CN115269139A - Dual-operating-system mixed real-time task scheduling method and system based on trusted area - Google Patents

Dual-operating-system mixed real-time task scheduling method and system based on trusted area Download PDF

Info

Publication number
CN115269139A
CN115269139A CN202210779837.5A CN202210779837A CN115269139A CN 115269139 A CN115269139 A CN 115269139A CN 202210779837 A CN202210779837 A CN 202210779837A CN 115269139 A CN115269139 A CN 115269139A
Authority
CN
China
Prior art keywords
time
real
task
scheduling
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210779837.5A
Other languages
Chinese (zh)
Inventor
许光泞
谢忱
邓畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 32 Research Institute
Original Assignee
CETC 32 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 32 Research Institute filed Critical CETC 32 Research Institute
Priority to CN202210779837.5A priority Critical patent/CN115269139A/en
Publication of CN115269139A publication Critical patent/CN115269139A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/48Indexing scheme relating to G06F9/48
    • G06F2209/484Precedence

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method and a system for scheduling a mixed real-time task of a dual-operation system based on a trusted area, which comprises the following steps: step 1: constructing a dual-operating-system environment on a hardware platform supporting the TrustZone technology in the trusted area; step 2: modifying an interrupt response mechanism of the system; and 3, step 3: distributing task priorities; and 4, step 4: configuring a scheduling strategy of the double operating systems; and 5: and scheduling and executing the tasks of the dual operating systems. The invention realizes hardware isolation by using ARM TrustZone technology, so that the architecture is not constrained by the number of processor cores, and the multi-stage task hybrid scheduling mechanism between the GPOS and the RTOS is realized by combining the system scheduling mechanism of the invention.

