• Virtualization
• Isolation
• Multicore
• Real-Time
• Hypervisors

The growing demand of new functionalities in modern embedded real-time systems has led chip makers to produce the modern multi-core platforms. This trend also increased the need for robust and efficient mixed-criticality systems that need to share the same hardware platform. Hardware virtualization established as a de-facto solution to realize such systems, aiming at guaranteeing time and security requirements.
This thesis addresse the problem of providing spatial and temporal isolation between execution domains in a hypervisor running on an ARM multicore platform. The goal is to achieve predictable interference among domains without relying on any information on their behavior and/or configuration, thus enabling the execution of time-sensitive (and possibly safety-critical) guests that are resilient to misbehaviors, cyber attacks, or excessive demand of computational resources that may affect less critical domains. For instance, the proposed design solution allows the integration of a real-time operating system with a general purpose operating system (e.g., Linux), which today is a common need in many industrial fields.
Isolation is achieved by carefully managing the two primary shared hardware resources of today's multicore platforms:
the last level cache (LLC) and the DRAM memory controller. The XVISOR open-source hypervisor and the ARM Cortex A7 platform have been used as reference systems for the purpose of this work.
Spatial partitioning on the LLC has been implemented by means of cache coloring, which allows reserving a given portion of cache memory to each domain, thus avoiding mutual cache evictions by design. In this work, cache coloring has been tightly integrated with the ARM virtualization extensions (ARM-VE) to deal with the memory virtualization capabilities offered by a two-stage memory management unit (MMU) architecture.
Temporal isolation on the DRAM controller has been implemented by realizing a memory bandwidth reservation mechanism, which allows reserving (and contextually limiting) a given number of memory accesses across a periodic time window. The reservation mechanism leverages performance counters and specific interrupt signals available on various ARM platforms and has been integrated with the scheduling logic of XVISOR when managing the execution of the virtual CPUs.
An extensive experimental evaluation has been performed on the Raspberry Pi 2 board, showing the effectiveness of the implemented solutions on a case-study composed of multiple Linux guests running state-of-the-art benchmarks. In particular, both cache coloring and memory reservation proved to ensure a strong isolation among domains, with a significant improvement on worst-case execution times due to the limited (or null) contention delays introduced by such shared resources. No relevant paybacks in terms of run-time overhead have been observed.
The results of this thesis received considerable attention by the XVISOR community and are going to be integrated in a next release of the hypervisor.