L4Re Predictable Runtime Environment (L4-P-Re)

Embedded systems are getting more powerful using multi‐core platforms, allowing them to run a broad set of applications including from control and entertainment domains. With security and real‐ time constraints of the applications as well as isolation among them, support for mixed‐criticality is a must. Isolation must be ensured for both spatial and temporal dimensions to cover the requirements for a platform capable of running a diverse set of different applications on a single physical platform. The L4Re system offers a state‐of‐the‐art capability security system, allowing to specify fine‐grained security policies among applications. This features deployment of systems with different resource needs in parallel and completely isolated from another denoted as “Isolated Domains” in the figure below.

l4re.png

For L4Re deployed on multicore technology to become a success in the context of embedded real‐ time systems, mixed criticality has to be supported. With mixed critical systems, applications with firm, i.e., hard, and soft real‐time and different security constraints execute on the same (computing) platform. Ruling out timing violations of the safety‐relevant parts and guaranteeing different security levels within a single (multicore) architecture is, however, far from trivial. Resources like L2‐caches, main memory and communication links are used by different applications at the same time, e.g., the Linux and Windows hosts may race for access to the same physical memory bank. This may not only yield hidden (timing) dependencies among logically independent applications, it will also allow attackers (or bugs) to corrupt the data integrity of crucial parts of the system. For avoiding such problems, industrial standards, e.g., ARINC 653, require spatial and temporal isolation of applications using the same hardware. The current L4Re and its set of real‐time capabilities, most importantly its scheduling features, are limited and only allow one to realize mixed criticality systems based on fixed priorities.

In this TTP, we supplemented the existing fixed‐priority scheduling algorithm with an Earliest‐ Deadline‐First (EDF) system. This is of great importance as most results of theory are based on an EDF‐scheduler.

While an implementation of EDF seems straightforward, its integration in an existing system with its applications raises interesting challenges:

  • Existing applications must continue to run although no explicit deadline has been specified.
  • L4Re's scheduling is core‐local and has limited cross‐core interaction only. This goes in‐line with the fixed‐priority scheduling algorithm that uses core‐local priorities. However, with EDF and deadlines a cross‐core usage becomes more attractive.
  • A combination of different scheduling algorithms in a stacked fashion might be a favorable solution to integrate a new scheduling algorithm into an existing system.

With an integrated EDF scheduler, the L4Re becomes more capable and attractive for real‐time applications. Combining real‐time applications together with virtualized subsystems on a single physical systems allows to build feature‐rich secure mixed‐criticality systems and exploit the power of modern multi‐core embedded systems.

Providing a new certifiable solution for the real-time systems market, i.e., for multicore computing platforms potentially used in future train, automotive and avionic systems, will allow L4Re to penetrate new market segments. This strengthens the position of Kernkonzept GmbH, as well as the EU-based embedded control system industry as a whole, as L4Re is open source.

Downloads: 
PDF icon PosterPDF icon Abstract