arinc 653 rtos for multi core certification · arinc 653 applications are segregated or partitioned...
TRANSCRIPT
© SYSGO AG · PUBLIC 2
Agenda
• ARINC History
• ARINC 653 Concepts
• Core Software Considerations
• ARINC 653 multicore
• ARINC 653 Graphical Demo
• Questions
© SYSGO AG · PUBLIC 3
ARINC History
• Aeronautical Radio Inc (ARINC)
• Rockwell Collins acquired ARINC Dec 23rd 2013
• United Technologies acquired Rockwell Collins in 2018…
• ARINC Standards
• 600 Series is the reference standards for avionics equipment specified by
the the ARINC 700 series
• 700 Series details the form, fit and function of avionics equipment
predominately on transport aircraft.
ARINC 651 complements ARINC 653 with to respect form, fit and function of
ARINC computer systems.
© SYSGO AG · PUBLIC 4
ARINC 653 Concepts
• ARINC 653 is firmly defined for the
highest level of criticality for
civilian Aerospace
• ARINC 653 is intended for use with
Integrated Modular Avionics*
• RTCA DO-178C is the primary consideration for ARINC 653
• Military systems use ARINC 653 because of it’s partitioning and strict
scheduling capabilities
• MultiCore Processing (MCP) is supported
• CAST32A provides the guidelines for MCP*
“The IMA concept proposes an integrated architecture with application
software portable across a range of hardware modules”
© SYSGO AG · PUBLIC 5
ARINC 653 ConceptsAviation Safety and ARINC
• FAA and EASA
• These organisations provide all safety coverage for aviation safety
including Air Traffic Management
• There are rules and regulations governing any aircraft, even military, that
fly within civil aerospace.
• DO-254 and DO-178C provide a safety framework for systems within
Aircraft, whether manned or unmanned.
• CAST32A defines recent multicore concepts for
the use of System On Chip (SoC)
devices as well as RTOS requirements.
© SYSGO AG · PUBLIC 6
ARINC 653 Concepts – System Architecture
System
Partition(s)A653
Partition 1A653
Partition 2
A653
Partition (n)
Optional Services
CSW - Core SoftWare Module - ARINC 653 Operating System
APEX Services Required Services
Logical Communications
PartitioningHealth Monitor
Exception Handling
Scheduling
Configuration Data
Core Hardware Module
ARINC 653 does allow other types of
partitions to co-exist with ARINC 653
Partition types, these are known as
System Partitions. Parts 1-4*
The CSW or Core SoftWare must
provide required services:
• Partition Management
• Process Management
• Time Management
• Memory Management
• Inter-Partition Communication
• Intra-Partition Communications
• Heath Monitor
© SYSGO AG · PUBLIC 7
ARINC 653 Concepts - APEX
ARINC 653
Process
APEX
ARINC 653 Applications
are segregated or Partitioned from the
RTOS or Core Software by use of an
APplication Executive known as APEX.
APEX defines the API of the ARINC 653
application, ensuring portability between different
Core Software where the APEX API hides the RTOS
implementation.
The ARINC 653 Application is held within a Robust
Partitioned environment, provided by the
Core Software.
RTOS – Core Software
© SYSGO AG · PUBLIC 8
ARINC 653 Concepts – Communications (Inter*)
ARINC 653
Process
APEX
RTOS – Core Software
ARINC 653 Communications uses Message Queues or Sampling Ports
with the concept of point to point uni-directional channels.
Channels, Queues and Ports are defined at design time.
ARINC 653
Process
APEX
Logical Channel
Port RX1Port TX1
Physical Channel
Channels are
Uni-Directional
Messages must
Arrive in the order
that they are
sent.
© SYSGO AG · PUBLIC 9
ARINC 653 – Communications (Intra*) Blackboard
ARINC 653
Process
APEX
RTOS – Core Software
ARINC 653 Intra Partitions Communications may use Message Queue or Sampling
Ports. However, Message Blocks and Blockboards may be used instead for intra
Partition communications.
