In an article I’ve published last year, I described how our new MIPS M-class Warrior CPUs have been designed for the security-driven requirements of next-generation connected processors.
One of the unique features of MIPS microcontroller-class processors is the ability to support full hardware virtualization and multiple trusted execution environments (TEEs). For example, our latest M5150 MCU can support up to seven operating systems or applications running in fully isolated containers which ensures failsafe, real-time operation.
Today I’d like to highlight the fantastic work of a group of researchers from the Pontifical Catholic University of Rio Grande do Sula (PUCRS). This educational institution is one of Brazil’s leading universities and has an amazing team of embedded systems scientists who have been working on a hypervisor for MIPS CPUs called Hellfire.
This is part of a larger project which includes different abstraction levels, from C application development to FPGA prototyping. The team at PUCRS have created a complete reference design flow, including several tools and modules which constitute the Hellfire Framework (HFFW).
An overview of the Hellfire hypervisor and its software architecture
Developers can run their C code on various MIPS CPUs using an in-house operating system called HFOS (Hellfire Operating System) – a highly configurable real-time OS based on a modular micro-kernel architecture.
This enables designers to add up to 128 processors to a system, configure them individually and deploy parallel embedded applications which are able to exchange data and even migrate tasks.
The Embedded Systems Group at PUCRS has recently published a whitepaper in which they present this innovative hypervisor implementation running on the MIPS M5150 MCU. By using our instruction accurate models and development boards, the researchers were able to create a hypervisor that takes full advantage of the MIPS Virtualization Module (MIPS VZ). The university also has published in-depth performance measurements in the same whitepaper.
The Hellfire hypervisor supports full virtualization of the MIPS CPU and mixed para-virtualization, providing the kind of services you would typically encounter only in a high-performance CPU (e.g. communication among VMs and real-time support).
The diagram below offers an overview of the virtualization model; the underlying hardware includes a bus-based, multi-processor architecture built around multiple MIPS CPUs that share memory resources. The Hellfire hypervisor is responsible for the creation and management of each virtual machine and creates a logical framework responsible for associating each VM to its virtual CPU(s).
The second diagram presents the software architecture of the hypervisor, describing how it handles various communications services, interrupts or hypercalls.
One of the critical elements of a hypervisor is measuring its performance on real-world applications. The researchers chose a series of algorithms to benchmark the impact of running multiple guest OSes on a MIPS M5150 MCU. Here are two brief examples:
Measuring real-world performance of virtualized MCUs
Context switching overhead
Adaptive DPCM: native versus virtualized performance
The first suite of tests aimed to determine the guest OS overhead in number of instructions when comparing native versus virtualized execution. A guest OS ran an Adaptive DPCM (Differential Pulse Code Modulation) algorithm typically used for voice coding.
Throughout the various tests, the hypervisor overhead never exceeded the 1.8% mark, even after 24 million instructions were executed. This means the difference between running the same code in a virtualized machine versus directly on the physical CPU takes up less than 2% of the processor’s compute resources.
Multiple guest OSes running on the same CPU
The next test package aimed to show the overhead of running multiple guest operating systems on separate VMs. Again, the combination of a very efficient CPU architecture and well-designed software delivered some really impressive results. For example, even when adding up to eight guest OSes, the difference in performance was remarkably small – the VM incurred only a 1.74% overhead versus native performance.
This final suite of tests was designed to show the number of instructions needed to deliver messages from a VM to another. The experiment used two instances of the same guest OS exchanging messages of different sizes: 20, 40, 60, 80 and 100 bytes long using hypercalls.
The researchers were very happy to discover that it only took just 1680 instruction to deliver a 100-byte long message from one VM to another. Since the MIPS M5150 MCU implements a load/store architecture with single-cycle ALU operations, a processor clocked at 100MHz would execute roughly 100 millions of instructions per second.
Therefore, 1680 instructions represent 0.00168% of CPU time in one second.
The academic team concluded that porting the Hellfire hypervisor to a microcontroller-class processor wouldn’t have been possible without the unique features of the latest version of the MIPS architecture.
The extremely positive performance results detailed above showed the importance of choosing a MIPS M5150 MCU when looking to deliver superior performance and security on real-time, embedded platforms.
In the future, the team is hoping to add support for a full-blown Linux kernel and conduct more performance benchmarks on their MIPS M5150 development board. You can follow the project page here and download an overview presentation about the project from our website.