Deos, a Time & Space Partitioned, Multi-core Enabled, RTOS Verified to DO-178C/ED-12C DAL A
Primus Epic Avionics Display Application using Deos
Safety Critical RTOS for Avionics Applications requiring DO178C/ED-12C DAL A verification
Deos™,DDC-I’s safety-critical time and space partitioned real-time operating system (RTOS) that has been verified to the guidance of DO-178C/ED-12C Design Assurance Level A (DAL A) for Avionics Applications, supports ARINC 653 APEX, Rate Monotonic Scheduling (RMS), and is targeted at the Future Airborne Capability Environment (FACE™) Safety Extended and Safety Base Profiles. Deos is the first RTOS to receive OSS Conformance Certification for the FACE Technical Standard, Edition 3.1. The Safety Extended Profile, which adds support for TCP/IP communications, multi-process support, and expanded POSIX capability (80 extra functions), is a superset of the functionality required by the Safety Base and Security Profiles.
Deos has been field proven as a safety-critical RTOS since its first verification and audit to DAL A by Transport Canada in 1998, and it has been certified and is flying in 10’s of thousands of aircraft. Since the initial verification, it has continually evolved throughout the last two decades with new processors and features in subsequent baselines, and it has been successfully audited by the world’s various governmental certification authorities (FAA, ENAC, JAA, EASA, CAAC, and others) and Airframe and Avionics Supplier Designated Engineering Representatives (DERs).
Avionics Applications using Deos
Deos has been used to manage resources and hard partition avionics applications on x86, PowerPC, ARM and MIPS microprocessors for a multitude of flight critical functions that require bounded processing, high determinism and high throughput. These functions include: air data computers, air data inertial reference units, cockpit video, displays, flight instrumentation, electronic flight bags, engine management, enhanced ground proximity warning, FADECs, flight controls, flight management systems, maintenance systems, power distribution systems, radios, traffic collision avoidance systems(TCAS), weather radar and many more federated and IMA avionics systems.
Verified to the guidance of DO-178C/ED-12C DAL A
Deos is full featured and has been verified to DO-178C/ED-12C Design Assurance Level A (DAL A) and it addresses the issues of high robustness for avionics and safety critical applications. Deos was built from the ground up with plans and procedures created to the guidance of DO-178 starting with its requirements for its first line of code. In fact, Deos is the only verified time and space partitioned COTS RTOS that has been created using RTCA DO-178 DAL A processes from the very first day of its product development.
Safety Critical Multi-core Operation with Industry Standard ARINC 653 APEX and POSIX APIs
Deos is multi-core enabled through its SafeMC™ Technology giving developers the ability to bound resource contention and safely schedule processes on multiple cores. It provides the toolset for addressing the objectives of the CAST-32A Position Paper. Deos includes ARINC 653, Rate Monotonic, and POSIX schedulers and associated standards based interfaces for maximum portability of code, and it offers several unique fundamental and patented architectural advantages over other competing DO-178C verified safety critical RTOS’s. The result is the best performance, lowest risk, easiest to certify, and lowest cost time & space partitioned COTS RTOS for airborne avionics and safety critical applications on the market today.
Security Capabilities for Avionics Systems
Deos’ time and space partitioning, and explicit resource allocation enforcement inherently support isolation of computing and I/O resources, leading to a secure system design. In addition, its modular boot code, hardware abstraction layer, and the availability of application program interfaces to platform hardware resources enables Deos to deliver a software foundation to easily integrate a variety of security capabilities into the avionics device. Since system security requirements and hardware support for security functions varies on each customers target hardware platforms, Deos is integrated with a number of 3rd party security software packages (i.e., encryption, secure networking, key management, etc.). Those packages along with a DO-178C/ED-12C verified safe and security enabled BSP (through DDC-I services, 3rd party, or customer developed) a Deos based system may be designed to meet the security requirements of most any avionics program.
Includes support for:
Linux and Windows XP, 7, 8 & 10 host development environments
x86, PowerPC, ARM and MIPS single- and multi-core processors
C, C++ (subset), Ada95 compilers
Rate Monotonic, ARINC 653 and POSIX scheduling and application interfaces for maximal code portability
Popular avionics standards (DO-178C, ED-12C, ARINC, POSIX) and other optional modules:
DO-178C/ED-12C Verification Evidence (Artifacts) to Design Assurance Level A (DAL A)
ARINC 653 (ARINC Specification 653 Part 1 )
POSIX 1003.1 subset targeted at FACE Safety Extended Profile
ARINC 653 p4 (ARINC Specification 653 Part 4)
ARINC 615 (ARINC Specification 615 Target Data Loader)
ARINC 664 (ARINC Specification 664 Data Bus)
File System (ARINC Specification 653 Part 2)
Certifiable Fast File System – Data Streaming File System
AFDX – Avionics Full-Duplex Switched Ethernet
Features
Trusted & Field Proven
Verified and successfully audited to DO-178, Design Assurance Level (DAL) A since 1998
Certified and flying on hundreds of aircraft systems world-wide
Best in Class Performance & Technical Advantages
Rate Monotonic Scheduling (RMS), ARINC653 and POSIX scheduling with patented slack scheduling enables full processor utilization
Deos BSP creation & verification costs/schedules are a fraction of any other time & space COTS RTOS requiring aircraft certification for flight.
