You are hereVirtuosoNext™ Designer on Freescale QorIQ T2080/1

VirtuosoNext™ Designer on Freescale QorIQ T2080/1


By eric.verhulst - Posted on 15 March 2017

Printer-friendly version

The fine grain memory protection in combination with microsecond real-time performance and a small code size is a breakthrough for VirtuosoNext Designer. In combination with the static programming model that eliminates many known safety and security risks, it delivers unprecedented real-time performance in combination with fine-grain partitioning for safety and security critical applications. 

Altreonic has now ported VirtuosoNext™ Designer to the Freescale QorIQ T2080/1 processor. The chip has 8 floating point cores implemented as 4 CPUs with a dual register set running at 1.8 GHz. The latest port of VirtuosoNext Designer delivers unprecedented hard real-time capability in the microsecond range in combination with fine grain task level space and time partitioning for embedded safety-critical applications. 

In contrast to traditional hypervisor based partitioning schemes, VirtuosoNext™ protects each application task separately in memory with a real-time response still available in the microseconds range as one expect from using an RTOS.  Moreover, the code size is measured in Kbytes, allowing optimal use of the on-chip caches for best performance.

Figure 1 Blockdiagram of Freescale QorIQ T2081

The small code and low latency are beneficial for all applications. A semaphore loop (using 4 kernel services and 6 context switches) only takes 5.64 microseconds without space partitioning and 6.01 microseconds with space portioning.  This semaphore loop is used as a stress test when measuring the interrupt latency as it continuously invokes the kernel resulting in context switches.

Figure 2 Application diagram of the interrupt latency test in VirtuosoNext' Visual Modeler.

The interrupt latency from IRQ to ISR exhibits a histogram with a spread between 286 and 793 nanoseconds without partitioning, which increases to 819 nanoseconds  with partitioning enabled.

The minimal IRQ to task latency was measured at 2.158 microseconds without partitioning, increasing to 2.262 microseconds (partioning enabled). Under the stress test conditions, the worst case latency remained at 3.848 microseconds.

Figure 3 Interrupt latency test (logarithmic scale).

The fine-grain space partitioning implementation of VirtuosoNext is lightweight both in code size and in runtime impact. The code size of VirtuosoNext without Space Partitioning enabled was measured by building the same application using all available Services (compiled with Os).  The T2080 code size only moderately increases from 1280 bytes to 38504 bytes, which is a moderate increase. Note that the code sizes given include the runtime library of the compiler and the system initialisation.

Figure 4 Execution trace with an interrupt rate of 10 microseconds and a semaphore loop distributed over 2 cores.

VirtuosoNext™: 25 years of proven experience

VirtuosoNext™ Designer is a fifth generation of the original Virtuoso RTOS. The latter was developed since 25 years ago with parallel processing in mind. Its reliability was proven on ESA’s Rosetta mission.

Using the VirtuosoNext™ Visual Designer, the developer models his application using Tasks and Interaction Entities (e.g. semaphores, fifos, etc.), independently of the target processor and network topology. He can simulate and cross develop the application on a PC. Next he maps the Tasks and Interaction Entities to a specific processing node and just recompiles the code. This allows for example all Tasks to transparently use any of the chip’s peripherals and on-chip resources. The result is a massive gain in productivity, smaller code size and hence best performance.

This exceptional performance is the result of a design philosophy that sets the VirtuosoNext RTOS apart for demanding embedded applications:

  • Its formal development has resulted in a very clean architecture with a small code size as an additional benefit. Depending on the target, small applications take from a few kBytes on simple microcontrollers to about 35 kBytes on complex and advanced processors.
  • From the graphical modelling environment, all low level initialisation and system datastructures are generated and combined with the application code in a static memory image. This relieves the developer from a lot of tedious and error-prone programming while providing optimal performance.
  • VirtuosoNext uses prioritised packet switching, enabling transparent real-time capability across any multicore or even heterogeneous distributed systems.
  • The system is split in a “trusted” zone (RTOS kernel and driver tasks) and the application zone, itself composed of groups of tasks that create a specific application. All tasks are strictly isolated from each other and hence cannot modify memory that is allocated to another task. Malicious or erroneous code execution is practically impossible.
  • Any activity in the system is scheduled in order of priority, preserving the real-time capability of a traditional RTOS but now with protection at task level.
  • The user can specify further time constraints (like a CPU budget) on top of the priority based scheduling.

Besides high performance and productivity, VirtuosoNext™ Designer is also tailored for safety and security critical applications. As the code is generated as a static image, it eliminates many of the runtime errors that can occur with more traditional dynamic (RT)OS. The packet switching architecture also reduces typical pointer errors and provides extra security. The kernel itself is formally developed and available with an optional Qualification Package should certification be a must. Full documentation is provided with the Open Technology License. Last but not least, the protected version of VirtuosoNext™ has built in support for error detection and recovery as well as fine grain space and time partitioning. The latter makes use of the processor’s MMU and allows detecting memory access violations at the Task level. The unique architecture of VirtuosoNext™ Designer provides the protection of a traditional hypervisor with the real-time responsiveness of an optimised RTOS.

About Altreonic

Altreonic is specialized in trustworthy systems and software engineering, using a unified system engineering methodology. The latter is supported by GoedelWorks; an en-to-end systems engineering environment that supports producing qualification and certification evidence during the engineering activities. VirtuosoNext™ Designer is based on a formally developed network-centric RTOS kernel with supporting tools like Visual Designer for modeling and code generation and Event Tracer for a visual analysis of the application behavior.

Altreonic has a long history of supporting customers in the aerospace-defense domain. The technology is internally applied to the development of a light weight electric vehicle platform.

For more information about Altreonic, visit the website here.

An earlier paper discussing the performance on other MP targets is available here:

This work is supported by the EUROCPS NoFiST (Novel Fine Grain Space and Time Partitioning for a Mixed Criticality Platform) project.

Search

Syndicate

Syndicate content