WO2019155966A1 - Computer program product and computation device - Google Patents

Computer program product and computation device Download PDF

Info

Publication number
WO2019155966A1
WO2019155966A1 PCT/JP2019/003223 JP2019003223W WO2019155966A1 WO 2019155966 A1 WO2019155966 A1 WO 2019155966A1 JP 2019003223 W JP2019003223 W JP 2019003223W WO 2019155966 A1 WO2019155966 A1 WO 2019155966A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
operating system
operating
cpu
hypervisor
Prior art date
Application number
PCT/JP2019/003223
Other languages
French (fr)
Japanese (ja)
Inventor
ハイロ ロペス
朋仁 蛯名
一 芹沢
岳彦 長野
亮輔 林
拓郎 森
Original Assignee
日立オートモティブシステムズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立オートモティブシステムズ株式会社 filed Critical 日立オートモティブシステムズ株式会社
Priority to DE112019000308.9T priority Critical patent/DE112019000308T5/en
Publication of WO2019155966A1 publication Critical patent/WO2019155966A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0712Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a virtual computing platform, e.g. logically partitioned systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Definitions

  • the present invention relates to a computer program product in which a hypervisor is recorded, and an arithmetic device.
  • Patent Document 1 discloses a vehicle control system that performs processing in which a first electronic control device and a second electronic control device cooperate in order to control an in-vehicle device mounted on a vehicle.
  • the electronic control device and the second electronic control device each have a cooperative processing application program for performing cooperative processing, and as basic software for executing the cooperative processing application program in cooperation with each other.
  • a vehicle control system includes a determination unit that determines a role shared by a first OS program.
  • the hypervisor recorded in the computer program product according to the first aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and operates by a plurality of CPUs.
  • a monitoring unit that monitors the operating state of the operating system, and the first application in the second operating system instead of the first application that is executed in the first operating system based on the operating state.
  • a movement management unit that operates a second application having a similar function, and the movement management unit realizes the second application based on a type of CPU executing the second operating system.
  • the hypervisor recorded in the computer program product according to the second aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and operates by a plurality of CPUs.
  • a monitoring unit that monitors the operating state of the operating system, and the first application in the second operating system instead of the first application that is executed in the first operating system based on the operating state.
  • a migration management unit that operates a second application having a similar function, interrupt correspondence information indicating a correspondence relationship between an interrupt request number and the operating system, and the operating system based on the interrupt correspondence information.
  • An interrupt transfer unit that rewrites the first operating system in the interrupt corresponding information to the second operating system when the mobility management unit operates the second application. .
  • a computing device is a computing device including a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and that is operated by a plurality of CPUs.
  • a monitoring unit that monitors operating states of the plurality of operating systems, and the first operating system in the second operating system instead of the first application that is executed in the first operating system based on the operating states.
  • a movement management unit that operates a second application having the same function as that of the application, and the movement management unit includes the second application based on a type of CPU that is executing the second operating system. Program file that realizes To choose.
  • Configuration diagram of ECU 1000 2A and 2B show examples of the application correspondence table 1150.
  • 3A and 3B are diagrams showing an example of the interrupt correspondence table 1141.
  • the figure which shows an example of the application movement table 1121 A flowchart showing the operation of the microkernel abstraction unit 1110
  • achieves the hypervisor 1100 is provided to ECU1000 through a recording medium and a data signal in a modification.
  • FIG. 1 is a configuration diagram of an ECU 1000 including a hypervisor 1100 according to the present invention.
  • the ECU 1000 includes a hardware layer 100, a hypervisor 1100, and a virtual environment 1200.
  • the hardware layer 100 is composed of a plurality of hardware, and the functions of the hypervisor 1100 are realized by the hardware included in the hardware layer 100.
  • the virtual environment 1200 is an environment realized by the hypervisor 1100, and an operating system (hereinafter referred to as “OS”) and an application (hereinafter referred to as “application”) operate in the virtual environment 1200. That is, the virtual environment 1200 is also realized by hardware included in the hardware layer 100.
  • OS operating system
  • application hereinafter referred to as “application”
  • the hardware layer 100 includes a first CPU 11, a second CPU 12, a third CPU 13, a memory 20, and a flash memory 30.
  • the first CPU 11, the second CPU 12, and the third CPU 13 are central processing units and operate independently of each other.
  • the first CPU 11, the second CPU 12, and the third CPU 13 have different hardware configurations. For example, at least one of an executable instruction set, a register configuration, and an operation frequency is different.
  • FIG. 1 shows three CPUs, the ECU 1000 only needs to include at least two CPUs having different hardware configurations.
  • the memory 20 is a volatile readable / writable storage area, so-called RAM, which is accessed by each of the CPUs described above.
  • the memory 20 includes an area accessible only by each CPU and a shared memory 21 that is an area accessible by all CPUs. That is, the first CPU 11, the second CPU 12, and the third CPU 13 can exchange information with each other via the shared memory 21.
  • the flash memory 30 is a non-volatile storage area.
  • the flash memory 30 stores program files for realizing a hypervisor, a plurality of OSs, and a plurality of applications.
  • OSs are executed, and applications are executed in these OSs.
  • the first OS 1211, the second OS 1212, and the third OS 1213 are executed.
  • the first OS 1211 is executed by the first CPU 11
  • the second OS 1212 is executed by the second CPU 12
  • the third OS 1213 is executed by the third CPU 13.
  • Each OS can execute an application.
  • the combination of the CPU and the OS is referred to as “environment” or “execution environment”. For example, even if the same OS is used, if the CPU to be executed is different, it is determined that the environment is different.
  • an application is a computer program that exhibits a specific function.
  • the application is handled as the same application even if the substance of the application, that is, the program file is different. That is, whether or not the applications are the same is determined without considering the instruction code to be used.
  • the program files are different, the applications that are executed by reading the program files are not the same.
  • the program file is also called “executable file” or “binary data”.
  • the program file may be human-readable text data.
  • ECU 1000 has a function corresponding to an interpreter.
  • Program files are prepared for each OS and each CPU in principle. That is, if the execution environment is different, it is necessary to use different program files in principle. Therefore, in order to realize an application on a plurality of CPUs and a plurality of OSs, it is necessary to prepare a plurality of program files. However, there are cases where one program file can be used in a plurality of execution environments when the hardware is compatible or when only a common instruction set is used.
  • FIGS. 2A and 2B are diagrams showing an example of an application correspondence table 1150 described later.
  • the application correspondence table 1150 will be described with reference to FIG.
  • the first line of FIG. 2A shows that the image processing application uses the program file “bin01” in order to be executed by the operating system O1 using a type C1 CPU. That is, FIG. 2 shows that eight program files of bin01 to bin08 are required to execute an image processing application with an arbitrary combination of three CPU types and three OSs. In other words, it can be said that the eight program files of bin01 to bin08 have the same function. Further, it is described that the same program file “bin05” can be used in the combination of the type C2 CPU and O2 and in the combination of the type C3 CPU and O2.
  • the CPU type for each CPU is predetermined, and is determined by, for example, a register configuration or a corresponding instruction set. For example, two CPUs that differ only in operating frequency have the same register type and corresponding instruction set, and therefore have the same CPU type.
  • the flash memory 30 stores a plurality of program files for each application so that the application can be executed by various combinations of OS and CPU.
  • a specific application is moved to a different OS in the virtual environment 1200 as necessary, that is, migrated to continue operation.
  • an application to be moved is referred to as a “management target application”.
  • the management target application is an application that performs processing and functions that are the main purpose of the ECU 1000. An application for operating the OS is not included in the management target application.
  • the example of the application correspondence table 1150 shown in FIG. 2A comprehensively shows the correspondence between the CPU type and the OS.
  • the OS to be executed for each CPU type is limited in ECU 1000, only the combination of the CPU type to be executed and the OS may be described in application correspondence table 1150 as shown in FIG. Returning to FIG. 1, the description will be continued.
  • the hypervisor 1100 includes a microkernel abstraction unit 1110 and a hardware-dependent microkernel 1170.
  • the hypervisor 1100 is executed by the first CPU 11, the second CPU 12, and the third CPU 13 in cooperation. In other words, the functions provided by the hypervisor 1100 are realized by the three CPUs operating.
  • the hardware-dependent microkernel 1170 includes a first hardware-dependent microkernel (hereinafter referred to as “first HDM”) 1171 corresponding to the first CPU 11 and a second hardware-dependent microkernel (hereinafter referred to as “first hardware”) corresponding to the second CPU 12. 2172 ”and a third hardware-dependent microkernel (hereinafter referred to as“ third HDM ”) 1173 corresponding to the third CPU 13.
  • first HDM hardware-dependent microkernel
  • first hardware second hardware-dependent microkernel
  • third HDM third hardware-dependent microkernel
  • the first HDM 1171 is software for the first CPU 11 to realize the functions of the hypervisor 1100.
  • the first HDM 1171 rewrites an execution instruction issued by the hypervisor 1100 with an instruction that can be executed by the first CPU 11.
  • the second HDM 1172 is software for the second CPU 12 to realize the function of the hypervisor 1100.
  • the third HDM 1173 is software for the third CPU 13 to realize the function of the hypervisor 1100.
  • the hypervisor 1100 constructs a virtual environment 1200 through mutual communication between the first HDM 1171, the second HDM 1172, and the third HDM 1173.
  • An arbitrary number of OSs are executed in the virtual environment 1200, and applications are executed on the OS. That is, these OS and application are executed by one of the CPUs.
  • the number of OSs and applications executed by one CPU is arbitrary.
  • the microkernel abstraction unit 1110 includes an application movement management unit 1120, a monitoring unit 1160, and an interrupt transfer unit 1140.
  • the microkernel abstraction unit 1110 stores in the shared memory 21 information indicating in which environment the managed application is currently operating.
  • the interrupt transfer unit 1140 has an interrupt correspondence table 1141 that manages hardware-dependent interrupt request signals (Interrupt ReQuest, hereinafter referred to as “IRQ”).
  • IRQ is numbered to determine the type, and there are, for example, IRQ1 to IRQ15.
  • the interrupt correspondence table 1141 indicates to which OS of the virtual environment 1200, for example, each of IRQ0 to IRQ15.
  • FIG. 3 is a diagram showing an example of the interrupt correspondence table 1141.
  • FIG. 3A is a diagram showing an example of the interrupt correspondence table 1141 in a certain state
  • FIG. 3B is a diagram showing the interrupt correspondence table 1141 after being rewritten by processing to be described later.
  • the interrupt correspondence table 1141 stores 0 to 15 IRQ numbers and names of transfer destination OSs corresponding to the respective IRQ numbers. In the example shown in FIG. 3, any OS is assigned to all IRQs, but there may be an IRQ number for which no assignment target exists.
  • the monitoring unit 1160 periodically polls the OS executed in the virtual environment 1200 and the management target application that is operating, and also each CPU of the hardware layer 100, that is, acquires operation information.
  • the monitoring unit 1160 outputs the acquired information to the application movement management unit 1120.
  • the information acquired by the monitoring unit 1160 includes the CPU load, free memory capacity, memory usage and CPU usage rate of the management target application, whether or not the CPU of the hardware layer 100 is operating, and the like.
  • the application movement management unit 1120 has an application movement table 1121 and an application correspondence table 1150.
  • the application movement management unit 1120 receives information acquired by polling from the monitoring unit 1160, and determines whether to move the management target application.
  • the application movement management unit 1120 determines to move the managed application when the OS executing the managed application is stopped or when the operation of the managed application is abnormal.
  • the application movement management unit 1120 determines that the OS is stopped when the CPU running the OS is stopped, for example. In addition, when the memory usage of the management target application continues to increase, the application movement management unit 1120 determines that the management target application is abnormal when the CPU load of the management target application is 0% or 100% continues for a predetermined time or more. to decide. Then, the application movement management unit 1120 refers to the application correspondence table 1150 to determine a program file to be executed at the movement destination, transfers the interrupt, and operates the managed application at the movement destination.
  • FIG. 4 is a diagram illustrating an example of the application movement table 1121.
  • the application movement table 1121 is expressed in a table format, for example, and is composed of a plurality of records. Each record has fields of an application 1122, a use IRQ 1123, a CPU name 1124, a CPU type 1125, an OS 1126, a migration requirement 1127, a rank 1128, a CPU load 1129, and a free memory 1130.
