Taming Interrupts: Deterministic Asynchronicity in an ARINC 653 Environment

Taming Interrupts: Deterministic Asynchronicity in an ARINC 653 Environment

Interrupts are forbidden in ARINC 653 partitioned environments – or so it appears. In this paper we will examine that prohibition and explore a means of using interrupts in a system while maintaining deterministic behavior.

We begin with an overview of the benefits and costs of Integrated Modular Avionics (IMA), along with a review of associated standards. Next, we look at interrupt-driven Input/Output (I/O) handling, which is considered best practice, except in ARINC 653 systems. Because DO-248 requires deterministic behavior as a fundamental system property necessary to certify safety, most IMA system designers avoid interrupts, presuming that such asynchronous events introduce non-determinism and cause interpartition interference.

We conclude with a description of our initial implementation of this innovation within a customized version of the Xen hypervisor.

 
This paper is hosted by IEEE.org, the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity. Click the button below to find the work.
 
Read The Paper