Konfigurierbare Systemsoftware
(KSS)
VL 7 – Summary and Discussion
Daniel Lohmann
Lehrstuhl für Informatik 4Verteilte Systeme und Betriebssysteme
Friedrich-Alexander-UniversitätErlangen-Nürnberg
SS 16 – 2016-07-11
http://www4.informatik.uni-erlangen.de/Lehre/SS16/V_KSS
Agenda
7.1 Summary
7.2 From Instance- to Interaction Tailoring
7.3 Evaluation und Diskussion
7.4 References
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–2
The Operating System – A Swiss Army Knife?
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–3
The Operating System – A Swiss Army Knife?
Commodity operating systems provide a rich set of features to be
prepared for all kinds of applications and contingencies:
Malicious or erroneous applications
preemptive scheduling, address space separation, disk quotas
Multi-user operation
authentication, access validation and auditing
Multi-threaded and interacting applications
Threads, semaphores, pipes, sockets
Many/large concurrently running applications
virtual memory, swapping, working sets
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–3
The Operating System – A Swiss Army Knife?
One size fits all? →֒ Variability
“Clearly, the operating system design must be strongly influ-
enced by the type of use for which the machine is intended. Un-
fortunately it is often the case with ’general purpose machines’
that the type of use cannot be easily identified; a common criti-
cism of many systems is that in attempting to be all things to all
men they wind up being totally satisfactory to no-one.
”Lister and Eager 1993: Fundamentals of Operating Systems [4]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–4
The Operating System – A Swiss Army Knife?
One size fits all? →֒ Variability
“Clearly, the operating system design must be strongly influ-
enced by the type of use for which the machine is intended. Un-
fortunately it is often the case with ’general purpose machines’
that the type of use cannot be easily identified; a common criti-
cism of many systems is that in attempting to be all things to all
men they wind up being totally satisfactory to no-one.
”Lister and Eager 1993: Fundamentals of Operating Systems [4]
/∈c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–4
The Operating System – A Swiss Army Knife?
Big is beautiful? →֒ Granularity
“Some applications may require only a subset of services or
features that other applications need. These ’less demanding’
applications should not be forced to pay for the resources con-
sumed by unneeded features.
”Parnas 1979: “Designing Software for Ease of Extension and Contraction” [5]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–5
The Operating System – A Swiss Army Knife?
Big is beautiful? →֒ Granularity
“Some applications may require only a subset of services or
features that other applications need. These ’less demanding’
applications should not be forced to pay for the resources con-
sumed by unneeded features.
”Parnas 1979: “Designing Software for Ease of Extension and Contraction” [5]
*c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–5
Between a Rock and a Hard Place...
7
S y s t e m S o f t w a r e
Hardware
Application
functional and nonfunctional requirements
functional and nonfunctional properties
taskssocketsfile system...event latencysafety...
ISAIRQ handlingMMU / MPU...cache sizecoherenceIRQ latency...
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–6
Between a Rock and a Hard Place...
7
S y s t e m S o f t w a r e
Hardware
Application
functional and nonfunctional requirements
functional and nonfunctional properties
taskssocketsfile system...event latencysafety...
ISAIRQ handlingMMU / MPU...cache sizecoherenceIRQ latency...
High variety of functional and
nonfunctional application requirements
High variety of hardware platforms
High per-unit cost pressure
; System software has to be tailored
for each concrete application
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–6
Configurable Software – Software Product Line
Problem Space Solution Space
Specif ic Problem Specif ic Solution
Domain Expert ��
��
����
������
Features and Dependencies
Architect / Developer
�����
�����
�����Class
�����Aspect...
Architecture and Implementation
System User
����...
�
�Conf igurationA
B
D
C
System User
inst
ance
leve
lm
odel
leve
l
Variant
intendedproperties
actual implementation
intentional side extensional side
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–7
Configurable Software – Software Product Line
Problem Space Solution Space
Specif ic Problem Specif ic Solution
Domain Expert ��
��
����
������
Features and Dependencies
Architect / Developer
�����
�����
�����Class
�����Aspect...
Architecture and Implementation
System User
����...
