SYSGO – PikeOS: Aerospace, Defense, and Automotive RTOS for Safety and Security systems and Mulit-Core certification

For more information:

Ohad Beit-On

ohad@sightsys.co.il

054-2584032

PikeOS – Avionics Certification RTOS Solutions and Services

The concept behind PikeOS is ‘Safety and Security for a connected world’. Meeting the needs of Multi-Core certification,

embedded virtualization and high performance this highly robust RTOS builds its pedigree from deployments in an array

of safety and security critical markets from Aerospace & Defense to Automotive and Transportation and Industrial to Medical and consumer electronic.

 
Why PikeOS?

The Internet of Things consists of billions of highly integrated, multi-functional smart devices in a digital network. Application software, cloud services and critical control tasks have to collaborate seamlessly. Hence, the underlying operating system must act as a catalyst and bring together general IT and Embedded capabilities.

That’s why we have developed PikeOS. This real-time operating system offers a separation kernel based hypervisor with multiple partitions for many other operating systems and applications. It enables you to build smart devices for the Internet of Things according to the quality, safety and security standards of your industry.

PikeOS is a real-time operating system and virtualization platform providing full separation in both time and space for multiple software applications running on different criticality levels.

Scheduling real-time and non real-time application

A virtualization platform for complex embedded systems must support a mixture of applications with a broad range of timing requirements: hard real-time, soft real-time, and non real time. PikeOS RTOS incorporates a new scheduler combining time-driven and priority-driven scheduling. This scheduler ensures deterministic mapping between virtual and real-time, dynamic re-allocation of excess computing time and priority-based responsiveness. Hard real-time requirements for critical applications are met (gray processes) while still providing best effort scheduling for non-critical tasks (blue processes). A conventional RTOS cannot make use of excess computing time and needs much more time to handle all processes.

csm_SYSGO-PikeOS-RTOS-Technology-02_3f1737fc59

Comparison between PikeOS RTOS and conventional RTOS scheduling: Dynamic re-allocation of excess computing time allows best usage of CPU resources with PikeOS RTOS in comparison to conventional RTOS.
 

Deterministic real-time responsiveness

Deterministic responsiveness is straightforwardly accomplished by using a strictly time-driven scheduler: Every virtual machine is statically assigned an individual time slice. The virtual machine scheduler periodically executes each VM in turn for the duration of their respective time slices. In this way, VM’s receive fixed amounts of processing capacity at predefined points in time. Thus, they are able to schedule real-time processes themselves. However, if a VM has no runnable processes during its active time slice, or if its processes have completed before the time slice is over, it cannot simply do a switch to another VM, because that would destroy the temporal determinism.

Time-driven and priority-based scheduling

To re-use these excess processing capacities, PikeOS RTOS combines time-driven scheduling and priority-based scheduling: In addition to a time slice duration, it also allows to assign a priority to each VM. All real-time VM’s receive the same mid-level priority. We continue to switch between these VM’s with a strictly time-driven scheduler. All non-real-time VM’s are assigned a low priority. Switching between these VM’s is done by a classical round robin scheduler to achieve load balancing. Thus, whenever a mid-level VM has no processes to run, it sleeps for the rest of its time slice, effectively passing its excess processing time to any low priority VM.

 

PikeOS Embedded Virtualization

PikeOS embedded virtualization is designed to manage virtualization along with the special requirements of complex embedded systems, e.g. real-time responsiveness, deterministic and diverse hardware and software support. While server or desktop virtualization mainly targets space partitioning to make better use of an x86 hardware platform, PikeOS embedded virtualization offers more flexibility through time and space partitioning. PikeOS embedded virtualization provides partitions for multiple guest operating systems, so-called personalities, and supports diverse hardware platforms.

SYSGO architacture

Partitioning according to ARINC 653

SYSGO-PikeOS-embedded-Virtualization

Partitioning according to ARINC 653: Embedded virtualization allows the separation of applications and their resp. RTOSs, APIs, and RTEs in safely encapsulated partitions.

Partitioning is a PikeOS concept described in the ARINC 653 specification for system partitioning and scheduling which is often required in safety-critical systems in the avionics industry. Partitioning allows a software architect to build multiple partitions on top of the PikeOS micro-kernel that can host real-time operating systems, run-time environments or APIs along with their world of application programs (see info graphic above). Each of these partitions receives its own set of system resources. Applications operate completely isolated and are controlled only by the PikeOS micro-kernel. There is no way for a program in one partition to affect or harm another. In this way multiple guest operating systems are able to safely coexist on a single machine and their individual functionalities can be tailored to match the requirements of their application programs. Partitioning helps to reduce the amount of hardware in complex systems and makes software integration much easier.

 

Micro-kernel based para-virtualization

PikeOS embedded virtualization is based around a small micro-kernel which provides core functions. By means of these functionalities the system’s resources, e.g. memory, I/O devices, CPU-time, etc., can be divided into separate subsets. The PikeOS micro-kernel serves as hypervisor or virtual machine monitor (VMM) and traps any attempts by user programs to execute privileged instructions or to otherwise access resources outside of their set. In this way, it implements para-virtualization similar to Xen.

Reduction of software complexity

Computers today generally do not suffer from lack of performance, but they often have severe reliability problems. In embedded systems, where malfunction of appliances can be a severe threat to the lives of humans, software complexity is the core problem. With micro-kernel based virtualization, applications are no longer forced to unconditionally trust a huge monolithic kernel containing a lot of complex functionalities that the application may or may not need. Instead, each subsystem can choose the amount of code that it wants to trust, thus providing more stability and helping to reduce the complexity of the whole system.

