toki: A Build- and Test-Platform for Prototyping and Evaluating Operating System Concepts in Real-Time Environments
ttoki: A Build- and Test-Platform for Prototypingand Evaluating Operating System Concepts inReal-Time Environments
Oliver Horst fortiss GmbH – Research Institute of the Free State of Bavaria
Guerickestr. 25, 80805 Munich, GermanyEmail: [email protected]
Uwe Baumgarten
Technical University of MunichDepartment of Informatics, Germany
Email: [email protected]
Abstract —Typically, even low-level operating system concepts,such as resource sharing strategies and predictability measures,are evaluated with Linux on PC hardware. This leaves a largegap to real industrial applications. Hence, the direct transfer ofthe results might be difficult. As a solution, we present toki , aprototyping and evaluation platform based on FreeRTOS andseveral open-source libraries. toki comes with a unified build-and test-environment based on Yocto and Q
EMU , which makesit well suited for rapid prototyping. With its architecture chosensimilar to production industrial systems, toki provides the groundwork to implement early prototypes of real-time systems researchresults, up to technology readiness level 7, with little effort.
I. I
NTRODUCTION
Currently, most applied real-time systems research prototypesare developed and evaluated on top of Linux on PC hardware.This leaves a large gap between real industrial applicationsin that field and the prototype. In case of low-level operatingsystem (OS) concepts concerning, e . g ., context switch times,resource sharing, intra-node communication, and predictability,the drawn conclusions could even be void due to the completelydifferent nature of the industrial platform. Furthermore, wesee a lack in practical examinations of which latency and howmuch temporal predictability, in the sense of [1], is achievablewith certain configurations ( e . g ., software architectures andpredictability measures). Hence, we see the need to easeconstructing early prototypical implementations of researchresults on relevant hardware in relevant environments.On the one hand, Linux seems to be a good choice here. Itis available for a wide variety of hardware platforms, providesexcellent third-party library support, and can fulfill real-timerequirements to some extent. However, it is a complex taskto configure Linux in a way that its influence on low-levelperformance benchmarks is negligible or at least predictable.Moreover, integrating own concepts into the Linux kernelrequires detailed knowledge about the kernel sources and itsconcepts. Hence, even though specialized distributions, such as This work was supported by the European Union (EU) under the Horizon2020 program, projects TAPPS (Trusted Apps for open CPSs) and 5GCroCo(5G Cross Border Control), and the German Federal Ministry of Economicsand Technology (BMWi) under the Smart Service World program, projectPASS (Platform for Automotive Apps Guaranteeing Security and Safety).
LITMUS RT [2], can drastically reduce the configuration effort,the integration complexity remains as main issue.Industrial-grade real-time operating systems (RTOSs), on theother hand, provide considerably less influence on performancemeasurements, but at the costs of usability. They are eitherdelivered as minimal systems, like FreeRTOS [3], which lacktooling support and provide not much more than a scheduler, oras sophisticated platforms tailored to specific industrial fields,such as AUTOSAR [4], which come along with royalty fees,tooling, and complex, configurable software stacks.As an exception, the GENODE OS framework [5] comeswith toolchains for several hardware platforms and provides aconvenient, production ready RTOS. Unfortunately, GENODE’soverall orientation to safety and security severely hinders rapidprototyping. Its micro-kernel based design requires that alladaption and changes to the OS obey the strict isolation mantra,which is conceptually challenging and time consuming.Therefore, we see the need for a minimal, yet flexiblereal-time system framework that provides comfort similar tocommercial platforms, but comes without a complex softwarearchitecture and strict inherent design concepts. Ideally, theframework should be fully based on open-source software,provide an integrated standard C-library, a target toolchain,configuration tools, and an emulation environment for testing.A plus would be the possibility to safety certify the system.Accordingly, we present toki , a flexible and configurable OSframework, close to production industrial systems, but withoutthe hassle of complex software architectures.II. T HE B UILD - AND T EST -P LATFORM T OKI toki, Japanese for “when an action occurs”, is a build- andtest-environment constructed around FreeRTOS or SafeRTOS[6], respectively. toki’s main goal is to compose an easy touse rapid prototyping platform to develop and evaluate newoperating-system- and intra-node-communication-concepts forcyber-physical systems on commodity microcontrollers. There-fore, toki combines the following open-source projects intothe unified architecture and build-system illustrated in Fig. 1:FreeRTOS [3] (v10.0.0), newlib [7] (v3.0.0), libXil / libXilPm[8] (v2019.1), and lwIP [9] (v2.0.3). These base components a r X i v : . [ c s . O S ] S e p oki - one instance per core gcc-crossCMaketoolchainfileCMakeSD cardimage Y o c t o toki-configtool t o k i d e p l o y m e n t c o n fi g u r a t i o n TACLeBench DemoAppXilinx ZCU102 – Appl. Proc. 0-3syscall interfacenewlib lwIP
