![Page 1: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/1.jpg)
ARTIST2 Workshop on Foundations and Applications ofComponent-Based Design, Salzburg, September 2007
Tiptoe: A CompositionalReal-Time Operating System
Christoph KirschUniversität Salzburg
![Page 2: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/2.jpg)
tiptoe.cs.uni-salzburg.at
• Silviu Craciunas* (Benchmarking)
• Hannes Payer (Memory Management)
• Ana Sokolova* (Theoretical Foundation)
• Horst Stadler (I/O Subsystem)
• Robert Staudinger* (Kernel)
*Supported by Austrian Science Fund Project P18913-N15
![Page 3: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/3.jpg)
© C. Kirsch 2007
Process A
Operating System
Memory
Process B
I/OCPU
![Page 4: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/4.jpg)
© C. Kirsch 2007
“Theorem”
• (Compositionality) The time and space a software process needs to execute is determined by the process, not the system and not other software processes.
• (Predictability) The system can tell how much time and space is available without looking at any existing software processes.
![Page 5: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/5.jpg)
© C. Kirsch 2007
“Corollary”
• (Memory) The time a software process takes to allocate and free a memory object is determined by the size of the object.
• (I/O) The time a software process takes to read input data and write output data is determined by the size of the data.
![Page 6: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/6.jpg)
© C. Kirsch 2007
“Reality”
• A software process determines functional and non-functional behavior, for example:
• 1ms/100ms CPU time ( ≠ 10ms/s )
• 4MB/2s memory allocation rate
• 1KB/10ms network bandwidth
• 10J/100ms energy consumption
![Page 7: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/7.jpg)
Outline
1. Memory Management
2. Concurrency Management
3. I/O Management
![Page 8: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/8.jpg)
© C. Kirsch 2007
Toe A
Tip
Memory
Toe B
I/OCPU
![Page 9: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/9.jpg)
Outline
1. Memory Management
2. Concurrency Management
3. I/O Management
![Page 10: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/10.jpg)
© C. Kirsch 2007
Tiptoe System
I/O Host Computer
Network AD/DADisk
ORP2P EthernetConnection
SerialConnection
![Page 11: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/11.jpg)
Outline
1. Memory Management
2. Concurrency Management
3. I/O Management
![Page 12: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/12.jpg)
© C. Kirsch 2007
Goals
• malloc(n) takes at most TIME(n)
• free(n) takes at most TIME(n)
• access takes small constant time
• small and predictable memory fragmentation bound
![Page 13: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/13.jpg)
© C. Kirsch 2007
The Problem
• Fragmentation‣ Compaction• References‣ Abstract
Space
![Page 14: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/14.jpg)
© C. Kirsch 2007
Memory
190
180
170
160
150
140
130
120
110
100
90
80
70
60
50
40
30
20
10
0
C
B
A
Example:
•There are three objects•Object A starts at address 20•Object A needs 40 bytes•B starts at 100, needs 20 bytes•C starts at 160, needs 30 bytes•A contains a reference to B
![Page 15: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/15.jpg)
© C
. Kir
sch
2007
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
Abstract Space Concrete Space
190
180
170
160
150
140
130
120
110
100
90
80
70
60
50
40
30
20
10
0
100
160
20
C
B
A
A
C
B
![Page 16: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/16.jpg)
Keep It Compact?
![Page 17: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/17.jpg)
Does Not Work!
![Page 18: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/18.jpg)
Trade-Off Speed forMemory Fragmentation
Keep Speed andMemory Fragmentation Bounded and Predictable
![Page 19: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/19.jpg)
Partition Memory into Pages
16KB 16KB 16KB 16KB 16KB 16KB
16KB 16KB 16KB 16KB 16KB 16KB
16KB 16KB 16KB 16KB 16KB 16KB
16KB 16KB 16KB 16KB 16KB 16KB
![Page 20: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/20.jpg)
Partition Pages into Blocks
![Page 21: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/21.jpg)
© C
. Kir
sch
2007
Objects < 32 Objects < 64Objects < 48
2
1
0
1
0
3
2
1
0
Size-Class Compact
![Page 22: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/22.jpg)
![Page 23: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/23.jpg)
© C
. Kir
sch
2007
Objects < 32 Objects < 64Objects < 48
just move ‘last’ object
2
1
0
1
0
3
2
1
0
“Compact-Fit”(Bounded Compaction)
![Page 24: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/24.jpg)
![Page 25: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/25.jpg)
© C. Kirsch 2007
Results I
• malloc(n) takes O(1)
• free(n) takes O(n)
• access takes one indirection
• memory fragmentation bounded in k and predictable in constant time
![Page 26: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/26.jpg)
© C
. Kir
sch
2007
Objects < 32 Objects < 64Objects < 48
2
1
0
1
0
3
2
1
0
Partial Compaction
![Page 27: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/27.jpg)
![Page 28: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/28.jpg)
© C. Kirsch 2007
Program Analysis
Definition:Let k count deallocations in a given size-class for which no subsequent allocation was done (“k-band mutator”).
Proposition:Each deallocation that happens whenk < max_number_of_non_full_pagestakes constant time.
![Page 29: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/29.jpg)
© C. Kirsch 2007
Results II
• if mutator stays within k-bands:
• malloc(n) takes O(1)
• free(n) takes O(1)
• access takes one indirection
• memory fragmentation bounded in k and predictable in constant time
![Page 30: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/30.jpg)
![Page 31: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/31.jpg)
Two Implementations!
1. Concrete Space = Physical Memory
2. Concrete Space = Virtual Memory
![Page 32: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/32.jpg)
© C
. Kir
sch
2007
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
Abstract Space Physical Memory
190
180
170
160
150
140
130
120
110
100
90
80
70
60
50
40
30
20
10
0
100
160
20
C
B
A
A
C
B
![Page 33: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/33.jpg)
Two Implementations!
1. Concrete Space = Physical Memory
2. Concrete Space = Virtual Memory
![Page 34: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/34.jpg)
© C
. Kir
sch
2007
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
Abstract Space Physical Memory
190
180
170
160
150
140
130
120
110
100
90
80
70
60
50
40
30
20
10
0
100
160
20A
C
B
Virtual Space
C
B
A
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
![Page 35: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/35.jpg)
© C. Kirsch 2007
Results III
• malloc(n) takes O(n)
• free(n) takes O(n)
• access takes two indirections
• memory fragmentation bounded in k and predictable in constant time
![Page 36: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/36.jpg)
![Page 37: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/37.jpg)
![Page 38: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/38.jpg)
The JAviatorjaviator.cs.uni-salzburg.at
![Page 39: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/39.jpg)
© C. Kirsch 2007
Quad-Rotor Helicopter
![Page 40: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/40.jpg)
© C. Kirsch 2007
Oops
![Page 41: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/41.jpg)
© C. Kirsch 2007
Flight Control
![Page 42: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/42.jpg)
© C. Kirsch 2007
Free Flight
![Page 43: Tiptoe: A Compositional Real-Time Operating Systemck/content/talks/WFCD07-Tiptoe.pdf · ARTIST2 Workshop on Foundations and Applications of Component-Based Design, Salzburg, September](https://reader031.vdocuments.mx/reader031/viewer/2022013023/605622f381ad1a617b4d4128/html5/thumbnails/43.jpg)
Thank you