JP6814756B2 - Hypervisor, arithmetic unit - Google Patents

Description

The present invention relates to a hypervisor and an arithmetic unit.

In recent years, the importance of in-vehicle devices mounted on vehicles and performing calculations has increased. High availability is required for arithmetic processing in an in-vehicle device, and when a problem occurs in a certain device or a certain part of the device, the same processing is performed in another device or another part of the device, so-called migration is required. On the other hand, the amount of data handled by in-vehicle devices is increasing, and improvement of computing power is required. Conventionally, the improvement of computing power has been achieved by increasing the operating frequency of the processor, but in recent years, different types of CPUs have been introduced due to the problem of slowing down the miniaturization speed of the manufacturing process and increasing the amount of heat generated due to miniaturization. There is a tendency for the configuration to be combined to be selected. Patent Document 1 is a vehicle control system that performs processing in which a first electronic control device and a second electronic control device cooperate with each other in order to control an in-vehicle device mounted on a vehicle. The electronic control device of the above and the second electronic control device each have an application program for cooperative processing for performing cooperative processing, and as basic software for executing the application program for cooperative processing in cooperation with each other. It has a first OS program and a second OS program that operate in cooperation with each other under a predetermined division of roles, and the second OS program possessed by the second electronic control device has a shared role. The first OS program possessed by the first electronic control device is configured so that the shared roles can be changed, whereby the shared roles are selected from among the plurality of different roles. It is possible to perform operations in cooperation with any of the second OS programs, and the first electronic control device acquires information about the roles shared by the second OS program from the second electronic control device. Based on the acquisition unit and the information acquired by the acquisition unit indicating the roles shared by the second OS program, the roles shared by the first OS program are determined so that the second OS program can operate in cooperation with the acquisition unit. A vehicle control system comprising a decision-making unit is disclosed.

Japanese Unexamined Patent Publication No. 2017-128308

In the invention described in Patent Document 1, migration cannot be realized when different types of CPUs are used.

The hypervisor according to the first aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and is operated by a plurality of CPUs, and is an operating state of the plurality of operating systems. And a second application having the same function as the first application in the second operating system, instead of the monitoring unit that monitors the above and the first application running in the first operating system based on the operating state. The movement management unit includes a movement management unit that operates the second application, and the movement management unit selects a program file that realizes the second application based on the type of the CPU that is executing the second operating system.
The hypervisor according to the second aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and is operated by a plurality of CPUs, and is an operating state of the plurality of operating systems. And a second application having the same function as the first application in the second operating system, instead of the monitoring unit for monitoring and the first application running in the first operating system based on the operating state. The movement management unit that operates the application of No. 2, the interrupt correspondence information indicating the correspondence relationship between the interrupt request number and the operating system, and the interrupt request of the number corresponding to the operating system based on the interrupt correspondence information are transferred. When the movement management unit operates the second application, it includes an interrupt transfer unit that rewrites the first operating system in the interrupt correspondence information to the second operating system.
The computing device according to the third aspect of the present invention is a computing device that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and includes a hypervisor that is operated by a plurality of CPUs. , The first in the second operating system, instead of the monitoring unit that monitors the operating states of the plurality of operating systems and the first application running in the first operating system based on the operating states. The movement management unit includes a movement management unit that operates a second application having the same function as the application of the above, and the movement management unit is based on the type of CPU running the second operating system. Select the program file that realizes.

According to the present invention, migration can be realized even when different types of CPUs are used.

Configuration diagram of ECU 1000 2 (a) and 2 (b) are diagrams showing an example of the application correspondence table 1150. 3 (a) and 3 (b) are diagrams showing an example of the interrupt correspondence table 1141. Diagram showing an example of application movement table 1121 Flowchart showing the operation of the microkernel abstraction unit 1110 In a modified example, a diagram showing how a program file that realizes the hypervisor 1100 is provided to the ECU 1000 through a recording medium or a data signal.

-First Embodiment-
Hereinafter, the first embodiment of the hypervisor according to the present invention will be described with reference to FIGS. 1 to 5. The hypervisor, which is software, can be mounted on various arithmetic units, but in the present embodiment, the hypervisor is an ECU, that is, an electronic control device (Electronic).
An example provided in the Control Unit) will be described.

