Primus Epic Avionics Display Application using Deos

Deos™, DDC-I’s safety-critical time and space partitioned real-time operating system (RTOS) that has been verified to the guidance of DO-178C/ED-12C Design Assurance Level A (DAL A) for Avionics Applications, supports ARINC 653 APEX, Rate Monotonic Scheduling (RMS), and is targeted at the Future Airborne Capability Environment (FACE™) Safety Extended and Safety Base Profiles. Deos is the first RTOS to receive OSS Conformance Certification for the FACE Technical Standard, Edition 3.1. The Safety Extended Profile, which adds support for TCP/IP communications, multi-process support, and expanded POSIX capability (80 extra functions), is a superset of the functionality required by the Safety Base and Security Profiles.

Deos has been field proven as a safety-critical RTOS since its first verification and audit to DAL A by Transport Canada in 1998, and it has been certified and is flying in 10’s of thousands of aircraft.  Since the initial verification, it has continually evolved throughout the last two decades with new processors and features in subsequent baselines, and it has been successfully audited by the world’s various governmental certification authorities (FAA, ENAC, JAA, EASA, CAAC, and others) and Airframe and Avionics Supplier Designated Engineering Representatives (DERs).

Deos has been used to manage resources and hard partition avionics applications on x86, PowerPC, ARM and MIPS microprocessors for a multitude of flight critical functions that require bounded processing, high determinism and high throughput. These functions include: air data computers, air data inertial reference units, cockpit video, displays, flight instrumentation, electronic flight bags, engine management, enhanced ground proximity warning, FADECs, flight controls, flight management systems, maintenance systems, power distribution systems, radios, traffic collision avoidance systems(TCAS), weather radar and many more federated and IMA avionics systems.

Deos is full featured and has been verified to DO-178C/ED-12C Design Assurance Level A (DAL A) and it addresses the issues of high robustness for avionics and safety critical applications. Deos was built from the ground up with plans and procedures created to the guidance of DO-178 starting with its requirements for its first line of code. In fact, Deos is the only verified time and space partitioned COTS RTOS that has been created using RTCA DO-178 DAL A processes from the very first day of its product development.

Deos is multi-core enabled through its SafeMC™ Technology giving developers the ability to bound resource contention and safely schedule processes on multiple cores. It provides the toolset for addressing the objectives of the CAST-32A Position Paper. Deos includes ARINC 653, Rate Monotonic, and POSIX schedulers and associated standards based interfaces for maximum portability of code, and it offers several unique fundamental and patented architectural advantages over other competing DO-178C verified safety critical RTOS’s. The result is the best performance, lowest risk, easiest to certify, and lowest cost time & space partitioned COTS RTOS for airborne avionics and safety critical applications on the market today.

Deos’ time and space partitioning, and explicit resource allocation enforcement inherently support isolation of computing and I/O resources, leading to a secure system design. In addition, its modular boot code, hardware abstraction layer, and the availability of application program interfaces to platform hardware resources enables Deos to deliver a software foundation to easily integrate a variety of security capabilities into the avionics device. Since system security requirements and hardware support for security functions varies on each customers target hardware platforms, Deos is integrated with a number of 3rd party security software packages (i.e., encryption, secure networking, key management, etc.). Those packages along with a DO-178C/ED-12C verified safe and security enabled BSP (through DDC-I services, 3rd party, or customer developed) a Deos based system may be designed to meet the security requirements of most any avionics program.

• Linux and Windows XP, 7, 8 & 10 host development environments
• x86, PowerPC, ARM and MIPS single- and multi-core processors
• C, C++ (subset), Ada95 compilers
• Rate Monotonic, ARINC 653 and POSIX scheduling and application interfaces for maximal code portability

• DO-178C/ED-12C Verification Evidence (Artifacts) to Design Assurance Level A (DAL A)
• ARINC 653 (ARINC Specification 653 Part 1 )
• POSIX 1003.1 subset targeted at FACE Safety Extended Profile
• ARINC 653 p4 (ARINC Specification 653 Part 4)
• ARINC 615 (ARINC Specification 615 Target Data Loader)
• ARINC 664/AFDX (ARINC Specification 664/AFDX Driver Library)
• File System (ARINC Specification 653 Part 2)
• Deos Volume Management System with exFAT File System

