EMC2

Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4 Introduction

. Multi-core architectures will be adopted in the next generations of avionics and aerospace systems. . Integrated Modular Avionics (IMA): mixed-criticality . Key requirement: spatial and temporal isolation

. Virtualization appears to be a promising technique to implement robust software architectures in multi-core avionics platforms. . Goal: exploiting virtualization in the prototyping of a multi-core test platform for the aerospace domain.

. This is a first attempt to exploit paravirtualization on Cobham-Gaisler LEON4, the European Space Agency Next Generation Microprocessor (NGMP).

© 2015, Thales Alenia Space Reference Application

Test Software (Test input, Application Stack: . Scenario: various analysis and (Telemetry, benchmarking) file transfers) levels of criticality and REFERENCE SOFTWARE dependability both at DEMO PLATFORM software and hardware level JTAG SPACEWIRE PERIPHERAL TARGET DEVICE 1 TEST SERIAL MULTICORE . Requirements: CONSOLE PROCESSING ETHERNET PLATFORM SPACEWIRE PERIPHERAL reliability, robustness. DEVICE 2

Overall objectives: . Implementation and analysis of a typical mixed-critical aerospace application over a next-gen multicore platform . Assessment and analysis of virtualization technologies (isolation) . Comparison of different hypervisors (robustness, self-healing)

© 2015, Thales Alenia Space Platform & Tools

The target hardware identified is a quad-core architecture based on the Gaisler SPARC-V8 LEON4 processor (ESA’s Next Generation MicroProcessor).

Two different hypervisors, SYSGO PikeOS and FentISS XtratuM, have been considered for the implementation of the reference application on selected multicore platform.

. PikeOS is a platform providing RTOS, type I hypervisor and paravirtualization functionalities.

. XtratuM is an open-source, bare metal hypervisor targeting real- time systems and implementing the paravirtualization principle.

© 2015, Thales Alenia Space Leon4 Platform

The LEON4-NGMP-DRAFT device is a system-on-chip featuring a quad core fault-tolerant LEON4 SPARC V8 processor having 4x4 KiB instruction and 4x4 KiB data caches

. Double precision IEEE-754 floating point units . SpaceWire router with eight SpaceWire links . CPU and I/O memory management units . 2x 10/100/1000 Mbit Ethernet interfaces . Multi-processor interrupt controller with . MIL-STD-1553B interface support for ASMP and SMP . 2x UART, SPI, Timers and watchdog, 16 pin GPIO . 256 KiB Level-2 cache . Advanced on-chip debug support

© 2015, Thales Alenia Space Software Architecture

The prototype software architecture includes various components running on top of the hypervisor:

. Applications TCTM, File Transfer . Cyclic Transaction Manager Packet formatting . I/O Manager Low level management of data transactions . Device Drivers UART, SpaceWire, Ethernet

© 2015, Thales Alenia Space Time and Space Partitioning

Defined software objects have been mapped to separate partitions. The allocation of partitions to different CPUs has been then analyzed, specifically considering functional and timing requirements.

BACKGROUND BACKGROUND CPU 3

TP1 TP2 TP1 TP2 TP1 t

REAL TIME REAL TIME REAL TIME REAL TIME REAL TIME CPU 2 APP 1 APP 2 APP 1 APP 2 APP 1

TP1 TP2 TP1 TP2 TP1 t

CPU 1 I/O MANAGER

TP0 t

CPU 0 DEVICE DRIVERS TP0 t Specific focus has been put in the design of the I/O manager component: . Mapping of different types of transactions (Cyclic and Sporadic TCTM transactions, File transfers) on different traffic classes . Definition of scheduling rules for an efficient traffic management

© 2015, Thales Alenia Space PikeOS

PARTITION 1 PARTITION 2 PARTITION 3 USER MODE USER

PIKEOS SYSTEM SOFTWARE

PIKEOS SEPARATION MICROKERNEL

PLATFORM

KERNEL MODE KERNEL ARCHITECTURE SUPPORT PACKAGE SUPPORT PACKAGE

© 2015, Thales Alenia Space XtratuM

USER PARTITIONS SUPERVISOR PARTITIONS

PARTITION 1 PARTITION 2 PARTITION 3

vcpu0 vcpu0 vcpu1 vcpu0 USER MODE USER

HYPERCALLHYPERCALL INTERFACEINTERFACE

XTRATUMXTRATUM KERNEL MODE KERNEL

MULTICORE PROCESSOR

cpu0 cpu1 cpu2 cpu3

© 2015, Thales Alenia Space Partitions and CPU mapping

DEVICE HARD SOFT I/O MANAGER DRIVER REAL-TIME REAL-TIME PARTITION PARTITION PARTITION PARTITION

HYPERVISOR

CPU0 CPU1 CPU2 CPU3

© 2015, Thales Alenia Space PikeOS-based application

Real time components Non-real time Implemented by means components of PikeOS native tasks + Implemented by accurate time means of PikeOS management native tasks

MailBoxes User level, custom implementation based on I/O HARD SOFT circular buffers over MANAGER REAL-TIME REAL-TIME Shared Memory PARTITION PARTITION PARTITION

SHARED MEMORY Device Drivers Kernel Level implementation for DRIVERS HYPERVISOR the following devices • Spacewire • UART CPU CPU CPU CPU 0 1 2 3 • Ethernet

© 2015, Thales Alenia Space XtratuM-based application

Device Drivers Real time components Non-real time User Level implementation for the Implemented using a components following devices custom runtime Implemented using a . Spacewire providing user level task- custom runtime . UART scheduling and inter- providing user level . Ethernet task communication task-scheduling

I/O MANAGER HARD SOFT REAL-TIME REAL-TIME DEVICE DRIVERS PARTITION PARTITION

MailBoxes HYPERVISOR Implemented using XtratuM native inter- CPU CPU CPU CPU partition communication 0 1 2 3 mechanisms

© 2015, Thales Alenia Space