The CLARE Software Stack

Next-generation cyber-physical systems (CPSs) such as autonomous vehicles, advanced robots, factory automation for Industry 4.0, surveillance systems, and medical devices, are characterized by complex computing workloads that include mixed-criticality software components and artificial intelligence (AI) algorithms. To be effectively deployed, such systems require powerful heterogeneous computing platforms, which however introduce considerable challenges in the design and development of software components and require convoluted configurations to be performed by experts.

Indeed, CPSs must interact with the real world in real-time , be safe and predictable , and be resilient to cyber-attacks. Ensuring these features on modern heterogeneous platforms, especially in the presence of AI algorithms, is extremely challenging. The complexity of the platforms and the computing workload expose systems to severe safety, security, and time-predictability issues. Furthermore, next-generation CPSs require dealing with software technologies that are generally far from today's certification requirements and standard regulations, and hence struggle for being accepted in engineered systems.

Compose Logo

CLARE is a complete software stack that aims at solving these issues by offering an integrated solution to support and drastically simplify the development of AI-enabled CPSs while ensuring safety, security, and real-time capabilities by design. It offers a set of components (hypervisor, virtualized hardware acceleration, security hardening, configuration tools, etc.) developed with cutting-edge technologies that make possible to properly leverage the power of modern heterogeneous computing platforms in a controlled and judicious way. CLARE also allows bridging AI algorithms with rigorous software designed with state-of-the-art engineering techniques, making AI-enabled CPSs more suitable to industrial-grade standards.

Compose Logo

In particular, CLARE offers an ecosystem of software components and tools to:

  • abstract platform complexity via automated configurations , ready-to-use templates , and high-level APIs ;
  • ensure safety , security , time predictability , and isolation with cutting-edge system-level mechanisms; and
  • ease the adoption of machine learning in embedded systems and hardware acceleration.


CLARE-Hypervisor is a type-1 hypervisor that integrates cutting-edge safety, security, and real-time resource management mechanisms. It provides strong isolation between execution domains with mixed and independent levels of safety and security while enabling safe inter-domain communications. Such domains can be rich environments powered by general purpose Operating Systems (Linux, Android, etc.) as well as high-criticality, real-time execution environments where predictability and temporal/spatial isolation is mandatory. Unmodified Guest OSes can be hosted by strongly-isolated Virtual Machines (VMs), thus allowing an easy integration of stand-alone domains. CLARE-Hypervisor follows a fully-static approach with off-line configurations generated by the CLARE-Toolkit.

CLARE-Hypervisor currently supports Armv8-A processor architectures.


Cache coloring

Memory bandwidth reservation

Bank-aware memory allocation

O(1) algorithms (almost all)

Fixed-priority and EDF scheduling

FastBoot with very low latency


Address-Space Randomization

Control Flow Integrity
(Armv-8.3A/FPGA-based platform)

Secure boot for Virtual Machines

TrustZone support

Dual-hypervisor support


Totally static

Off-line auto-generated configuration

Code suitable for SIL4 certification
(~ 7K LoC)

Low memory-footprint

Strong isolation

FPGA Interconnect

alt text

Applications running in parallel on different cores and simultaneous I/O transactions can incur in highly-unpredictable interference. If not properly controlled, this interference can propagate among domains, even with different criticality levels, hence jeopardizing the isolation capabilities of a hypervisor.

CLARE-Hypervisor implements strong isolation mechanisms to control such interferences by offering cutting-edge protection features that really shield the system from any unwanted interference and related denial-of-service attacks.

alt text

Programmable logic is the beating heart of FPGA-based heterogeneous SoCs and can be used to deploy a large variety of devices and accelerators. In a multi-domain system, portions of programmable logic can be either reserved for use within a certain domain or shared among multiple domains. In the former case, it is essential to preserve the isolation capabilities of the hypervisor also at the level of programmable logic, especially in the presence of FPGA-based devices with direct access to shared resources and peripherals (e.g., the DRAM) that are also accessed by critical domains. In the latter case, it is crucial to mediate the access to avoid side-channel attacks. Furthermore, in some cases that available FPGA area may not be enough to implement the functionality required by a system and must therefore be shared by multiplexing in time the deployment of devices.

CLARE-Hypervisor enables the virtualization of programmable logic by offering all the support for deploying strongly-isolated, multi-domain FPGA designs and the possibility of exposing a virtual FPGA fabric to the domains. Under FPGA virtualization, the FRED framework ( is leveraged to dispatch acceleration requests to be served on the physical FPGA fabric.

alt text

Mixed-criticality systems include both high-criticality, high-integrity software and low-criticality software. The latter may include vulnerabilities that, if not proper countermeasures are taken, may expose the whole system to severe security threats. Denial-of-service, side-channel attacks, code reuse attacks, control flow hijack are typical examples of threats that can jeopardize the functionality of a cyber-physical system.

CLARE-Hypervisor provides advanced security features to protect the system from such cyber-attacks. Among others, it offers support for efficient control-flow integrity, address-space layout randomization, secure boot with roll-back prevention, run-time security monitoring, and mitigations for side-channel attacks.

alt text

Applications with different criticality levels could cooperate in order to accomplish the mission of the system. Such a cooperation may rely on inter-domain communications whose criticality is inherited by the most critical application they involve. In these cases, it is crucial that low-criticality software does not have the capability of corrupting the data of communication channels or using them as attack vectors.

CLARE-Hypervisor offers a safe, secure and highly predictable inter-domain communication mechanism.

  • Linux (Vanilla, PetaLinux, Ubuntu, etc.)
  • Robot Operating System (ROS 2)
  • Erika Enterprise 3 (OSEK/AUTOSAR RTOS)
  • FreeRTOS
  • CLARE-BasicFirmware (environment for hosting C stand-alone code)
  • Other proprietary RTOSs (industrial customer)

  • Xilinx Zynq UltraScale+ MPSoC
  • NXP i.MX8
  • QEMU Virt aarch64
  • Arm Fixed Virtual Platform

Work in progress:

  • NVIDIA Jetson TX2/AGX Xavier


CLARE comes with a powerful platform-aware toolkit that assembles a wide set of tools to optimize the deployment of complex applications and configure the entire CLARE Software Stack.

Compose Logo

Main features included in CLARE-Toolkit:

  • Rich library of ready-to-use templates
  • Interfaces to specify timing, safety and security requirements for mixed-criticality applications
  • Generation of resource-efficient deployment packages to fulfill user requirements
  • Generation of binary images for the CLARE run-time environment
  • Generation of cryptographically-signed images to implement per-domain Secure Boot
  • Processing of FPGA designs to configure multi-domain FPGA virtualization mechanisms (dependency on Chip Vendor Ecosystem)

The toolkit is accompanied by a friendly Graphical User Interface (GUI) that simplifies all the steps required to configure and deploy applications developed with CLARE, also guiding the designer via presets, suggestions, and ready-to-use templates.

The toolkit is integrated with the build tools of the supported platforms.

Compose Logo


CLARE-Middleware provides a unified and simplified API to access the services offered by the CLARE stack as well as the mechanism of the underlying hardware platform. Such accesses can be granted to applications via CLARE-Toolkit, which is also offering the possibility of configuring their behaviour.

Main features included in CLARE-Middleware:

  • Time-predictable, safe inter-domain communication
  • System-level/OS-level monitoring and fault recovery services
  • Inter-domain publisher/subscriber data distribution service
  • Access to security services offered by CLARE
  • Simplified access to machine learning algorithms with preconfigured video pipelines and ready-to-use deep neural networks
  • Predictable virtualization of hardware accelerators
  • Management of memory resources
Compose Logo