[CFP] Real-Time Summit 2019 Call for Presentations

The Real-Time Summit is organized by the Linux Foundation Real-Time Linux (RTL) collaborative project. The event is intended to gather developers and users of Linux as a Real-Time Operating System. The main intent is to provide room for discussion between developers, tooling experts, and users.

The summit will take place alongside the Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France. The summit is planned the day after the main conference, Thursday, October 31st, 2019, from 8:00 to 17:00 at the conference venue. If you are already considering your travel arrangements for the Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France, and you have a general interest in this topic, please extend your travel by one day to be in Lyon on Thursday, 31st.

If you are interested to present, please submit a proposal [1] before September 14th, 2019, at 23:59 EST. Please provide a title, an abstract describing the proposed talk (900 characters maximum), a short biography (900 characters maximum), and describe the targeted audience (900 characters maximum). Please indicate the slot length you are aiming for: The format is a single track with presentation slots of 30, 45 or 60 minutes long. Considering that the presentation should use at most half of the slot time, leaving the rest of the slot reserved for discussion. The focus of this event is the discussion.

We are welcoming presentations from both end-users and developers, on topics covering, but not limited to:

  • Real-time Linux development
  • Real-time Linux evaluation
  • Real-time Linux use cases (Success and failures)
  • Real-time Linux tooling (tracing, configuration, …)
  • Real-time Linux academic work, already presented or under development, for direct feedback from practitioners community.

Those can cover recently available technologies, ongoing work, and new ideas.

Important Notes for Speakers:

  • All speakers are required to adhere to the Linux Foundation events’ Code of Conduct. We also highly recommend that speakers take the Linux Foundation online Inclusive Speaker Orientation Course.
  • Avoid sales or marketing pitches and discussing unlicensed or potentially closed-source technologies when preparing your proposal; these talks are almost always rejected due to the fact that they take away from the integrity of our events, and are rarely well-received by conference attendees.
  • All accepted speakers are required to submit their slides prior to the event.

Submission must be received by 11:59 pm PST on September 14th, 2019

[1] Submission page: https://forms.gle/yQeqyrtJYezM5VRJA

Important Dates:

  • CFP Close: Saturday, September 14th, 2019, 11:59PM PST
  • Speaker notification: September 21st, 2019
  • Conference: Thursday, October 31st, 2019

Questions on submitting a proposal? Email Daniel Bristot de Oliveira <bristot@redhat.com>

Paper accepted at SEFM 2019

I had the paper “Efficient Formal Verification for the Linux Kernel” at the 17th International Conference on Software Engineering and Formal Methods (SEFM 2019).

It has the following abstract:

Formal verification of the Linux kernel has been receiving increasing attention in recent years, with the development of many models, from memory subsystems to the synchronization primitives of the real-time kernel. The effort in developing formal verification methods is justified considering the large code-base, the complexity in synchronization required in a monolithic kernel and the support for multiple architectures, along with the usage of Linux on critical systems, from high-frequency trading to self-driven cars. Despite recent developments in the area, none of the proposed approaches are suitable and flexible enough to be applied in an efficient way to a running kernel. Aiming to fill such a gap, this paper proposes a formal verification approach for the Linux kernel, based on automata models. It presents a method to auto-generate verification code from an automaton, which can be integrated into a module and dynamically added into the kernel for efficient on-the-fly verification of the system, using in-kernel tracing features. Finally, a set of experiments demonstrate verification of three models, along with performance analysis of the impact of the verification, in terms of latency and throughput of the system, showing the efficiency of the approach.

Sincerely, this is the paper I most enjoyed writing. It has a very easy reading and good practical results. But the best thing is that, by having my approach recognized by the formal methods community, I feel more conformable about using the word “formal“, which is a very strong word. This is one of the cherries of my Ph.D. Now it is time to work in the second cherry…. and that we are done.

I am also curious to attend the conference, the list of paper is very interesting, and I need to deeper my knowledge in the area.

