Implementation and Evaluation of MemGuard in the Bao Hypervisor

Multi-core embedded systems face increasing pressure to guarantee timing predictability while sharing critical hardware resources such as caches and memory buses. Although static partitioning hypervisors provide strong spatial isolation, they do not alone prevent temporal interference caused by concurrent memory accesses. To address this gap, this work integrates a fine-grained memory bandwidth regulation mechanism into the Bao hypervisor, extending the MemGuard framework with distinct accounting for read and write operations. Treating memory accesses asymmetrically enables more accurate budgeting and avoids the conservatism inherent in uniform regulation, improving both resource utilization and isolation. The system enforces dedicated bandwidth guarantees and dynamically reallocates unused quotas via feedback-driven budget functions, making it suitable for mixed-criticality environments where high-priority tasks demand strict timing consistency. The implementation is evaluated on a quad-core ARMv8 platform (Raspberry Pi 4) running multiple Bao partitions, each executing periodic real-time tasks alongside memory-intensive workloads. Experiments compare several adaptive budget policies and reveal that separating read and write regulation reduces interference and enhances predictability without sacrificing throughput. Among the evaluated approaches, AMBP demonstrated strong scalability, while AFC and PIC achieved an advantageous balance between performance stability and computational overhead. Overall, the integration advances memory isolation capabilities for lightweight hypervisors and provides an efficient foundation for reliable real-time execution on modern embedded multi-core platforms.