  • the application movement table 1121 is created in advance, and rewriting does not occur in fields other than the rank 1128 field within the scope of the present embodiment.
  • an IRQ number used by an application specified by the field value of the application 1122 of the same record (hereinafter referred to as “application of the same record”) is entered.
  • the CPU name 1124 field the name of the CPU executing the application of the same record is entered.
  • the CPU type 1125 field the CPU type entered in the CPU name 1124 field is entered.
  • the name of the OS that executes the application of the same record is entered.
  • the field of the migration requirement 1127 a requirement necessary for the CPU specified by the CPU name 1124 to move the application of the same record to the OS specified by the OS 1126 is entered.
  • the necessary requirements include at least the name of the program file to be executed and may contain additional resources such as a timer.
  • rank 1128 field a rank indicating the appropriateness of executing the application of the same record is entered.
  • the application image processing application has three combinations from the first line to the third line, any one of 1 to 3 is entered in the rank 1128.
  • a symbol indicating that the environment cannot be used for example, “N / A” is written in rank 1128.
  • the field of rank 1128 is appropriately rewritten by the application movement management unit 1120.
  • the CPU load that is, the CPU usage rate, which is one of the criteria by which the application movement management unit 1120 determines the rank 1128
  • the free memory 1130 the free memory capacity that is one of the criteria by which the application movement management unit 1120 determines the rank 1128 is entered.
  • the CPU movement and the free memory are described as two criteria for the application movement management unit 1120 to determine the rank 1128, but the application movement management unit 1120 may use other items as a reference.
  • the number of standards is not limited to two. The above is the description of the application movement table 1121.
  • the rank 1128 of the application movement table 1121 is updated by the application movement management unit 1120 as follows, for example.
  • the application movement management unit 1120 acquires information obtained by polling from the monitoring unit 1160 before updating the rank 1128. Then, for each record in the application movement table 1121, the value of the CPU load 1129 as a selection criterion and the value obtained by polling the environment in that record, and the value of the free memory 1130 and the polling of the environment in that record are obtained.
  • the evaluation value is calculated by comparing the measured values.
  • the method for calculating the evaluation value is arbitrary.
  • the evaluation value is calculated as a value of 0 to 100 by adding a value of 0 to 50 determined by the CPU load and a value of 0 to 50 determined by the free memory. For example, if the value obtained by polling is the same as the value described in each record, the evaluation value of the item is 25, and the evaluation value is increased or decreased by 5 whenever there is an increase or decrease of 10% from the reference value.
  • the application movement management unit 1120 calculates an evaluation value.
  • the application movement management unit 1120 ranks the evaluation value of each record for each managed application, and enters the rank in the rank 1128 field.
  • a symbol indicating that execution is impossible regardless of the evaluation value for example, “N / A” is entered in an operating environment in which it is determined that the managed application cannot be executed, for example, an environment where the OS does not respond.
  • FIG. 5 is a flowchart showing the operation of the microkernel abstraction unit 1110.
  • microkernel abstraction unit 1110 starts the operation shown in FIG. 5 and continues that operation until the power is turned off.
  • END indicating the end of the operation is not described in FIG. 5, the microkernel abstraction unit 1110 ends the operation when the power of the ECU 1000 is turned off.
  • the microkernel abstraction unit 1110 When the power is supplied, the microkernel abstraction unit 1110 first initializes the application migration management unit 1120 and the application migration table 1121 in S2000. However, the initialization of the application migration table 1121 is a process of blanking the rank 1128 field of all records. In subsequent S2001, the microkernel abstraction unit 1110 initializes the monitoring unit 1160, and the monitoring unit 1160 uses the hardware-dependent microkernel 1170 to poll whether or not each CPU is available. If it is determined that there is an unusable CPU not shown in FIG. 5, error processing is performed. In the following description, it is assumed that all CPUs are available in S2001.
  • the microkernel abstraction unit 1110 initializes all the OSs and applications. In which environment each application is executed at the time of initialization is predetermined.
  • the monitoring unit 1160 performs polling for the CPU, OS, and managed application.
  • the microkernel abstraction unit 1110 transmits the information acquired by the monitoring unit 1160 in S2004 to the application movement management unit 1120.
  • the application movement management unit 1120 updates all ranks 1128 of the application movement table 1121 by the above-described method and detects an abnormality of the management target application.
  • the detection of the abnormality of the managed application includes the operation status of the CPU running the OS on which the managed application is operating, the memory usage of the managed application, and the CPU load of the managed application. Referenced.
  • the microkernel abstraction unit 1110 determines whether an abnormality of the management target application has been detected in S2006.
  • the microkernel abstraction unit 1110 proceeds to S2009 when determining that there is an abnormality in any managed application, and proceeds to S2008 when determining that there is no abnormality in all managed applications.
  • the management target application in which an abnormality is detected in S2006 is referred to as “an application in which an abnormality is detected”.
  • the microkernel abstraction unit 1110 waits for a predetermined time and returns to S2004. That is, while no abnormality is detected in the application, the microkernel abstraction unit 1110 repeats the processes of S2004 to S2008.
  • the microkernel abstraction unit 1110 In S2009, which is executed when an affirmative determination is made in S2007, the microkernel abstraction unit 1110 reads the application migration table 1121. In subsequent S2010, the microkernel abstraction unit 1110 determines whether there is another environment in which the managed application in which an abnormality is detected in S2007, that is, an alternative environment exists. If the microkernel abstraction unit 1110 determines that an alternative environment exists, the process advances to step S2011. If the microkernel abstraction unit 1110 determines that no alternative environment exists, the process advances to step S2016. Specifically, the microkernel abstraction unit 1110 determines whether or not there is an environment in which the rank 1128 is not N / A in the environment in which the application whose abnormality is detected in the application migration table 1121 is currently being executed. .
  • the second CPU 12 and the third CPU 13 can execute the determination. Is done.
  • the distance estimation application is executed in the first CPU 11 and an abnormality is detected in the distance estimation application and the rank of the third CPU 13 is N / A, another distance estimation application is executed. Since no possible environment exists, a negative determination is made in S2010.
  • the microkernel abstraction unit 1110 determines the environment of the destination of the application where the abnormality is detected. Specifically, the microkernel abstraction unit 1110 refers to the application movement table 1121 and is a record describing an application in which an abnormality is detected, and rank 1128 is the highest in the record excluding the currently executed environment. An environment having a small value is determined as a destination. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is operating on the first CPU 11 and an abnormality is detected, the environment of the third CPU 13 whose rank 1128 is “2” is selected.
  • the microkernel abstraction unit 1110 identifies the program file of the application in which the abnormality is detected in the environment identified in S2011. Specifically, the microkernel abstraction unit 1110 refers to the application correspondence table 1150, and identifies the program file from the name of the application in which an abnormality has been detected and the CPU type of the environment identified in S2011. However, when the application correspondence table 1150 is different for each type of OS as shown in FIG. 2A, the program file is specified in consideration of the OS in the environment specified in S2011.
  • the microkernel abstraction unit 1110 places the program file specified in S2012 in the memory area of the migration destination OS determined in S2011.
  • the microkernel abstraction unit 1110 initializes the application arranged in S2014.
  • a timer or the like is also arranged as necessary. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is operated by the second CPU 12, the program file bin05 is initialized and the timer B is provided to the bin05.
  • the interrupt transfer unit 1140 performs IRQ transfer according to the moved application. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is moved from the environment of the first CPU 11 to the environment of the second CPU 12, the interrupt transfer unit 1140 rewrites the interrupt correspondence table 1141 as follows. That is, the interrupt transfer unit 1140 rewrites the transfer destinations of IRQ1 and IRQ4 in the interrupt correspondence table 1141 from O1 to O2.
  • the process of S2015 proceeds to S2008.
  • the microkernel abstraction unit 1110 In S2016 that is executed when a negative determination is made in S2010, the microkernel abstraction unit 1110 outputs an operation stop command to the management target application in which the problem is detected, and the process proceeds to S2008.
  • the occurrence of an event that is, the output of an operation stop command to the managed application may be recorded, and any internal state of the ECU 1000, for example, dump information of the memory 20 may be added to this record. .
  • the above is the description of the flowchart showing the operation of the microkernel abstraction unit 1110.
  • the hypervisor 1100 provides a virtual environment 1200 capable of executing a plurality of operating systems capable of executing applications, and operates by a plurality of CPUs.
  • the hypervisor 1100 replaces an application realized by a monitoring unit 1160 that monitors the operating states of a plurality of OSs and a first program file that is executed in the first OS based on the operating states with a second OS.
  • the application movement management unit 1120 selects a program file that implements the second application based on the type of CPU that is executing the second OS. Therefore, even when different types of CPUs are used, application migration, that is, migration can be realized.
  • the hypervisor 1100 has an application correspondence table 1150 indicating the correspondence between realized functions, CPU types, and program files.
  • the application movement management unit 1120 refers to the application correspondence table 1150 and selects a program file that realizes the second application. Therefore, the hypervisor 1100 can select an appropriate program file suitable for the migration destination environment.
  • the CPU type in the application correspondence table 1150 is classified based on at least the CPU instruction set and the register configuration. This is because if the CPU instruction set and register configuration are the same, the same program file tends to be used.
  • the hypervisor 1100 has an interrupt correspondence table 1141 indicating the correspondence between interrupt request numbers and OSs.
  • the hypervisor 1100 includes an interrupt transfer unit 1140.
  • the interrupt transfer unit 1140 transfers an interrupt request having an IRQ number corresponding to the OS based on the interrupt correspondence table 1141. Further, when the application movement management unit 1120 operates the second application, the interrupt transfer unit 1140 sets the first OS in the interrupt correspondence table 1141 to the first one as changed from FIG. 3A to FIG. 3B. Rewrite to OS 2 Therefore, the IRQ can be transferred together with the execution of migration.
  • the application movement management unit 1120 displays the first application that is executed in the first OS when the operation of the first OS is stopped or when the operation of the first application is abnormal. Instead, the second application is operated in the second OS. Therefore, migration can be executed when the OS stops.
  • the program file name may not be described in the migration requirement 1127 of the application migration table 1121. This is because, in the embodiment described above, the hypervisor 1100 has the application correspondence table 1150 and selects a program file with reference to the application correspondence table 1150.
  • the hypervisor 1100 may not include the application correspondence table 1150, and may identify a program file to be executed by the migration destination OS by referring to the migration requirement 1127 of the application migration table 1121.
  • a program file for realizing the hypervisor 1100 may be provided to the ECU 1000 through a recording medium or data communication.
  • FIG. 6 is a diagram showing how the program file for realizing the hypervisor 1100 described above is provided to the ECU 1000 through a recording medium and a data signal.
  • ECU 1000 is mounted on the vehicle and has a processor that can execute various programs.
  • ECU 1000 reads CD-ROM 304 via input device 300 and receives provision of program file information for realizing hypervisor 1100. By executing this program file by the processor of the ECU 1000, the hypervisor 1100 is realized.
  • the input device 300 has a connection function with the communication line 301.
  • a computer 302 is a server computer that provides information such as the above program file, and stores the information in a recording medium such as a hard disk 303.
  • the communication line 301 is a communication line such as the Internet or personal computer communication, or a dedicated communication line.
  • the computer 302 reads information such as a program file using the hard disk 303 and transmits it to the input device 300 via the communication line 301.
  • the program is transmitted as a data signal via the carrier wave and via the communication line 301. Then, the input device 300 transmits the received signal to the ECU 1000.
  • the program for realizing the hypervisor 1100 can be supplied as a computer-readable computer program product in various forms such as a recording medium and a data signal (carrier wave).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

