Publications

ARINC 653 defines a partitioned framework where the partitions are scheduled according to a predefined cyclic plan and the processes of each partition are scheduled with a fixed priority policy. The timing characteristics defined in ARINC (period and duration) can hardly be used to precisely represent the timing requirements of the applications. We extend the timing model of ARINC 653 to consider deadlines and the periodic behaviour of the individual processes. A novel definition of how to model periodic activities and how this new model is specially useful in an heterogeneous partitioned system is also presented.

The new model and the set of scheduling algorithms have been implemented in a scheduling tool (called Xoncrete) to assist the designer to generate the cyclic plan table. Although founded on solid theoretical results, Xoncrete is not a general purpose tool, it is a tool designed to provide real help to the system designer.

XtratuM is an hypervisor designed to meet safety critical requirements. Initially designed for x86 architectures (version 2.0), it has been strongly redesigned for SPARC v8 arquitecture and specially for the to the LEON2 processor. Current version 2.2, includes all the functionalities required to build safety critical systems based on ARINC 653, AUTOSTAR and other standards. Although XtratuM does not provides a compliant API with these standards, partitions can offer easily the appropriated API to the applications. XtratuM is being used by the aerospace sector to build software building blocks of future generic on board software dedicated to payloads management units in aerospace.

XtratuM provides ARINC 653 scheduling policy, partition management, inter-partition communications, health monitoring, logbooks, traces, and other services to easily been adapted to the ARINC standard. The configuration of the system is specified in a configuration file (XML format) and it is compiled to achieve a static configuration of the final container (XtratuM and the partition’s code) to be deployed to the hardware board. As far as we know, XtratuM is the first hypervisor for the SPARC v8 arquitecture.

In this paper, the main design aspects are discussed and the internal architecture described. An evaluation of the most significant metrics is also provided. This evaluation permits to affirm that the overhead of a hypervisor is lower than 3% if the slot duration is higher than 1 millisecond.

XtratuM is an hypervisor designed to meet safety critical requirements. XtratuM 2.1.0 is a redesign of the former version XtratuM 2.0 (for x86 architectures) to meet safety critical requirements. It has been ported to SPARC v8 arquitecture and specially to the to the LEON2 processor, which is the reference platform for the spatial sector. Adaptation involves a strong effort in redesign to be closer to the ARINC-653 standards. As far as we know, XtratuM is the first hypervisor for the SPARC v8 arquitecture. In this paper, the main design aspects are discussed and the internal architecture described. An initial evaluation of the most significant metrics is also provided.

Hypervisor is a promising technology to build partitioned systems. However, it has to be adapted and customized to the requirements of the target application. Hypervisors are small software layers which can be designed to meet real-time and security properties. Its correctness can be sufficient to ensure the security of the system as a whole or, at least, the security of a set of trusted partitions.

Hypervisor technology provides execution environments to build partitions which contain the applications. Several aspects arise from partitioned systems: the new roles and functions of the different teams involved in the development and the enviroments to develop the applications. In this paper we discuss the roles and functions when using XtratuM as virtualisation platform and the guest operating systems available to develop the applications.

On the other hand, a critical point is the cost of the virtualisation in terms of overhead, memory and complexity to build a scheduling plan. This paper analyzes these costs for partitioned systems built on XtratuM.

Partitioned sofware architectures were conceived to fulfill security and avionics requirements where predictability is extremely important. Both, the availability of new processors and an increased necessity of security, have opened new possibilities to use efficiently this approach. Avionic industry has consolidated the Integrated Modular Avionics (IMA) as a solution to manage the software growth in functionality and in efficiency. Now, the aerospace sector is adapting these concepts on its developments. One of the solutions used to achieve partitioned systems is based on virtualisation techniques. In this paper we present XtratuM, a bare-metal hypervisor which implements para-virtualization and dedicated device techniques.

XtratuM provides a virtual machine that is ’near’ the native one. It permits to execute a set of partitions, containing each one an operating systems and its applications. Security is based on the temporal and spatial isolation properties provided by the hypervisor. This paper describes the main design criteria
used to achieve temporal and spatial partition isolation and an approach to extend the trusted environment from the hardware level to the hypervisor level in order to verify the temporal and spatial isolation properties.

The growing complexity of the payload on-board satellite software experimented during the last years has raised the interest of the CNES and the ESA to explore the possibility of using a TSPbased architecture as base of the payload software of its new generation satellites. Such a solution can be implemented by using different approaches: virtualization,µ-kernels, separation kernels.

XtratuM is an open-source hypervisor targeted high-critical real-time systems which has been selected by ESA to be ported to the LEON3 processor in the frame of the Securely Partitioning Spacecraft Computing Resources project. This paper addresses the current status of the XtratuM open-source hypervisor for LEON3. In addition an early evaluation of it is also sketched.