Overview
The design of an hypervisor for critical real-time embedded systems follows these criteria:
- Strong temporal isolation: fixed cyclic scheduler.
- Strong spatial isolation: all partitions are executed in processor user mode, and do not share memory.
- Basic resource virtualization: clock and timers, interrupts, memory, CPU and special devices.
- Real-time scheduling policy for partition scheduling.
- Efficient context switch for partitions.
- Deterministic hypercalls (hypervisor system calls).
- Health monitoring support.
- Robust and efficient inter-partition communication mechanisms (sampling and queuing ports).
- Low overhead.
- Small size.
- Static system definition via configuration file (XML).
In the case of embedded systems, particularly avionics systems, the ARINC 653 standard deļ¬nes a partitioning scheme. Although this standard was not designed to describe how a hypervisor must operate, some parts of the model are quite close to the functionality provided by a hypervisor.
The XtratuM API and internal operations resemble the ARINC 653 standard. XtratuM is not an ARINC 653 compliant system. The standard relies on the idea of a separation kernel defining both the API and operations of the partitions and also how the threads or processes are managed inside each partition.
XtratuM hypervisor supports the x86, LEON2, LEON3 and LEON4 (SPARC v8) architectures.
XtratuM support as execution environments:
- XAL (XtratuM Abstraction Layer) for bare-C applications
- POSIX PSE51 Partikle RTOS
- ARINC-653 P1 compliant LITHOS RTOS
- ARINC-653 P4 compliant uLITHOS runtime
- Ada Ravenscar profile ORK+
- RTEMS
- Linux (x86 architectures)
Read more about this topic: Xtratu M