In the present invention a hypervisor recorded on a computer program product is operated by a plurality of CPUs and provides a virtual environment in which a plurality of operating systems capable of executing an application can be executed. The hypervisor comprises a monitoring unit that monitors the operational state of the plurality of operating systems, and a migration management unit that, on the basis of the operational state, operates a second application in place of a first application being executed in a first operating system, said second application being on a second operating system and having the same function as the first application. The migration management unit selects a program file for implementing the second application on the basis of the type of CPU executing the second operating system.

Description

コンピュータプログラム製品、演算装置Computer program product, arithmetic unit
 本発明は、ハイパーバイザを記録したコンピュータプログラム製品、および演算装置に関する。 The present invention relates to a computer program product in which a hypervisor is recorded, and an arithmetic device.
 近年、車両に搭載され演算を行う車載装置の重要性が増している。車載装置における演算処理は高い可用性が要求され、ある装置または装置のある部分に何らかの問題が生じた場合は別な装置または装置の他の部分で同様の処理を行うこと、いわゆるマイグレーションが求められる。その一方で車載装置が扱うデータ量が増加しており、演算能力の向上が要求されている。演算能力の向上は、従来はプロセッサの動作周波数の高速化により達成されていたが、製造プロセスの微細化速度の鈍化や微細化に伴う発熱量の増加の問題により、近年は種類の異なるCPUを組み合わせる構成が選択される傾向にある。特許文献1には、車両に搭載された車載機器を制御するために、第1の電子制御装置と第2の電子制御装置とが連携した処理を行う車両用制御システムであって、前記第1の電子制御装置と前記第2の電子制御装置とは、それぞれ、連携処理を行うための連携処理用アプリケーションプログラムを有するとともに、それら連携処理用アプリケーションプログラムを協調して実行させるためのベーシックソフトウエアとしての役割を果たす、所定の役割分担の下に協調して動作する第1OSプログラムと第2OSプログラムとをそれぞれ有しており、前記第2の電子制御装置が保有する第2OSプログラムは、分担する役割が異なる複数の中から選定されたものであり、前記第1の電子制御装置が保有する第1OSプログラムは、分担する役割を変更可能に構成され、それにより、分担する役割が異なる複数の中のいずれの第2OSプログラムとも協調した動作を行うことが可能であって、前記第1の電子制御装置は、前記第2の電子制御装置から、前記第2OSプログラムが分担する役割についての情報を取得する取得部と、前記取得部により取得した、前記第2OSプログラムが分担する役割を示す情報に基づき、当該第2OSプログラムと協調して動作することができるように、第1OSプログラムの分担する役割を決定する決定部と、を備える車両用制御システムが開示されている。 In recent years, the importance of in-vehicle devices that are mounted on vehicles and perform computations has increased. A high availability is required for the arithmetic processing in the in-vehicle device, and when a problem occurs in a certain device or a part of the device, the same processing is performed in another device or another part of the device, so-called migration is required. On the other hand, the amount of data handled by in-vehicle devices is increasing, and there is a demand for improvement in computing capacity. In the past, improvement in computing power has been achieved by increasing the operating frequency of the processor. However, due to the slowdown in the miniaturization speed of the manufacturing process and the increase in the amount of heat generated due to miniaturization, recently different types of CPUs have been installed. There is a tendency to select a configuration to be combined. Patent Document 1 discloses a vehicle control system that performs processing in which a first electronic control device and a second electronic control device cooperate in order to control an in-vehicle device mounted on a vehicle. The electronic control device and the second electronic control device each have a cooperative processing application program for performing cooperative processing, and as basic software for executing the cooperative processing application program in cooperation with each other. Each having a first OS program and a second OS program that operate in a coordinated manner under a predetermined role assignment, and the second OS program held by the second electronic control device Are selected from a plurality of different, and the first OS program possessed by the first electronic control unit plays a shared role It is configured to be changeable, whereby it is possible to perform an operation in cooperation with any second OS program among a plurality of different roles to be shared, and the first electronic control unit Based on information indicating a role shared by the second OS program acquired by the acquisition unit and an acquisition unit that acquires information on the role shared by the second OS program from the control device, the second OS program cooperates with the second OS program. In order to be able to operate, a vehicle control system is disclosed that includes a determination unit that determines a role shared by a first OS program.
日本国特開2017-128308号公報Japanese Unexamined Patent Publication No. 2017-128308
 特許文献1に記載されている発明では、異なる種類のCPUを用いる場合にマイグレーションを実現できない。 In the invention described in Patent Document 1, migration cannot be realized when different types of CPUs are used.
 本発明の第1の態様によるコンピュータプログラム製品に記録したハイパーバイザは、アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザであって、前記複数のオペレーティングシステムの稼働状態を監視する監視部と、前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、を備え、前記移動管理部は、前記第2のオペレーティングシステムを実行しているCPUの種類に基づき前記第2のアプリケーションを実現するプログラムファイルを選択する。
 本発明の第2の態様によるコンピュータプログラム製品に記録したハイパーバイザは、アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザであって、前記複数のオペレーティングシステムの稼働状態を監視する監視部と、前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、割り込み要求の番号と前記オペレーティングシステムの対応関係を示す割り込み対応情報と、前記割り込み対応情報に基づき前記オペレーティングシステムに対応する番号の前記割り込み要求を転送し、前記移動管理部が前記第2のアプリケーションを動作させると前記割り込み対応情報における前記第1のオペレーティングシステムを前記第2のオペレーティングシステムに書き換える割り込み転送部とを備える。
 本発明の第3の態様による演算装置は、アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザを備える演算装置であって、前記ハイパーバイザは、前記複数のオペレーティングシステムの稼働状態を監視する監視部と、前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、を備え、前記移動管理部は、前記第2のオペレーティングシステムを実行しているCPUの種類に基づき前記第2のアプリケーションを実現するプログラムファイルを選択する。
The hypervisor recorded in the computer program product according to the first aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and operates by a plurality of CPUs. A monitoring unit that monitors the operating state of the operating system, and the first application in the second operating system instead of the first application that is executed in the first operating system based on the operating state. A movement management unit that operates a second application having a similar function, and the movement management unit realizes the second application based on a type of CPU executing the second operating system. Program file To select the Le.
The hypervisor recorded in the computer program product according to the second aspect of the present invention is a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and operates by a plurality of CPUs. A monitoring unit that monitors the operating state of the operating system, and the first application in the second operating system instead of the first application that is executed in the first operating system based on the operating state. A migration management unit that operates a second application having a similar function, interrupt correspondence information indicating a correspondence relationship between an interrupt request number and the operating system, and the operating system based on the interrupt correspondence information. An interrupt transfer unit that rewrites the first operating system in the interrupt corresponding information to the second operating system when the mobility management unit operates the second application. .
A computing device according to a third aspect of the present invention is a computing device including a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing an application and that is operated by a plurality of CPUs. A monitoring unit that monitors operating states of the plurality of operating systems, and the first operating system in the second operating system instead of the first application that is executed in the first operating system based on the operating states. A movement management unit that operates a second application having the same function as that of the application, and the movement management unit includes the second application based on a type of CPU that is executing the second operating system. Program file that realizes To choose.
 本発明によれば、異なる種類のCPUを用いる場合でもマイグレーションを実現できる。 According to the present invention, migration can be realized even when different types of CPUs are used.
ECU1000の構成図Configuration diagram of ECU 1000 図2(a)および図2(b)はアプリ対応表1150の一例を示す図2A and 2B show examples of the application correspondence table 1150. 図3(a)および図3(b)は割り込み対応表1141の一例を示す図3A and 3B are diagrams showing an example of the interrupt correspondence table 1141. アプリ移動表1121の一例を示す図The figure which shows an example of the application movement table 1121 マイクロカーネル抽象化部1110の動作を表すフローチャートA flowchart showing the operation of the microkernel abstraction unit 1110 変形例において、ハイパーバイザ1100を実現するプログラムファイルを記録媒体やデータ信号を通じてECU1000に提供する様子を示す図The figure which shows a mode that the program file which implement | achieves the hypervisor 1100 is provided to ECU1000 through a recording medium and a data signal in a modification.
―第1の実施の形態―
 以下、図1~図5を参照して、本発明に係るハイパーバイザの第1の実施の形態を説明する。ソフトウエアであるハイパーバイザは様々な演算装置に実装可能であるが、本実施の形態ではハイパーバイザがECU、すなわち電子制御装置(Electronic Control Unit)に備えられる例を説明する。
-First embodiment-
Hereinafter, a first embodiment of a hypervisor according to the present invention will be described with reference to FIGS. Although the hypervisor that is software can be mounted on various arithmetic devices, in this embodiment, an example in which the hypervisor is provided in an ECU, that is, an electronic control unit (Electronic Control Unit) will be described.
(ECU1000の構成)
 図1は本発明にかかるハイパーバイザ1100を備えるECU1000の構成図である。ECU1000は、ハードウエア層100と、ハイパーバイザ1100と、仮想環境1200とから構成される。ハードウエア層100は複数のハードウエアから構成され、ハイパーバイザ1100の機能はハードウエア層100に含まれるハードウエアにより実現される。仮想環境1200はハイパーバイザ1100によって実現される環境であり、その仮想環境1200の中でオペレーティングシステム(以下、「OS」と呼ぶ)およびアプリケーション(以下、「アプリ」と呼ぶ)が動作する。すなわち仮想環境1200もハードウエア層100に含まれるハードウエアにより実現される。
(Configuration of ECU 1000)
FIG. 1 is a configuration diagram of an ECU 1000 including a hypervisor 1100 according to the present invention. The ECU 1000 includes a hardware layer 100, a hypervisor 1100, and a virtual environment 1200. The hardware layer 100 is composed of a plurality of hardware, and the functions of the hypervisor 1100 are realized by the hardware included in the hardware layer 100. The virtual environment 1200 is an environment realized by the hypervisor 1100, and an operating system (hereinafter referred to as “OS”) and an application (hereinafter referred to as “application”) operate in the virtual environment 1200. That is, the virtual environment 1200 is also realized by hardware included in the hardware layer 100.
(ハードウエア層100)
 ハードウエア層100は、第1CPU11と、第2CPU12と、第3CPU13と、メモリ20と、フラッシュメモリ30とを備える。第1CPU11、第2CPU12、および第3CPU13は中央演算装置であり、それぞれ独立に動作する。第1CPU11、第2CPU12、および第3CPU13は互いにハードウエア構成が異なる。たとえば実行可能な命令セット、レジスタ構成、および動作周波数の少なくとも1つが異なる。なお図1では3つのCPUを示しているが、ECU1000はハードウエア構成が異なるCPUを少なくとも2つ備えればよい。
(Hardware layer 100)
The hardware layer 100 includes a first CPU 11, a second CPU 12, a third CPU 13, a memory 20, and a flash memory 30. The first CPU 11, the second CPU 12, and the third CPU 13 are central processing units and operate independently of each other. The first CPU 11, the second CPU 12, and the third CPU 13 have different hardware configurations. For example, at least one of an executable instruction set, a register configuration, and an operation frequency is different. Although FIG. 1 shows three CPUs, the ECU 1000 only needs to include at least two CPUs having different hardware configurations.
 メモリ20は揮発性の読み書き可能な記憶領域、いわゆるRAMであり、上述した各CPUがアクセスする。メモリ20は、それぞれのCPUのみがアクセス可能な領域と全てのCPUがアクセス可能な領域である共有メモリ21とを含む。すなわち第1CPU11、第2CPU12、および第3CPU13は、共有メモリ21を介して相互に情報を授受できる。フラッシュメモリ30は不揮発性の記憶領域である。フラッシュメモリ30には、ハイパーバイザ、複数のOSおよび複数のアプリを実現するプログラムファイルが格納される。 The memory 20 is a volatile readable / writable storage area, so-called RAM, which is accessed by each of the CPUs described above. The memory 20 includes an area accessible only by each CPU and a shared memory 21 that is an area accessible by all CPUs. That is, the first CPU 11, the second CPU 12, and the third CPU 13 can exchange information with each other via the shared memory 21. The flash memory 30 is a non-volatile storage area. The flash memory 30 stores program files for realizing a hypervisor, a plurality of OSs, and a plurality of applications.
(仮想環境1200)
 仮想環境1200では、OSが実行され、それらのOSにおいてアプリケーションが実行される。たとえば図1に示すように仮想環境1200では、第1OS1211と、第2OS1212と、第3OS1213が実行される。第1OS1211は第1CPU11により実行され、第2OS1212は第2CPU12により実行され、第3OS1213は第3CPU13により実行される。それぞれのOSではアプリケーションを実行できる。以下では、CPUとOSの組み合わせを「環境」または「実行環境」と呼ぶ。たとえば同一のOSを用いる場合であっても実行するCPUが異なる場合は、環境が異なると判断する。
(Virtual environment 1200)
