I have a dream – The future of hypervisor technology

No, I do not intend to initiate a revolution on the future of embedded systems. But, who knows…

All well-known embedded system solution providers see the necessity to offer hypervisor technology in parallel to their standard RTOS offering. The reasons for this is obvious and manifold:

  1. Gordon E. Moores law, stating “that number of transistors in an integrated circuit doubles approximately every two years” has reached its limits for single core CPUs. CPU vendors seek their salvation in multi-core CPUs. But the performance of multi-core CPUs does not scale with the number of cores. An operating system needs to manage the multi-core system and optimize the performance, which can be squeezed out of the cores. A hypervisor is an important future technology to manage multi-core CPUs. A hypervisor is meant to have the means to manage cores and run multiple (operating) systems on the multi-core platform
  2. A hypervisor separates/isolates the (operating) systems from each other and thus provides a fundamental concept for safety and security by separation. We will discuss this in more detail later on, but let me state, that safety and security by separation is one of the major concepts used for avionics devices, which really need to be safe and secure. Otherwise you would not be willing to sit in an airplane which uses “fly by wire” technology
  3. The separation concept of a hypervisor is perfectly suited to isolate applications, which have been developed under different license agreements. The GPL license has the property to infect any line of code, which is derived from GPL code, or which is compiled and linked with GPL code. That is, you have to disclose your intellectual property, if it is infected by any open source license agreement.
  4. HW consolidation has started as a trend in the avionics domain and has already found its way into automotive and transportation systems. A modern high class car has more that 150 micro-controllers, which provide functionality reaching from convenience to safety. If you consider that you need boards to carry the micro-controllers and cabling to interconnect them, you understand, why cars get expensive and heavier over the time. I will not name a brand, but one of my first cars had around 800kg 30 years before. The same model has now 1500kg and of course provides much more convenience. The same story applies for avionics systems. A hypervisor can be used to combine the functionality of multiple micro-controllers on one board and thus reduce size and wight.
  5. By using the right hypervisor technology, real-time application can run in parallel to non real-time applications. A typical use case is to run the real-time control-system and the corresponding HMI on one hardware platform.

If one of the reasons above motivates you to use an hypervisor as a future platform, than you need to look for the details of the hypervisors implementation. The first decision to take is, whether you need a hosted (type-2) hypervisor or a bare metal (type-1) hypervisor. In a nutshell, a hosted hypervisor (type-2) is a piece of software, which runs on an operating system and configures one or more Virtual Machines, which can host another operating system. Candidates for this solution are VMWare, Virtual Box, Parallels, just to name a few. A bare metal hypervisor resides directly on the HW and manages the hardware resources. This hypervisor of course manages one or more virtual machines to run other operating systems on top. XEN is the most popular bare metal hypervisor when looking for IT solutions.

If safety and security is a concern for your devices/products, then of course your device may need to behave deterministic. The above mentioned hypervisor solutions have not been designed with real-time requirements in mind and nor can they really offer a mature safety and security concept. This is the magic moment to talk about Seperation Kernel based hypervisors. A separation kernel uses a microkernel as the underlying operating system architecture and provides means for partitioning on top of the microkernel. The partitions can be used as an execution environment for:

  • Bare metal applications
  • Applications using the microkernel API
  • Using a standard API like POSIX.
  • Using any run-time environment like JAVA, ADA
  • Running an operating system like Linux, Android etc. in a partition …

The main advantage of this approach is, that the microkernel provides real-time capabilities and separation capabilities in the operating system design. Thus we have a Real-time Operating System (RTOS) and a hypervisor architected into one product.

seperatiopn_kernel

Figure 1: Separation Kernel architecture

The next posts will dig deeper into the separation kernel concept and explain how the above mentioned 5 aspects are addressed by the hypervisor…

Cheers – Mehmet