Description

Dual-operating-system hybrid real-time task scheduling method and system based on trusted area
Technical Field
The invention relates to the technical field of task scheduling, in particular to a method and a system for scheduling double-operating-system mixed real-time tasks based on a trusted area.
Background
In recent years, with the continuous development of embedded systems and information technologies, the related art has made higher demands on embedded systems. In an embedded system such as a vehicle-mounted system, the system is required to provide general system services to meet the requirements of users, and the normal operation of a key system is also required to be ensured, which inherently requires the separation between the general system and the key system. At present, virtualization technology, multi-core CPU-based isolation technology, hardware-assisted isolation technology and the like are commonly used for system isolation at home and abroad. Among the technologies, a hardware-assisted isolation technology represented by a TrustZone technology is prominent, and the technology divides the whole system resource into two different areas through hardware expansion, so that the mutual isolation between two systems operating in different areas is ensured.
TrustZone's chinese meaning is the trusted zone. The TrustZone technology is a security architecture proposed by ARM corporation for increasing the security of electronic devices, and is to improve the security of the system without affecting the original processor design as much as possible. The TrustZone hardware architecture extension implants the security into the processor, thus providing a foundation for separating the security from the common operating system (Rich OS, ROS), namely, a new secure operating system (TOS) can be realized, and a security monitor (secure monitor) is added to realize the switching between ROS and TOS. The TOS and the ROS run on the same physical CPU at the same time, and the interaction between them is limited to message passing and shared memory passing data. The TOS has independent exception handling, scheduling, applications, threads, drivers, and memory management page tables. The security monitor is responsible for managing the switching between the two systems, storing and restoring the state of the registers in the two environments during the transition of the two systems, and ensuring that the system can re-execute when transitioning to the new environment.
The ARM TrustZone technology runs a program named a security monitor in the EL3 mode of the ARM processor for switching between the secure world and the general world. There are various ways to enter the Monitor, including entering the Monitor in a software manner using an SMC (Secure Monitor Call) instruction and entering through a hardware exception mechanism, such as IRQ (Interrupt Request), FIQ (Fast Interrupt Request), external data exception, and external prefetch exception. The monitor running in EL3 mode is responsible for saving the context of the current world and loading the context of another world. A brief model of the ARM TrustZone technology is shown in figure 1. ARM TrustZone allows hardware interrupts such as IRQs and FIQs to be handled in monitor mode. The ARM recommends IRQ as the interrupt source of the ordinary world and FIQ as the interrupt source of the safe world. When the interrupt comes, if the processor is running in the corresponding world, the processor does not enter the monitor, and the interrupt is responded in the current world; if the processor runs in another world, the monitor responds to the interrupt and routes the terminal to the corresponding world for processing.
Patent document CN103440200A (application number: CN 201310399154.8) discloses a high real-time large data amount test playback method based on dual operating systems, which solves the difficult problem of high real-time large data amount test playback, and includes that firstly, a data production node applies for a data cache region, a data consumer node applies for the data cache region, initializes all cache regions, finds data files and obtains data into the cache region, initializes network connection, the data consumer node requests data from the data production node, the data production node returns data to the data consumer node, and the data consumer node fetches data from the cache according to task scheduling requirements.
A dual operating system architecture TZDKS (TrustZone-based Dual-KernelSystems) provided by the national defense science and technology university based on the TrustZone technology is shown in figure 2. In TZDKS, a real-time operating system runs in a secure domain and a general-purpose operating system runs in a common domain. The whole system is responsible for switching the execution area by a Monitor (Monitor) in the EL3 mode. In order to ensure the performance and the safety of the system, the TZDKS adds a safety clock in a safety domain by utilizing the TrustZone technology, a real-time operating system is driven by the safety clock, and a general operating system is driven by a common clock. In the normal area, a general-purpose application may communicate with tasks in the real-time operating system by a tzipilibrary call TZ driver. To ensure security, each communication needs to be communicated through the monitor to be realized. The system divides the interrupt into a safe interrupt and a common interrupt, wherein the safe interrupt is processed by a safe domain, the common interrupt is processed by a common domain, and in order to ensure the real-time response capability of the system, when the system runs in the safe domain, the system does not respond to the common interrupt including the common clock interrupt.
To ensure the execution time certainty of the real-time operating system, all tasks in the RTOS have higher priority than the GPOS. And if and only if no other ready tasks except the idle task exist in the real-time operating system, the system can be switched to the ordinary domain to execute through the idle task. Although the real-time performance of the real-time operating system can be guaranteed, the performance of the general operating system is sacrificed, the processing capacity of a common domain is reduced, and in the worst case, the normal operation of the system can be influenced.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a method and a system for scheduling a dual-operating-system hybrid real-time task based on a trusted area.
The invention provides a double-operating-system mixed real-time task scheduling method based on a trusted area, which comprises the following steps:
step 1: the method comprises the steps that a dual-operating-system environment is established on a hardware platform supporting the TrustZone technology of the trusted area, a domestic general operating system is operated in a conventional environment and is responsible for processing general computing tasks, and a domestic embedded real-time operating system is operated in an isolation environment and is responsible for processing real-time response tasks;
