When we talk about safety critical system such as one running in an aircraft, it’s very important that it must not generate unwanted scenarios. Aviation industry demands 100% reliability for the systems which goes into the aircraft, it demands a great human effort to develop and verify such systems. RTOSes plays an important role in airborne systems.
RTOS products are providing support for avionics systems including autopilots, display systems, navigation computers and flight management systems, etc. Real-time operating systems serve a critical role in ensuring safety at the processing level because they guarantee that hundreds, if not thousands, of specific algorithms, get executed on time every time.
If we take the example of a traffic collision-avoidance system (TCAS) or a ground proximity warning system (GPWS), avoiding an air-to-air collision or a controlled flight into terrain incident can very well depend on the integrity of an RTOS.
If we take the example of a traffic collision-avoidance system (TCAS) or a ground proximity warning system (GPWS), avoiding an air-to-air collision or a controlled flight into terrain incident can very well depend on the integrity of an RTOS.
One of such RTOS specially customized for the aviation industry is LynxOS–178. One important aspect of this safety-critical real-time operating system is partitioning. In many safety critical systems, independent applications with different levels of criticality coexist on the same CPU and in these systems, the real-time operating system must support partitioning between the applications to ensure that a failure in one application cannot impact the operation of another.
Operating systems can be partitioned when multiple applications need to share a single processor to ensure one application does not bring down another in the event of failure. These RTOSs provides security through Virtual Machine (VM) brick-wall partitions which make it impossible for system events in one partition of the RTOS to interfere with events in another. It’s as if each partition were its own separate computer.
Memory and resources are not shared between the partitions in the LynxOS – 178 system. Each partition has access to statically pre-allocated memory and operating system resources. Partition memory is protected by the MMU eliminating any chance of a process execution in one partition to inadvertently access memory owned by a different partition.
For e.g., the application such as software controlling the aircraft during an automatic landing in zero visibility conditions which is identified as most critical should not fail due to the failure event occurrence in other application running in parallel such as flight management systems which is identified as less critical compared to the former one.
The failure in a former lead to the loss of human life as there are strong chances of an aircraft crash while in latter can only create some sort of discomfort to the passengers, hence it is but obvious that this two software will not be developed with same strictness. That is why resource separation becomes mandatory in Airborne systems in terms of partitioning for separating out the execution of applications and it’s respective handling of failure events.
The whole system or platform needs to be qualified and go through safety analyses. It needs to go through certificate standards DO-178B and now DO-178C for software and then DO-254 for hardware and map all the capabilities around a piece of hardware or software back to real hard requirements before achieving that certification.
The main objective is that the software has to run the same every time… it has to do what it says it is going to do when it is supposed to be doing it. If a fault condition occurs it has to be dealt with without bringing everything down including the airplane.
Please find the more useful information about LynxOS-178 from the following link:
www.lynx.com/products/real-time-operatin…tware-certification/