In the virtual environment 1200, OSs are executed, and applications are executed in these OSs. For example, as shown in FIG. 1, in the virtual environment 1200, the first OS 1211, the second OS 1212, and the third OS 1213 are executed. The first OS 1211 is executed by the first CPU 11, the second OS 1212 is executed by the second CPU 12, and the third OS 1213 is executed by the third CPU 13. Each OS can execute an application. Hereinafter, the combination of the CPU and the OS is referred to as “environment” or “execution environment”. For example, even if the same OS is used, if the CPU to be executed is different, it is determined that the environment is different.
(アプリのプログラムファイル)
 本実施の形態ではアプリとは、ある特定の機能を発揮するコンピュータプログラムである。すなわち実現する機能が同一であれば、アプリケーションの実体、すなわちプログラムファイルが異なる場合でも同一のアプリとして扱う。すなわちアプリが同一か否かは、使用する命令コード等を考慮せずに判断する。ただし厳密には、プログラムファイルが異なる場合にはプログラムファイルを読み込んで実行されるアプリは同一ではないとする考え方もある。
(App program file)
In the present embodiment, an application is a computer program that exhibits a specific function. In other words, if the functions to be realized are the same, the application is handled as the same application even if the substance of the application, that is, the program file is different. That is, whether or not the applications are the same is determined without considering the instruction code to be used. However, strictly speaking, there is a concept that when the program files are different, the applications that are executed by reading the program files are not the same.
 ここでアプリケーションの実体、すなわちプログラムファイルについて説明する。プログラムファイルは、「実行可能ファイル」や「バイナリデータ」とも呼ばれる。ただしプログラムファイルは人間が読めるテキストデータでもよい。プログラムファイルがテキストデータの場合は、ECU1000がインタプリタに相当する機能を有する。 Here, the substance of the application, that is, the program file will be described. The program file is also called “executable file” or “binary data”. However, the program file may be human-readable text data. When the program file is text data, ECU 1000 has a function corresponding to an interpreter.
 プログラムファイルは、原則としてOSごと、CPUごとに用意される。すなわち実行環境が異なる場合は原則として異なるプログラムファイルを用いる必要がある。そのためあるアプリを複数のCPU、複数のOS上で実現するためには複数のプログラムファイルを用意する必要がある。ただしハードウエアが互換性を有している場合や共通の命令セットしか使用していない場合などは、1つのプログラムファイルを複数の実行環境で使用できる場合もある。 Program files are prepared for each OS and each CPU in principle. That is, if the execution environment is different, it is necessary to use different program files in principle. Therefore, in order to realize an application on a plurality of CPUs and a plurality of OSs, it is necessary to prepare a plurality of program files. However, there are cases where one program file can be used in a plurality of execution environments when the hardware is compatible or when only a common instruction set is used.
 図2(a)および図2(b)は、後述するアプリ対応表1150の一例を示す図である。ここではまず図2(a)を参照してアプリ対応表1150を説明する。図2(a)の1行目には、画像処理アプリは、タイプC1のCPUを用いてオペレーティングシステムO1で実行するためにはプログラムファイル「bin01」を用いることが示されている。すなわち図2では、画像処理アプリを3つのCPUタイプと3つのOSの任意の組み合わせで実行するには、bin01~bin08の8個のプログラムファイルが必要であることが示されている。換言するとbin01~bin08の8個のプログラムファイルは、同様の機能を有するともいえる。また、タイプC2のCPUとO2の組み合わせ、およびタイプC3のCPUとO2の組み合わせでは、同一のプログラムファイル「bin05」を使用できる旨が記載されている。 FIGS. 2A and 2B are diagrams showing an example of an application correspondence table 1150 described later. Here, first, the application correspondence table 1150 will be described with reference to FIG. The first line of FIG. 2A shows that the image processing application uses the program file “bin01” in order to be executed by the operating system O1 using a type C1 CPU. That is, FIG. 2 shows that eight program files of bin01 to bin08 are required to execute an image processing application with an arbitrary combination of three CPU types and three OSs. In other words, it can be said that the eight program files of bin01 to bin08 have the same function. Further, it is described that the same program file “bin05” can be used in the combination of the type C2 CPU and O2 and in the combination of the type C3 CPU and O2.
 なおCPUごとのCPUタイプはあらかじめ定められており、たとえばレジスタ構成や対応する命令セットなどにより決定される。たとえば動作周波数のみが異なる2つのCPUは、レジスタ構成も対応する命令セットも同一なのでCPUタイプは同一となる。 Note that the CPU type for each CPU is predetermined, and is determined by, for example, a register configuration or a corresponding instruction set. For example, two CPUs that differ only in operating frequency have the same register type and corresponding instruction set, and therefore have the same CPU type.
 前述のフラッシュメモリ30には、アプリを様々なOSとCPUの組み合わせで実行可能なように、1つのアプリごとに複数のプログラムファイルが格納される。本実施の形態では、特定のアプリを仮想環境1200において必要に応じて異なるOSに移動、すなわちマイグレーションさせ稼働を継続させる。本実施の形態において移動させる対象となるアプリを「管理対象アプリ」と呼ぶ。管理対象アプリは、ECU1000が主目的とする処理や機能を担うアプリである。OSを動作させるためのアプリは管理対象アプリには含まれない。 The flash memory 30 stores a plurality of program files for each application so that the application can be executed by various combinations of OS and CPU. In the present embodiment, a specific application is moved to a different OS in the virtual environment 1200 as necessary, that is, migrated to continue operation. In the present embodiment, an application to be moved is referred to as a “management target application”. The management target application is an application that performs processing and functions that are the main purpose of the ECU 1000. An application for operating the OS is not included in the management target application.
 なお図2(a)に示すアプリ対応表1150の例ではCPUタイプとOSの対応を網羅的に示していた。しかしECU1000においてCPUタイプごとに実行するOSが限定されている場合には、図2(b)に示すようにアプリ対応表1150には実行するCPUタイプとOSの組み合わせだけを記載してもよい。図1に戻って説明を続ける。 The example of the application correspondence table 1150 shown in FIG. 2A comprehensively shows the correspondence between the CPU type and the OS. However, when the OS to be executed for each CPU type is limited in ECU 1000, only the combination of the CPU type to be executed and the OS may be described in application correspondence table 1150 as shown in FIG. Returning to FIG. 1, the description will be continued.
(ハイパーバイザ1100)
 ハイパーバイザ1100は、マイクロカーネル抽象化部1110と、ハードウエア依存マイクロカーネル1170とを備える。ハイパーバイザ1100は第1CPU11、第2CPU12、および第3CPU13が協力して実行する。換言するとハイパーバイザ1100が提供する機能は3つのCPUがそれぞれ動作することにより実現される。
(Hypervisor 1100)
The hypervisor 1100 includes a microkernel abstraction unit 1110 and a hardware-dependent microkernel 1170. The hypervisor 1100 is executed by the first CPU 11, the second CPU 12, and the third CPU 13 in cooperation. In other words, the functions provided by the hypervisor 1100 are realized by the three CPUs operating.
 ハードウエア依存マイクロカーネル1170は、第1CPU11に対応する第1ハードウエア依存マイクロカーネル(以下、「第1HDM」と呼ぶ)1171と、第2CPU12に対応する第2ハードウエア依存マイクロカーネル(以下、「第2HDM」と呼ぶ)1172と、第3CPU13に対応する第3ハードウエア依存マイクロカーネル(以下、「第3HDM」と呼ぶ)1173とを備える。 The hardware-dependent microkernel 1170 includes a first hardware-dependent microkernel (hereinafter referred to as “first HDM”) 1171 corresponding to the first CPU 11 and a second hardware-dependent microkernel (hereinafter referred to as “first hardware”) corresponding to the second CPU 12. 2172 ”and a third hardware-dependent microkernel (hereinafter referred to as“ third HDM ”) 1173 corresponding to the third CPU 13.
 第1HDM1171は、第1CPU11がハイパーバイザ1100の機能を実現するためにのソフトウエアである。たとえば第1HDM1171は、ハイパーバイザ1100が発行する実行命令を第1CPU11が実行可能な命令に書き換える。第2HDM1172は、第2CPU12がハイパーバイザ1100の機能を実現するためにのソフトウエアである。第3HDM1173は、第3CPU13がハイパーバイザ1100の機能を実現するためのソフトウエアである。 The first HDM 1171 is software for the first CPU 11 to realize the functions of the hypervisor 1100. For example, the first HDM 1171 rewrites an execution instruction issued by the hypervisor 1100 with an instruction that can be executed by the first CPU 11. The second HDM 1172 is software for the second CPU 12 to realize the function of the hypervisor 1100. The third HDM 1173 is software for the third CPU 13 to realize the function of the hypervisor 1100.
 第1HDM1171、第2HDM1172、および第3HDM1173の相互の通信により、ハイパーバイザ1100は仮想環境1200を構築する。仮想環境1200では任意の数のOSが実行され、OS上ではアプリケーションが実行される。すなわちこれらのOSおよびアプリケーションは、いずれかのCPUにより実行される。1つのCPUが実行するOSおよびアプリケーションの数は任意である。 The hypervisor 1100 constructs a virtual environment 1200 through mutual communication between the first HDM 1171, the second HDM 1172, and the third HDM 1173. An arbitrary number of OSs are executed in the virtual environment 1200, and applications are executed on the OS. That is, these OS and application are executed by one of the CPUs. The number of OSs and applications executed by one CPU is arbitrary.
 マイクロカーネル抽象化部1110は、アプリ移動管理部1120と、監視部1160と、割り込み転送部1140とを備える。マイクロカーネル抽象化部1110は、管理対象アプリが現在どの環境で動作しているかを示す情報を共有メモリ21に保存する。割り込み転送部1140は、ハードウエア依存の割り込み要求信号(Interrupt ReQuest、以下「IRQ」と呼ぶ)を管理する割り込み対応表1141を有する。IRQは種類を判別するために番号が付されており、たとえばIRQ1~IRQ15が存在する。割り込み対応表1141は、たとえばIRQ0~IRQ15のそれぞれについて、仮想環境1200のいずれのOSに転送するかを示すものである。 The microkernel abstraction unit 1110 includes an application movement management unit 1120, a monitoring unit 1160, and an interrupt transfer unit 1140. The microkernel abstraction unit 1110 stores in the shared memory 21 information indicating in which environment the managed application is currently operating. The interrupt transfer unit 1140 has an interrupt correspondence table 1141 that manages hardware-dependent interrupt request signals (Interrupt ReQuest, hereinafter referred to as “IRQ”). The IRQ is numbered to determine the type, and there are, for example, IRQ1 to IRQ15. The interrupt correspondence table 1141 indicates to which OS of the virtual environment 1200, for example, each of IRQ0 to IRQ15.
 図3は割り込み対応表1141の一例を示す図である。図3(a)はある状態における割り込み対応表1141の一例を示す図であり、図3(b)は後述する処理により書き換えられた後の割り込み対応表1141を示す図である。図3に示すように割り込み対応表1141は、0~15のIRQ番号と、それぞれのIRQ番号に対応する転送先のOSの名称が格納される。なお図3に示す例では全てのIRQにいずれかのOSが割り当てられているが、割り当て対象が存在しないIRQ番号があってもよい。 FIG. 3 is a diagram showing an example of the interrupt correspondence table 1141. FIG. 3A is a diagram showing an example of the interrupt correspondence table 1141 in a certain state, and FIG. 3B is a diagram showing the interrupt correspondence table 1141 after being rewritten by processing to be described later. As shown in FIG. 3, the interrupt correspondence table 1141 stores 0 to 15 IRQ numbers and names of transfer destination OSs corresponding to the respective IRQ numbers. In the example shown in FIG. 3, any OS is assigned to all IRQs, but there may be an IRQ number for which no assignment target exists.
 監視部1160は、仮想環境1200において実行されているOSおよび動作している管理対象アプリ、さらにはハードウエア層100の各CPUを対象として定期的にポーリング、すなわち動作情報の取得を行う。監視部1160は、取得した情報をアプリ移動管理部1120に出力する。監視部1160が取得する情報は、各OSにおけるCPU負荷、空きメモリ容量、管理対象アプリのメモリ使用量およびCPU使用率、ハードウエア層100のCPUが動作しているか否かなどである。 The monitoring unit 1160 periodically polls the OS executed in the virtual environment 1200 and the management target application that is operating, and also each CPU of the hardware layer 100, that is, acquires operation information. The monitoring unit 1160 outputs the acquired information to the application movement management unit 1120. The information acquired by the monitoring unit 1160 includes the CPU load, free memory capacity, memory usage and CPU usage rate of the management target application, whether or not the CPU of the hardware layer 100 is operating, and the like.
 アプリ移動管理部1120は、アプリ移動表1121およびアプリ対応表1150を有する。アプリ移動管理部1120は、監視部1160からポーリングにより取得した情報を受け取り、管理対象アプリを移動させるか否かを判断する。アプリ移動管理部1120は、管理対象アプリを実行しているOSが停止している場合や管理対象アプリの動作に異常がある場合に管理対象アプリを移動させると判断する。 The application movement management unit 1120 has an application movement table 1121 and an application correspondence table 1150. The application movement management unit 1120 receives information acquired by polling from the monitoring unit 1160, and determines whether to move the management target application. The application movement management unit 1120 determines to move the managed application when the OS executing the managed application is stopped or when the operation of the managed application is abnormal.
 アプリ移動管理部1120はたとえば、OSを稼働させているCPUが停止している場合にOSが停止していると判断する。またアプリ移動管理部1120は、管理対象アプリのメモリ使用量が増加し続ける場合、管理対象アプリのCPU負荷が0%、または100%が所定時間以上継続する場合に管理対象アプリに異常があると判断する。そしてアプリ移動管理部1120はアプリ対応表1150を参照して移動先で実行するプログラムファイルを決定し、割り込みを転送した上で移動先で管理対象アプリを動作させる。 The application movement management unit 1120 determines that the OS is stopped when the CPU running the OS is stopped, for example. In addition, when the memory usage of the management target application continues to increase, the application movement management unit 1120 determines that the management target application is abnormal when the CPU load of the management target application is 0% or 100% continues for a predetermined time or more. to decide. Then, the application movement management unit 1120 refers to the application correspondence table 1150 to determine a program file to be executed at the movement destination, transfers the interrupt, and operates the managed application at the movement destination.
(アプリ移動表1121)
 図4は、アプリ移動表1121の一例を示す図である。アプリ移動表1121は、たとえば表形式で表され、複数のレコードから構成される。各レコードは、アプリ1122、使用IRQ1123、CPU名1124、CPUタイプ1125、OS1126、移行要件1127、ランク1128、CPU負荷1129、および空きメモリ1130のフィールドを有する。アプリ移動表1121はあらかじめ作成されており、本実施の形態の範囲ではランク1128のフィールド以外は書き換えが発生しない。