(Configuration of ECU 1000)
FIG. 1 is a configuration diagram of an ECU 1000 including the hypervisor 1100 according to the present invention. The ECU 1000 is composed of a hardware layer 100, a hypervisor 1100, and a virtual environment 1200. The hardware layer 100 is composed of a plurality of hardware, and the functions of the hypervisor 1100 are realized by the hardware included in the hardware layer 100. The virtual environment 1200 is an environment realized by the hypervisor 1100, and an operating system (hereinafter referred to as "OS") and an application (hereinafter referred to as "application") operate in the virtual environment 1200. That is, the virtual environment 1200 is also realized by the hardware included in the hardware layer 100.

(Hardware layer 100)
The hardware layer 100 includes a first CPU 11, a second CPU 12, a third CPU 13, a memory 20, and a flash memory 30. The first CPU 11, the second CPU 12, and the third CPU 13 are central processing units, and each operates independently. The first CPU 11, the second CPU 12, and the third CPU 13 have different hardware configurations from each other. For example, at least one of the executable instruction sets, register configurations, and operating frequencies is different. Although three CPUs are shown in FIG. 1, the ECU 1000 may include at least two CPUs having different hardware configurations.

The memory 20 is a volatile readable and writable storage area, a so-called RAM, which is accessed by each CPU described above. The memory 20 includes an area accessible only by each CPU and a shared memory 21 which is an area accessible by all CPUs. That is, the first CPU 11, the second CPU 12, and the third CPU 13 can exchange information with each other via the shared memory 21. The flash memory 30 is a non-volatile storage area. The flash memory 30 stores a hypervisor, a plurality of OSs, and a program file that realizes a plurality of applications.

(Virtual environment 1200)
In the virtual environment 1200, OSs are executed, and applications are executed in those OSs. For example, as shown in FIG. 1, in the virtual environment 1200, the first OS1211, the second OS1212, and the third OS1213 are executed. The first OS 1211 is executed by the first CPU 11, the second OS 1212 is executed by the second CPU 12, and the third OS 1213 is executed by the third CPU 13. Applications can be executed on each OS. Hereinafter, the combination of CPU and OS is referred to as "environment" or "execution environment". For example, even when the same OS is used, if the CPUs to be executed are different, it is determined that the environment is different.

(App program file)
In the present embodiment, the application is a computer program that exerts a specific function. That is, if the functions to be realized are the same, even if the substance of the application, that is, the program file is different, it is treated as the same application. That is, whether or not the applications are the same is determined without considering the instruction code to be used. However, strictly speaking, there is also the idea that if the program files are different, the apps that read the program files and are executed are not the same.

Here, the substance of the application, that is, the program file will be described. Program files are also called "executable files" or "binary data". However, the program file may be text data that can be read by humans. When the program file is text data, the ECU 1000 has a function corresponding to an interpreter.

As a general rule, program files are prepared for each OS and each CPU. That is, if the execution environment is different, it is necessary to use different program files in principle. Therefore, in order to realize a certain application on a plurality of CPUs and a plurality of OSs, it is necessary to prepare a plurality of program files. However, if the hardware is compatible or if only a common instruction set is used, one program file may be used in multiple execution environments.

2 (a) and 2 (b) are diagrams showing an example of the application correspondence table 1150 described later. Here, first, the application correspondence table 1150 will be described with reference to FIG. 2A. The first line of FIG. 2A shows that the image processing application uses the program file "bin01" to be executed by the operating system O1 using the CPU of type C1. That is, FIG. 2 shows that eight program files of bin01 to bin08 are required to execute the image processing application with any combination of the three CPU types and the three OSs. In other words, it can be said that the eight program files of bin01 to bin08 have the same function. Further, it is described that the same program file "bin05" can be used in the combination of the type C2 CPU and O2 and the combination of the type C3 CPU and O2.

The CPU type for each CPU is predetermined, and is determined by, for example, the register configuration and the corresponding instruction set. For example, two CPUs that differ only in operating frequency have the same register configuration and the corresponding instruction set, so that the CPU types are the same.