FreeRTOS libXil / libXilPmmemguardSTM tracingHSTESFree Q
EMU (1)(2)(3)(4)(5)(6)
Figure 1. Sketch of toki’s architecture and build-system, showing the includedcomponents (3,4), differentiated among integrated (3) and newly created (4)components, and their relations. Given a deployment configuration (1), Yocto(2) builds all included components and collates them into a SD card image(5), which can be deployed and tested on the hardware or in Q
EMU (6). are supplemented by the ESFree Scheduling Library [10], HSTUser Mode Scheduler [11], and TACLe benchmarks [12].These components were chosen under the following aspects: (i) the simplicity to modify and extend their code base, (ii) their ability to closely mimic the software stacks of comparableindustrial systems, (iii) the flexibility of their design regardingrapid prototyping, and (iv) compatible software licenses.At platform-level, the toki build-system (Fig. 1) utilizesYocto [13] to provide a self-contained build-environment thatbuilds all components of toki together with their dependencies( e . g ., a GCC cross-compiler). At project-level, we ensuredproper include prefixes for all components, by restructuringtheir sources and adding a CMake [14] based build-system,where needed. This reorganization is conducted by a dedicatedPython script, to allow nearly automatic upstream pulls.To allow software developers to benefit from the code insightand debugging capabilities of their favorite IDE, single-coredeployments of toki can be built by CMake. Production-readyimages of multi-core deployments, on the other hand, canonly be built by Yocto. toki deployment configurations, ingeneral, are specified either manually or with assistance of thetoki-config tool, and guide Yocto in the build process.Besides the changes required for the build-environment, wecontribute the following new features to FreeRTOS on ARMv8:asymmetric multiprocessing boot support, a newlib syscallinterface, a memguard [15] implementation, and software-tracing support via ARM’s system trace macrocell [16].The toki build-environment is seamlessly integrated with avirtual test-environment. Hence, all images built by Yocto caneither be tested on the real hardware or its emulated counterpart.The emulation is handled by a tailored Q EMU [17], built byYocto, which enables a fully virtual development cycle.Currently, toki is solely tested and ready-to-run on theXilinx Zynq UltraScale+ MPSoC platform [18], a contemporaryARMv8 multi-core SoC with an integrated FPGA. Thisplatform was selected, because of (i)
Xilinx’s extensive software support for it, including a bare-metal driver kit, and (ii) theincluded FPGA, which allows us to increase the accuracy ofour performance evaluations. Nevertheless, toki was designedwith portability in mind; hence, it can easily be ported to othertarget platforms, e . g ., the STM32Cube by STmicro [19].In the future, we plan to conduct measurements to comparethe interrupt handling latency of toki with other software stacksand extend toki with FreeRTOS+POSIX [20], a communicationmiddleware, and precision time protocol (PTP) support.Feel free to try out the latest version of toki, by downloadingit from: https://git.fortiss.org/tokiIII. D EMONSTRATION
We will demonstrate toki through two showcases:1) A video of the TAPPS project’s [21] final demonstrator,showing the on-the-fly installation of an application intothe real-time critical control path of the throttle controlof a production electric motorcycle, realized with toki.2) A live-demo of toki’s configuration, build, simulation, anddeployment cycle on the example of memory benchmarksdeployed to distinct cores and regulated by memguard.The first showcase focuses on the real-time capabilities andapplicability to industrial use-cases, and the second on theconfiguration flexibility and measurement capabilities of toki.A
CKNOWLEDGMENT
We would like to thank all contributors to toki for theirwork, namely: Martin Jobst, Johannes Wiesb¨ock, Dorel Coman,Ulrich Huber, Mahmoud Rushdi, Tuan Tu Tran, Firas Trimech,Raphael Wild, Andreas Ruhland, and Dhiraj Gulati.R
EFERENCES[1] B. Sun et al. , “Definitions of predictability for cyber physical systems,”
J. of Syst. Architecture - Embedded Syst. Des. , vol. 63, pp. 48–60, 2016.[2] J. M. Calandrino et al. , “LITMUSˆRT : A Testbed for EmpiricallyComparing Real-Time Multiprocessor Schedulers,” in
GENODE Foundations – Operating System Framework 19.05 et al. , “FreeRTOS user mode scheduler for mixed criticalsystems,” in , Aug. 2015.[12] H. Falk et al. , “TACLeBench: A Benchmark Collection to Support Worst-Case Execution Time Research,” in et al. , “MemGuard: Memory bandwidth reservation system forefficient performance isolation in multi-core platforms,” in , Apr. 2013.[16]