(App movement table 1121)
FIG. 4 is a diagram illustrating an example of the application movement table 1121. The application movement table 1121 is expressed in a table format, for example, and is composed of a plurality of records. Each record has fields of an application 1122, a use IRQ 1123, a CPU name 1124, a CPU type 1125, an OS 1126, a migration requirement 1127, a rank 1128, a CPU load 1129, and a free memory 1130. The application movement table 1121 is created in advance, and rewriting does not occur in fields other than the rank 1128 field within the scope of the present embodiment.
 アプリ1122のフィールドには、アプリケーションの名称が記入される。なお図2を参照して説明したように、アプリケーションは実行する環境により異なるプログラムファイルが必要になることが多い。使用IRQ1123のフィールドには、同一レコードのアプリ1122のフィールド値で特定されるアプリ(以下、「同一レコードのアプリ」と呼ぶ)が使用するIRQ番号が記入される。 In the field of application 1122, the name of the application is entered. As described with reference to FIG. 2, the application often requires different program files depending on the environment in which it is executed. In the field of used IRQ 1123, an IRQ number used by an application specified by the field value of the application 1122 of the same record (hereinafter referred to as “application of the same record”) is entered.
 CPU名1124のフィールドには、同一レコードのアプリを実行するCPUの名称が記入される。CPUタイプ1125のフィールドには、CPU名1124のフィールドに記入されたCPUのタイプが記入される。OS1126のフィールドには、同一レコードのアプリを実行するOSの名称が記入される。移行要件1127のフィールドには、同一レコードのアプリをCPU名1124で特定されるCPUがOS1126で特定されるOSに移動させるために必要な要件が記入される。必要な要件には、少なくとも実行するプログラムファイルの名称が含まれ、追加のリソース、たとえばタイマなどが記入されることもある。 In the CPU name 1124 field, the name of the CPU executing the application of the same record is entered. In the CPU type 1125 field, the CPU type entered in the CPU name 1124 field is entered. In the field of OS 1126, the name of the OS that executes the application of the same record is entered. In the field of the migration requirement 1127, a requirement necessary for the CPU specified by the CPU name 1124 to move the application of the same record to the OS specified by the OS 1126 is entered. The necessary requirements include at least the name of the program file to be executed and may contain additional resources such as a timer.
 ランク1128のフィールドには、同一レコードのアプリを実行する適切さを示す順位が記入される。図4に示す例ではアプリ画像処理アプリは1行目から3行目の3つの組み合わせが示されているので、ランク1128には1~3のいずれかが記入される。ただしその環境が使用できない場合、たとえばOSが動作を停止している場合などは使用不可である旨の記号、たとえば「N/A」がランク1128に記入される。ランク1128のフィールドはアプリ移動管理部1120によって適宜書き換えられる。 In the rank 1128 field, a rank indicating the appropriateness of executing the application of the same record is entered. In the example shown in FIG. 4, since the application image processing application has three combinations from the first line to the third line, any one of 1 to 3 is entered in the rank 1128. However, when the environment cannot be used, for example, when the OS stops operating, a symbol indicating that the environment cannot be used, for example, “N / A” is written in rank 1128. The field of rank 1128 is appropriately rewritten by the application movement management unit 1120.
 CPU負荷1129のフィールドには、アプリ移動管理部1120がランク1128を決定する基準の1つであるCPU負荷、すなわちCPU使用率が記入される。空きメモリ1130のフィールドには、アプリ移動管理部1120がランク1128を決定する基準の1つである空きメモリ容量が記入される。なお図4に示す例ではアプリ移動管理部1120がランク1128を決定する基準としてCPU負荷と空きメモリの2つを記載しているが、アプリ移動管理部1120は他の項目を基準としてもよいし、基準の数は2に限定されない。以上がアプリ移動表1121の説明である。 In the field of CPU load 1129, the CPU load, that is, the CPU usage rate, which is one of the criteria by which the application movement management unit 1120 determines the rank 1128, is entered. In the field of the free memory 1130, the free memory capacity that is one of the criteria by which the application movement management unit 1120 determines the rank 1128 is entered. In the example shown in FIG. 4, the CPU movement and the free memory are described as two criteria for the application movement management unit 1120 to determine the rank 1128, but the application movement management unit 1120 may use other items as a reference. The number of standards is not limited to two. The above is the description of the application movement table 1121.
(ランク1128の更新)
 アプリ移動表1121のランク1128の更新は、アプリ移動管理部1120によりたとえば以下のように行われる。アプリ移動管理部1120はランク1128を更新する前に監視部1160からポーリングで得られた情報を取得する。そしてアプリ移動表1121の各レコードについて、選択基準となっているCPU負荷1129の値とそのレコードにおける環境のポーリングで得られた値、および空きメモリ1130の値とそのレコードにおける環境のポーリングで得られた値を比較して評価値を算出する。
(Update of rank 1128)
The rank 1128 of the application movement table 1121 is updated by the application movement management unit 1120 as follows, for example. The application movement management unit 1120 acquires information obtained by polling from the monitoring unit 1160 before updating the rank 1128. Then, for each record in the application movement table 1121, the value of the CPU load 1129 as a selection criterion and the value obtained by polling the environment in that record, and the value of the free memory 1130 and the polling of the environment in that record are obtained. The evaluation value is calculated by comparing the measured values.
 評価値の算出方法は任意であり、CPU負荷が低いほど評価値は高くなり、空きメモリ容量が多いほど評価値は高くなる。評価値はたとえば、CPU負荷により決定される0~50の値と、空きメモリにより決定される0~50の値を合算して0~100の値として算出される。たとえばポーリングで得られた値が各レコードに記載され値と同一であれば、その項目の評価値は25であり、基準値から10%の増減があるたびに評価値を5増減させる。このような算出によりアプリ移動管理部1120は評価値を算出する。 The method for calculating the evaluation value is arbitrary. The lower the CPU load, the higher the evaluation value, and the higher the free memory capacity, the higher the evaluation value. For example, the evaluation value is calculated as a value of 0 to 100 by adding a value of 0 to 50 determined by the CPU load and a value of 0 to 50 determined by the free memory. For example, if the value obtained by polling is the same as the value described in each record, the evaluation value of the item is 25, and the evaluation value is increased or decreased by 5 whenever there is an increase or decrease of 10% from the reference value. By such calculation, the application movement management unit 1120 calculates an evaluation value.
 そしてアプリ移動管理部1120は、管理対象アプリごとに各レコードの評価値を順位付けし、その順位をランク1128のフィールドに記入する。ただし管理対象アプリを実行できないと判断する動作環境、たとえばOSが応答しない環境のレコードには、評価値にかかわらず実行不可を示す記号、たとえば「N/A」を記入する。 Then, the application movement management unit 1120 ranks the evaluation value of each record for each managed application, and enters the rank in the rank 1128 field. However, a symbol indicating that execution is impossible regardless of the evaluation value, for example, “N / A” is entered in an operating environment in which it is determined that the managed application cannot be executed, for example, an environment where the OS does not respond.
(フローチャート)
 図5はマイクロカーネル抽象化部1110の動作を表すフローチャートである。マイクロカーネル抽象化部1110はECU1000に電力が供給されると図5に示す動作を開始し、電源がオフにされるまでその動作を継続する。なお図5では動作終了を示すENDが記載されていないが、ECU1000の電源がオフにされるとマイクロカーネル抽象化部1110は動作を終了する。
(flowchart)
FIG. 5 is a flowchart showing the operation of the microkernel abstraction unit 1110. When power is supplied to ECU 1000, microkernel abstraction unit 1110 starts the operation shown in FIG. 5 and continues that operation until the power is turned off. Although END indicating the end of the operation is not described in FIG. 5, the microkernel abstraction unit 1110 ends the operation when the power of the ECU 1000 is turned off.
 マイクロカーネル抽象化部1110は電源が供給されると、まずS2000ではアプリ移動管理部1120とアプリ移動表1121を初期化する。ただしアプリ移動表1121の初期化とは、全レコードのランク1128のフィールドを空白にする処理である。続くS2001ではマイクロカーネル抽象化部1110は、監視部1160を初期化し、監視部1160によりハードウエア依存マイクロカーネル1170を用いて各CPUが利用可能か否かのポーリングが行われる。なお図5には記載していないが利用可能でないCPUが存在すると判断した場合はエラー処理を行う。以下ではS2001では全CPUが利用可能であったとして説明を続ける。 When the power is supplied, the microkernel abstraction unit 1110 first initializes the application migration management unit 1120 and the application migration table 1121 in S2000. However, the initialization of the application migration table 1121 is a process of blanking the rank 1128 field of all records. In subsequent S2001, the microkernel abstraction unit 1110 initializes the monitoring unit 1160, and the monitoring unit 1160 uses the hardware-dependent microkernel 1170 to poll whether or not each CPU is available. If it is determined that there is an unusable CPU not shown in FIG. 5, error processing is performed. In the following description, it is assumed that all CPUs are available in S2001.
 続くS2003ではマイクロカーネル抽象化部1110は全てのOSとアプリを初期化する。初期化時に各アプリがいずれの環境で実行されるかはあらかじめ定められている。続くS2004では監視部1160がCPU、OS、管理対象アプリを対象としてポーリングを行う。S2005ではマイクロカーネル抽象化部1110は、監視部1160がS2004において取得した情報をアプリ移動管理部1120に送信する。続くS2006ではアプリ移動管理部1120は、アプリ移動表1121の全てのランク1128を前述の手法により更新するとともに、管理対象アプリの異常を検出する。管理対象アプリの異常の検出には前述のように、管理対象アプリが動作しているOSを稼働しているCPUの動作状況、管理対象アプリのメモリ使用量、および管理対象アプリのCPU負荷などが参照される。 In subsequent S2003, the microkernel abstraction unit 1110 initializes all the OSs and applications. In which environment each application is executed at the time of initialization is predetermined. In subsequent S2004, the monitoring unit 1160 performs polling for the CPU, OS, and managed application. In S2005, the microkernel abstraction unit 1110 transmits the information acquired by the monitoring unit 1160 in S2004 to the application movement management unit 1120. In subsequent S2006, the application movement management unit 1120 updates all ranks 1128 of the application movement table 1121 by the above-described method and detects an abnormality of the management target application. As described above, the detection of the abnormality of the managed application includes the operation status of the CPU running the OS on which the managed application is operating, the memory usage of the managed application, and the CPU load of the managed application. Referenced.
 続くS2007ではマイクロカーネル抽象化部1110は、S2006において管理対象アプリの異常を検出したか否かを判断する。マイクロカーネル抽象化部1110は、いずれかの管理対象アプリに異常があると判断する場合はS2009に進み、全ての管理対象アプリに異常がないと判断する場合はS2008に進む。なお以下では、S2006において異常が検出された管理対象アプリを「異常が検出されたアプリ」と呼ぶ。S2008ではマイクロカーネル抽象化部1110は所定時間だけ待機してS2004に戻る。すなわちアプリに異常が検出されない間はマイクロカーネル抽象化部1110は、S2004~S2008の処理を繰り返す。 In subsequent S2007, the microkernel abstraction unit 1110 determines whether an abnormality of the management target application has been detected in S2006. The microkernel abstraction unit 1110 proceeds to S2009 when determining that there is an abnormality in any managed application, and proceeds to S2008 when determining that there is no abnormality in all managed applications. In the following, the management target application in which an abnormality is detected in S2006 is referred to as “an application in which an abnormality is detected”. In S2008, the microkernel abstraction unit 1110 waits for a predetermined time and returns to S2004. That is, while no abnormality is detected in the application, the microkernel abstraction unit 1110 repeats the processes of S2004 to S2008.
 S2007において肯定判定されると実行されるS2009ではマイクロカーネル抽象化部1110は、アプリ移動表1121を読み込む。続くS2010ではマイクロカーネル抽象化部1110は、S2007において異常が検出された管理対象アプリを実行する他の環境、すなわち代替環境が存在するか否かを判断する。マイクロカーネル抽象化部1110は代替環境が存在すると判断する場合はS2011に進み、代替環境が存在しないと判断する場合はS2016に進む。具体的にはマイクロカーネル抽象化部1110は、アプリ移動表1121において異常が検出されたアプリが現在実行されている環境に、ランク1128がN/Aではない環境が存在するか否かを判断する。 In S2009, which is executed when an affirmative determination is made in S2007, the microkernel abstraction unit 1110 reads the application migration table 1121. In subsequent S2010, the microkernel abstraction unit 1110 determines whether there is another environment in which the managed application in which an abnormality is detected in S2007, that is, an alternative environment exists. If the microkernel abstraction unit 1110 determines that an alternative environment exists, the process advances to step S2011. If the microkernel abstraction unit 1110 determines that no alternative environment exists, the process advances to step S2016. Specifically, the microkernel abstraction unit 1110 determines whether or not there is an environment in which the rank 1128 is not N / A in the environment in which the application whose abnormality is detected in the application migration table 1121 is currently being executed. .
 たとえばアプリ移動表1121が図4に示すものであり、画像処理アプリが第1CPU11において実行されており画像処理アプリに異常が検出された場合は、第2CPU12と第3CPU13で実行可能なのでS2010は肯定判断される。また図4に示す例において距離推定アプリが第1CPU11において実行されており、距離推定アプリに異常が検出されて第3CPU13のランクがN/Aであった場合には、他に距離推定アプリを実行可能な環境が存在しないのでS2010では否定判断がされる。 For example, when the application movement table 1121 is as shown in FIG. 4 and the image processing application is executed in the first CPU 11 and an abnormality is detected in the image processing application, the second CPU 12 and the third CPU 13 can execute the determination. Is done. In the example shown in FIG. 4, if the distance estimation application is executed in the first CPU 11 and an abnormality is detected in the distance estimation application and the rank of the third CPU 13 is N / A, another distance estimation application is executed. Since no possible environment exists, a negative determination is made in S2010.
