Health monitor in De-RISC

Nov 22, 2021

The XtratuM Next Generation (XNG) software incorporates the latest hypervisor services developed by fentISS to match the needs of safety-critical systems. Specifically, the Health Monitor (HM) service detects faults in the hardware and in XNG itself, and responds according to a configuration defined by the system integrator.

The Health Monitor is the mechanism proposed by the space and time partitioning ARINC-653 software specification for reporting and monitoring errors. It is in charge of detecting (the event), reacting (with an action) and reporting (in the HM log) fault states from either the hardware, the partitions or internally generated by the hypervisor. It aims at discovering faults at an early stage, trying to solve or confine the faulty subsystem to avoid a failure or to reduce its potentially harmful effects.  This service also allows the integrator to define a Fault Detection, Isolation, and Recovery (FDIR) policy specific for the system and for each partition event.

The LithOS guest operating system, also developed by fentISS, takes advantage of the services provided by XNG to offer the complete ARINC-653 Application/Executive (APEX) to the applications. Thus, the Health Monitor is also present at LithOS thanks to specific features at partition level which complement the XNG Health Monitor, such as the generation of process-level events like detection of process deadline misses and stack overflows, and capability to declare an error handler to manage the detected errors.

The Health Monitor is a key XNG feature that allows building reliable and secure applications which guarantee fault detection, isolation and reporting to protect the system.

An illustrative example available at the official De-RISC YouTube channel shows the behavior of the XNG HM service.