

EMC<sup>2</sup>: Mixed Criticality Applications and Implementation Approaches

## Analysis of paravirtualization tools supporting isolation in multicore, mixed-criticality aerospace systems

D. Andreetti<sup>2</sup>, **F. Federici**<sup>1</sup>, V. Muttillo<sup>1</sup>, D. Pascucci<sup>2</sup>, L. Pomante<sup>1</sup>, G. Valente<sup>1</sup>

<sup>1</sup> Center of Excellence DEWS, University of L'Aquila, Italy <sup>2</sup> Thales Alenia Space Italy, Rome, Italy











- Context
- Univaq EMC<sup>2</sup> use case
  - Description
  - Preliminary implementation
  - State of the work
- Conclusions and future developments





## Context



- Avionics and aerospace applications
  - Stringent requirements in terms of determinism, robustness and security
- From the federated approach to Integrated Modular Avionics
  - IMA systems as mixed criticality system
- Transition to multicore architectures
  - Use of virtualization



## Application scenario



#### Satellite Demo Platform (hardware and software):



## I/O transactions

- Three different types of I/O transactions:
  - Level 1 transactions (telemetry)
  - Level 2 transactions (telemetry)
  - Level 3 transactions (file transfer)

Criticality with respect to timing requirements (and resource sharing)

## Goals



- Migrate a typical aerospace application over a modern multicore platform
- Benhmarking hypervisors
- Compare different virtualization solutions



## Target Platform



GR-CPCI-LEON4-N2X: designed for evaluation of the Cobham Gaisler LEON4 Next Generation Microprocessor (NGMP) functional prototype device.

Processor:

 Quad-Core 32-bit LEON4 SPARC V8 processor with MMU, IOMMU

### Preliminary work:

- Platform Support package development
- SpaceWire drivers for Leon4 platform







# I/O Manager

The I/O Manager handles all I/O-related activities:

- Collects the I/O requests from all the applications
- Performs the required transactions on the links
- Provides the required data to the application



Hi-level I/O Manager

- Formats the data according to specific protocols.
  Low-level I/O Manager
- Manages the data provided by the application and device interfaces implementing a specific scheduling policy



## Low level scheduling

- The application starts its transactions by making the data available to the I/O Manager
- The low-level I/O manager implements a periodic scheduler managing all the low level transactions from the application to the various peripheral devices.



- Each transaction is scheduled on a specified time frame and has a fixed deadline
  - Level 1 transactions (deadline = 1)
  - Level 2 transactions (intermediate deadline)
  - Level 3 transactions (background transactions)

## Application structure





## Possible mapping



HYPERVISOR

## XtratuM





Prague, 20/01/2016

HIPEAC 2016







- In XtratuM, each CPU holds its own cyclic scheduler, defining individual scheduling plans for each core.
  - XtratuM also includes a fixed priority scheduling as an alternative scheduling policy
- In PikeOS, the same time partition scheme is scheduled on all CPUs at the same time.
  - The kernel could schedule different schemes on each CPU, but the PSSW doesn't support this yet

## Conclusions and future work



- In the context of the EMC<sup>2</sup> project, Univaq and TASI are collaborating on a case study related to the implementation of a simplified satellite platform.
- Two different hypervisors, SYSGO PikeOS and FentISS XtratuM, have been considered for the implementation of the reference application on quadcore LEON 4 platform.
  - Platform support packages and device drivers have been developed
  - Possible implementation approaches have been analyzed
- In the near future, the application will be finalized and deployed on the target platform. The performance of the system will be analyzed in relation to specific requirements of real time, robustness and safety.

## Further work

- Multiprocessor Leon3 system
  - Performance comparison of Leon3 and Leon4 processors
  - Evaluation of possible hardware support strategies for hypervisor functionalities
- Heterogeneous platform with dual core ARM Cortex A9 and multiprocessor Leon3 system
  - Implemented on Xilinx Zynq
  - Analysis of isolation in heterogeneous platforms sharing memory resources





### Thank you for your attention

**Questions?**