In the flash memory 30 described above, a plurality of program files are stored for each application so that the application can be executed by various combinations of OS and CPU. In the present embodiment, a specific application is moved to a different OS in the virtual environment 1200 as needed, that is, migrated and the operation is continued. The application to be moved in the present embodiment is referred to as a "managed application". The management target application is an application responsible for processing and functions whose main purpose is the ECU 1000. The application for operating the OS is not included in the managed application.

In the example of the application correspondence table 1150 shown in FIG. 2A, the correspondence between the CPU type and the OS is comprehensively shown. However, when the OS to be executed is limited for each CPU type in the ECU 1000, only the combination of the CPU type and the OS to be executed may be described in the application correspondence table 1150 as shown in FIG. 2 (b). The explanation will be continued by returning to FIG.

(Hypervisor 1100)
The hypervisor 1100 includes a microkernel abstraction unit 1110 and a hardware-dependent microkernel 1170. The hypervisor 1100 is executed by the first CPU 11, the second CPU 12, and the third CPU 13 in cooperation with each other. In other words, the functions provided by the hypervisor 1100 are realized by operating each of the three CPUs.

The hardware-dependent microkernel 1170 includes a first hardware-dependent microkernel (hereinafter, referred to as “first HDM”) 1171 corresponding to the first CPU 11, and a second hardware-dependent microkernel (hereinafter, “first”) corresponding to the second CPU 12. It includes 1172 (referred to as "2HDM") and a third hardware-dependent microkernel (hereinafter referred to as "third HDM") 1173 corresponding to the third CPU 13.

The first HDM1171 is software for the first CPU 11 to realize the function of the hypervisor 1100. For example, the first HDM1171 rewrites the execution instruction issued by the hypervisor 1100 into an instruction that can be executed by the first CPU 11. The second HDM1172 is software for the second CPU 12 to realize the function of the hypervisor 1100. The third HDM1173 is software for the third CPU 13 to realize the function of the hypervisor 1100.

The hypervisor 1100 constructs a virtual environment 1200 by mutual communication between the first HDM1171, the second HDM1172, and the third HDM1173. An arbitrary number of OSs are executed in the virtual environment 1200, and applications are executed on the OSs. That is, these OSs and applications are executed by either CPU. The number of OSs and applications executed by one CPU is arbitrary.

The microkernel abstraction unit 1110 includes an application movement management unit 1120, a monitoring unit 1160, and an interrupt transfer unit 1140. The microkernel abstraction unit 1110 stores information indicating in which environment the managed application is currently operating in the shared memory 21. The interrupt transfer unit 1140 has an interrupt correspondence table 1141 that manages a hardware-dependent interrupt request signal (Interrupt ReQuest, hereinafter referred to as “IRQ”). The IRQs are numbered to determine the type, and there are, for example, IRQ1 to IRQ15. The interrupt correspondence table 1141 shows, for example, to which OS of the virtual environment 1200 each of IRQ0 to IRQ15 is transferred.

FIG. 3 is a diagram showing an example of the interrupt correspondence table 1141. FIG. 3A is a diagram showing an example of the interrupt correspondence table 1141 in a certain state, and FIG. 3B is a diagram showing the interrupt correspondence table 1141 after being rewritten by the process described later. As shown in FIG. 3, the interrupt correspondence table 1141 stores the IRQ numbers 0 to 15 and the name of the transfer destination OS corresponding to each IRQ number. In the example shown in FIG. 3, any OS is assigned to all IRQs, but there may be an IRQ number for which there is no allocation target.

The monitoring unit 1160 periodically polls the OS running in the virtual environment 1200, the managed application running, and each CPU of the hardware layer 100, that is, acquires operation information. The monitoring unit 1160 outputs the acquired information to the application movement management unit 1120. The information acquired by the monitoring unit 1160 includes the CPU load in each OS, the free memory capacity, the memory usage amount and the CPU usage rate of the managed application, and whether or not the CPU of the hardware layer 100 is operating.

The application movement management unit 1120 has an application movement table 1121 and an application correspondence table 1150. The application movement management unit 1120 receives the information acquired by polling from the monitoring unit 1160, and determines whether or not to move the managed application. The application movement management unit 1120 determines that the managed application is moved when the OS running the managed application is stopped or when there is an abnormality in the operation of the managed application.

