescenarios
Linux
Xen:Creditscheduler
RT-Xen:RTDSscheduler
56
Soloscenario Interferencescenario
Linux
Xen:Creditscheduler
RT-Xen:RTDSscheduler
• Can safety-critical automotive applications run in virtualization environment? – Yes
• Can the interference jeopardize the safety of automotive applications? – Yes
• Can RT-Xen eliminate the interference and guarantee the safety? – Yes