© SYSGO AG · PUBLIC 1

AEE Workshop

ARINC 653 RTOS for Multi Core Certification

Robert.Pickles@SYSGO.com

© SYSGO AG · PUBLIC 2

Agenda

• ARINC History

• ARINC 653 Concepts

• Core Software Considerations

• ARINC 653 multicore

• ARINC 653 Graphical Demo

• Questions

© SYSGO AG · PUBLIC 3

ARINC History

• Aeronautical Radio Inc (ARINC)

• Rockwell Collins acquired ARINC Dec 23rd 2013

• United Technologies acquired Rockwell Collins in 2018…

• ARINC Standards

• 600 Series is the reference standards for avionics equipment specified by

the the ARINC 700 series

• 700 Series details the form, fit and function of avionics equipment

predominately on transport aircraft.

ARINC 651 complements ARINC 653 with to respect form, fit and function of

ARINC computer systems.

© SYSGO AG · PUBLIC 4

ARINC 653 Concepts

• ARINC 653 is firmly defined for the

highest level of criticality for

civilian Aerospace

• ARINC 653 is intended for use with

Integrated Modular Avionics*

• RTCA DO-178C is the primary consideration for ARINC 653

• Military systems use ARINC 653 because of it’s partitioning and strict

scheduling capabilities

• MultiCore Processing (MCP) is supported

• CAST32A provides the guidelines for MCP*

“The IMA concept proposes an integrated architecture with application

software portable across a range of hardware modules”

© SYSGO AG · PUBLIC 5

ARINC 653 ConceptsAviation Safety and ARINC

• FAA and EASA

• These organisations provide all safety coverage for aviation safety

including Air Traffic Management

• There are rules and regulations governing any aircraft, even military, that

fly within civil aerospace.

• DO-254 and DO-178C provide a safety framework for systems within

Aircraft, whether manned or unmanned.

• CAST32A defines recent multicore concepts for

the use of System On Chip (SoC)

devices as well as RTOS requirements.

© SYSGO AG · PUBLIC 6

ARINC 653 Concepts – System Architecture

System

Partition(s)A653

Partition 1A653

Partition 2

A653

Partition (n)

Optional Services

CSW - Core SoftWare Module - ARINC 653 Operating System

APEX Services Required Services

Logical Communications

PartitioningHealth Monitor

Exception Handling

Scheduling

Configuration Data

Core Hardware Module

ARINC 653 does allow other types of

partitions to co-exist with ARINC 653

Partition types, these are known as

System Partitions. Parts 1-4*

The CSW or Core SoftWare must

provide required services:

• Partition Management

• Process Management

• Time Management

• Memory Management

• Inter-Partition Communication

• Intra-Partition Communications

• Heath Monitor

© SYSGO AG · PUBLIC 7

ARINC 653 Concepts - APEX

ARINC 653

Process

APEX

ARINC 653 Applications

are segregated or Partitioned from the

RTOS or Core Software by use of an

APplication Executive known as APEX.

APEX defines the API of the ARINC 653

application, ensuring portability between different

Core Software where the APEX API hides the RTOS

implementation.

The ARINC 653 Application is held within a Robust

Partitioned environment, provided by the

Core Software.

RTOS – Core Software

© SYSGO AG · PUBLIC 8

ARINC 653 Concepts – Communications (Inter*)

ARINC 653

Process

APEX

RTOS – Core Software

ARINC 653 Communications uses Message Queues or Sampling Ports

with the concept of point to point uni-directional channels.

Channels, Queues and Ports are defined at design time.

ARINC 653

Process

APEX

Logical Channel

Port RX1Port TX1

Physical Channel

Channels are

Uni-Directional

Messages must

Arrive in the order

that they are

sent.

© SYSGO AG · PUBLIC 9

ARINC 653 – Communications (Intra*) Blackboard

ARINC 653

Process

APEX

RTOS – Core Software

ARINC 653 Intra Partitions Communications may use Message Queue or Sampling

Ports. However, Message Blocks and Blockboards may be used instead for intra

Partition communications.

