Versions Compared

Old Version 5

changes.mady.by.user Gunnar Andersson

Saved on

compared with

New Version 6

changes.mady.by.user Gunnar Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Comments transferred from Word doc

...

SUMMARY: Optimize for (average) performance, not automotive requirements

Feedback: There is more diversity than this chapter suggests. Some may choose a more consumer-like processors but there are also modern multi-core processors that are automotive grade
some vendors create massive compute power but with high power needs (heat), others may be better at keeping low power.

(same, worded differently)   Some cars choose more consumer-oriented hardware, but others choose are strict on using automotive grade hardware. Some vendors provide very high performance but with high power consumptions, others can create fairly good performance with still low power… Conclusion: We may need to describe this as more varied, but then to propose we need to solve as many as possible of these variations (i.e. also solve for the “worst-case”)


Moreover, deterministic timing for guaranteeing low service latencies even in worst-case scenarios is traded with service strategies which optimize the average ant not the worst case. An example to this is as follows: in a manycore system with private L1 and a shared L2 cache, SW executing on different cores will mutually evict each other's cache entries.

...

SUMMARY: Details on the cache contention problem.contention problem.

Feedback: This info is very good but too many details come too early.  This is better moved to a later chapter



Obviously, there is no free lunch and the increase in compute bandwidth comes a long with a significant increase in the complexity of the behavior of SW executing on such modern multi-core SoCs, put together with higher energy consumptions and higher thermal dissipations as these SoCs run on much higher frequencies. This clearly points to the question, what can we do with these processors as they are not only more powerful, but also much more costly?

...

      SUMMARY: The challenges with these new systems include shared use of singe-use features, and bus contention, etc., and bus contention, etc.

"as it would require a porting" section - We could expand this a bit more. There is a list of different reasons for virtualization
– (the ability to reuse existing software with minimal changes - (instead of porting as mentioned here)
  and another one is to reuse popular OS/environments that would be a very large job to recreate from scratch, e.g. Android)


Still, there is a difference between standard operating systems and such a supervisory SW-layer. The supervisory SW layer, also commonly denoted as hypervisor requires execution rights at a higher level of privileges as the operating systems running on top of it. This is as with any operating system, the latter executes at a higher level of privileges as its userspace applications. This is to execute privileged instructions, i.e, instructions which change the state of the processor or to restore the context of a shared resource whenever the latter is handed over to a different user, resp. application.

...


SUMMARY: Hardware support for virtualization is included in modern processors

Kai, Adam & Bernhard

This is directed towards the HV vendor to avoid the problems we have seen in the past.

Feedback: Is the above a comment, or part of the whitepaper text?  If it is the rationale for why the chapter exists, then let's rewrite and expand itThis is directed towards the HV vendor to avoid the problems we have seen in the past.

Content: All modern processors, including Arm Cortex-A’s and Intel’s x86, support the virtualization of operating systems by means of providing adequate functionality for providing a virtual view of the system and having system software, the hypervisor, have full control of guest operating systems. A microkernel can offer support for this functionality. As already described, the microkernel will only offer the necessary functionality and all other support for running VMs shall be implemented in user-level functionality. For supporting virtualization extensions of the CPU, the microkernel provides the functionality to create VM containers and context switch those between other VMs and normal programs on the microkernel. The virtual platform, that is required to run a guest operating system, is provided by user-level virtual machine monitor (VMM). A common design pattern is to use one VMM per VM, using the isolation features of the microkernel to protect VMs among each other.

...

Dmitry mentions i.mx 8 has special features that simplify device sharing/assignment to VMs, e.g. USB that could be interesting case-study information.
Details pending (make sure to check what is public information first).

Feedback: "in user-level functionality" is this emulation code in the HV or what is meant byzk user level?  Can we clarify?


  1. Surveillance, Isolation (Timing and Spatial) and all that

...