�
�Conf igurationA
B
D
C
System User
inst
ance
leve
lm
odel
leve
l
Variant
intendedproperties
actual implementation
intentional side extensional side
KSS
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–7
Software Product Line: Building Blocks
System Software Product Lines
Problem Space Approaches
Feature Diagrams DSLs
Solution Space Approaches
Decompositional
Preprocessors
Compositional
OOP AOP
Generative
Generators
Focus: solution space techniques
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–8
Implementation Techniques: Classification
Decompositional Approaches
Configuration
Components Variant
Text-based filtering (untyped)
Preprocessors
Compositional Approaches
Configuration
Components Variant
Language-based composition
mechanisms (typed)
OOP, AOP, Templates
Generative Approches
Configuration
Generator VariantTemplates
Metamodel-based generation
of components (typed)
MDD, C++ TMP, generators
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–9
Feature vs. Instance-Based Configuration
OSEKeCos
FreeRTOS
LinuxQNX
featu
rein
stantiation
static
dynamic staticsystem object instantiation
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–10
Feature vs. Instance-Based Configuration
OSEKeCos
FreeRTOS
LinuxQNX
featu
rein
stantiation
static
dynamic staticsystem object instantiation
Not only features, but also object instances are known at compile-time:
Facilitates optimizations (static arrays instead of linked lists, . . . )
Advantages wrt. footprint, latency, resilience, . . .
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–10
Feature vs. Instance-Based: Case Study [2]
Sampling
3 msDigital
Sensor
Analog
Sensor
Signal
Processing
Flight
Control
Actuator
DataActuate
9 msUpdate
Actuators
IP Stack
RC Signal
Remote RXCopter
Control
WD
CounterWatchdog
1 ms
PanicSteering
reset +1 WD Counter > 25
Synchronized via Resource (Shared SPI Bus)
Real-world flight-control application (11 tasks, 3 alarms, 1 ISR)
Results with eCos and ERIKA Enterprise (open source OSEK)
eCos ERIKA factor
kernel code (bytes) 14763 6765 2.2x
kernel time (instructions) 88465 46087 1.9x
robustness (109 SDCs) 148 18 8.2x
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–11
Traditional Operating-System Design
Hardware
Application
HAL
least common denominator
Kernel
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplex
syscallsyscall
abstract
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–12
Traditional Operating-System Design
Hardware
Application
HAL
least common denominator
Kernel
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplex
syscallsyscall
abstract
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–12
Traditional Operating-System Design
Hardware
Application
HAL
least common denominator
Kernel
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplex
syscallsyscall
abstract
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–12
Hardware-Centric Operating-System Design
Hardware
Application
HAL
least common denominator
Kernel
Kernel with Active HAL
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplexsyscall
syscall
abstract
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.1 Summary 7–12
Agenda
7.1 Summary
7.2 From Instance- to Interaction Tailoring
7.3 Evaluation und Diskussion
7.4 References
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–13
dOSEK: Dependability-Oriented Static Embedded Kernel
An extremely fault-tolerant OSEK implementation
Dependability by constructive measures
Employ standard hardware memory protectionAgressive avoidance of indirections ; lots of inliningArithmetic encoding of the kernel path (scheduler)
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–14
dOSEKRTAS ’15 [3]
dOSEK: Dependability-Oriented Static Embedded Kernel
An extremely fault-tolerant OSEK implementation
Dependability by constructive measures
Employ standard hardware memory protectionAgressive avoidance of indirections ; lots of inliningArithmetic encoding of the kernel path (scheduler)
Scenario: quadrotor flight-control application
11 tasks, 3 alarms, 1 ISR53 syscall invocations
Results (compared to ERIKA enterprise)
SDC reduction by 5 orders of magnitude: 109−→ 104 SDCs
Code size increases by factor 25: 8 −→ 200 KiBSyscall latency increases by factor 4: 100 −→ 400 cycles
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–14
dOSEKRTAS ’15 [3]
dOSEK: Dependability-Oriented Static Embedded Kernel
An extremely fault-tolerant OSEK implementation
Dependability by constructive measures
Employ standard hardware memory protectionAgressive avoidance of indirections ; lots of inliningArithmetic encoding of the kernel path (scheduler)
Scenario: quadrotor flight-control application
11 tasks, 3 alarms, 1 ISR53 syscall invocations
Results (compared to ERIKA enterprise)
SDC reduction by 5 orders of magnitude: 109−→ 104 SDCs
Code size increases by factor 25: 8 −→ 200 KiBSyscall latency increases by factor 4: 100 −→ 400 cycles
Culprit: arithmetically encoded scheduler ; avoid scheduling!
