RTOS with hard Partitions in time and Space: LynxOS-178 Secure real-time operating system for fault containment

1. RTOS: LynxOS-178 real-time operating system
2. RTOS for industry standards: DO-178B, POSIX and ARINC 653
3. >>Secure RTOS partitions
4. RTOS architecture
5. Configuration and RTOS kernel image
6. FAA-accepted Reusable Software Component (RSC) for DO-178B

• LynxOS-178 RTOS PDF brochure (278 kB)
• ARINC and POSIX for Safety-Critical Applications PDF brochure (1.04 MB)

The LynxOS®-178 RTOS achieves system security through Virtual Machine (VM) brick-wall partitions of time, memory and resources. Real-time systems programmers get a boost with LynuxWorks' DO-178B RTOS training courses.

Each RTOS partition performs like a stand-alone real-time operating system. System events in one RTOS partition can neither share resources nor interfere with events in another RTOS partition (except for "VM0," a partition with special root privileges).

The DO-255-compliant system partitioning allows secure RTOS execution of applications of various DO-178B criticality levels—concurrently—in different partitions on the same processor, according to the needs of the product. For example, the OS can run a DO-178B level A application in one VM while a level C application is running in another.

LynxOS-178 RTOS partitioning involves exclusive access of three kinds: time, memory and resources.

Time partitioning in the RTOS

Time partitioning is done through a fixed-cyclic time-slice scheduler, which allocates periods of time to each partition.

During each time slice, only processes in the assigned partition are permitted to execute. The LynxOS®-178 RTOS implements an ARINC 653-1-based time partition scheduling algorithm that gives each partition fixed execution time so that the system can be deterministically safe.

Memory partitioning in the RTOS

Memory partitioning is achieved by dividing RAM into discrete blocks of nonoverlapping physical address space. Each RTOS partition is assigned one and only one block of memory. Within the partition, the virtual address spaces of various processes are mapped to memory from the assigned memory block.

Resource partitioning in the RTOS

Resource partitioning means that each device can be assigned to only one partition of the RTOS. This means that a fault in a device or its driver will be contained within a single RTOS partition. Each partition mounts a RAM-based file system for data storage. The file systems are private to the individual partitions and are never shared with other partitions.

Multiple processes and threads

Within each RTOS partition, the LynxOS-178 RTOS supports a multiprocess, multithreaded environment in which real-time applications can run seamlessly, make system calls, and use device drivers.

The RTOS can run a shell on a serial port for a developer to interact directly with the target machine. The RTOS device drivers permit mounting an external disk drive to facilitate testing and data capture. The LynxOS-178 RTOS also handles errors and exception conditions that applications do not, or cannot, trap.

Mountable file system support

LynxOS-178 implements a POSIX-compliant file system interface that supports the creation of fully functional file systems in DRAM, Flash, and so on. These file systems can be mounted read-write or read-only for additional flexibility in safety-critical environments.

Dynamic device driver

Applications and drivers are not required to be linked to the operating system and can, therefore, be isolated, limiting recertification efforts for the full operating system when only an application or driver needs modification.

on the LynxOS-178 RTOS tour: RTOS architecture