Deos's unique hybrid architecture makes it easy for our customers to develop ARINC 653 applications for Deos, or to migrate existing ARINC 653 applications to Deos.
DDC-I's open and competitive services model enables customers and third parties to create their own Deos BSP, drivers, & other Deos components.
Portability - Binary objects promote plug & play reuse, with minimal re-verification effort.
High-level OS facilities enable applications to migrate with minimal change (e.g., IOI resolves different I/O interfaces types).
Ecosystem of third party hardware, software, and services
Unique Hybrid Architecture
Combines RMS, 653 and POSIX scheduling models & Application Programming Interfaces (API's) in a powerful & versatile system for software certification.
The Deos 653 Hybrid Architecture allows the best of both worlds with the portability of the popular avionics standards, and the value added features of Deos, such as slack scheduling, it's modular architecture, application space device drivers and more.
Deos Slack Scheduling
Deos™ patented slack scheduling technology enables software designers to leverage all the power of today's modern processors, without sacrificing the safety of space & time partitioning.
How to Certify Your Code Once, and Use it in Multiple DO-178B Applications
It's no secret that developing DO-178 certifiable avionics software is an expensive and time consuming proposition. This paper describes key Deos technologies that allow mission and safety critical systems to evolve and innovate at a faster rate and lower cost.
Patented Cache Partitioning - Ability to partition the cache by associating processes (or process groups) on (or across multiple) cores to subsections of the cache. Minimizes cache contention (cache thrashing), maximizes cache hits, and minimizes Worst Case Execution Times (WCETs).
Memory Pooling - Enables physical memory segmentation and association with processes and groups of processes.
Safe Scheduling - User configurable control of process execution and scheduling algorithms across the cores to minimize cross core interference patterns.
Patented Slack Scheduling
By using slack, thread Medium might receive CPU time that would have been lost to Idle to complete its execution for period
Gives you the ability to budget in order to meet your safety requirement, but enable slack in order to get the most out of your processor
Allows a client & server to exchange data, perhaps multiple times, back-to-back, within the same period, in order to complete a transaction
Enables the removal of lower criticality applications from the high criticality, fixed budget time line Software designers can now leverage all the power of today's modern processors, without sacrificing the safety of space & time partitioning.
Designed to Save Money on Certification Costs
Reduced Software Development Cost
In addition to the typical RTOS services for memory management and synchronization, Deos has excellent support for hard-deadline deterministic periodic execution. Additionally, Deos provides highly efficient, deterministic inter-process/inter-processor, periodic & aperiodic communication mechanisms which enable the designer to isolate applications from changes in I/O format and bus hardware/source.
Reduced Integration Cost
It is common for resource contention conflicts, in otherwise well tested software, to manifest during integration. These errors can be difficult to locate because interactions are complex and rarely understood by any one individual. The Deos Integration Tool makes obvious, during development and design, an application's resources needs, this prevents contention while providing early warning of physical resource depletion. An application's memory, I/O, interrupt and processing time needs are defined early in the life cycle and follow it throughout development, testing & verification; thus reducing the time and cost of integration.
Reduced Recertification Cost
The cost to re-certify previously approved software is a function of the amount of change. Changing just a single module and then re-compiling / re-linking the whole system results in an entirely new executable. Deos solves this problem by supporting run-time linkable libraries and executables (i.e., it is a DO-178B Level-A Link/Loader). Consequently a change to one module within an executable impacts only that executable. The executables for the rest of the system, and even the run-time linkable libraries used by the application remain unchanged. This isolation of change impact results in a reduced re-certification cost thereby making it easier to embrace change and incrementally improve your product offerings.
Improved Programmer Efficiency
Of course, Deos comes with all the software development and debugging tools you've come to expect: IDE, Debugger, run-time system monitor/profiler, as well as integrated emulator support. Additionally, Deos provides integration and configuration tools which enable the designer to factor out what would otherwise be hard-coded constraints. This factoring ability not only speeds development, but also aids in verifying the correctness of the implementation, aided by Deos provided qualified verification tools.
Object Code Structural Coverage Tool
DO-178B indicates that, when using modern compilers for Level-A software, structural coverage "...should be performed on the object code" (6.4.4.2.b). Deos provides a structural coverage tool capable of gathering structural coverage data on the executable object code in compliance with the Level-A requirement. This eliminates the need for an expensive source to object code traceability analysis.
Run-time Linkable Libraries
Decompose your applications into executables and run-time linkable libraries in order to isolate change impact. Both startup and runtime shared library loading is supported enabling maximum flexibility, configurability, and Just-In-Time function binding. Also save valuable platform memory space and ensure all your applications are using the same latest and verified library.
Decreased Software Porting Cost
The Deos 653 products add support for the ARINC Specification 653, scheduling model and APplication/EXecutive (APEX) interfaces to allow improved portability of avionics software from other sources that have been written to conform to that popular specification.