step 2: configuring an interrupt generated by a device belonging to a real-time operating system of an isolation environment into a FIQ and configuring an interrupt generated by a device belonging to a general operating system of a conventional environment into an IRQ by configuring an interrupt controller;
and step 3: respectively adopting an optimal priority distribution algorithm OPA of Audsley to perform fixed priority distribution on the priorities of executing tasks in the two operating systems;
and 4, step 4: taking a non-real-time task and a software real-time task in the general operating system as a container of the general operating system to participate in scheduling in the real-time operating system;
and 5: and preferentially executing the high-priority real-time tasks in the real-time operating system, and when no real-time tasks with the priority higher than that of the software real-time tasks need to run in the system, performing time slice rotation scheduling on the low-priority tasks in the real-time operating system and the soft real-time tasks in the general operating system through the software real-time tasks.
Preferably, the real-time operating system is started, the memory and the MMU of the real-time operating system are initialized in the starting process, the real-time response task in the isolation environment is executed, when the scheduling system schedules the running of the general operating system, the real-time operating system is switched to a conventional area to be executed, and at the moment, the system normally starts the general operating system in the conventional environment;
and in the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task.
Preferably, the interrupt controller is configured to configure an interrupt generated by a device belonging to the real-time operating system in the isolated environment as an FIQ, and configure an interrupt generated by a device belonging to the general operating system in the normal environment as an IRQ, when the real-time operating system runs, the IRQ is set to be in a shielded state, and if the IRQ is generated at this time, the general operating system cannot process the IRQ, so that a task running in the real-time operating system is not interrupted, and the real-time performance of the task in the real-time operating system is ensured.
Preferably, when the general operating system runs, the FIQ is set to be in an open state, if the FIQ is generated at the moment, the running task of the general operating system is interrupted, the monitor is switched to the real-time operating system, the control of the real-time operating system on the processor is recovered, the FIQ is processed, and a corresponding interrupt processing program is entered, so that the real-time performance of the real-time task in the real-time operating system is ensured;
when IRQ and FIQ occur, if the current execution environment of the system corresponds to the interrupt type, the current execution environment directly responds to the interrupt; if the interrupt type is not consistent with the execution environment of the current system, the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment for processing according to the interrupt type and the execution environment of the current system.
Preferably, aiming at general calculation tasks and real-time calculation tasks, a secondary scheduling strategy is designed, and a scheduling mode of two-dimensional hybrid construction of space and time is realized;
the first-stage task scheduling is performed by a scheduling system of a real-time operating system, a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted, and when a regional switching management task runs, a safety monitoring mode SMC calls an instruction to enable the system to be switched to a conventional environment to run;
in the second-stage task scheduling process, configuring corresponding scheduling strategies according to different application attributes, wherein the real-time operating system running in the isolation environment realizes task scheduling according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; the routine environment adopts a process scheduling mechanism based on priority of a Linux kernel, and the priority of the task adopts an optimal priority allocation algorithm OPA of Audsley to perform fixed priority allocation on the task.
The invention provides a double-operating-system mixed real-time task scheduling method based on a trusted area, which comprises the following steps:
a module M1: the method comprises the steps that a dual-operating-system environment is established on a hardware platform supporting the TrustZone technology of the trusted area, a domestic general operating system is operated in a conventional environment and is responsible for processing general computing tasks, and a domestic embedded real-time operating system is operated in an isolation environment and is responsible for processing real-time response tasks;
a module M2: configuring an interrupt generated by a device belonging to a real-time operating system of an isolation environment as a FIQ and configuring an interrupt generated by a device belonging to a general-purpose operating system of a normal environment as an IRQ by configuring an interrupt controller;
a module M3: respectively adopting an optimal priority distribution algorithm OPA of Audsley to distribute the priorities of the executed tasks in the two operating systems to carry out fixed priority distribution on the tasks;
a module M4: taking a non-real-time task and a software real-time task in the general operating system as a container of the general operating system to participate in scheduling in the real-time operating system;
a module M5: and preferentially executing the high-priority real-time tasks in the real-time operating system, and when no real-time tasks with the priority higher than that of the software real-time tasks need to run in the system, performing time slice rotation scheduling on the low-priority tasks in the real-time operating system and the soft real-time tasks in the general operating system through the software real-time tasks.
Preferably, the real-time operating system is started, the memory and the MMU of the real-time operating system are initialized in the starting process, the real-time response task in the isolation environment is executed, when the scheduling system schedules the running of the general operating system, the real-time operating system is switched to a conventional area to be executed, and at the moment, the system normally starts the general operating system in the conventional environment;
and in the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task.
