Phoenix, Az. – Safety-critical software vendor DDC-I today announced it is jumping into the embedded operating system market with a pair of safety-critical RTOSes that will go head to head with offerings from Green Hills Software and Wind River.
But where the latter two offer safety-critical optimized versions of their RTOSes for the high end of such markets as military/aerospace, medical and industrial, DDC-I has developed two RTOSes designed specifically for a wide range of safety-critical designs.
The first, known as Deos, targets the high-end safety-critical market, with a focus on military and aerospace applications requiring safe operation and/or DO-178B Level A certification. The second RTOS, a microkernel known as the HeartOS, will target general embedded as well as low- to mid-range safety-critical applications.
“Until now, COTS run-time support for safety-critical applications has been sorely lacking, either in functionality, or ease of certification,” said Bob Morris, president and CEO of DDC-I. “Deos and HeartOS are the first commercial RTOSes built from the ground up to address the performance, reliability, security, and certification requirements of safety-critical applications, and have been certified on more airframes than all other COTS RTOSes combined.”
He said Deos and HeartOS are based on technology developed at Honeywell and deployed on dozens of commercial and military aircraft. To enhance this technology, which represents hundreds of person-years of engineering and IP development, DDC-I has expanded its engineering staff and added core Honeywell engineers from the original Deos RTOS design team.
Morris said the near-term roadmap includes enhanced tool support, new programming interfaces, and increased target support. DDC-I will also provide previously certified artifacts up to DO-178B Level A.
Deos (DDC-I Embedded Operating System) is a safe, fast, memory-protected RTOS optimized for safety-critical applications that place a premium on reliability, real-time performance, testability, and formal certifiability.
Featuring deterministic, real-time response, guaranteed resource availability, and a patented “slack” scheduling mechanism that achieves 100% CPU utilization, Morris claimed that Deos is the only COTS certifiable time- and space- partitioned RTOS built from the ground up for safety-critical applications. “Deos is designed to provide the easiest, lowest cost path of any COTS RTOS to DO-178B Level A certification, the highest level of safety criticality,” he said.
According to Morris the just released Deos makes use of a processor's memory management unit to build a firewall between the kernel and user tasks, thereby preventing errant or malicious code from corrupting other user tasks and the kernel.
“To guarantee CPU and memory access for critical tasks, Deos uses time and space partitioning,” he said. “In the space domain, Deos enables programmers to assign each address space a fixed amount of physical memory, which prevents tasks from exhausting system memory and depriving other tasks.
“In the time domain, Deos allows programmers to assign each task a fixed percentage of CPU time, which prevents priority inversion and keeps tasks from hogging the CPU.”
The RTOS employs rate monotonic (RMA) scheduling, which Morris claims provides the most efficient scheduling mechanism of any time- and space-partitioned COTS RTOS.
To further enhance scheduling efficiency, Deos utilizes slack scheduling, taking advantage of an algorithm the company has patented, to enhance performance by recycling worst-case time budgeted for time-critical tasks and reallocating it for “anytime” algorithms.
“In a conventional RTOS, large amounts of CPU time have to be reserved to accommodate worst-case requirements for time-critical tasks, even if the tasks utilize only a fraction of that time in practice,” said Morris. “Slack scheduling frees up this unused time and makes it available to non-critical 'any time' tasks such as displays and GPS.
“This approach greatly reduces idle time, making it possible to achieve 100% CPU utilization. Deos also boosts performance by supporting ultra-fast, interrupt-driven threads, which enable it to respond in microseconds to external events.”
The DDC-I RTOS will be delivered in a modular, executable binary format that streamlines the test and certification process. Unlike competitive RTOSes, which are delivered as source code, said Morris, the RTOS will not have to be recompiled, relinked, and retested (including structural coverage) in order to certify the application.
Deos also features an XML configuration tool that generates verifiable configuration profiles for each software module's time and space quotas and budgets. This verifiable output eliminates the need to perform configuration checks by hand.
To further enhance the test process, Deos provides an Assembly Branch Coverage (ABC) tool to resolve source-to-object gaps left by traditional structural coverage tools.
“By working at the binary rather than the source code level, the ABC is able to verify all executable code,” said Morris, “regardless of what compiler or compiler options the developer selects. Traditional source code tools cannot account for all compiler activity and require an additional round of manual checking once the application has been compiled.”
Networking support for Deos includes a TCP/IP stack optimized for safety-critical applications. To maximize reliability, the stack runs in its own memory and time partition, separate from the kernel.
Development support for DEOS includes DDC-I's Eclipse-based, mixed language OpenArbor IDE, which features C and C++ optimizing compilers, a color-coded source editor, project management support, automated build/make utilities, and a mixed-language, multi-window, symbolic debugger.
OpenArbor provides versatile run-time target options, including Deos, a bare run-time system certifiable to Level A of the DO-178B standard, and an enhanced bare run-time system for simulated and emulated environments.
Development seat pricing for Deos starts at $5,700/year.
The HeartOS, scheduled for release in Q1 of 2009, is a POSIX-compliant, deterministic RTOS optimized for small- to medium-sized safety-critical applications with tight space and time constraints.