Trustworthy Systems

Scheduling-context capabilities: A principled, light-weight OS mechanism for managing time


Anna Lyons, Kent Mcleod, Hesham Almatary and Gernot Heiser


UNSW Sydney


Mixed-criticality systems (MCS) combine real-time components of different levels of criticality -- i.e. severity of failure -- on the same processor, in order to obtain good resource utilisation. They must be able to guarantee deadlines of highly-critical threads without any dependence on less-critical threads. This requires strong temporal isolation, similar to the spatial isolation that is traditionally provided by operating systems, without unnecessary loss of processor utilisation. We present a model that uses *scheduling contexts* as first-class objects to represent time, and integrates seamlessly with the capability-based protection model of the seL4 microkernel. We show that the model comes with minimal overhead, and supports implementation of arbitrary scheduling policies as well as criticality switches at user level.

BibTeX Entry

    address          = {Porto, Portugal},
    author           = {Lyons, Anna and McLeod, Kent and Almatary, Hesham and Heiser, Gernot},
    booktitle        = {EuroSys Conference},
    date             = {2018-4-23},
    month            = apr,
    numpages         = {14},
    paperurl         = {},
    publisher        = {ACM},
    title            = {Scheduling-Context Capabilities: {A} Principled, Light-Weight {OS} Mechanism for Managing Time},
    year             = {2018}