Preferably, the interrupt controller is configured to configure an interrupt generated by a device belonging to the real-time operating system in the isolated environment as an FIQ, and configure an interrupt generated by a device belonging to the general operating system in the normal environment as an IRQ, when the real-time operating system runs, the IRQ is set to be in a shielded state, and if the IRQ is generated at this time, the general operating system cannot process the IRQ, so that a task running in the real-time operating system is not interrupted, and the real-time performance of the task in the real-time operating system is ensured.
Preferably, when the general-purpose operating system runs, the FIQ is set to be in an open state, if the FIQ is generated, the task which is running by the general-purpose operating system is interrupted, the monitor is switched to the real-time operating system, the control of the real-time operating system on the processor is recovered, the FIQ is processed, and a corresponding interrupt processing program is entered, so that the real-time performance of the real-time task in the real-time operating system is ensured;
when IRQ and FIQ occur, if the current execution environment of the system corresponds to the interrupt type, the current execution environment directly responds to the interrupt; if the interrupt type is not consistent with the execution environment of the current system, the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment for processing according to the interrupt type and the execution environment of the current system.
Preferably, aiming at general calculation tasks and real-time calculation tasks, a secondary scheduling strategy is designed, and a scheduling mode of two-dimensional hybrid construction of space and time is realized;
the first-stage task scheduling is performed by a scheduling system of a real-time operating system, a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted, and when a regional switching management task runs, a safety monitoring mode SMC calls an instruction to enable the system to be switched to a conventional environment to run;
in the second-stage task scheduling process, configuring corresponding scheduling strategies according to different application attributes, wherein the real-time operating system running in the isolation environment realizes task scheduling according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; the routine environment adopts a process scheduling mechanism based on priority of a Linux kernel, and the priority of a task adopts an optimal priority allocation algorithm OPA of Audsley to perform fixed priority allocation on the task.
Compared with the prior art, the invention has the following beneficial effects:
(1) The invention realizes hardware isolation by using ARM TrustZone technology, so that the architecture is not restricted by the number of processor cores, and the system scheduling mechanism is combined to realize a multi-stage task mixed scheduling mechanism between GPOS and RTOS, and the schedulability of multi-stage mixed tasks can be ensured through deterministic technical analysis and design;
(2) The scheduling strategy of the invention can effectively reduce the influence of the dual-operating system architecture on the general operating system on the premise of not influencing the real-time response capability of the system, and simultaneously gives consideration to the safety access capability of the system.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic diagram of an ARM TrustZone model;
FIG. 2 is a schematic diagram of the overall structure of TZDKS;
FIG. 3 is a schematic diagram of a built dual operating system environment architecture;
fig. 4 is a flowchart of the system implementation under the first-level scheduling policy.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will aid those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any manner. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the invention.
Example (b):
the invention aims to reduce the influence of the architecture on the performance of a general operating system in a conventional environment as far as possible on the premise of ensuring the time certainty of a real-time operating system in an isolation environment. Therefore, the scheduling strategy should improve the frequency of system switching to the conventional environment execution under the condition of not influencing the real-time response task, so that the general operating system in the conventional environment can quickly respond and process the interrupt and the soft real-time task. Since the TrustZone technique requires that the Monitor at EL3 (Monitor) be as simple as possible and that the switch between the two execution environments can be performed quickly, the first level of scheduling is not properly undertaken by the Monitor. When the multi-stage task mixed scheduling strategy is realized, a scheduling system in a real-time operating system in an isolation environment is responsible for a first-stage scheduling strategy, namely scheduling between execution environments and scheduling of real-time response tasks in second-stage scheduling. The specific implementation idea is to establish a regional switching management task in the real-time operating system as a container of the general operating system to participate in scheduling in the real-time operating system.
In order to meet the requirements of isolation between real-time tasks and general computing tasks and subsequent two-stage hybrid scheduling algorithms, a real-time operating system (a domestic ruihua embedded operating system) needs to be transplanted into an isolation environment. The system architecture after migration is shown in fig. 3.
The system architecture divides software and hardware resources of the system into a conventional environment and an isolation environment based on the TrustZone technology. Running a domestic general operating system in a conventional environment is responsible for processing general computing tasks, running a Shaoxing embedded real-time operating system in an isolation environment and processing real-time response tasks. The entire system is in charge of switching the execution region by a Monitor (Monitor) at EL 3. In order to ensure the independence between two execution environments, the system respectively configures independent clock sources for the two operation systems by using the TrustZone technology and a special double-clock architecture of a domestic hardware platform, wherein a common clock is responsible for driving a general operation system to operate, and a safety clock is responsible for driving a real-time operation system to operate.
After the system is started, in order to ensure the safety and the time certainty of the real-time operating system, the real-time operating system is started firstly, the real-time operating system initializes the memory, MMU and the like of the system in the starting process, and starts to execute the real-time response task in the isolation environment. When the scheduling system schedules the general operating system to run, the real-time operating system is switched to the conventional area to execute, and at the moment, the system normally starts the general operating system in the conventional environment.