 S2011ではマイクロカーネル抽象化部1110は、異常が検出されたアプリの移動先の環境を決定する。具体的にはマイクロカーネル抽象化部1110は、アプリ移動表1121を参照し、異常が検出されたアプリについて記載しているレコードであって、現在実行されている環境を除くレコードにおいてランク1128が最も小さい値を有する環境を移動先として決定する。たとえばアプリ移動表1121が図4に示すものであり、画像処理アプリが第1CPU11において動作しており異常が検出された場合は、ランク1128が「2」である第3CPU13の環境が選択される。 In S2011, the microkernel abstraction unit 1110 determines the environment of the destination of the application where the abnormality is detected. Specifically, the microkernel abstraction unit 1110 refers to the application movement table 1121 and is a record describing an application in which an abnormality is detected, and rank 1128 is the highest in the record excluding the currently executed environment. An environment having a small value is determined as a destination. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is operating on the first CPU 11 and an abnormality is detected, the environment of the third CPU 13 whose rank 1128 is “2” is selected.
 続くS2012ではマイクロカーネル抽象化部1110は、S2011において特定された環境における、異常が検出されたアプリのプログラムファイルを特定する。具体的にはマイクロカーネル抽象化部1110は、アプリ対応表1150を参照し、異常が検出されたアプリの名称、S2011において特定された環境のCPUタイプからプログラムファイルを特定する。ただしアプリ対応表1150が図2(a)に示すようにOSの種類ごとに異なる場合は、さらにS2011において特定された環境のOSも加味してプログラムファイルを特定する。 In subsequent S2012, the microkernel abstraction unit 1110 identifies the program file of the application in which the abnormality is detected in the environment identified in S2011. Specifically, the microkernel abstraction unit 1110 refers to the application correspondence table 1150, and identifies the program file from the name of the application in which an abnormality has been detected and the CPU type of the environment identified in S2011. However, when the application correspondence table 1150 is different for each type of OS as shown in FIG. 2A, the program file is specified in consideration of the OS in the environment specified in S2011.
 続くS2013ではマイクロカーネル抽象化部1110は、S2011において決定した移動先のOSのメモリ領域に、S2012において特定したプログラムファイルを配置する。続くS2014ではマイクロカーネル抽象化部1110は、S2014において配置したアプリを初期化する。この初期化では必要に応じてタイマなども配置される。たとえばアプリ移動表1121が図4に示すものであり、画像処理アプリを第2CPU12で動作させる場合は、プログラムファイルbin05を初期化するとともにタイマBがbin05に提供される。 In subsequent S2013, the microkernel abstraction unit 1110 places the program file specified in S2012 in the memory area of the migration destination OS determined in S2011. In subsequent S2014, the microkernel abstraction unit 1110 initializes the application arranged in S2014. In this initialization, a timer or the like is also arranged as necessary. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is operated by the second CPU 12, the program file bin05 is initialized and the timer B is provided to the bin05.
 続くS2015では割り込み転送部1140は、移動したアプリケーションにあわせてIRQの転送を行う。たとえばアプリ移動表1121が図4に示すものであり、画像処理アプリが第1CPU11の環境から第2CPU12の環境に移動した場合は、割り込み転送部1140は割り込み対応表1141を次のように書き換える。すなわち割り込み転送部1140は、割り込み対応表1141におけるIRQ1とIRQ4の転送先をO1からO2に書き換える。S2015の処理が完了するとS2008に進む。 In subsequent S2015, the interrupt transfer unit 1140 performs IRQ transfer according to the moved application. For example, when the application movement table 1121 is shown in FIG. 4 and the image processing application is moved from the environment of the first CPU 11 to the environment of the second CPU 12, the interrupt transfer unit 1140 rewrites the interrupt correspondence table 1141 as follows. That is, the interrupt transfer unit 1140 rewrites the transfer destinations of IRQ1 and IRQ4 in the interrupt correspondence table 1141 from O1 to O2. When the process of S2015 is completed, the process proceeds to S2008.
 S2010において否定判断されると実行されるS2016ではマイクロカーネル抽象化部1110は、問題が検出された管理対象アプリに動作停止指令を出力してS2008に進む。なおS2016ではさらにイベントの発生、すなわち管理対象アプリに動作停止指令を出力したことを記録してもよいし、この記録にはECU1000の任意の内部状態、たとえばメモリ20のダンプ情報を加えてもよい。以上がマイクロカーネル抽象化部1110の動作を表すフローチャートの説明である。 In S2016 that is executed when a negative determination is made in S2010, the microkernel abstraction unit 1110 outputs an operation stop command to the management target application in which the problem is detected, and the process proceeds to S2008. In S2016, the occurrence of an event, that is, the output of an operation stop command to the managed application may be recorded, and any internal state of the ECU 1000, for example, dump information of the memory 20 may be added to this record. . The above is the description of the flowchart showing the operation of the microkernel abstraction unit 1110.
 上述した第1の実施の形態によれば、次の作用効果が得られる。
(1)ハイパーバイザ1100は、アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境1200を提供し複数のCPUにより動作する。ハイパーバイザ1100は、複数のOSの稼働状態を監視する監視部1160と、稼働状態に基づき第1のOSにおいて実行されている第1のプログラムファイルにより実現されるアプリケーションに代えて、第2のOSにおいて第1のアプリケーションと同様の機能を有する第2のプログラムファイルにより実現されるアプリケーションを動作させるアプリ移動管理部1120と、を備える。アプリ移動管理部1120は、第2のOSを実行しているCPUの種類に基づき第2のアプリケーションを実現するプログラムファイルを選択する。そのため、異なる種類のCPUを用いる場合でもアプリケーションの移動、すなわちマイグレーションを実現できる。
According to the first embodiment described above, the following operational effects are obtained.
(1) The hypervisor 1100 provides a virtual environment 1200 capable of executing a plurality of operating systems capable of executing applications, and operates by a plurality of CPUs. The hypervisor 1100 replaces an application realized by a monitoring unit 1160 that monitors the operating states of a plurality of OSs and a first program file that is executed in the first OS based on the operating states with a second OS. And an application movement management unit 1120 for operating an application realized by a second program file having the same function as that of the first application. The application movement management unit 1120 selects a program file that implements the second application based on the type of CPU that is executing the second OS. Therefore, even when different types of CPUs are used, application migration, that is, migration can be realized.
(2)ハイパーバイザ1100は、実現される機能、CPUの種類、およびプログラムファイルの対応関係を示すアプリ対応表1150を有する。アプリ移動管理部1120は、アプリ対応表1150を参照して第2のアプリケーションを実現するプログラムファイルを選択する。そのためハイパーバイザ1100は、マイグレーション先の環境にあわせた適切なプログラムファイルを選択できる。 (2) The hypervisor 1100 has an application correspondence table 1150 indicating the correspondence between realized functions, CPU types, and program files. The application movement management unit 1120 refers to the application correspondence table 1150 and selects a program file that realizes the second application. Therefore, the hypervisor 1100 can select an appropriate program file suitable for the migration destination environment.
(3)アプリ対応表1150におけるCPUのタイプは、少なくともCPUの命令セット、およびレジスタ構成に基づいて分類される。CPUの命令セットおよびレジスタ構成が同一であれば同一のプログラムファイルが使用できる傾向にあるからである。 (3) The CPU type in the application correspondence table 1150 is classified based on at least the CPU instruction set and the register configuration. This is because if the CPU instruction set and register configuration are the same, the same program file tends to be used.
(4)ハイパーバイザ1100は、割り込み要求の番号とOSの対応関係を示す割り込み対応表1141を有する。ハイパーバイザ1100は、割り込み転送部1140を備える。割り込み転送部1140は、割り込み対応表1141に基づきOSに対応するIRQ番号の割り込み要求を転送する。また割り込み転送部1140は、アプリ移動管理部1120が第2のアプリケーションを動作させると、図3(a)から図3(b)へ変化させたように割り込み対応表1141における第1のOSを第2のOSに書き換える。そのためマイグレーションの実行とともにIRQを転送できる。 (4) The hypervisor 1100 has an interrupt correspondence table 1141 indicating the correspondence between interrupt request numbers and OSs. The hypervisor 1100 includes an interrupt transfer unit 1140. The interrupt transfer unit 1140 transfers an interrupt request having an IRQ number corresponding to the OS based on the interrupt correspondence table 1141. Further, when the application movement management unit 1120 operates the second application, the interrupt transfer unit 1140 sets the first OS in the interrupt correspondence table 1141 to the first one as changed from FIG. 3A to FIG. 3B. Rewrite to OS 2 Therefore, the IRQ can be transferred together with the execution of migration.
(5)アプリ移動管理部1120は、第1のOSの動作が停止している場合、または第1のアプリケーションの動作に異常がある場合に、第1のOSにおいて実行されている第1のアプリケーションに代えて、第2のOSにおいて第2のアプリケーションを動作させる。そのためOSの停止を契機としてマイグレーションを実行できる。 (5) The application movement management unit 1120 displays the first application that is executed in the first OS when the operation of the first OS is stopped or when the operation of the first application is abnormal. Instead, the second application is operated in the second OS. Therefore, migration can be executed when the OS stops.
(変形例1)
 上述した第1の実施の形態において、アプリ移動表1121の移行要件1127にプログラムファイルの名称が記載されていなくてもよい。上述した実施の形態では、ハイパーバイザ1100はアプリ対応表1150を有し、アプリ対応表1150を参照してプログラムファイルを選択するからである。
(Modification 1)
In the first embodiment described above, the program file name may not be described in the migration requirement 1127 of the application migration table 1121. This is because, in the embodiment described above, the hypervisor 1100 has the application correspondence table 1150 and selects a program file with reference to the application correspondence table 1150.
(変形例2)
 ハイパーバイザ1100はアプリ対応表1150を備えず、アプリ移動表1121の移行要件1127を参照することで移行先のOSで実行するプログラムファイルを特定してもよい。
(Modification 2)
The hypervisor 1100 may not include the application correspondence table 1150, and may identify a program file to be executed by the migration destination OS by referring to the migration requirement 1127 of the application migration table 1121.
(変形例3)
 ハイパーバイザ1100を実現するプログラムファイルは、記録媒体やデータ通信を通じてECU1000に提供されてもよい。
(Modification 3)
A program file for realizing the hypervisor 1100 may be provided to the ECU 1000 through a recording medium or data communication.
 図6は、上述したハイパーバイザ1100を実現するプログラムファイルを、記録媒体やデータ信号を通じてECU1000に提供する様子を示す図である。ECU1000は、車両に搭載されるものであり、各種プログラムを実行可能なプロセッサを有する。ECU1000は、入力装置300を介してCD-ROM304を読み込み、ハイパーバイザ1100を実現するためのプログラムファイルの情報の提供を受ける。このプログラムファイルをECU1000のプロセッサで実行することにより、ハイパーバイザ1100が実現される。 FIG. 6 is a diagram showing how the program file for realizing the hypervisor 1100 described above is provided to the ECU 1000 through a recording medium and a data signal. ECU 1000 is mounted on the vehicle and has a processor that can execute various programs. ECU 1000 reads CD-ROM 304 via input device 300 and receives provision of program file information for realizing hypervisor 1100. By executing this program file by the processor of the ECU 1000, the hypervisor 1100 is realized.
 また、入力装置300は通信回線301との接続機能を有する。コンピュータ302は上記のプログラムファイル等の情報を提供するサーバーコンピュータであり、ハードディスク303などの記録媒体に情報を格納する。通信回線301は、インターネット、パソコン通信などの通信回線、あるいは専用通信回線などである。コンピュータ302はハードディスク303を使用してプログラムファイル等の情報を読み出し、通信回線301を介して入力装置300に送信する。 Further, the input device 300 has a connection function with the communication line 301. A computer 302 is a server computer that provides information such as the above program file, and stores the information in a recording medium such as a hard disk 303. The communication line 301 is a communication line such as the Internet or personal computer communication, or a dedicated communication line. The computer 302 reads information such as a program file using the hard disk 303 and transmits it to the input device 300 via the communication line 301.
 すなわち、プログラムをデータ信号として搬送波を介して、通信回線301を介して送信する。そして入力装置300がECU1000に受信した信号を伝達する。このように、ハイパーバイザ1100を実現させるためのプログラムは、記録媒体やデータ信号(搬送波)などの種々の形態のコンピュータ読み込み可能なコンピュータプログラム製品として供給できる。 That is, the program is transmitted as a data signal via the carrier wave and via the communication line 301. Then, the input device 300 transmits the received signal to the ECU 1000. As described above, the program for realizing the hypervisor 1100 can be supplied as a computer-readable computer program product in various forms such as a recording medium and a data signal (carrier wave).
 上述した各実施の形態および変形例は、それぞれ組み合わせてもよい。上記では、種々の実施の形態および変形例を説明したが、本発明はこれらの内容に限定されるものではない。本発明の技術的思想の範囲内で考えられるその他の態様も本発明の範囲内に含まれる。 The embodiments and modifications described above may be combined. Although various embodiments and modifications have been described above, the present invention is not limited to these contents. Other embodiments conceivable within the scope of the technical idea of the present invention are also included in the scope of the present invention.
 次の優先権基礎出願の開示内容は引用文としてここに組み込まれる。
 日本国特許出願2018-21377(2018年2月8日出願)
The disclosure of the following priority application is hereby incorporated by reference.
Japanese patent application 2018-21377 (filed February 8, 2018)
1100…ハイパーバイザ
1110…マイクロカーネル抽象化部
1120…アプリ移動管理部
1121…アプリ移動表
1128…ランク
1160…監視部
1140…割り込み転送部
1141…割り込み対応表
1150…アプリ対応表
1200…仮想環境
DESCRIPTION OF SYMBOLS 1100 ... Hypervisor 1110 ... Micro kernel abstraction part 1120 ... Application movement management part 1121 ... Application movement table 1128 ... Rank 1160 ... Monitoring part 1140 ... Interrupt transfer part 1141 ... Interrupt correspondence table 1150 ... Application correspondence table 1200 ... Virtual environment

