User guide to software for avionics systems
Guest columnist Chip Downing, aerospace & defence industry specialist at Wind River presents his user guide to the softare hurdles facing avionics systems designers.
One of the greatest difficulties in supplying software to the aerospace and defense (A&D) market is that each vertical application segment within this market has very diverse requirements that are challenging to achieve and maintain.
These requirements are typically based upon platform portability, safety/security/quality, serviceability, and performance.
There are several software hurdles facing engineers: Software Communications Architecture (SCA), POSIX, Linux, safety, security and multicore processors/virtualization.
Software Communications Architecture (SCA)
The next generation of communications, both in the military and commercial space, will be based upon a concept called software defined radio (SDR). This technology extends the use of military radios and enables communications to take advantage of new waveforms and adapt to the local infrastructure without modifying hardware systems.
To accomplish this in the military, radio manufacturers need full compliance to the SCA, an industry standard created to enable independence of software stacks and waveforms in these multichannel radios.
To support software portability in less specialised military systems, the industry has created an operating system API standard named POSIX (Portable Operating System Interface – UNIX), designed originally to enable portability across UNIX and Linux systems.
A subset of the full POSIX standard has emerged that introduces separate POSIX “profiles” for use in more resource-constrained embedded applications, where the POSIX PSE52 profile is often implemented.
Linux is now an option many project managers for aerospace and defence applications and companies such as Honeywell have already deployed in space-borne systems.
For deployments where security is a concern, the US National Security Agency (NSA) has developed a Security-Enhanced Linux (SE-Linux), a set of Linux security features that provide a variety of security policies, including US Department of Defense–style mandatory access control through the use of Linux Security Modules (LSMs) for the open source Linux kernel.
SE-Linux is not a Linux distribution but a set of security modifications (patches) that can be applied to any Linux or UNIX operating system.
Traditionally, Linux scheduling and interrupt performance, although quite adequate for enterprise and desktop systems, was not very deterministic and had a wide variance over changing system conditions in embedded environments. This made Linux unsuitable for use in traditional embedded systems that demand microsecond response times.
But two advances have changed this situation: a modification of the Linux core, named PREEMPT_RT, and a fast, deterministic scheduler inside the Linux system, named Real-Time Core for Linux.
As software-based systems grow in complexity and usage in critical systems, the demand to qualify this software as “safe” has also grown.
In the avionics industry, a standard known as DO-178B has evolved to describe the process that should be implemented for deploying software in commercial airborne avionics systems. Historically, airframe and avionics manufacturers took responsibility to create the designs, test processes, and other related documentation to achieve DO-178B certification. Now, however, these manufacturers are requiring their suppliers to provide this evidence for their products.
As the volume of software increases on avionics platforms there is as demand to reduce size, weight, and power (SWaP) by combining software applications on fewer hardware platforms. To address this, the ARINC 653 specification was developed to specify the scheduling of multiple applications on a single instance of silicon.
The demand for proven security is increasing in all systems, and there is a need to comply with security standards and achieve the appropriate Evaluation Assurance Level (EAL) under the international Common Criteria standard for Information Technology Security Evaluation. And, like ARINC 653 systems, there is a growing demand for mixing multiple levels of security on a single platform, using MLS (multilevel secure) or MILS (multiple independent levels of security) strategies.
The use of the microprocessors with multiple “cores” presents the industry with potential power/performance benefits, however, it also creates a number of issues in this traditionally conservative market.
Although the use of single core processors is well-understood in critical systems, safely and reliably using multicore processors will be a fundamental hurdle for the industry.
For proper optimization, multicore platforms must provide a proven virtualization layer that abstracts and masks the complexity of the underlying hardware from the operating system and applications.
The use of multicore chips will affect all aspects of SDR, MILS, and Linux safe and secure programs, and will cause a re-architecting of all platforms to efficiently use these multicore hardware environments.