For example, the application movement management unit 1120 determines that the OS is stopped when the CPU running the OS is stopped. Further, the application movement management unit 1120 states that there is an abnormality in the managed application when the memory usage of the managed application continues to increase, or when the CPU load of the managed application continues to be 0% or 100% for a predetermined time or longer. to decide. Then, the application movement management unit 1120 determines the program file to be executed at the movement destination with reference to the application correspondence table 1150, transfers the interrupt, and then operates the managed application at the movement destination.

(App movement table 1121)
FIG. 4 is a diagram showing an example of the application movement table 1121. The application movement table 1121 is represented in a tabular format, for example, and is composed of a plurality of records. Each record has fields for app 1122, IRQ1123 used, CPU name 1124, CPU type 1125, OS1126, migration requirement 1127, rank 1128, CPU load 1129, and free memory 1130. The application movement table 1121 is created in advance, and in the range of this embodiment, rewriting does not occur except for the fields of rank 1128.

The name of the application is entered in the field of the application 1122. As described with reference to FIG. 2, the application often requires different program files depending on the environment in which the application is executed. In the field of the IRQ1123 used, the IRQ number used by the application specified by the field value of the application 1122 of the same record (hereinafter, referred to as "the application of the same record") is entered.

In the field of CPU name 1124, the name of the CPU that executes the application of the same record is entered. In the field of CPU type 1125, the type of CPU entered in the field of CPU name 1124 is entered. In the field of OS1126, the name of the OS that executes the application of the same record is entered. In the field of the migration requirement 1127, the requirements necessary for the CPU specified by the CPU name 1124 to move the application of the same record to the OS specified by the OS 1126 are entered. The required requirements include at least the name of the program file to be executed and may include additional resources such as timers.

In the field of rank 1128, a rank indicating the appropriateness of executing the application of the same record is entered. In the example shown in FIG. 4, since the application image processing application shows three combinations of the first to third lines, any of 1 to 3 is entered in the rank 1128. However, when the environment cannot be used, for example, when the OS is stopped, a symbol indicating that the environment cannot be used, for example, "N / A" is entered in rank 1128. The field of rank 1128 is appropriately rewritten by the application movement management unit 1120.

In the field of the CPU load 1129, the CPU load, that is, the CPU usage rate, which is one of the criteria for the application movement management unit 1120 to determine the rank 1128, is entered. In the field of the free memory 1130, the free memory capacity, which is one of the criteria for the application movement management unit 1120 to determine the rank 1128, is entered. In the example shown in FIG. 4, the application movement management unit 1120 describes the CPU load and the free memory as the criteria for determining the rank 1128, but the application movement management unit 1120 may use other items as the reference. , The number of criteria is not limited to 2. The above is the description of the application movement table 1121.

(Updated rank 1128)
The update of rank 1128 of the application movement table 1121 is performed by the application movement management unit 1120, for example, as follows. The application movement management unit 1120 acquires the information obtained by polling from the monitoring unit 1160 before updating the rank 1128. Then, for each record in the application movement table 1121, the value of the CPU load 1129 which is the selection criterion and the value obtained by polling the environment in the record, and the value of the free memory 1130 and the value obtained by polling the environment in the record are obtained. The evaluation value is calculated by comparing the polling values.

The method of calculating the evaluation value is arbitrary, and the lower the CPU load, the higher the evaluation value, and the larger the free memory capacity, the higher the evaluation value. The evaluation value is calculated as a value of 0 to 100 by adding the values of 0 to 50 determined by the CPU load and the values of 0 to 50 determined by the free memory, for example. For example, if the value obtained by polling is the same as the value described in each record, the evaluation value of the item is 25, and the evaluation value is increased or decreased by 5 each time there is an increase or decrease of 10% from the reference value. The application movement management unit 1120 calculates the evaluation value by such a calculation.

Then, the application movement management unit 1120 ranks the evaluation value of each record for each managed application, and inputs the ranking in the field of rank 1128. However, in the record of the operating environment in which it is determined that the managed application cannot be executed, for example, the environment in which the OS does not respond, a symbol indicating non-execution, for example, "N / A" is entered regardless of the evaluation value.

