HyperSSE: Static Analysis of Real-Time Hypervisor Systems with ARA

• Typ der Arbeit: Masterarbeit
• Status der Arbeit: reserviert
• Projekte: AHA
• Betreuer: Andreas Kässens, Daniel Lohmann

Context

Within the AHA project, we focus on optimizing embedded systems by specialization of the OS itself. Using the Automatic Real-time Analyzer (ARA), we perform static analysis to find interactions between different tasks¹. With the latest addition, the MultiSSE, ARA can analyze interactions on systems like multicore AUTOSAR to allow for static optimization.

However, modern complex embedded systems may not only distribute tasks over multicore systems, but instead partition the hardware into multiple hypervised domains² for safety reasons. Each domain can run its own isolated Real-Time OS or General-Purpose OS instance, making powerful central computing hardware with time-critical software from various suppliers feasible.

Problem

For example in automotive applications, multiple domains with different functional safety requirements can be deployed using a partitioned hypervisor on the same system. However, due to the independent safety classification of each software component, a highly-critical RTOS domain (i.e. ASIL-D) may interact with a lower-critical domain (e.g. ASIL-B). An example are EFI (electronic fuel injection) systems that require real-time sensor data, which must be gathered from another component. The shared memory access between domains must be synchronized via inter-VM-interrupts to enable data exchange between partitions. To identify possible timing violations of these interactions, static analysis of such systems can provide an abstract system-wide view over all domains. Other approaches for such complex systems usually make use of dynamic profiling, e.g. analyze and limit memory bus contention³.

Goal

In this thesis, the concept of the static analysis MultiSSE shall be applied to a static partitioning hypervisor like (dom0less) Xen. Previously analyzing (cross-core) system calls within the RTOS, solely the Xen hypercalls are now of interest to the static analysis of cross-domain interactions. Specifically the "Event Channel" hypercall⁴, which can be used to issue an inter-VM-interrupt to signal new data in shared memory, has to be analyzed. Because of the static partitioning, VM scheduling can be ignored, making the analysis comparably simple and reducing the probability of state explosion.

To implement this, ARA shall run the SSE analysis on multiple single-core RTOS. Both domains must be synchronized using an Xen hypervisor model, that analyzes the hypercalls, optionally leveraging timing information. As a result, the HyperSSE allows for cross-domain timing analysis of explicit cross-domain interactions.

Topics: Python, C++, LLVM, Real-Time Operating System, Hypervisor, Static Analysis

References

RTSJ Journal
Applied static analysis and specialization of cross-core syscalls for multi-core AUTOSAR OS

Gerion Entrup, Andreas Kässens, Björn Fiedler, Daniel LohmannReal-Time SystemsSpringer2024.
PDF 10.1007/s11241-024-09429-1 [BibTex]

×

BibTex Entry

@article{entrup:24:rts,
author = {Gerion Entrup and Andreas Kässens and Björn Fiedler and Daniel Lohmann},
doi = {10.1007/s11241-024-09429-1},
entrysubtype = {Journal},
journaltitle = {Real-Time Systems},
month = {October},
publisher = {Springer},
title = {Applied static analysis and specialization of cross-core syscalls for multi-core {AUTOSAR OS}},
year = {2024},
}

Close