In this article, the fundamental suitability of the open-source hypervisor Xen for safety-critical real-time application is analyzed. In the field of avionics, satisfying criteria such as safety criticality and real-time… Click to show full abstract
In this article, the fundamental suitability of the open-source hypervisor Xen for safety-critical real-time application is analyzed. In the field of avionics, satisfying criteria such as safety criticality and real-time capability are mandatory and pose one of the greatest challenges when developing systems and functions that are to be qualified for the installation in passenger aircraft. System architectures that additionally aspire adaptive behavior in terms of self-configuration and reconfiguration complicate these challenges even more. Spatial and temporal partitioning is a fundamental requirement for the implementation of safety-critical systems but is of static behavior in current avionic standards such as A653. Implementing a fully functional partitioning that is able to reconfigure during runtime would be a great leap forward in the field of adaptive avionics. The open-source hypervisor Xen offers features to dynamically create and manage virtual machines that natively come with architecture-related segregation. In order to determine the feasibility of Xen in the field of safety-critical real-time application, its spatial and temporal partitioning capabilities and occurring latencies are analyzed in this article. The analysis is based on specifically designed benchmarks that measure the accuracy of periodic task execution with different system load levels featuring various Xen schedulers and guest operating system kernels. The overall results for the spatial partitioning and real-time capabilities turn out to be promising but remain with minor interferences, varying based on the setup benchmarking configuration. The temporal partitioning enforced by Xen remains with clearly identified and fixable issues before a deterministic function execution in hard real time is reached.
               
Click one of the above tabs to view related content.