In the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task. For this reason, improvements in the interrupt response mechanism of the entire system are required. The interrupt generated by the device belonging to the real-time operating system of the isolation environment is configured as FIQ by configuring the interrupt controller, and the interrupt generated by the device belonging to the general-purpose operating system of the normal environment is configured as IRQ. When the real-time operating system is running, the IRQ is set to a masked state. If the IRQ is generated at the moment, the universal operating system cannot process the IRQ, so that the task running in the real-time operating system cannot be interrupted, and the real-time performance of the task in the real-time operating system is guaranteed. While setting the FIQ to the on state while the general purpose operating system is running. If the FIQ is generated, the task which is running by the general operating system can be interrupted, the monitor is switched to the real-time operating system, the control of the real-time operating system to the processor is recovered, the FIQ is processed, and a corresponding interrupt processing program is entered, so that the real-time performance of the real-time task in the real-time operating system is ensured.
When IRQ and FIQ occur, if the current execution environment of the system is corresponding to the interrupt type (if IRQ interrupt occurs, the system is in normal execution environment), the current execution environment directly responds to the interrupt. If the interrupt type is not consistent with the execution environment of the current system (if the system is in the isolated execution environment when the IRQ interrupt occurs), the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment according to the interrupt type and the execution environment of the current system.
In order to reduce the influence of the architecture on the performance of a general operating system in a conventional environment as much as possible on the premise of ensuring the time certainty of a real-time operating system in an isolation environment, a secondary scheduling strategy is designed for general computing tasks and real-time computing tasks, and a scheduling mode constructed by two-dimensional mixing of space and time is realized.
The first-stage task scheduling is performed by a scheduling system of a real-time operating system, and a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted. In the scheduling strategy, two regional switching management tasks respectively named as a B task and a G task exist, and the two regional switching management tasks are used as containers of a general operating system to participate in scheduling in a real-time operating system. When the area switching management task runs, the system is switched to run in a normal environment through a Secure Monitor Call (SMC) instruction. The task B is at the lowest priority of the real-time operating system and runs as an idle task; the G task is used for reducing the processing time and the interrupt response time of the soft real-time task in the general operating system and improving the service quality of the soft real-time task. The main bodies of the two regional switching management tasks are basically the same, and the main differences are the priority and the calling mode of the two regional switching management tasks. The priority of the G task is between the high-criticality task and the low-criticality task in the real-time operating system, so that the time certainty of the real-time operating system is prevented from being influenced by the G task. The G task will execute as a periodic task, with configurable period and execution time.
The execution flow of the whole system in the first-level scheduling policy is shown in fig. 4:
step 1: determining priorities for all tasks;
and 2, step: executing the tasks higher than the G task in the real-time operating system according to the priority, and turning to the step 3 after all the tasks higher than the G task in the priority are executed;
and step 3: and performing time slice round-turn scheduling execution on the low-priority task in the real-time operating system and the soft real-time task in the general operating system through the G task. If the task priority in the real-time operating system is higher than that of the G task to be executed, turning to the step 2; when the G task and the low-priority task in the real-time operating system are executed, turning to the step 4;
and 4, step 4: and executing the B task in the general operating system, namely the general task. If the task in the real-time operating system needs to be executed, turning to the step 2;
and 5: and after all the tasks are executed, entering a real-time operating system environment and waiting for the execution of the tasks.
And in the running process of the system, the real-time tasks with high criticality in the real-time operating system are preferentially executed, and when no real-time tasks with high criticality in the system need to run, the low criticality tasks in the real-time operating system and the general calculation tasks in the general operating system are subjected to time slice rotation scheduling through the G tasks. The execution time of the G task is the time slice of the general calculation task, and the residual time of the whole period is the time slice of the low-key task in the real-time operating system. Because the period and the execution time of the G task are determined and the execution time of each period is shorter, the scheduling system in the real-time operating system can ensure that the time certainty of the whole system is not interfered by the scheduling strategy.
And in the second-stage task scheduling working process, configuring corresponding scheduling strategies according to different application attributes. The real-time operating system running in the isolation environment realizes the scheduling of tasks according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; conventional environments employ a priority-based process scheduling mechanism similar to the Linux kernel. The Priority of the task adopts the Optimal Priority AsSignment (OPA) algorithm of Audsley to carry out fixed Priority AsSignment on the task.