Claims (7)

  1.  アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザを記録したコンピュータプログラム製品であって、
     前記ハイパーバイザは、
     前記複数のオペレーティングシステムの稼働状態を監視する監視部と、
     前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、を備え、
     前記移動管理部は、前記第2のオペレーティングシステムを実行しているCPUの種類に基づき前記第2のアプリケーションを実現するプログラムファイルを選択する、コンピュータプログラム製品。
    A computer program product that provides a virtual environment capable of executing a plurality of operating systems capable of executing applications and records a hypervisor operated by a plurality of CPUs,
    The hypervisor is
    A monitoring unit that monitors operating states of the plurality of operating systems;
    Movement for operating a second application having the same function as the first application in the second operating system instead of the first application being executed in the first operating system based on the operating state A management department,
    The mobility management unit is a computer program product that selects a program file that realizes the second application based on a type of CPU that is executing the second operating system.
  2.  請求項1に記載のコンピュータプログラム製品であって、
     前記ハイパーバイザは、実現される機能、CPUの種類、およびプログラムファイルの対応関係を示すプログラム対応情報を有し、
     前記移動管理部は、前記プログラム対応情報を参照して前記第2のアプリケーションを実現するプログラムファイルを選択するコンピュータプログラム製品。
    A computer program product according to claim 1, comprising:
    The hypervisor has program correspondence information indicating the correspondence between realized functions, CPU types, and program files,
    The mobility management unit is a computer program product that selects a program file that realizes the second application with reference to the program correspondence information.
  3.  請求項2に記載のコンピュータプログラム製品であって、
     前記プログラム対応情報における前記CPUの種類は、少なくともCPUの命令セット、およびレジスタ構成に基づいて分類されるコンピュータプログラム製品。
    A computer program product according to claim 2, comprising:
    A computer program product in which the CPU type in the program correspondence information is classified based on at least a CPU instruction set and a register configuration.
  4.  請求項1に記載のコンピュータプログラム製品であって、
     前記ハイパーバイザは、割り込み要求の番号と前記オペレーティングシステムの対応関係を示す割り込み対応情報を有し、
     前記ハイパーバイザは、前記割り込み対応情報に基づき前記オペレーティングシステムに対応する番号の前記割り込み要求を転送し、前記移動管理部が前記第2のアプリケーションを動作させると前記割り込み対応情報における前記第1のオペレーティングシステムを前記第2のオペレーティングシステムに書き換える割り込み転送部をさらに備えるコンピュータプログラム製品。
    A computer program product according to claim 1, comprising:
    The hypervisor has interrupt correspondence information indicating a correspondence relationship between an interrupt request number and the operating system,
    The hypervisor transfers the interrupt request having a number corresponding to the operating system based on the interrupt handling information, and when the movement management unit operates the second application, the first operating system in the interrupt handling information A computer program product further comprising an interrupt transfer unit for rewriting a system to the second operating system.
  5.  請求項1に記載のコンピュータプログラム製品であって、
     前記移動管理部は、前記第1のオペレーティングシステムの動作が停止している場合、または前記第1のアプリケーションの動作に異常がある場合に、前記第1のオペレーティングシステムにおいて実行されている前記第1のアプリケーションに代えて、前記第2のオペレーティングシステムにおいて前記第2のアプリケーションを動作させるコンピュータプログラム製品。
    A computer program product according to claim 1, comprising:
    The movement management unit is configured to execute the first operating system when the operation of the first operating system is stopped or when the operation of the first application is abnormal. A computer program product for operating the second application in the second operating system instead of the application.
  6.  アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザを記録したコンピュータプログラム製品であって、
     前記ハイパーバイザは、
     前記複数のオペレーティングシステムの稼働状態を監視する監視部と、
     前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、
     割り込み要求の番号と前記オペレーティングシステムの対応関係を示す割り込み対応情報と、
     前記割り込み対応情報に基づき前記オペレーティングシステムに対応する番号の前記割り込み要求を転送し、前記移動管理部が前記第2のアプリケーションを動作させると前記割り込み対応情報における前記第1のオペレーティングシステムを前記第2のオペレーティングシステムに書き換える割り込み転送部とを備えるコンピュータプログラム製品。
    A computer program product that provides a virtual environment capable of executing a plurality of operating systems capable of executing applications and records a hypervisor operated by a plurality of CPUs,
    The hypervisor is
    A monitoring unit that monitors operating states of the plurality of operating systems;
    Movement for operating a second application having the same function as the first application in the second operating system instead of the first application being executed in the first operating system based on the operating state The management department,
    Interrupt correspondence information indicating the correspondence between the interrupt request number and the operating system,
    The interrupt request having a number corresponding to the operating system is transferred based on the interrupt handling information, and when the movement management unit operates the second application, the first operating system in the interrupt handling information is changed to the second operating system. A computer program product comprising an interrupt transfer unit for rewriting the operating system.
  7.  アプリケーションを実行可能な複数のオペレーティングシステムを実行可能な仮想環境を提供し複数のCPUにより動作するハイパーバイザを備える演算装置であって、
     前記ハイパーバイザは、
     前記複数のオペレーティングシステムの稼働状態を監視する監視部と、
     前記稼働状態に基づき第1の前記オペレーティングシステムにおいて実行されている第1のアプリケーションに代えて、第2の前記オペレーティングシステムにおいて前記第1のアプリケーションと同様の機能を有する第2のアプリケーションを動作させる移動管理部と、を備え、
     前記移動管理部は、前記第2のオペレーティングシステムを実行しているCPUの種類に基づき前記第2のアプリケーションを実現するプログラムファイルを選択する演算装置。
    A computing device comprising a hypervisor that provides a virtual environment capable of executing a plurality of operating systems capable of executing applications and operates by a plurality of CPUs,
    The hypervisor is
    A monitoring unit that monitors operating states of the plurality of operating systems;
    Movement for operating a second application having the same function as the first application in the second operating system instead of the first application being executed in the first operating system based on the operating state A management department,
    The movement management unit is an arithmetic device that selects a program file that realizes the second application based on a type of CPU that is executing the second operating system.
PCT/JP2019/003223 2018-02-08 2019-01-30 Computer program product and computation device WO2019155966A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE112019000308.9T DE112019000308T5 (en) 2018-02-08 2019-01-30 Computer program product and computing unit

