Embedded goes virtual
December 01, 2011
Virtualization software facilitates the simplified design, easy upgradability, and increased optimization of embedded systems.
As embedded technology and market expectations evolve, design engineers are constantly pressured to pack expanded functionality into smaller, reduced-power devices. In addition to the added complexity of the application software for these new projects, customers demand an interactive interface, ubiquitous connectivity, absolute security, and extreme reliability.
Embedded designers also face the challenge of combining slower legacy interface circuitry with the latest high-speed control devices and multiple displays. The resulting system often includes the original hardware with its Operating System (OS) and application software, plus a completely separate controller with software to handle the newer requirements. This approach increases component count and power requirements and does nothing to increase legacy application performance.
To deal with this increased complexity, designers are utilizing virtual processors hosting multiple OSs to ensure unimpeded, deterministic response to real-time events while simultaneously providing users and operators with a high-level, graphics-based interface. Virtualization is achieved by adding a Virtual Machine Monitor (VMM) software layer or hypervisor that isolates individual partitions and executes guest operating software. The hypervisor creates one or more simulated computer environments or virtual machines that can simultaneously host independent OSs and applications on a single processor.
To speed up virtual component interaction, silicon manufacturers are incorporating hardware-assisted virtualization in processor architectures tailored for extended life-cycle embedded applications. For example, the second-generation Intel Core and Intel Atom E6xx processors support Intel Virtualization Technology (Intel VT). This technology improves software-based virtualization performance and security by using hardware assist to trap and execute certain VMM instructions. Intel VT allows the VMM to allocate memory and I/O devices to specific partitions, thus decreasing the processor load and reducing virtual machine switching times.
Virtual platforms that combine real-time or safety-critical embedded functions with a large graphics-based OS must contain security provisions that allow unaffected partitions to continue operation in the event of a software failure or cyber attack. For example, LynuxWorks updated the LynxSecure separation kernel and hypervisor for various virtual machine configurations, as shown in Figure 1. This virtualization software is designed to operate in secure defense environments where data and applications with different security levels must co-reside on a single device without corruption. LynxSecure uses a hypervisor to create a virtualization layer that maps physical system resources to each guest OS, which is assigned dedicated resources such as memory, CPU time, and I/O peripherals. Another key feature is the ability to run fully virtualized 64-bit guest OSs such as Windows 7, Linux, and Solaris across multiple cores.
TenAsys Corporation offers eVM for Windows, another embedded virtualization platform that hosts an embedded OS or Real-Time OS (RTOS) alongside Windows on the same processor platform. To ensure that critical hardware interfaces are not virtualized, eVM partitions the platform, thus guaranteeing maximum performance and deterministic response to real-time events. Installed as a standard Windows application, eVM includes all of the integration tools needed to set up, start, and stop multiple RTOS guest configurations. The Windows-based control panel also allows users to assign interrupts, allocate I/O devices, and set up disk boot images. After the system is set up, eVM provides the guest RTOS with the lowest possible interrupt latency, direct access to I/O, and non-paged RAM.
Although virtualization allows designers to combine OSs and applications to reduce system power requirements and form factors, it does little to increase the performance of individual software components. One of the latest trends among designers is to incorporate multicore processors along with virtualization to boost performance through parallel processing.
With virtualization, the hypervisor isolates and allocates system resources between operating environments so that real-time, general-purpose, and legacy software can be readily integrated in a multicore system. In addition to memory and hardware device allocation, virtualization allows developers to assign multiple cores to compute-intensive applications as needed to maximize overall system performance.
Extending virtualization to multicore applications, the Wind River Hypervisor allows designers to configure and partition hardware devices, memory, and cores into virtual boards, each with its own OS, while maintaining the necessary separation (see Figure 2). These virtual boards can be run on a single processor core or distributed across multiple cores based on system needs. The Wind River Hypervisor has been applied in safety-critical applications where the system’s safety-certified and noncertified components traditionally had to be physically separated. However, embedded virtualization allows system designers to isolate the safety-certified components while still operating on a single hardware platform utilizing a certified hypervisor. Virtualization also improves the potential uptime of embedded applications by enabling individual partitions to be rebooted or even reprogrammed while other services on the same device are not affected.
Real-Time Systems also provides virtualization support for multicore processors. Leveraging Intel VT for security, the RTS Real-Time Hypervisor allows completely independent execution of more than one OS on a single multicore platform. Designers can assign individual processor cores, memory, and devices to each OS. Through a configuration file, the boot sequence can be specified, and when desired, an operating system can be rebooted independently of the others. To facilitate communication between OSs, the hypervisor also provides configurable user-shared memory, as well as a TCP/IP-based virtual network driver. The system can run multiple instances of RTOSs mixed with high-level operating software such as Windows XP/CE/7/Embedded, QNX, Linux, On Time RTOS-32, VxWorks, Microware OS-9, and Android.
Development and debug
No matter if virtual applications run on a single processor or across multiple cores, software development and debug tools must be configured to support more than one OS and memory partition. For example, Green Hills Software updated its INTEGRITY RTOS and MULTI Integrated Development Environment (IDE) to support the latest virtualization microarchitecture. INTEGRITY RTOS is built around a partitioning architecture to provide embedded systems with enhanced reliability, security, and real-time performance. Secure partitions guarantee each task the resources it needs to protect the OS and user tasks from errant and malicious code. INTEGRITY architecture provides Asymmetrical Multi-Processing (AMP) and Symmetrical Multi-Processing (SMP) support optimized for embedded and real-time multicore processors.
MULTI IDE software tools include several C compiler options, a debugger, editor, configuration manager, code browser, and debugger in a single package. MULTI also features DoubleCheck, an integrated static analyzer that isolates bugs caused by complex interactions between code segments that might not be in the same source file. In addition, Green Hills Probe provides a multicore debug control for board bring-up, device driver development, and system-level debugging.
The next step is to incorporate multicore support by updating and streamlining the software development tool set while minimizing modifications to current code creation practices. Various software vendors provide advanced development tools and board support packages for products based on second-generation Intel Core devices. For example, the Prism software analysis tool from CriticalBlue (Figure 3) allows developers to analyze existing software applications, evaluate benefits of the new architecture, and select the appropriate processor.
Prism analyzes the behavior of existing code running on simulators or hardware development boards to assess opportunities that introduce or add further parallel code structures. For example, developers can select the appropriate member of the second-generation Intel Core processor family and analyze the impact of Intel Hyper-Threading Technology, data cache misses, and instruction throughput. Prism gives developers an estimate of the performance gain achievable by partitioning the program into multiple threads.
Design simplified, performance optimized
Virtualization is a proven way to simplify embedded designs with fewer components while integrating the framework needed to easily combine disparate operating software or future updates. Virtualization also simplifies system upgrades by isolating the hardware and software layers so that designers can easily add or modify peripherals, memory, and cores without restructuring the software architecture. A virtual machine hypervisor enables designers to optimize performance by tweaking resource mapping even after deployment.