Safety and security are top priorities for providers of embedded operating systems
By John Keller
Safety is on a lot of minds these days, especially where software development is concerned.
Now more than ever, software industry experts say, systems designers are looking for safety-critical embedded operating systems-and in nonmilitary applications in which safety-critical code historically has not been an issue.
Of course, demands for safe software in military and aerospace systems, embodied primarily by the RTCA DO/178 and ARINC 653 standards, are the rule rather than the exception.
“We are seeing a lot of systems go toward safety critical solutions just because they want a higher level of safety, such as fire-control systems and munitions in the military,” says Steve Blackman, director of military and aerospace business development at real-time software provider LynuxWorks Inc. in San Jose, Calif.
New generations of intelligent munitions-particularly smart mines-are a prime example of the need for safety-critical embedded operating systems, Blackman says. “If intelligent mines sense something, they throw a munition into the air that obliterates a tank and all the people around it, so safety is a big issue,” he says.
Furthermore, next-generation minefields can be turned on and off after military conflicts are over, or if friendly forces need to operate in the area. “In the Army they used to say ‘hand grenade, pin in, safe; pin out, unsafe. Now safety is all software.”
DO-178B, produced by Radio Technical Commission for Aeronautics Inc. (RTCA), establishes DO-178B as the accepted means of certifying all new aviation software. The standard primarily is concerned with development processes.
The targeted DO-178B certification level is either A, B, C, D, or E-levels that describe the consequences of a potential failure of the software: catastrophic, hazardous-severe, major, minor, or no-effect.
ARINC 653, meanwhile, is for system partitioning and scheduling in safety- and mission-critical systems, particularly for avionics. The standard defines an application executive for space and time partitioning for when several applications need to share one processor and memory. ARINC 653 seeks to guarantee that one application cannot bring down another in the event of application failure.
LynuxWorks offers real-time embedded operating systems that meet DO-178B as well as ARINC 653, and is seeing growing interest from software developers outside the military.
“We see more and more interest in medium- and high-assurance safety and security outside the military,” Blackman says. Large banks, he says are particularly interested in safety-critical software standards to ensure that their transactions are correct and safe from unauthorized viewing.
Another big trend today in embedded operating systems is whether applications need a full-blown operating system at all, explains Alex Polmans, senior software engineer at DDC-I, an operating system and software-design tools company in Phoenix.
“Sometimes there is no space at all for a full operating system on a tactical computer,” Polmans says. “A lot of the programs today are about maintaining the old systems where the hardware is no larger than it used to be. These need real-time runtime systems, just like in the old days.”
A future trend for systems developers to watch involves the notion of “software agnosticism,” in which embedded operating systems are not tied directly to the application software they will run, Polmans says.
“The original code does not have to know about the target is being compiled,” he explains. On our SCORE real-time kernel we provide different flavors of VX Works,” for example. “Within SCORE we have a number of different targets. We have a switch that says we want to target this processor or that. The tools we provide take care of that mapping. This is part of the agnostic concept.”
Click here to download a .PDF of Embedded Operating Systems.