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–14
dOSEKRTAS ’15 [3]
Ein vereinfachtes OSEK System
TASK( Task1 ) {int data = read_data ();if (data == ’\0 ’) {
ActivateTask ( Task3 );} else {
bb_put (data );}ChainTask ( Task2 );
}
Task 1; Priorit 4
TASK( Task2 ) {
setup_of_device ();
TerminateTask ();}
Task 2; Priorit 5
TASK( Task3 ) {parse_message ();bb_clear_buffer ();
TerminateTask ();}
Task 3; Priorit 3
[email protected] Globale Optimierung von OSEK Systemen 4 – 23
An OSEK System
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–15
Der Kontrollflussgraph (CFG)
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
ActivateTask(Task3);
ChainTask(Task2);
setup_of_device()
TerminateTask()
parse_message()
bb_clear_buffer();
TerminateTask();
[email protected] Globale Optimierung von OSEK Systemen 5 – 23
An OSEK System: Control-Flow Graphs
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–16
Der Kontrollflussgraph (CFG)
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
ActivateTask(Task3);
ChainTask(Task2);
setup_of_device()
TerminateTask()
parse_message()
bb_clear_buffer();
TerminateTask();
[email protected] Globale Optimierung von OSEK Systemen 5 – 23
An OSEK System: Control-Flow Graphs
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–17
Spezialisierung von Systemaufrufen
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
ActivateTask(Task3);
ChainTask(Task2);
Idle
setup_of_device()
TerminateTask()
parse_message()
bb_clear_buffer();
TerminateTask();Idle
[email protected] Globale Optimierung von OSEK Systemen 11 – 23
An OSEK System: Global Control-Flow Graph
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–18
Spezialisierung von Systemaufrufen
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
SetReady(Task3);
ChainTask(Task2);
Idle
setup_of_device()
TerminateTask()
parse_message()
bb_clear_buffer();
TerminateTask();Idle
[email protected] Globale Optimierung von OSEK Systemen 11 – 23
(Partial) Specialization of System Calls [1]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–19
Spezialisierung von Systemaufrufen
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
SetReady(Task3);
SetSuspended(Task1)
SetReady(Task2)
DispatchTo(Task2);
Idle
setup_of_device()
TerminateTask()
parse_message()
bb_clear_buffer();
TerminateTask();Idle
[email protected] Globale Optimierung von OSEK Systemen 11 – 23
(Partial) Specialization of System Calls [1]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–20
Spezialisierung von Systemaufrufen
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
SetReady(Task3);
SetSuspended(Task1)
SetReady(Task2)
DispatchTo(Task2);
Idle
setup_of_device()
SetSuspended(Task2)
Reschedule()
parse_message()
bb_clear_buffer();
TerminateTask();Idle
[email protected] Globale Optimierung von OSEK Systemen 11 – 23
(Partial) Specialization of System Calls [1]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–21
Spezialisierung von Systemaufrufen
Task 1; Priorit 4 Task 2; Priorit 5
Task 3; Priorit 3
data = read_data();
if (data == ’\0’)
bb_put(data);
SetReady(Task3);
SetSuspended(Task1)
SetReady(Task2)
DispatchTo(Task2);
Idle
setup_of_device()
SetSuspended(Task2)
Reschedule()
parse_message()
bb_clear_buffer();
SetSuspended(Task3);
GotoIdle();Idle
[email protected] Globale Optimierung von OSEK Systemen 11 – 23
(Partial) Specialization of System Calls [1]
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–22
dOSEK: Dependability-Oriented Static Embedded Kernel
An extremely fault-tolerant OSEK implementation
Dependability by constructive measures
Employ standard hardware memory protectionAgressive avoidance of indirections ; lots of inliningArithmetic encoding of the kernel path (scheduler)
Scenario: quadrotor flight-control application
11 tasks, 3 alarms, 1 ISR53 syscall invocations
Results (compared to ERIKA enterprise)
SDC reduction by 5 orders of magnitude: 109−→ 104 SDCs
Code size increases by factor 25: 8 −→ 200 KiBSyscall latency increases by factor 4: 100 −→ 400 cycles
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–23
dOSEKRTAS ’15 [3]
dOSEK: Dependability-Oriented Static Embedded Kernel
An extremely fault-tolerant OSEK implementation
Dependability by constructive measures
Employ standard hardware memory protectionAgressive avoidance of indirections ; lots of inliningArithmetic encoding of the kernel path (scheduler)
Scenario: quadrotor flight-control application
11 tasks, 3 alarms, 1 ISR } 243 GCFG edges53 syscall invocations
Results with call-site specialization LCTES ’15 [1]
SDC reduction by 5 orders of magnitude: 109−→ 104 SDCs
Code size increases by factor 10.5: 8 −→ 85 KiBSyscall latency increases by factor 1.5: 100 −→ 150 cycles
; Further application-specific tailoring pays off!