Cost-efficient software integration and protection of intellectual property

Software integration becomes more or less a question of configuration. The flexible design of PikeOS embedded virtualization enables system architects to integrate software applications of different suppliers on one platform in a cost-efficient, safe and secure way. It even allows integration of APIs supporting legacy software. All applications reside in encapsulated partitions where the PikeOS micro-kernel controls access, protecting intellectual property against unwarranted access.

Partitions & Personalities

Partitions can host a broad variety of personalities, i.e. guest operating systems, run-time environments (RTE) and APIs, on top of the hypervisor and support applications of different security level, different criticality level, real-time or none real-time. This variety of personalities enables legacy applications (e.g. Ada or legacy RTOS) to run concurrently with new applications based on standards like POSIX or ARINC-653 and can even be combined with embedded Linux. All these personalities run on the same PikeOS kernel support applications in industries like aerospace & defense, automotive & transportation, industrial automation & medical, network infrastructure, and consumer electronics.

Partitions & Personalities

PikeOS partitions and personalties; PikeOS offers partitions for a broad range of personalities, i.e. guest operating systems, run-time environments and APIs.

Complete operating systems normally don‘t require a host operating system (OS) to run on, nor can they tolerate the presence of another operating system. On PikeOS, however, a host OS can run in user-space, in non-privileged mode.

  • Embedded Linux 
  • µITRON
  • OSEK (AUTOSAR)
  • RTEMS
  • Windows (contact us)
  • Legacy RTOS: we can provide APIs that combine your Legacy OS with other operating systems, run-time environments and APIs on top of PikeOS (contact us)
 

Run-time Environments on-hand

Execution run-time environments need an OS host. With PikeOS RTOS run-time environments have their own schedulers and communication processes. Therefore, run-time environments run without losing performance.

APIs on-hand

Application programming interfaces (APIs) provide an interface used to access underlying functionality.

Board Support Packages

To see which boards are supported please click at our BSP-List.

Safety Architecture

The characteristics of smart devices are made of software. It controls complex systems like airplanes, cars, and even entire factories in the Internet of Things. Hence, software must ensure and prove the safety of humans, machines and the environment. PikeOS is an excellent foundation for this requirement. It provides a hypervisor on top of a micro kernel allowing the separation of diverse applications into different partitions. This system design reduces the effort of safety certification significantly due to a small trusted code base. Additionally, strict separation allows certification of each application according to its individual safety level, whether DO-178B, IEC 61508, EN 50128 or ISO 26262. By the way: PikeOS recently received the first SIL 4 certification on a multi-core platform.

Micro-kernel based small trusted code base

 

Safety certification of applications of different levels of criticality: Cost-efficient safety certification of applications with different criticality levels in an ARINC-653 resource partitioned embedded system.

PikeOS has been designed for use in safety-critical applications and has gone through a comprehensive validation according to safety standards like DO-178B, EN 50128, IEC 62304, IEC 61508,  ISO 26262, IEC 61513 for either the avionics, automotive, railway, medical, industrial automation or nuclear power plants. Since only the micro-kernel runs in privileged mode, all of its code contributes to the trusted code base of every application that might run on top of it. The effort of certifying a program is roughly proportional to the amount of code to be examined. This comprises the code of the program itself, but also that of the run-time environment (i.e. operating system, libraries etc.) which the program relies on. Therefore, the PikeOS micro-kernel consists of less than 10,000 lines of code making certification less expensive than that of conventional monolithic real-time operating systems. Even better: PikeOS allows the combination of applications of different levels of criticality where every application can be certified independently from others.

 

Reduction of software complexity

In many areas of safety-critical applications, multiple independent applications are executed on a common machine. Besides helping to reduce hardware complexity (thus increasing reliability) this also reduces costs. On the other hand multiple applications on a single machine imply rising complexity of the software because any program is able to cause a malfunction of any other program. Thus, if the functions have different criticality levels, the highest of those levels implicitly applies to all software in the system. To reduce software complexity PikeOS is equipped with ARINC-653 compliant resource partitioning. The idea is to establish subsets of system resources, so-called “partitions”, serving as fault container: each program can only access its partition’s own set of resources, so programs running in separate partitions cannot interfere with each other. Therefore, they do not need to trust each other and individual criticality levels can be assigned to each of them independently.

Different criticality levels

ARINC-653 compliant resource partitioning of PikeOS offers the implementation of separate partitions for multiple independent applications with different levels of criticality, e.g. application 1 on operating system 1 in partition 1 with safety-criticality level A, application 2 on API 2 in partition 2 with safety criticality level B etc.(see fig.). The safety standards assign levels of criticality to applications, according to worst case potential damage that could result from a malfunction. Although they use different nomenclatures (e.g. “levels” in the DO-178B, “SIL” in the IEC 61508,), the general concept in all of the standards is similar: the higher the level, the more rigorous testing or even formal verification is required to obtain certification. Resource partitioning reduces the trusted code base for each of the applications and enables their certification independently from applications in other partitions, thus reducing certification cost significantly for industries like Aerospace & Defense, Automotive & Transportation, Industrial Automation & Medical, Network Infrastructure and Consumer Electronics.

Embedded IDE tools – C/C++ Compilers and DebuggersReal Time Operating SystemsDebuggers & JTAG EmulatorsEmbedded Software Testing solutionsMiddleware & SW componentsHW Testing solutions – Boundary-Scan (JTAG) & FunctionalOrganizing, Analyzing & Verification tools for HDL designs, FPGAs, Board schematic, PCB layout and Systems designersHome of CANopen, EtherCAT, PowerLink, ProfiNet– SW Protocols, Data loggers, Interfaces, devices & SolutionsIn-Circuit/Parallel Engineering & Production Device Programmers (Flash/EPROMs/CPLDs…)

For more information: Ohad Beit-On ohad@sightsys.co.il 054-2584032