Will virtualization save multicore? Will it be the answer to a really secure system? It might.
Designed to run on a single core, virtual- machine hypervisors give developers multiple virtual cores. Developers don’t need to care about whether there are enough physical cores available from an application standpoint. Of course, with more cores, you get more run time for virtual cores. But this doesn’t change how the applications are written or how they interact with each other. It just improves how many they can interact with as well as the speed of those interactions.
The easiest method for partitioning multiple, independent applications is to run them on a virtual host, and it’s quite common on servers. But embedded environments tend to have applications that interact with each other.
Partitioning an application across multiple processors or cores can be difficult if the communication between processors is explicit and done using custom hardware. This tends to be more common in embedded environments where a processor, such as a DSP, is often chosen for special features such as its numbercrunching ability.
Virtualization doesn’t make the chore of linking dissimilar cores easier, yet it can make partitioning among similar cores or a homogeneous environment significantly easier. More importantly, it allows developers to partition the application with an eye toward migration to a multicore solution while providing the benefits of parallel programming.
Granted, the parallel programming is occuring at a very coarse level. But the architectural differences in the application tend to be coarser and easier to understand. Changes in parallel programming use will be forced to increase as the number of cores grows dramatically. For now, though, embeded systems tend to deal with less than a dozen cores.
Even if the number of cores grows significantly, those platforms will require high-level partitioning as well as more fine-grain partitioning within an application. In addition, partitioning at the virtual-host level has other advantages.
SECURING MULTIPLE CORES
Sandboxing an operating system and its applications has always been a selling point of virtual systems. Bad system design can enable an application to breach even hardware-augmented sandboxes. Still, preventing and detecting this type of problem tend to be significantly easier.
But wasn’t an operating system supposed to provide this type of security? Yes, and many do. SELinux is a typical multilevel, capability-based security system that can isolate one application from another. Still, virtual system paritioning can do this, in addition to providing yet another partition boundary.
More importantly, the controller of the virtual and operating-system security environments can be different. This is key when you’re trying to create a system where third parties will be providing applications and potentially the operating environment as well. The number of cores used in a system will likely increase as the number of applications and environments increases.
KEEPING THE OLD WITH THE NEW
Now we finally get to the reason most virtual systems are found in embedded environments now: legacy applications.
A range of combinations is commonly used, such as adding a real-time operating system (RTOS) to a Linux application or letting one RTOS handle existing hardware while another RTOS targets new hardware. The legacy apps often run in isolation or with limited two-way interaction unless they’re altered.
Drop me an e-mail and let me know how you plan on using virtualization in your applications.