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018021377A JP6814756B2 (en) 2018-02-08 2018-02-08 Hypervisor, arithmetic unit
JP2018-021377 2018-02-08

Publications (1)

Publication Number Publication Date
WO2019155966A1 true WO2019155966A1 (en) 2019-08-15

Family

ID=67549542

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/003223 WO2019155966A1 (en) 2018-02-08 2019-01-30 Computer program product and computation device

Country Status (3)

Country Link
JP (1) JP6814756B2 (en)
DE (1) DE112019000308T5 (en)
WO (1) WO2019155966A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475342A (en) * 2020-04-15 2020-07-31 广州三星通信技术研究有限公司 Application switching method and application switching device for electronic terminal
CN112579249A (en) * 2019-09-30 2021-03-30 奇安信安全技术(珠海)有限公司 Multi-CPU virtual machine operation method and device, storage medium and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006099331A (en) * 2004-09-29 2006-04-13 Sony Corp Information processor, method for controlling interrupt, and computer program
JP2013073542A (en) * 2011-09-29 2013-04-22 Fixstars Corp Program processor, program processing method and program
US20150058486A1 (en) * 2013-08-21 2015-02-26 Cisco Technology, Inc. Instantiating incompatible virtual compute requests in a heterogeneous cloud environment
WO2015132942A1 (en) * 2014-03-07 2015-09-11 株式会社日立製作所 Computer
JP2017128308A (en) * 2016-01-22 2017-07-27 株式会社デンソー Control system for vehicle

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006099331A (en) * 2004-09-29 2006-04-13 Sony Corp Information processor, method for controlling interrupt, and computer program
JP2013073542A (en) * 2011-09-29 2013-04-22 Fixstars Corp Program processor, program processing method and program
US20150058486A1 (en) * 2013-08-21 2015-02-26 Cisco Technology, Inc. Instantiating incompatible virtual compute requests in a heterogeneous cloud environment
WO2015132942A1 (en) * 2014-03-07 2015-09-11 株式会社日立製作所 Computer
JP2017128308A (en) * 2016-01-22 2017-07-27 株式会社デンソー Control system for vehicle

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112579249A (en) * 2019-09-30 2021-03-30 奇安信安全技术(珠海)有限公司 Multi-CPU virtual machine operation method and device, storage medium and computer equipment
CN111475342A (en) * 2020-04-15 2020-07-31 广州三星通信技术研究有限公司 Application switching method and application switching device for electronic terminal
CN111475342B (en) * 2020-04-15 2024-04-23 广州三星通信技术研究有限公司 Application switching method and application switching device for electronic terminal

Also Published As

Publication number Publication date
DE112019000308T5 (en) 2020-10-15
JP6814756B2 (en) 2021-01-20
JP2019139453A (en) 2019-08-22

Similar Documents

Publication Publication Date Title
US10705965B2 (en) Metadata loading in storage systems
EP3519933B1 (en) Virtualizing non-volatile storage at a peripheral device
US10061713B2 (en) Associating cache memory with a work process
WO2019155966A1 (en) Computer program product and computation device
US20180267902A1 (en) Dynamic tier remapping of data stored in a hybrid storage system
EP3382540B1 (en) Interrupt based on a last interrupt request indicator and a work acknowledgement
WO2015145598A1 (en) Data distribution device for parallel operation processing system, data distribution method, and data distribution program
US9606827B2 (en) Sharing memory between guests by adapting a base address register to translate pointers to share a memory region upon requesting for functions of another guest
CN111190548A (en) SPDK-based ceph distributed storage performance improving method, device and equipment
CN115964001A (en) Data caching method, system and device
US11385927B2 (en) Interrupt servicing in userspace
US9612860B2 (en) Sharing memory between guests by adapting a base address register to translate pointers to share a memory region upon requesting for functions of another guest
CN113986621B (en) Method, device and equipment for optimizing data backup performance and storage medium
CN114398300B (en) Method, integrated circuit, and computer-readable storage medium
US9940037B1 (en) Multi-tier storage environment with burst buffer middleware appliance for batch messaging
KR20190109638A (en) Method for scheduling task in big data analysis platform based on distributed file system, program and computer readable storage medium therefor
KR20180124692A (en) Method for processing task in respect to distributed file system
TWI452468B (en) Method for sharing memory of virtual machine and computer system using the same
CN110554902B (en) Semiconductor device for providing virtualization technology
EP3374882B1 (en) File system with distributed entity state
CN118034958B (en) Task state notification system and method for multi-process scene
JP2010152513A (en) Hybrid system, interrupt control unit and interrupt control method
US11645200B2 (en) Reducing load balancing work stealing
US10359941B1 (en) Multi-tier data storage using burst buffer appliance for workload transformation based on performance characteristics of at least one tier
CN114489848B (en) Task unloading method based on computable storage architecture and computable storage system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19751914

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 19751914

Country of ref document: EP

Kind code of ref document: A1