Overview of Quest & Quest-V

“Time as a first-class resource.”

Quest

Quest is a relatively small real-time operating system (RTOS). It works on both uni- and multicore processors, and supports various operating modes depending on the underlying hardware features. It can be configured as either a lightweight SMP system (having a single memory image running on multiple cores), a scalable multikernel (running multiple instances of the OS on separate cores, thereby reducing cross-core contention), or as a secure separation kernel (a.k.a. partitioning hypervisor, called Quest-V, operating as a distributed system on a chip). In the latter case, hardware virtualization is used to “sandbox”, or isolate subsets of hardware resources (i.e., memory regions, CPU cores, and I/O devices) amongst different software components. In this way, the system can be made more secure and robust, in the presence of faults from both errant or malicious code.

The system features a novel real-time scheduling framework, where all control flows (including those triggered by interrupts) are associated with threads mapped to priority-aware and resource accountable virtual CPUs (VCPUs). This enables Quest to support both spatial and temporal partitioning of resources. When operating as a distributed system on a chip, in multi-/separation kernel mode, online fault detection and recovery mechanisms can be employed to maintain system availability.

Selected Publications

  • Matthew Danish, Ye Li and Richard West, “Virtual-CPU Scheduling in the Quest Operating System”, in Proceedings of the 17th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2011 [pdf] [DOI]
  • Ying Ye, Richard West, Jingyi Zhang and Zhuoqun Cheng, “MARACAS: A Real-Time Multicore VCPU Scheduling Framework”, in Proceedings of the 37th IEEE Real-Time Systems Symposium (RTSS), 2016 [pdf] [DOI]
  • Richard West, Ahmad Golchin and Anton Njavro, “Real-time USB Networking and Device I/O”, ACM Transactions on Embedded Computing Systems (ACM TECS), Volume 22, Issue 4, Article No. 67, 2023 [pdf] [DOI]
  • Zhiyuan Ruan and Richard West, “USB Interrupt Differentiated Service for Bandwidth and Delay-Constrained Input/Output”, in Proceedings of the 30th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2024 [pdf] [DOI]

 

Quest-V

Quest can be configured to run as a virtualized multikernel, taking direct advantage of hardware virtualization features to form a collection of separate kernels operating together as a distributed system on a chip. A Quest-V multikernel is designed for high-confidence real-time systems, requiring operation in the presence of software faults. Quest-V uses virtualization techniques to isolate kernels and prevent local faults from affecting remote kernels. A virtual machine monitor for each kernel keeps track of extended page table mappings that control immutable memory access capabilities.

In Quest-V, device interrupts are delivered directly to a kernel, rather than via a monitor that determines the destination. Apart from bootstrapping each kernel, handling faults and managing extended page tables, the monitors are mostly not needed. In special cases, they may be required to setup communication channels by manipulating extended page table mappings across sandboxes, or to assist in migrating address spaces, but otherwise, each sandbox kernel operates without requiring frequent guest/monitor (VM-Exit and Entry) transitions.

The Quest-V approach differs from conventional virtual machine systems in which a central monitor, or hypervisor, is responsible for scheduling and management of host resources amongst a set of guest kernels. In Quest-V, each sandbox schedules threads onto time-budgeted virtual CPUs (VCPUs), which in turn are mapped onto physical cores. The whole approach is one that provides space-time partitioning of machine physical resources between and within sandboxes.

Selected Publications

  • Richard West, Ye Li, Eric Missimer and Matthew Danish, “A Virtualized Separation Kernel for Mixed Criticality Systems”, in ACM Transactions on Computer Systems (ACM TOCS), Volume 34, Issue 3, Article 8, June 2016 [pdf] [DOI]
  • Ahmad Golchin, Soham Sinha and Richard West, “Boomerang: Real-Time I/O Meets Legacy Systems”, in Proceedings of the 26th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2020 [pdf] [DOI]
  • Soham Sinha and Richard West, Towards an Integrated Vehicle Management System in DriveOS”, in Proceedings of the ACM SIGBED International Conference on Embedded Software (EMSOFT), 2021. Published in ACM Transactions on Embedded Computing Systems (TECS), Volume 20, Issue 5s, Article 82, October 2021 (Nominated for Best Paper Award at EMSOFT) [pdf] [DOI]
  • Ahmad Golchin and Richard West, “Jumpstart: Fast Critical Service Resumption for a Partitioning Hypervisor in Embedded Systems, in Proceedings of the 28th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2022 [pdf] [DOI]
  • Anam Farrukh and Richard West, “JuMP2start: Time-aware Stop-Start Technology for a Software-Defined Vehicle System”, in Proceedings of the 36th Euromicro Conference on Real-Time Systems (ECRTS), 2024 [pdf] [DOI]