Real-time Micro-conference accepted at the Linux Plumbers Conference 2019

From the announcement:

We are pleased to announce that the Real-Time Microconference has been
accepted into the 2019 Linux Plumbers Conference! The PREEMPT_RT patch
set (aka “The Real-Time Patch”) was created in 2004 in the effort to
make Linux into a hard real-time designed operating system. Over the
years much of the RT patch has made it into mainline Linux, which
includes: mutexes, lockdep, high-resolution timers, Ftrace,
RCU_PREEMPT, priority inheritance, threaded interrupts and much more.
There’s just a little left to get RT fully into mainline, and the light
at the end of the tunnel is finally in view. It is expected that the RT
patch will be in mainline within a year, which changes the topics of
discussion. Once it is in Linus’s tree, a whole new set of issues must
be handled. The focus on this year’s Plumbers events will include:

 – Real-time containers
 – Rework of softirqs (Requirement for the PREEMPT-RT merge)  [2]
 – An in-kernel view of latency [1]
 – Improvements in the locking determinism [4]
 – Advances in the RCU for reducing the per-cpu workload
 – The effects of BPF in the kernel latency
 – Core scheduling and Real-time schedulers [5]
 – Maintaining the RT stable trees [3]
 – New tools to test RT kernels [6]
 – New bootup self-tests
 – New types of failures that lockdep can detect after RT is merged

Come and join us in the discussion of making the LWN prediction of RT
coming into mainline “this year” a reality!
We hope to see you there[7]!
LPC[8] will be held in Lisbon, Portugal from Monday, September 9
through Wednesday, September 11.

[1]  Continuation of last year’s “New metrics for the PREEMPT RT”
discussion: 
http://bristot.me/wp-content/uploads/2018/11/new_metrics_for_the_rt.pdf
[2] 
https://lore.kernel.org/lkml/20190228171242.32144-1-frederic@kernel.org/
[3] 
https://wiki.linuxfoundation.org/realtime/preempt_rt_versions
[4] 
https://lwn.net/Articles/767953/ & continuation of last year’s
“SCHED_DEADLINE desiderata and slightly crazy ideas.”
[5] 
https://lwn.net/Articles/780703/
[6] Continuation of last year’s discussion: “How can we catch problems that can break the PREEMPT_RT preemption model?”
http://bristot.me/wp-content/uploads/2018/11/model_checker.pdf
[7] 
https://www.linuxplumbersconf.org/event/4/page/34-accepted-microconferences#realtime
[8] 
https://linuxplumbersconf.org

Kernel Recipes 2019 Talk!

I was invited to give a talk a the Kernel Recipes Conference in Paris. So, I decided to talk about formal modeling, but in an easy way. Here is the description of the talk. I hope people enjoy it.

Formal modeling made easy

Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on.
But the term “formal model” causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.

Believe me. Modeling can be more practical than you might guess!

This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!

Real-time micro-conference proposal for Linux Plumbers 2019

Last year we had a very fun and productive real-time micro-conference at the Linux Plumbers Conference, so the idea is to repeat it this year!

Are you interested in participating? Do you have any suggestion of topic? Let us know!

This is the current proposal of micro-conference, we can still edit it and add your thoughts.

Proposal

Since 2004 a project has improved the Real-time and low-latency features for Linux. This project has become know as PREEMPT_RT, formally the real-time patch. Over the past decade, many parts of the PREEMPT RT became part of the official Linux code base. Examples of what came from PREEMPT_RT include: Real-time mutexes, high-resolution timers, lockdep, ftrace, RT scheduling, SCHED_DEADLINE, RCU_PREEMPT, generic interrupts, priority inheritance futexes, threaded interrupt handlers and more. The number of patches that needs integration has been reduced on the last years, and the pieces left are now mature enough to make its way into mainline Linux. This year could possibly be the year PREEMPT_RT is merged ™!

In the final lap of this race, the last patches are on the way to be merged, but there are still some pieces missing. When the merge occurs, the preempt-rt will start to follow a new pace: the Linus one. So, it is possible to raise the following discussions:

  1.  The status of the merge, and how can we resolve the last issues that block the merge;
  2. How can we improve the testing of the -rt, to follow the problems raised as Linus tree advances;
  3. What’s next?

Possible topics:

  • Status of the PREEMPT_RT Merge
  • Merge – what is missing and who can help?
  • How do we teach the rest of the kernel developers how not to break PREEMPT_RT?
  • Stable maintainers tools discussion & improvements.
  • Interrupt threads are RT and are not protected by the RT Throttling. How can we prevent interrupt thread starvation from a rogue RT task?
  • Improvements on full CPU isolation
  • Newer methods like proxy execution, hierarchical scheduler?
  • What tools can we add into tools/ that other kernel developers can use to test and learn about PREEMMPT_RT?
  • What tests can we add into tools/testing/selftests?
  • New tools for timing regression test, e.g. locking, overheads…
  • What kernel boot self-tests can be added?
  • Discuss various types of failures that can happen with PREEMPT_RT that normally would not happen in the vanilla kernel, e.g, with lockdep, preemption model.