(flowchart)
FIG. 5 is a flowchart showing the operation of the microkernel abstraction unit 1110. When power is supplied to the ECU 1000, the microkernel abstraction unit 1110 starts the operation shown in FIG. 5 and continues the operation until the power is turned off. Although END indicating the end of operation is not shown in FIG. 5, the microkernel abstraction unit 1110 ends the operation when the power of the ECU 1000 is turned off.

When the power is supplied to the microkernel abstraction unit 1110, the application movement management unit 1120 and the application movement table 1121 are first initialized in S2000. However, the initialization of the application movement table 1121 is a process of blanking the fields of rank 1128 of all records. In the following S2001, the microkernel abstraction unit 1110 initializes the monitoring unit 1160, and the monitoring unit 1160 polls whether or not each CPU is available using the hardware-dependent microkernel 1170. If it is determined that there is a CPU that is not shown in FIG. 5 but is not available, error processing is performed. In the following, the description will be continued on the assumption that all CPUs were available in S2001.

In the following S2003, the microkernel abstraction unit 1110 initializes all OSs and applications. In which environment each application is executed at the time of initialization is predetermined. In the following S2004, the monitoring unit 1160 polls the CPU, OS, and managed application. In S2005, the microkernel abstraction unit 1110 transmits the information acquired by the monitoring unit 1160 in S2004 to the application movement management unit 1120. In the following S2006, the application movement management unit 1120 updates all ranks 1128 of the application movement table 1121 by the above-mentioned method, and detects an abnormality of the managed application. As described above, the operation status of the CPU running the OS on which the managed app is running, the memory usage of the managed app, the CPU load of the managed app, etc. are used to detect the abnormality of the managed app. Referenced.

In the following S2007, the microkernel abstraction unit 1110 determines whether or not an abnormality of the managed application is detected in S2006. The microkernel abstraction unit 1110 proceeds to S2009 when it is determined that one of the managed applications has an abnormality, and proceeds to S2008 when it is determined that there is no abnormality in all the managed applications. In the following, the managed application in which an abnormality is detected in S2006 will be referred to as an "application in which an abnormality is detected". In S2008, the microkernel abstraction unit 1110 waits for a predetermined time and returns to S2004. That is, the microkernel abstraction unit 1110 repeats the processes of S2004 to S2008 while no abnormality is detected in the application.

In S2009, which is executed when a positive determination is made in S2007, the microkernel abstraction unit 1110 reads the application movement table 1121. In the following S2010, the microkernel abstraction unit 1110 determines whether or not there is another environment for executing the managed application in which the abnormality is detected in S2007, that is, an alternative environment. The microkernel abstraction unit 1110 proceeds to S2011 if it determines that an alternative environment exists, and proceeds to S2016 if it determines that an alternative environment does not exist. Specifically, the microkernel abstraction unit 1110 determines whether or not there is an environment in which the application in which the abnormality is detected in the application movement table 1121 is currently executed, in which rank 1128 is not N / A. ..

For example, the application movement table 1121 is shown in FIG. 4. When the image processing application is executed in the first CPU 11 and an abnormality is detected in the image processing application, it can be executed in the second CPU 12 and the third CPU 13, so S2010 makes a positive judgment. Will be done. Further, in the example shown in FIG. 4, when the distance estimation application is executed in the first CPU 11 and an abnormality is detected in the distance estimation application and the rank of the third CPU 13 is N / A, another distance estimation application is executed. Since there is no possible environment, a negative judgment is made in S2010.

In S2011, the microkernel abstraction unit 1110 determines the environment to which the application in which the abnormality is detected is moved. Specifically, the microkernel abstraction unit 1110 refers to the application movement table 1121, and is a record that describes the application in which an abnormality is detected, and rank 1128 is the highest among the records excluding the currently running environment. The environment with a small value is determined as the destination. For example, the application movement table 1121 is shown in FIG. 4, and when the image processing application is operating in the first CPU 11 and an abnormality is detected, the environment of the third CPU 13 having rank 1128 of "2" is selected.

In the following S2012, the microkernel abstraction unit 1110 identifies the program file of the application in which the abnormality is detected in the environment specified in S2011. Specifically, the microkernel abstraction unit 1110 refers to the application correspondence table 1150 and specifies the program file from the name of the application in which the abnormality is detected and the CPU type of the environment specified in S2011. However, when the application correspondence table 1150 differs for each type of OS as shown in FIG. 2A, the program file is specified by further considering the OS of the environment specified in S2011.

