Increasingly software-intensive, avionics stand to benefit from an emphasis on code verification of software used in embedded systems and the emergence of more robust systems that run flight-critical and other applications.
Today, avionics software applications more often are designed using "object-oriented" paradigms, an approach based on discrete units of programming logic as opposed to a set of procedural instructions, and languages with object-oriented features such as C++. Applications written in this technology have been certified, but on an ad-hoc basis, said Joseph M. Jacob, senior vice president of Objective Interface Systems (OIS), Herndon, Va. Creating a uniform certification method is one of the objectives of RTCA Special Committee 205, which is developing an update to DO-178B, the standard for avionics software development.
New programming practices have given rise to code verification, or code "correctness" tools, and companies that develop them, Jacob said. He cited one company, PolySpace Technologies, of Grenoble, France, that develops verification tools and claims to have found errors in software certified to DO-178B Level A, the highest safety criticality level. PolySpace says its products verify C, C++ and Ada code for embedded applications by detecting run-time errors before code is compiled and executed. In April, the company was acquired by The MathWorks, of Natick, Mass., a provider of software for technical computing.
"You’re starting to see, on a regular basis, a focus on code correctness, which really wasn’t true even five years ago," Jacob said. "The whole infrastructure, this whole community of tool vendors are out there building these tools now to help build better, more correct systems from the get-go."
OIS develops communications middleware that supports both complex and secure distributed applications, and works with both embedded systems and avionics manufacturers. Jacob also serves as co-chairman of the avionics special interest group of the Software Defined Radio Forum.
OIS is working with developers of Real-Time Operating Systems (RTOS) that offer products certifiable to DO-178B Level A. Four such companies — Green Hills Software, Santa Barbara, Calif.; Wind River Systems, Alameda, Calif.; LynuxWorks, San Jose, Calif., and SYSGO AG, of Mainz, Germany — are pursuing high-level security certifications of their operating systems, adding robust security assurances to safety-critical applications by implementing the Multiple Independent Levels of Security (MILS) architecture. Green Hills was anticipating certification of its Integrity RTOS to the National Security Agency’s high robustness assurance level, Evaluation Assurance Level 6+, which would make it the first operating system to pass that test.
"For the first time, avionics systems developers are going to have off-the-shelf platforms that provide not only the highest levels of safety critical ability, but at the same time will have the highest levels of security certification," Jacob said. "If you look at what they need to do to hit those security certifications, it goes way beyond what DO-178B requires.... There’s an opportunity for avionics designers to actually have not only highly safe systems but highly secure systems."
Jacob said highly safe and secure operating systems allow systems designers to mimic Integrated Modular Avionics (IMA) architectures in software. IMA is a system architecture that replaces numerous, separate processors with fewer, more centralized processing units. With an ARINC 653-compliant, partitioned operating system based on a separation "kernel," multiple critical and non-critical applications can run on one processor.
SYSGO’s PikeOS is described as a multi-operating system, combining RTOS and virtualization engine. Introduced in 2005, the operating system platform supports multiple, strictly separated software partitions, each capable of running its own operating system or applications programs — the idea behind virtualization. This allows for the integration of software components from multiple suppliers and the consolidation of multiple controllers in one central processing unit (CPU).
"Today, you want to have a heterogeneous environment running on one CPU — running, for example, Linux and ARINC 653 and Java side by side," said Torsten Sehlinger, SYSGO vice president of marketing. "Someone has to take the lead. PikeOS can do the critical applications... but they can run side by side on the same processor, even communicating with each other."
PikeOS supports the combination of proprietary software with new functionality available through operating systems such as open-source Linux without major modifications, saving money in systems development.
"The trend is to integrate COTS software components inside an airplane," said Sehlinger. "The same is done by all the major suppliers on the hardware side, to have standardized hardware that can be used in various applications. On the software side, maintaining your proprietary software, if you’re a Tier 1 supplier or an aircraft maker, is very costly. You have to maintain the knowledge, you have to maintain the environment you need to test and certify — so you need all these people. Consolidating your applications on one system software will help you to focus your knowledge on one thing."
SYSGO is supplying PikeOS as a subcontractor to Rheinmetall Defence Electronics for the load master control station on the new Airbus A400M military cargo aircraft, and to EADS for unmanned aerial vehicles.
