Run Your Mixed Criticality Applications Together, Without Interruption, Even When One Crashes

Posted on September 22, 2020 by Matthew Russell

Companies building greater functionality into their embedded systems eventually reach a point where their finite computing resources must be distributed across applications. These mixed-criticality systems see software components of different criticality levels sharing that processing system, often requiring complex and costly certification that they will operate as required.

Hypervisor technology is helping those companies simplify their architecture while reducing size, weight, and power (SWaP).

The DoomU/Pen-DomU-lum demonstration from DornerWorks illustrates the benefits of isolation enabled by a seL4 hypervisor-based system. The seL4 hypervisor supports two disparate applications running simultaneously yet fully independent of each other while sharing the same processing platform — an Avnet Ultra96 development board featuring the ARM-based, Xilinx Zynq UltraScale+™ MPSoC.
Through isolation and hardware partitioning, a hypervisor can corral mixed-criticality software components in different virtual machines, preventing one from interfering with another, and providing a much simpler path to system certification. Industrial platforms, aerospace and defense systems, medical applications, and autonomous automotive systems now driving the expansion of machine learning and AI inference are all benefiting from the software separation enabled by hypervisors.

An inverted pendulum stands in for a time-critical system in the hypervisor demo.

On one side of the demo, an inverted pendulum system keeps a ruler balanced upright by turning motors on and off with a precise algorithm. In the real world, this side of the demo represents a real-time industrial system, an embedded ADAS application, an exoplanetary-bound rocket, or any other time-critical system that might be hindered by unexpected computing restraints.

Users can play or crash the open source Doom game at any time. The inverted pendulum will maintain its balance.

On the other side, fully functioning and playable in various levels of gore: Doom, a multimedia application that simulates the pressure of dynamic computing demands on a multi-core processor enhanced by a baremetal seL4-based hypervisor.

Running the open source version of Doom on the Ultra96 alongside the inverted pendulum application shows how mixed criticality processes can operate without interfering with each other, even if one of the applications crashes.

The pendulum utilizes the Ultra96’s FPGA fabric for two motor controllers and a rotary encoder counter. The motor controllers interfaces through a custom made shield for the Ultra96 to move the pendulum laterally. The rotary encoders tell the application running in Linux which way the pendulum is leaning in space.

The block diagram below shows how the Ultra96 and seL4 hypervisor combination keep the applications safely separated.

It’s interactive and fun to play with, and the technology at work demonstrates a key benefit of the seL4 hypervisor.

The seL4 hypervisor is already providing companies in aerospace, defense, and automotive industries with a robust path to software isolation and hardware partitioning. It combines the flexibility of open source licensing with high levels of safety and security.

If you would like to build new products or enhance your business with the trusted base of seL4, schedule a meeting with us today.

Matthew Russell
by Matthew Russell