Download presentation
Presentation is loading. Please wait.
Published byHugh Benjamin Sims Modified over 8 years ago
1
Mac Mollison Sept. 24, 2010 DeOS 1
2
First, a funny story… 2
3
Agenda for this talk l Some new (to me) cert information l Recap of ARINC 653 l DeOS 3
4
Certification l RTOS re-certified as part of cert for each airplane it goes into l For example (first certs): »VxWorks => Smiths Aerospace »LynxOS => Rockwell Collins »DeOS => Honeywell l Certification artifacts sometimes supplied by OS vendor, sometimes not. 4
5
The Cert process l Certification performed by OS vendor or by 3 rd party contractor l FAA doesn’t certify, they audit the certification l Audit consists of approx. 4 to 6 1-week reviews of documentation »Spaced with 1 week before and after for vendor to prepare and review »This info comes word-of-mouth from DeOS sales guy and is only approximate 5
6
ARINC 653 Recap l ARINC 653 is a spec/API for integrating software formerly hosted on separate platforms »i.e. “integrated modular avionics” (IMA) l Uses table-driven schedule to switch between partitions »Which really hurts performance and gives poor schedulability 6
7
ARINC 653 History l IMA idea came about in Honeywell work on Boeing 777 (‘94) l After that, Boeing pushed for ARINC 653 spec to be created and adopted by industry »Came out in ’96 l Since then, has become a strong trend 7
8
ARINC 653… Really necessary? l NO, it’s not. l DeOS came out in ‘95 and was (and still is) used to do multiple levels of D0- 178B-certified software on one computer »Claim to use “time-space partitioning” but it uses rate-monotonic scheduling with budget enforcement and virtual memory. 8
9
Why use ARINC 653? l So why does ARINC 653 it still get used? »Not entirely clear to me, but… l Defines a common API, which is a strong selling point (-DeOS sales guy) l Presumably, makes cert easier l Presumably, has some soft. engineering advantages l Customers often put it into requirements »Monkey see, monkey do? 9
10
DeOS l “DeOS is specifically designed for safety-critical systems with mixed levels of criticality.” –their marketing materials l Looking into extending it to multicore (more on this later) 10
11
The rest of this talk l DeOS History and Delpoyment l Process/thread abstraction l Synchronization & Sharing l Scheduling l Microkernel architecture l DeOS Middleware l Multicore? l Latencies l Binary portability 11
12
DeOS History and Deployment l Began as a Honeywell internal project in the 1990s l Considered a competitive advantage by Honeywell l Eventually, Honeywell faced pressure to release it as COTS software »Story continues on next slide 12
13
DeOS History and Deployment l Licensed to embedded software house DDC-I »Who released it as COTS software in 2008 l DeOS sales guy claims DeOS IP is worth close to $100 million 13
14
DeOS History and Deployment l “Used in more avionics products than any other COTS RTOS” »COTS = “commercial, off the shelf” l x86, PowerPC 14
15
Process/Thread Abstraction l Process = set of one or more threads with shared virtual address space l Thread = executes periodically with budget allocation l All threads scheduled rate monotonically and must be harmonic »But there are some exceptions, such as interrupt handlers 15
16
Synchronization & Sharing l Mutexes and semaphores »“highest locker” protocol for priority inheritance to prevent priority inversions »I assume this is an implementation of PIP l Shared memory pages l “Mailboxes” with user-defined buffer depth 16
17
Scheduling l We already know it’s harmonic/rate monotonic l What you probably didn’t know yet is that they use some cool slack scheduling techniques 17
18
Slack Scheduling l If a job finishes under budget, its slack is added to the slack pool l Any thread designated as a slack consumer draws from the slack pool if it wants to run and has used up its budget l This is in addition to background scheduling 18
19
Slack Scheduling Example l Requirements states that monitor update must be done once every 1 second l “Customer delight” occurs when monitor update happens every 10 th of a second »Not feasible to give the thread that much budget l With slack scheduling, you can achieve “customer delight” 99% of the time. 19
20
Time Budget Transfer l Normally, slack is doled out from slack pool in priority order l Optionally, threads can specify which other threads should receive their slack »Used to implement client-server relationships where server has no budget of its own. »Allows client/server exchanges to happen immediately within one period 20
21
Microkernel Architecture 21 CPUPlatform Hardware DeOS Kernel Application Hardware ApplicationsMiddleware
22
Microkernel Architecture 22 CPUPlatform Hardware DeOS Kernel Application Hardware ApplicationsMiddleware -Easy to port -Eases cert
23
Microkernel Architecture 23 CPUPlatform Hardware DeOS Kernel Application Hardware ApplicationsMiddleware -Userspace device drivers
24
Microkernel Architecture 24 CPUPlatform Hardware DeOS Kernel Application Hardware ApplicationsMiddleware -Surprisingly large amount of stuff is “middleware” (more later)
25
Microkernel Architecture 25 CPUPlatform Hardware DeOS Kernel Application Hardware ApplicationsMiddleware Only kernel itself runs in privileged mode
26
Middleware l ANSI C Library l IEEE Math library l Sockets library l I/O interface (e.g. producers/consumer s, etc.) l Possibly other things l FTP and TFTP servers (for loading software onto target) l TCP/IP stack l Status monitor l Various debugging tools l Etc. 26 Level A Certified Level E Certified
27
Microkernel Architecture (Comparison) l Microkernel architecture is actually fairly common in the RTOS world l However, Wind River VxWorks (possibly the industry leader) is a monolithic kernel l Simple RTOSs allow everything to run in privileged mode 27
28
Multicore l Sales guy told me they have it running multicore but it’s not certified »Jives with what I’ve heard of DO-178B products from other vendors l They have a patent on dedicating part of the cache to one CPU and part of it to another »They plan to do mixed criticality on multicore with this »Contention for cache bus is still an issue with this 28
29
Latency l Sales guy says you have to sign an NDA to get latency information »Presumably, all RTOS vendors do this and that’s why we haven’t seen much latency info yet. l Claims it’s “in the tens of microseconds range” and competitors are in the “tens of tens of microseconds range” »Makes sense because ARINC 653 partitioning probably has more overhead 29
30
Binary Portability l Because of microkernel architecture, DeOS gives you full binary portability l ARINC 653 solutions do not have this »Since they have a common API, you can in theory just recompile –Sales guy says this is a practical problem with every time competing RTOSs are re-certified 30
31
Closing Thoughts l Note on DeOS ARINC 653 l Aside on Patents 31
32
DeOS 653? l Sales guy claims they’re making an ARINC 653 version of DeOS because customers are demanding it »Claims they have their own “twist” on it 32
33
Aside: Patents 33 l Note the two totally obvious patents that are part of the DeOS IP l I’ve noticed that RTOS vendors tend to talk about/brag about their patents a lot l Maybe we should be getting patents? »If the RTOS vendors care about patents so much, it seems like Jim could sell them patents and make big $$$
34
Questions? 34
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.