In the following S2013, the microkernel abstraction unit 1110 arranges the program file specified in S2012 in the memory area of the destination OS determined in S2011. In the following S2014, the microkernel abstraction unit 1110 initializes the application placed in S2014. In this initialization, a timer or the like is also arranged as needed. For example, the application movement table 1121 is shown in FIG. 4. When the image processing application is operated by the second CPU 12, the program file bin05 is initialized and the timer B is provided to the bin05.

In the following S2015, the interrupt transfer unit 1140 transfers the IRQ according to the moved application. For example, the application movement table 1121 is shown in FIG. 4, and when the image processing application moves from the environment of the first CPU 11 to the environment of the second CPU 12, the interrupt transfer unit 1140 rewrites the interrupt correspondence table 1141 as follows. That is, the interrupt transfer unit 1140 rewrites the transfer destinations of IRQ1 and IRQ4 in the interrupt correspondence table 1141 from O1 to O2. When the processing of S2015 is completed, the process proceeds to S2008.

In S2016, which is executed when a negative determination is made in S2010, the microkernel abstraction unit 1110 outputs an operation stop command to the managed application in which the problem is detected, and proceeds to S2008. In S2016, it may be recorded that an event has occurred, that is, an operation stop command has been output to the managed application, or an arbitrary internal state of the ECU 1000, for example, dump information of the memory 20 may be added to this record. .. The above is the description of the flowchart showing the operation of the microkernel abstraction unit 1110.

According to the first embodiment described above, the following effects can be obtained.
(1) The hypervisor 1100 provides a virtual environment 1200 capable of executing a plurality of operating systems capable of executing an application, and is operated by a plurality of CPUs. The hypervisor 1100 replaces the application realized by the monitoring unit 1160 that monitors the operating status of a plurality of OSs and the first program file that is executed in the first OS based on the operating status, and replaces the second OS. The application movement management unit 1120 for operating the application realized by the second program file having the same function as the first application is provided. The application movement management unit 1120 selects a program file that realizes the second application based on the type of CPU running the second OS. Therefore, application movement, that is, migration can be realized even when different types of CPUs are used.

(2) The hypervisor 1100 has an application correspondence table 1150 showing the functions to be realized, the types of CPUs, and the correspondence relationships of program files. The application movement management unit 1120 selects a program file that realizes the second application by referring to the application correspondence table 1150. Therefore, the hypervisor 1100 can select an appropriate program file according to the migration destination environment.

(3) CPU types in the application correspondence table 1150 are classified based on at least the instruction set of the CPU and the register configuration. This is because the same program file tends to be used if the instruction set and register configuration of the CPU are the same.

(4) The hypervisor 1100 has an interrupt correspondence table 1141 showing the correspondence between the interrupt request number and the OS. The hypervisor 1100 includes an interrupt transfer unit 1140. The interrupt transfer unit 1140 transfers the interrupt request of the IRQ number corresponding to the OS based on the interrupt correspondence table 1141. Further, when the application movement management unit 1120 operates the second application, the interrupt transfer unit 1140 changes the first OS in the interrupt correspondence table 1141 from FIG. 3A to FIG. 3B. Rewrite to 2 OS. Therefore, the IRQ can be transferred at the same time as the migration is executed.

(5) The application movement management unit 1120 is the first application executed in the first OS when the operation of the first OS is stopped or there is an abnormality in the operation of the first application. Instead, run the second application on the second OS. Therefore, migration can be executed when the OS is stopped.

(Modification example 1)
In the first embodiment described above, the name of the program file may not be described in the migration requirement 1127 of the application movement table 1121. This is because in the above-described embodiment, the hypervisor 1100 has an application correspondence table 1150 and selects a program file with reference to the application correspondence table 1150.

(Modification 2)
The hypervisor 1100 does not include the application correspondence table 1150, and the program file to be executed in the migration destination OS may be specified by referring to the migration requirement 1127 in the application movement table 1121.