ARINC 653

Process

BLACKBOARD

AREA

CREATE_BLACKBOARD()

DISPLAY_BLACKBOARD()

READ_BLACKBOARD()

© SYSGO AG · PUBLIC 10

ARINC 653 – Communications (Intra*) Buffers

ARINC 653

Process

APEX

RTOS – Core Software

ARINC 653 Intra Partitions Communications may use Message Queue or Sampling

Ports. However, Message Block Buffers and Blockboards may be used instead for

intra Partition communications.

ARINC 653

Process

Buffer

CREATE_BUFFER()SEND_BUFFER()

RECEIVE_BUFFER()

Message Block Buffers

are queued

from sender to receiver

© SYSGO AG · PUBLIC 11

ARINC 653 Concepts – Health Monitor

ARINC 653

Process

APEX

The ARINC 653 Health Monitor defines a number of error levels, supported by HM

configuration Tables and Error Handlers set by Applications.

Health Monitor covers the following

event levels:

• Partition

• Process

• Module

• System Error Detection

Unhandled events can cause

Application halt, Partition Idle, Cold or

Warm Boot or even System Halt!!

NOTE : Health Monitor should not be confused by Health

Monitoring, HM is really dealing with actions to be

performed on exceptions or system level Errors to protect

and recover the system.

Part Level

Proc Level

Mod Level

System Level

HM ConfigTable

© SYSGO AG · PUBLIC 12

ARINC 653 RTOS Consideration– PikeOS

• PikeOS Hypervisor

• RTOS with Separation Microkernel (MMU only)

• Time and Space Separation

• Robust Partitioning

• ARINC 653 Guest OSSupported across X86 / PPC / ARM

• Enhanced HM

• By core SchedulingMulti-Core Management

• One PikeOS for allMarket Verticals

Avionics, Rail,

Automotive, Medical

Security

• ARINC 653 compliant for Required and Optional Services

(ADA)

ARINC

653

ARINC

653POSIX

User

Level

Driver

Linux

PikeOS RTOS (System Services)

Hypervisor Separation Microkernel

Hardware Devices

Certifiable Boot Loader

© SYSGO AG · PUBLIC 13

ARINC 653 RTOS Consideration– PikeOS

ARINC

653

ARINC

664

Driver

PikeOS RTOS

Hardware Devices

Certifiable Boot Loader

Linux

A664

ARINC 664 is Avionics Full Duplex Switched Ethernet

PikeOS allows both User

and Kernel level drivers.

However, User level drivers

cannot affect the kernel space.

PikeOS memory requirements are

defined at design time providing

guaranteed access at runtime

No memory requirement means

no access at runtime

PikeOS provides a Safe and Secure ARINC 653 Platform

© SYSGO AG · PUBLIC 14

Multicore Management of PikeOS

• Time Partition Scheduling by Core

• Core Minor Time Partitions are defined at Design time

• Critical processes may separated by Time, Resource and Core.

• Cache clearance is possible with each partition type.

Core 0

Core 1

Core 2

Core 3

Major

Time

Frame

Window

Critical

Partition

Separation

By Core

ARINC

653POSIX

PikeOS

NATIVELinux

PikeOS RTOS (System Services)

Hypervisor Separation Microkernel

Hardware Devices

© SYSGO AG · PUBLIC 15

PikeOS Graphical Demo – ARINC 653

• PikeOS is ideal for IMA Glass Cockpit systems

• Come and see our Avionics demo

• PikeOS

• CoreAVI

• ANSYS

• Curtiss Wright VPX-133

• SYSGO Booth A53b

• CoreAVI, ANSYS and Curtiss Wright Booth A17

© SYSGO AG · PUBLIC 16

Corresponding Whitepaper is available here:https://www.sysgo.com/services/knowledge-center/whitepapers