Description
Speaker:
Ayan Kumar Halder, Sr. Member of Technical Staff at AMD
Matthew Weber, Associate Technical Fellow & Chief Software Architect Linux at Boeing
This seminar presents the ongoing work to bring functional safety capabilities to the Xen hypervisor alongside Zephyr RTOS and Linux, targeting deployment in mixed-criticality systems. We begin with the big picture: a system-level design showing how Xen, Zephyr, and Linux can be composed to meet the needs of different safety domains — from avionics (DO-178C) to automotive (ISO 26262) and industrial (IEC 61508). We then dive deep into the concrete work items that have been upstreamed or published, including MISRA C fixes, safety- critical features in Xen such as MPU support, along with requirements, architecture specifications, test specifications, and tests. We conclude sharing how to collaborate with ELISA and Xen FuSa efforts to collaborate on an open safety case!
We will describe the various means of testing with some examples – domain based tests, fault injection tests, internal interface tests based on gdb, fuzzing, platform emulation for testing, unit tests based of ceedling and coverage measurement (branch, line, function, MCDC). All these tests are aimed at validating Xen as safety element out of context. We will also describe how we plan to reduce the code to be safety certified by introducing fine granular configurations describing the hardware features. Besides, we will describe how Xen enforces freedom from interference between different VMs based on capabilities and properties. Thus, we ensure that Xen can meet the safety guidelines set by ISO 26262, IEC 61508 and DO-178C.