(Modification 3)
The program file that realizes the hypervisor 1100 may be provided to the ECU 1000 through a recording medium or data communication.

FIG. 6 is a diagram showing how a program file that realizes the hypervisor 1100 described above is provided to the ECU 1000 through a recording medium or a data signal. The ECU 1000 is mounted on a vehicle and has a processor capable of executing various programs. The ECU 1000 reads the CD-ROM 304 via the input device 300, and receives the information of the program file for realizing the hypervisor 1100. The hypervisor 1100 is realized by executing this program file on the processor of the ECU 1000.

Further, the input device 300 has a connection function with the communication line 301. The computer 302 is a server computer that provides information such as the above program file, and stores the information in a recording medium such as a hard disk 303. The communication line 301 is a communication line such as the Internet or personal computer communication, or a dedicated communication line. The computer 302 uses the hard disk 303 to read information such as a program file and transmits the information to the input device 300 via the communication line 301.

That is, the program is transmitted as a data signal via a carrier wave and via a communication line 301. Then, the input device 300 transmits the received signal to the ECU 1000. As described above, the program for realizing the hypervisor 1100 can be supplied as a computer-readable computer program product of various forms such as a recording medium and a data signal (carrier wave).

Each of the above-described embodiments and modifications may be combined. Although various embodiments and modifications have been described above, the present invention is not limited to these contents. Other aspects conceivable within the scope of the technical idea of the present invention are also included within the scope of the present invention.

1100 ... Hypervisor 1110 ... Microkernel abstraction unit 1120 ... App movement management unit 1121 ... App movement table 1128 ... Rank 1160 ... Monitoring unit 1140 ... Interrupt transfer unit 1141 ... Interrupt correspondence table 1150 ... App correspondence table 1200 ... Virtual environment

Claims (7)

A hypervisor that provides a virtual environment that can execute multiple operating systems that can execute applications and is operated by multiple CPUs.
A monitoring unit that monitors the operating status of the plurality of operating systems,
A move that runs a second application having the same function as the first application in the second operating system in place of the first application running in the first operating system based on the operating state. With a management department,
The movement management unit is a hypervisor that selects a program file that realizes the second application based on the type of CPU running the second operating system. The hypervisor according to claim 1.
It has program correspondence information that shows the functions to be realized, the type of CPU, and the correspondence of program files.
The movement management unit is a hypervisor that selects a program file that realizes the second application by referring to the program correspondence information. The hypervisor according to claim 2.
The type of CPU in the program correspondence information is a hypervisor classified based on at least the instruction set of the CPU and the register configuration. The hypervisor according to claim 1.
It has interrupt correspondence information indicating the correspondence between the interrupt request number and the operating system.
When the interrupt request with the number corresponding to the operating system is transferred based on the interrupt correspondence information and the movement management unit operates the second application, the first operating system in the interrupt correspondence information is referred to as the second. A hypervisor with an interrupt transfer section that rewrites to the operating system of. The hypervisor according to claim 1.
The movement management unit is executed in the first operating system when the operation of the first operating system is stopped or when there is an abnormality in the operation of the first application. A hypervisor that runs the second application in the second operating system in place of the application. A hypervisor that provides a virtual environment that can execute multiple operating systems that can execute applications and is operated by multiple CPUs.
A monitoring unit that monitors the operating status of the plurality of operating systems,
A move that runs a second application that has the same functions as the first application in the second operating system in place of the first application running in the first operating system based on the operating state. With the management department
Interrupt support information indicating the correspondence between the interrupt request number and the operating system, and
When the interrupt request with the number corresponding to the operating system is transferred based on the interrupt correspondence information and the movement management unit operates the second application, the first operating system in the interrupt correspondence information is referred to as the second. Hypervisor with an interrupt transfer section that rewrites to the operating system of. An arithmetic unit that provides a virtual environment that can execute multiple operating systems that can execute applications and has a hypervisor that runs on multiple CPUs.
The hypervisor
A monitoring unit that monitors the operating status of the plurality of operating systems,
A move that runs a second application that has the same functions as the first application in the second operating system in place of the first application running in the first operating system based on the operating state. With a management department,
The movement management unit is an arithmetic unit that selects a program file that realizes the second application based on the type of CPU that is executing the second operating system.

Images