• Trusted & Field Proven
  • Verified and successfully audited to DO-178, Design Assurance Level (DAL) A since 1998
  • Certified and flying on hundreds of aircraft systems world-wide
• Best in Class Performance & Technical Advantages
  • Rate Monotonic Scheduling (RMS), ARINC653 and POSIX scheduling with patented slack scheduling enables full processor utilization
  • SafeMC™ Technology (including patented cache partitioning and safe scheduling) enable safety critical multi-core applications
  • Compiler certification independence enables state-of-the-art compilers with optimization & in-lining ‘on’
  • Fastest context switching available of any time & space COTS RTOS
• Advanced Feature-set Ensures… Easy Start and Lower Risk/Cost to Certify
  • Developed using COTS hardware, and design reference boards
  • Industry standard Ethernet & TCP/IP for development & in-flight use (supports both partitioned TCP/IP stacks, and multihoming)
  • Abstraction layers significantly improve BSP creation, verification & certification efforts
  • Binary level modularity reduces certification risk, time, and effort
• ARINC Specification 653 Part 1 (Optional Module)
  • Delivers the standard avionics interfaces for enhanced portability, and allows designers to take advantage of the advanced features of Deos.
• ARINC Specification 653 Part 4 (Optional Module)
  • Delivers a streamlined subset of the standard avionics interfaces for less complex systems and the value added features of Deos.
• POSIX Subset (Optional Module)
  • Subset of POSIX as required to support the FACE Safety Extended Profile
  • Delivers portability of open-source applications running in Deos partitions.
• Binary Coverage Tool Resolves Source-to-Object Gaps Left Behind by MCDC
• Binary Modularity Provides a ‘Plug-and-Play’ for the System Design & Integration
• XML Configuration Tools & Verification Tools Generate Verifiable Configuration Profiles
• User Guides Direct the Integration, Use, Testing, and Verification of Deos Binary Modules
  • I/O Infrastructure (IOI) provides data conversion & I/O handling (e.g., queued, blackboard, FIFO, etc.), reducing application code
  • Networking – AFDX, UDP & TCP/IP
• Lowest Cost of Ownership
  • Progressive, industry-leading, product license pricing models
  • Deos BSP creation & verification costs/schedules are a fraction of any other time & space COTS RTOS requiring aircraft certification for flight.
  • Deos’s unique hybrid architecture makes it easy for our customers to develop ARINC 653 applications for Deos, or to migrate existing ARINC 653 applications to Deos.
  • DDC-I’s open and competitive services model enables customers and third parties to create their own Deos BSP, drivers, & other Deos components.
  • Portability – Binary objects promote plug & play reuse, with minimal re-verification effort.
  • High-level OS facilities enable applications to migrate with minimal change (e.g., IOI resolves different I/O interfaces types).
  • Ecosystem of third party hardware, software, and services
• Unique Hybrid Architecture
  • Combines RMS, 653 and POSIX scheduling models & Application Programming Interfaces (API’s) in a powerful & versatile system for software certification.
  • The Deos 653 Hybrid Architecture allows the best of both worlds with the portability of the popular avionics standards, and the value added features of Deos, such as slack scheduling, it’s modular architecture, application space device drivers and more.

• SafeMC Technology for Multi-core Processors

• Patented Cache Partitioning – Ability to partition the cache by associating processes (or process groups) on (or across multiple) cores to subsections of the cache.  Minimizes cache contention (cache thrashing), maximizes cache hits, and minimizes Worst Case Execution Times (WCETs).
• Memory Pooling – Enables physical memory segmentation and association with processes and groups of processes.
• Safe Scheduling – User configurable control of process execution and scheduling algorithms across the cores to minimize cross core interference patterns.

• Patented Slack Scheduling

• By using slack, thread Medium might receive CPU time that would have been lost to Idle to complete its execution for period

• Gives you the ability to budget in order to meet your safety requirement, but enable slack in order to get the most out of your processor
• Allows a client & server to exchange data, perhaps multiple times, back-to-back, within the same period, in order to complete a transaction
• Enables the removal of lower criticality applications from the high criticality, fixed budget time line Software designers can now leverage all the power of today’s modern processors, without sacrificing the safety of space & time partitioning.

Reduced Software Development Cost
In addition to the typical RTOS services for memory management and synchronization, Deos has excellent support for hard-deadline deterministic periodic execution. Additionally, Deos provides highly efficient, deterministic inter-process/inter-processor, periodic & aperiodic communication mechanisms which enable the designer to isolate applications from changes in I/O format and bus hardware/source.

Reduced Integration Cost
It is common for resource contention conflicts, in otherwise well tested software, to manifest during integration. These errors can be difficult to locate because interactions are complex and rarely understood by any one individual. The Deos Integration Tool makes obvious, during development and design, an application’s resources needs, this prevents contention while providing early warning of physical resource depletion. An application’s memory, I/O, interrupt and processing time needs are defined early in the life cycle and follow it throughout development, testing & verification; thus reducing the time and cost of integration.

Reduced Recertification Cost
The cost to re-certify previously approved software is a function of the amount of change. Changing just a single module and then re-compiling / re-linking the whole system results in an entirely new executable. Deos solves this problem by supporting run-time linkable libraries and executables (i.e., it is a DO-178B Level-A Link/Loader). Consequently a change to one module within an executable impacts only that executable. The executables for the rest of the system, and even the run-time linkable libraries used by the application remain unchanged. This isolation of change impact results in a reduced re-certification cost thereby making it easier to embrace change and incrementally improve your product offerings.

Improved Programmer Efficiency
Of course, Deos comes with all the software development and debugging tools you’ve come to expect: IDE, Debugger, run-time system monitor/profiler, as well as integrated emulator support. Additionally, Deos provides integration and configuration tools which enable the designer to factor out what would otherwise be hard-coded constraints. This factoring ability not only speeds development, but also aids in verifying the correctness of the implementation, aided by Deos provided qualified verification tools.

Object Code Structural Coverage Tool
DO-178B indicates that, when using modern compilers for Level-A software, structural coverage “…should be performed on the object code” (6.4.4.2.b). Deos provides a structural coverage tool capable of gathering structural coverage data on the executable object code in compliance with the Level-A requirement. This eliminates the need for an expensive source to object code traceability analysis.

Run-time Linkable Libraries
Decompose your applications into executables and run-time linkable libraries in order to isolate change impact. Both startup and runtime shared library loading is supported enabling maximum flexibility, configurability, and Just-In-Time function binding. Also save valuable platform memory space and ensure all your applications are using the same latest and verified library.

Decreased Software Porting Cost
The Deos 653 products add support for the ARINC Specification 653, scheduling model and APplication/EXecutive (APEX) interfaces to allow improved portability of avionics software from other sources that have been written to conform to that popular specification.