The company is focused on the United States market, "definitely for military aerospace," with PikeOS and another product, an Avionics Full Duplex Switched Ethernet (AFDX) communications stack, Sehlinger said. SYSGO describes the latter, ARINC 664 product as the "first portable AFDX," a software implementation, residing in a CPU, that routes messages over the aircraft network to the correct address.
The AFDX product is used in the engine monitoring unit Meggitt PLC is providing for the Rolls Royce Trent 1000 engine, the launch engine for the Boeing 787 Dreamliner, as well as in the A400M, Sehlinger said.
Avionics Magazine’s Product Focus is a monthly feature that examines some of the latest product offerings in different market segments of the avionics industry. It does not represent a comprehensive survey of all products in these markets.
Embedded software and computer developers are on a mission to pair their products aimed at the aerospace and defense markets.
Recent collaborations have been announced by Wind River Systems and Curtiss-Wright Controls, LynuxWorks and GE Fanuc Embedded Systems and SYSGO and Thales Computers.
In May, Curtiss-Wright, Charlotte, N.C., said it will standardize the use of Wind River’s general purpose Linux and Real-Time Core for Linux platforms on its x86-based board products. The agreement represented an expansion of their existing relationship — Curtiss-Wright already offers Wind River’s VxWorks real-time operating system (RTOS) for its rugged commercial-off-the-shelf board line.
"Our standard, out-of the box RTOS solution has been Wind River’s VxWorks. All of our processing and DSP (digital signal processing) boards are shipped with Wind River support," said Mike Hornby, Curtiss-Wright director of marketing. "We wanted to have a deeper relationship. The goal is obviously to gain more market share while delivering value to the customer."
As a result of the expanded partnership, the companies said, embedded systems integrators will be able to more easily and rapidly deploy Wind River Linux and VxWorks solutions for rugged, deployed military systems. Wind River’s "Workbench" development platform supports both operating systems.
"Traditionally, our entire industry acts like two different vendors. There’s RTOS vendors and there’s board vendors, and we’re not synched up and aligned all the time," said Chip Downing, Wind River senior marketing manager for aerospace and defense. "This relationship allows us to go hand-in-hand to the marketplace.... You’ll get a board support package from Curtiss-Wright, you’ll plug it in [and] our software and tools will immediately come up because we’ve already tested it. We can boldly say this stuff should work right out of the box. It should be like booting up a PC."
Applications for the Linux platform are seen in rugged, high-capacity storage aboard reconnaissance aircraft; radar consoles in widebody aircraft; and vehicle management systems that keep track of cargo via electronic tags.
The Linux product is not well-suited for safety-critical applications. "Nonetheless, you probably could do a DO-178B Level C or D certification on this product, given the proper funding and motivation," Downing said. "...What people want to see is a path to certification. With a UAV, it may only be Level C or D. It may not be that critical. As you get into Global Hawk and bigger UAVs, you’re going to have to have higher levels of criticality."
In mid-August, LynuxWorks and GE Fanuc Embedded Systems, Charlottesville, Va., said they will create "Centers of Excellence," offering advanced developer support for systems based on the two companies’ products. The first centers will be GE Fanuc facilities in Towcester, U.K., and Raleigh, N.C. Engineers there as well as developers in other locations will have access to LynuxWorks product releases, including access to the source code of LynuxWorks board support packages and device drivers.
GE Fanuc Embedded Systems plans to make the LynuxWorks LynxOS 5 RTOS available across the company’s range of VPX-based single board computers and DSP systems.
"Increasingly, our customers are telling us that they want us to take responsibility for base-level hardware and software integration, freeing them to focus on higher level issues, and this relationship with LynuxWorks enables us to respond to that customer requirement," said Andy West, global product manager with GE Fanuc Embedded Systems. "By working closely with LynuxWorks, we will be able to develop solutions that are more complete, reducing our customers’ time to market and increasing their competitiveness."
In early August, SYSGO and Thales Computers said SYSGO’s PikeOS RTOS will be made available on Thales’s small, 3U form factor PowerEngineC7, a CompactPCI standard embedded computer.
"The result of this collaboration is the perfect answer to a growing number of combined requirements, including the need for high-density computing without giving up flexibility, and a software layer that provides the highest level of safety and security required by highly demanding applications," the companies said. — Bill Carey