Unintended software interactions are bugs, or at least potential bugs. They're among the most difficult problems to diagnose and correct because the pre-conditions may be difficult to reproduce. Such bugs are annoying in Personal Computers used for office work, but may form the basis for dangerous failures when present in embedded systems that control cars, planes, heavy equipment, pacemakers and many other applications.
One solution restricts software interactions to the lowest levels of the systems software and formalized inter-process communications. This is most often achieved by some level of virtualization. Limiting inter-process communications to formalized queues, deques, stacks, and the like reduces the amount of software that needs to be proven correct. This in turn reduces the opportunity for software failure to corrupt memory. While a software-only option is an improvement over no virtualization, Intel® VT hardware for Virtual Machine Monitors (VMM) moves key aspects of virtualization into hardware. Doing so reduces the amount of software that can cause interactions and restricts interactions to very specific, controlled types based on the operating software. Intel Virtualization Technology provides hardware capabilities that enable simpler and more robust VMM designs. It allows for total VMM separation from each VM by creating a new privileged ring structure. Inter-process communications are then managed at or below the VMM level.
Conceptually, software interactions may be controlled by the generic methods of Virtual Machine partitioning. Under this system a Hypervisor controls dispatching OSes and applications. Inter-process communications and physical resources such as peripherals are managed by well defined and controlled APIs.
LynuxWorks®, an Affiliate member of the Intel® Embedded and Communications Alliance (Intel ECA) offers several variations on Linux ranging from a hard real-time operating system to BlueCat® Embedded Linux - a Linux OS enhanced for embedded systems. LynuxSecureTM from LynuxWorksTM offers technical facilities that protect against memory leaks, runaway indexed memory addresses, other memory faults and I/O conflicts. By using the intrinsic qualities of a VMM and Intel's® Virtualization Technology, LynuxSecure partitions eliminate the possibility for memory faults overwriting data or code space in another partition. VM partitioning reduces unintended software interaction.
LynxSecure relies on a hypervisor to create a virtualization layer. This layer of abstraction maps physical system resources to each guest operating system. Each guest operating system is assigned dedicated resources, such as memory, CPU time and I/O peripherals. LynxSecure isolates each virtual instance (guest operating system) by providing hardware protection to every partition and its own virtual addressing space. Resource availability, such as memory and processor-execution resources, is guaranteed to each partition. Therefore no software can fully consume the scheduled memory or time resources of other partitions. LynxSecure supports simultaneous use of system interfaces, including multiple instances of the same or different operating systems in different partitions.
An Intel VT capable processor such as an Intel core-2 Duo forms the Hardware base of the platform. For processors that support Trusted eXecution Technology (TXT), additional safeguards may be used. The hardware platform is controlled by VT technology which secures the platform during boot using TXT and if appropriate, Trusted Boot (tboot). Conceptually software interactions may be controlled by the generic methods of VM partitioning. Under this system a Hypervisor controls dispatching OSs and applications.
There are other products available from Intel® ECA members that can aid in reducing the opportunity for unintended software interactions. For example, Intel ECA Affiliate Real Time Systems GmbH's Real-Time Hypervisor provides basic partitioning for standard OSes. Another Intel ECA Affiliate Green Hills® Software offers its IntegrityTM OS in several configurations dealing with a variety of systems needs. Wind River's Hypervisor also supports VM partitioning enabling designers to separate multiple software applications. This minimizes the potential of unwanted software interactions. Wind River is an Associate member of Intel ECA.
VMs hold the possibility of isolating legacy software to isolate existing applications and their occasional bad behavior (relative to other applications) so that systems may continue operating in the face of faults.
Intel's Virtualization Technology offers promise for a new way of developing software. Like top-down step-wise refinement of the early 70s, the ability to virtualize user interfaces, non-realtime functions, and realtime operations can compartmentalize design and implementation parameters. Abstraction has proven to be a powerful design and implementation approach for many different technologies, including software. A major side effect of pragmatic abstraction is reduction in unwanted software interactions.
I think that virtualization can fundamentally change the way in which we design and implement embedded systems. What do you think?