The priority scheduling algorithm is a scheduling strategy for scheduling according to the priority of tasks and enabling the tasks with high priorities to be processed preferentially. The kernel ensures that the CPU is always allocated to all ready and highest priority tasks in the running tasks of the system for use at any time, if one higher priority task is ready, the kernel immediately saves the context of the current running task and switches to the context of the high priority task for execution. And in the scheduling process of the same priority, a time slice wheel scheduling strategy is adopted. The time slice round-robin scheduling algorithm means that the operating system provides the same CPU time for all tasks, the time is called a time slice, the task scheduling is completely carried out according to the time slices allocated by the system, the priority of the task is ignored, and the CPU is automatically yielded after the task runs the designated time slice. The time slice round-robin scheduling strategy is used for expanding a priority scheduling algorithm, is only used for scheduling tasks with the same priority and does not influence the priority scheduling of the system, and aims to enable the tasks with the same priority to share processor resources fairly. Of all ready tasks with the same priority, each task can only run for a certain period of time, and this period of time of running is called a time slice. After a task runs a time slice, even if the running is not finished, the processor must be released to let the next ready task with the same priority run (assuming that no task with higher priority is ready), the time slice counter of the task is cleared, and the task is put at the tail of the task queue with the same priority according to the priority to wait for running again. A newly created task of the same priority will be placed at the end of the queue and the slot counter for the task will initially be zero. It follows that no one task in the system can monopolize the CPU resource until it is blocked.
The invention provides a double-operating-system mixed real-time task scheduling method based on a trusted area, which comprises the following steps: a module M1: the method comprises the steps that a dual-operating-system environment is established on a hardware platform supporting the TrustZone technology of the trusted area, a domestic general operating system is operated in a conventional environment and is responsible for processing general computing tasks, and a domestic embedded real-time operating system is operated in an isolation environment and is responsible for processing real-time response tasks; a module M2: configuring an interrupt generated by a device belonging to a real-time operating system of an isolation environment into a FIQ and configuring an interrupt generated by a device belonging to a general operating system of a conventional environment into an IRQ by configuring an interrupt controller; a module M3: respectively adopting an optimal priority distribution algorithm OPA of Audsley to perform fixed priority distribution on the priorities of executing tasks in the two operating systems; a module M4: taking a non-real-time task and a software real-time task in the general operating system as a container of the general operating system to participate in scheduling in the real-time operating system; a module M5: and preferentially executing the real-time tasks with high priority in the real-time operating system, and when no real-time task with the priority higher than the software real-time task needs to run in the system, performing time slice rotation scheduling on the low-priority tasks in the real-time operating system and the soft real-time tasks in the general operating system through the software real-time tasks.
Starting a real-time operating system, initializing a memory and an MMU (memory management unit) of the real-time operating system in the starting process, starting to execute a real-time response task in an isolation environment, switching the real-time operating system to a conventional area to execute when a scheduling system schedules the general operating system to run, and normally starting the general operating system in the conventional environment by the system at the moment; and in the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task. Configuring interrupts generated by equipment of a real-time operating system belonging to an isolation environment into FIQ by configuring an interrupt controller, configuring interrupts generated by equipment of a general operating system belonging to a conventional environment into IRQ, and setting the IRQ to be in a shielded state when the real-time operating system runs. Setting FIQ to be in an open state when the general operating system runs, interrupting the running task of the general operating system if the FIQ is generated, switching to a real-time operating system through a monitor, recovering the control of the real-time operating system to a processor, processing the FIQ, and entering a corresponding interrupt processing program, thereby ensuring the real-time performance of the real-time task in the real-time operating system; when IRQ and FIQ occur, if the current execution environment of the system corresponds to the interrupt type, the current execution environment directly responds to the interrupt; if the interrupt type is not consistent with the execution environment of the current system, the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment for processing according to the interrupt type and the execution environment of the current system. Aiming at general calculation tasks and real-time calculation tasks, a secondary scheduling strategy is designed, and a scheduling mode constructed by two-dimensional mixing of space and time is realized; the first-stage task scheduling is performed by a scheduling system of a real-time operating system, a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted, and when a regional switching management task runs, a safety monitoring mode SMC calls an instruction to enable the system to be switched to a conventional environment to run; in the second-stage task scheduling process, configuring corresponding scheduling strategies according to different application attributes, wherein the real-time operating system running in the isolation environment realizes task scheduling according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; the routine environment adopts a process scheduling mechanism based on priority of a Linux kernel, and the priority of the task adopts an optimal priority allocation algorithm OPA of Audsley to perform fixed priority allocation on the task.
It is known to those skilled in the art that, in addition to implementing the system, apparatus and its various modules provided by the present invention in pure computer readable program code, the system, apparatus and its various modules provided by the present invention can be implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like by completely programming the method steps. Therefore, the system, the apparatus, and the modules thereof provided by the present invention may be considered as a hardware component, and the modules included in the system, the apparatus, and the modules for implementing various programs may also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description has described specific embodiments of the present invention. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (10)