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–23
dOSEKRTAS ’15 [3]
Instance-Based Tailoring (e.g., based on OIL file)
Hardware
Application
HAL
least common denominator
Kernel
Kernel (tailored to configuration)
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplexsyscall
syscall
abstract
Kernel constrained to specified features and system objects.
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–24
Interaction-Based Tailoring (e.g., based on GCFG analysis)
Hardware
Application
HAL
least common denominator
Kernel
Kernel (tailored to actual usage)
ISR1 ISR2 Task1 Task2 Task3
Feature Feature Feature Feature Feature
multiplexsyscall
syscall
abstract
Kernel constrained to specified features and system objects.Further constrained to actually possible app → kernel interactions.
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.2 From Instance- to Interaction Tailoring 7–24
Agenda
7.1 Summary
7.2 From Instance- to Interaction Tailoring
7.3 Evaluation und Diskussion
7.4 References
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.3 Evaluation und Diskussion 7–25
Evaluation
...
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.3 Evaluation und Diskussion 7–26
Diskussion
Am coolsten finde / fand ich...
Ich habe vermisst...
Bei einer Erweiterung auf 5 ECTS...
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.3 Evaluation und Diskussion 7–27
Wie gehts weiter? (Bachelor/Master)
SST7,5
Systemsoftwaretechnik
EZS5 – 7,5
BS5 – 7,5
MW5 – 7,5
EZS2P: 10
BST5
KSS2,5
PASSTP: 10
VS5 – 7,5
Examensarbeit / ProjektarbeitBA / SA, MA / DA, PA
SeminarMA
Systemprogrammierung10 ECTS
6
5
4
3
2/4
1/3
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.3 Evaluation und Diskussion 7–28
Referenzen
[1] Christian Dietrich, Martin Hoffmann, and Daniel Lohmann. “Cross-KernelControl-Flow-Graph Analysis for Event-Driven Real-Time Systems”. In:Proceedings of the 2015 ACM SIGPLAN/SIGBED Conference on Languages,Compilers and Tools for Embedded Systems (LCTES ’15). (Portland, Oregon,USA). New York, NY, USA: ACM Press, June 2015. isbn: 978-1-4503-3257-6.doi: 10.1145/2670529.2754963.
[2] Martin Hoffmann, Christoph Borchert, Christian Dietrich, Horst Schirmeier,Rüdiger Kapitza, Olaf Spinczyk, and Daniel Lohmann. “Effectiveness of FaultDetection Mechanisms in Static and Dynamic Operating System Designs”. In:Proceedings of the 17th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing (ISORC ’14). (Reno, Nevada, USA). IEEEComputer Society Press, 2014, pp. 230–237. doi: 10.1109/ISORC.2014.26.
[3] Martin Hoffmann, Florian Lukas, Christian Dietrich, and Daniel Lohmann.“dOSEK: The Design and Implementation of a Dependability-Oriented StaticEmbedded Kernel”. In: Proceedings of the 21st IEEE International Symposium onReal-Time and Embedded Technology and Applications (RTAS ’15). Washington,DC, USA: IEEE Computer Society Press, 2015, pp. 259 –270. doi:10.1109/RTAS.2015.7108449.
[4] A.M. Lister and R.D. Eager. Fundamentals of Operating Systems. 5th.Macmillian, 1993. isbn: 0-333-46986-0.
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.4 References 7–29
Referenzen (Cont’d)
[5] David Lorge Parnas. “Designing Software for Ease of Extension and Contraction”.In: IEEE Transactions on Software Engineering SE-5.2 (1979), pp. 128–138.
c© dl KSS (VL 7 | SS 16) 7 Summary and Discussion | 7.4 References 7–30