ARINC 653
Process
BLACKBOARD
AREA
CREATE_BLACKBOARD()
DISPLAY_BLACKBOARD()
READ_BLACKBOARD()
© SYSGO AG · PUBLIC 10
ARINC 653 – Communications (Intra*) Buffers
ARINC 653
Process
APEX
RTOS – Core Software
ARINC 653 Intra Partitions Communications may use Message Queue or Sampling
Ports. However, Message Block Buffers and Blockboards may be used instead for
intra Partition communications.
ARINC 653
Process
Buffer
CREATE_BUFFER()SEND_BUFFER()
RECEIVE_BUFFER()
Message Block Buffers
are queued
from sender to receiver
© SYSGO AG · PUBLIC 11
ARINC 653 Concepts – Health Monitor
ARINC 653
Process
APEX
The ARINC 653 Health Monitor defines a number of error levels, supported by HM
configuration Tables and Error Handlers set by Applications.
Health Monitor covers the following
event levels:
• Partition
• Process
• Module
• System Error Detection
Unhandled events can cause
Application halt, Partition Idle, Cold or
Warm Boot or even System Halt!!
NOTE : Health Monitor should not be confused by Health
Monitoring, HM is really dealing with actions to be
performed on exceptions or system level Errors to protect
and recover the system.
Part Level
Proc Level
Mod Level
System Level
HM ConfigTable
© SYSGO AG · PUBLIC 12
ARINC 653 RTOS Consideration– PikeOS
• PikeOS Hypervisor
• RTOS with Separation Microkernel (MMU only)
• Time and Space Separation
• Robust Partitioning
• ARINC 653 Guest OSSupported across X86 / PPC / ARM
• Enhanced HM
• By core SchedulingMulti-Core Management
• One PikeOS for allMarket Verticals
Avionics, Rail,
Automotive, Medical
Security
• ARINC 653 compliant for Required and Optional Services
(ADA)
ARINC
653
ARINC
653POSIX
User
Level
Driver
Linux
PikeOS RTOS (System Services)
Hypervisor Separation Microkernel
Hardware Devices
Certifiable Boot Loader
© SYSGO AG · PUBLIC 13
ARINC 653 RTOS Consideration– PikeOS
ARINC
653
ARINC
664
Driver
PikeOS RTOS
Hardware Devices
Certifiable Boot Loader
Linux
A664
ARINC 664 is Avionics Full Duplex Switched Ethernet
PikeOS allows both User
and Kernel level drivers.
However, User level drivers
cannot affect the kernel space.
PikeOS memory requirements are
defined at design time providing
guaranteed access at runtime
No memory requirement means
no access at runtime
PikeOS provides a Safe and Secure ARINC 653 Platform
© SYSGO AG · PUBLIC 14
Multicore Management of PikeOS
• Time Partition Scheduling by Core
• Core Minor Time Partitions are defined at Design time
• Critical processes may separated by Time, Resource and Core.
• Cache clearance is possible with each partition type.
Core 0
Core 1
Core 2
Core 3
Major
Time
Frame
Window
Critical
Partition
Separation
By Core
ARINC
653POSIX
PikeOS
NATIVELinux
PikeOS RTOS (System Services)
Hypervisor Separation Microkernel
Hardware Devices
© SYSGO AG · PUBLIC 15
PikeOS Graphical Demo – ARINC 653
• PikeOS is ideal for IMA Glass Cockpit systems
• Come and see our Avionics demo
• PikeOS
• CoreAVI
• ANSYS
• Curtiss Wright VPX-133
• SYSGO Booth A53b
• CoreAVI, ANSYS and Curtiss Wright Booth A17
© SYSGO AG · PUBLIC 16
Corresponding Whitepaper is available here:https://www.sysgo.com/services/knowledge-center/whitepapers