I will suggest the continuation of the discussions of the topics I presented last year, based in the results of the work I did this year (spoiler: I am doing model verification in the kernel, and it is very efficient!).

Paul already told that he could talk about ongoing work to make RCU’s forward progress be more robust in overloaded cloud deployments. There will be some connection to real-time response involving rcu_poll and the infamous RCU kthread priority!

The continuation of the discussion of topics from last year’s micro-conference, including the development done during this (almost) year, are also welcome!

Early context tracking patch set: fixing perf & ftrace losing events

Some time ago, while using perf to check the automaton model, I noticed that perf was losing events. The same was reproducible with ftrace.

Steve pointed to a problem in the identification of the context execution used by the recursion control.

Currently, recursion control uses the preempt_counter to identify the current context. The NMI/HARD/SOFT IRQ counters are set in the preempt_counter in the irq_enter/exit functions.

In a trace, they are set like this:

 0)   ==========> |
 0)               |  do_IRQ() {		/* First C function */
 0)               |    irq_enter() {
 0)               |      		/* set the IRQ context. */
 0)   1.081 us    |    }
 0)               |    handle_irq() {
 0)               |     		/* IRQ handling code */
 0) + 10.290 us   |    }
 0)               |    irq_exit() {
 0)               |      		/* unset the IRQ context. */
 0)   6.657 us    |    }
 0) + 18.995 us   |  }
 0)   <========== |

As one can see, functions (and events) that take place before the set and after unset the preempt_counter are identified in the wrong context, causing the miss interpretation that recursion is taking place. When this happens, events are dropped.

To resolve this problem, the set/unset of the IRQ/NMI context needs to be done before the execution of the first C execution, and after its return. By doing so, and using this method to identify the context in the trace recursion protection, no more events are lost.

A possible solution is to use a per-cpu variable set and unset in the entry point of NMI/IRQs, before calling the C handler.

This possible solution is presented in this patch series as a proof of concept, for x86_64. Let’s see what kind of comments we will receive!

New tracepoints for External IRQ and NMIs

The irq_vectors class of tracepoints adds two events for each interrupt: One at the entry and one at the return of each interrupt handler. They are very useful in the analysis of latency, as they point to the occurrence of an interrupt, and how long did it take to run.

However, there are two cases of interrupt which these tracepoints were not present: NMIs and regular device interrupt. So I suggested two new tracepoints, for these cases.

The output of these new tracepoints looks like this:

 idle-0     [000] d.h.   102.890935: external_interrupt_entry: vector=35
 idle-0     [000] d.h.   102.890960: external_interrupt_exit: vector=35
 idle-0     [000] d.Z.   179.594315: nmi_entry: vector=2
 idle-0     [000] d.Z.   179.594396: nmi_exit: vector=2

The discussion of the patch set can be found here:

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1969152.html

V5: x86/jump_label: Bound IPIs sent when updating a static key

Today I’ve sent the v5 of the x86/jump_label: Bound IPIs sent when updating a static key patch set. The list of changes from the previous version is:

  • Renamed jump_label_can_update_check() to jump_label_can_update() (Borislav Petkov)
  • Switch jump_label_can_update() return values to bool (Borislav Petkov)
  • Accept the fact that some lines will be > 80 characters (Borislav Petkov)
  • Local variables are now in the inverted Christmas three order (Borislav Petkov)
  • Removed superfluous helpers. (Borislav Petkov)
  • Renamed text_to_poke to text_patch_loc, and handler to detour (Borislav Petkov & Steven Rostedt)
  • Re-applied the suggestion of not using BUG() from steven (Masami Hiramatsu)
  • arch_jump_label_transform_queue() now returns 0 on success and
    -ENOSPC/EINVAL on errors (Masami Hiramatsu)

I think we are not far from an acceptance. The code introduces a lot of optimizations suggested by Masami, Steven, and Borislav! But it might have one or two rounds of small fixes/polishment.

Here is the link for the submission:

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1968209.html