1. A dual-operating-system hybrid real-time task scheduling method based on a trusted area is characterized by comprising the following steps:
step 1: the method comprises the steps that a dual-operating-system environment is established on a hardware platform supporting the TrustZone technology of the trusted area, a domestic general operating system is operated in a conventional environment and is responsible for processing general computing tasks, and a domestic embedded real-time operating system is operated in an isolation environment and is responsible for processing real-time response tasks;
and 2, step: configuring an interrupt generated by a device belonging to a real-time operating system of an isolation environment into a FIQ and configuring an interrupt generated by a device belonging to a general operating system of a conventional environment into an IRQ by configuring an interrupt controller;
and step 3: respectively adopting an optimal priority distribution algorithm OPA of Audsley to perform fixed priority distribution on the priorities of executing tasks in the two operating systems;
and 4, step 4: taking a non-real-time task and a software real-time task in the general operating system as a container of the general operating system to participate in scheduling in the real-time operating system;
and 5: and preferentially executing the high-priority real-time tasks in the real-time operating system, and when no real-time tasks with the priority higher than that of the software real-time tasks need to run in the system, performing time slice rotation scheduling on the low-priority tasks in the real-time operating system and the soft real-time tasks in the general operating system through the software real-time tasks.
2. The dual-operating-system hybrid real-time task scheduling method based on the trusted area as claimed in claim 1, wherein the real-time operating system is started, the memory and MMU of the real-time operating system are initialized during the starting process, and the real-time response task in the isolated environment starts to be executed, when the scheduling system schedules the operation of the general operating system, the real-time operating system is switched to the conventional area to be executed, and at this time, the system normally starts the general operating system in the conventional environment;
and in the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task.
3. The method according to claim 1, wherein an interrupt controller is configured to configure an interrupt generated by a device belonging to the real-time os in the isolated environment as an FIQ, and configure an interrupt generated by a device belonging to the general-purpose os in the normal environment as an IRQ, and when the real-time os runs, the IRQ is set to be in a shielded state, and if the IRQ is generated, the IRQ cannot be processed by the general-purpose os, so that a task running in the real-time os is not interrupted, and thus real-time performance of the task in the real-time os is ensured.
4. The dual-os hybrid real-time task scheduling method based on the trusted zone of claim 3, wherein when the common os is running, the FIQ is set to be in an on state, and at this time, if the FIQ is generated, the running task of the common os is interrupted, and the monitor is switched to the real-time os to recover the control of the real-time os on the processor, process the FIQ, and enter a corresponding interrupt handler, so as to ensure the real-time performance of the real-time task in the real-time os;
when IRQ and FIQ occur, if the current execution environment of the system corresponds to the interrupt type, the current execution environment directly responds to the interrupt; if the interrupt type is not consistent with the execution environment of the current system, the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment for processing according to the interrupt type and the execution environment of the current system.
5. The dual-operating-system hybrid real-time task scheduling method based on the trusted zone as claimed in claim 1, wherein a secondary scheduling strategy is designed for a general computation task and a real-time computation task, and a scheduling mode of a two-dimensional hybrid construction of space and time is realized;
the first-stage task scheduling is performed by a scheduling system of a real-time operating system, a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted, and when a regional switching management task runs, a safety monitoring mode SMC calls an instruction to enable the system to be switched to a conventional environment to run;
in the second-stage task scheduling process, configuring corresponding scheduling strategies according to different application attributes, wherein the real-time operating system running in the isolation environment realizes task scheduling according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; the routine environment adopts a process scheduling mechanism based on priority of a Linux kernel, and the priority of a task adopts an optimal priority allocation algorithm OPA of Audsley to perform fixed priority allocation on the task.
6. A dual-os hybrid real-time task scheduling system based on trusted regions, comprising:
a module M1: the method comprises the steps that a dual-operating-system environment is established on a hardware platform supporting the TrustZone technology of the trusted area, a domestic general operating system is operated in a conventional environment and is responsible for processing general computing tasks, and a domestic embedded real-time operating system is operated in an isolation environment and is responsible for processing real-time response tasks;
a module M2: configuring an interrupt generated by a device belonging to a real-time operating system of an isolation environment into a FIQ and configuring an interrupt generated by a device belonging to a general operating system of a conventional environment into an IRQ by configuring an interrupt controller;
a module M3: respectively adopting an optimal priority distribution algorithm OPA of Audsley to perform fixed priority distribution on the priorities of executing tasks in the two operating systems;
a module M4: taking a non-real-time task and a software real-time task in the general operating system as a container of the general operating system to participate in scheduling in the real-time operating system;
a module M5: and preferentially executing the real-time tasks with high priority in the real-time operating system, and when no real-time task with the priority higher than the software real-time task needs to run in the system, performing time slice rotation scheduling on the low-priority tasks in the real-time operating system and the soft real-time tasks in the general operating system through the software real-time tasks.
7. The dual-operating-system hybrid real-time task scheduling system based on the trusted area as claimed in claim 6, wherein the real-time operating system is started, the memory and MMU of the real-time operating system are initialized during the starting process, and the real-time response task in the isolated environment starts to be executed, when the scheduling system schedules the operation of the general operating system, the real-time operating system is switched to the normal area to be executed, and at this time, the system normally starts the general operating system in the normal environment;
and in the running process of the system, the time certainty of the real-time operating system in the isolation environment is preferentially ensured, and when the real-time response task needs to run, the running state of the real-time operating system is immediately recovered to respond to the real-time task.
8. The dual-os hybrid real-time task scheduling system according to claim 6, wherein the interrupt controller is configured to configure an interrupt generated by the device belonging to the real-time os in the isolated environment as an FIQ, and configure an interrupt generated by the device belonging to the general-purpose os in the normal environment as an IRQ, and when the real-time os is running, the IRQ is set to be in a masked state, and if the IRQ is generated at this time, the general-purpose os cannot process the IRQ, so that the running task of the real-time os is not interrupted, and the real-time performance of the task in the real-time os is ensured.
9. The dual-os hybrid real-time task scheduling system according to claim 8, wherein when the common os is running, the FIQ is set to be in an on state, and when the FIQ is generated, the running task of the common os is interrupted, and the monitor switches to the real-time os to resume the real-time os controlling the processor, process the FIQ, and enter a corresponding interrupt handler, thereby ensuring real-time performance of the real-time task in the real-time os;
when IRQ and FIQ occur, if the current execution environment of the system corresponds to the interrupt type, the current execution environment directly responds to the interrupt; if the interrupt type is not consistent with the execution environment of the current system, the interrupt is processed by the monitor, and the monitor routes the interrupt exception to the correct execution environment for processing according to the interrupt type and the execution environment of the current system.
10. The dual-operating-system hybrid real-time task scheduling system based on the trusted zone as claimed in claim 6, wherein a secondary scheduling policy is designed for a general computation task and a real-time computation task, so as to realize a scheduling mode of a two-dimensional hybrid construction of space and time;
the first-stage task scheduling is performed by a scheduling system of a real-time operating system, a scheduling strategy of priority scheduling and time slice rotation scheduling is adopted, and when a regional switching management task runs, a safety monitoring mode SMC calls an instruction to enable the system to be switched to a conventional environment to run;
in the second-stage task scheduling working process, corresponding scheduling strategies are configured according to different application attributes, wherein the real-time operating system running in the isolation environment realizes scheduling of tasks according to a priority scheduling algorithm, and a time slice rotating mechanism is adopted for assistance on the basis of priority scheduling; the routine environment adopts a process scheduling mechanism based on priority of a Linux kernel, and the priority of the task adopts an optimal priority allocation algorithm OPA of Audsley to perform fixed priority allocation on the task.
CN202210779837.5A 2022-07-04 2022-07-04 Dual-operating-system mixed real-time task scheduling method and system based on trusted area Pending CN115269139A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210779837.5A CN115269139A (en) 2022-07-04 2022-07-04 Dual-operating-system mixed real-time task scheduling method and system based on trusted area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210779837.5A CN115269139A (en) 2022-07-04 2022-07-04 Dual-operating-system mixed real-time task scheduling method and system based on trusted area

Publications (1)

Publication Number Publication Date
CN115269139A true CN115269139A (en) 2022-11-01

Family

ID=83764261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210779837.5A Pending CN115269139A (en) 2022-07-04 2022-07-04 Dual-operating-system mixed real-time task scheduling method and system based on trusted area

Country Status (1)

Country Link
CN (1) CN115269139A (en)

Similar Documents

Publication Publication Date Title
US6715016B1 (en) Multiple operating system control method
EP2316091B1 (en) Protected mode scheduling of operations
JP3008896B2 (en) Interrupt Load Balancing System for Shared Bus Multiprocessor System
US8584125B2 (en) Apparatuses, methods, and computer-readable media for interrupt control
US20050251806A1 (en) Enhancement of real-time operating system functionality using a hypervisor
US20080114973A1 (en) Dynamic hardware multithreading and partitioned hardware multithreading
KR20070083460A (en) Method and system for concurrent execution of multiple kernels
EP2128759B1 (en) Operating system startup control method and information processing apparatus
JPH0969017A (en) Method and apparatus for management of electric power of computer system
JPH03144847A (en) Multi-processor system and process synchronization thereof
JP2000330806A (en) Computer system
CN109522099B (en) Method and system for improving instantaneity of non-instantaneity operating system
EP1162536A1 (en) Multiple operating system control method
US20090059951A1 (en) Program control device
JP2000076087A (en) Multioperating system control method
CN111324432A (en) Processor scheduling method, device, server and storage medium
EP1892625B1 (en) Finer grained operating system scheduling
CN112817762A (en) Dispatching system based on adaptive automobile open system architecture standard and dispatching method thereof
WO2023160359A1 (en) Resource scheduling method and device
CN115269139A (en) Dual-operating-system mixed real-time task scheduling method and system based on trusted area
CN115964150A (en) Business processing method, system, device and medium based on double real-time kernels
EP3430510B1 (en) Operating system support for game mode
JPH05108380A (en) Data processing system
KR101334842B1 (en) Virtual machine manager for platform of terminal having function of virtualization and method thereof
CN110333899B (en) Data processing method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination