In traditional embedded real-time operating systems, both the kernel and the application operate at the same privilege level, granting the application unrestricted access to the entire system address space. This can lead to critical issues where potentially harmful actions by the application may disrupt other applications or even cause the system to crash. Major international embedded developers have introduced operating systems that support ARINC653, which includes kernel and application protection mechanisms. However, in the domestic embedded field, there is still a gap in this area of research. Based on this, this paper proposes a design for an avionics embedded real-time operating system (A-RTOS), and implements it on a target board equipped with an MMU and advanced protection mode.
**Avionics Standard ARINC653**
ARINC653 defines the baseline operating environment for modular integrated avionics (IMA) systems. It specifies the interface between the aeronautical application and the underlying operating environment, including data exchange modes and service behaviors. It also outlines the runtime environment for embedded avionics software.
ARINC653 Supplement 1 expands on these concepts, introducing the idea of "System Partition" in the system structure. Applications should be scheduled at the interval level, sharing resources within the same interval. It explains interval scheduling, defines the main time frame, and adds details on inter-interval communication and health monitoring error levels.
**Software Composition**
The core modules of avionics software include application software and core software. The APEX (APplication EXecutive) interface defines a set of functions provided by the OS to the application, allowing control over scheduling, communication, and internal state. For the OS, it involves parameter definitions and entry mechanisms.
Figure 1 illustrates the relationship between different parts of ARINC653.
**Partition and Interval Management**
Partitioning is a fundamental concept in ARINC653. In IMA systems, a core module may contain multiple avionics applications, each operating independently. A partition is divided into intervals, with each interval containing its own data, context, and environment. This ensures that errors in one interval do not affect others, making the system easier to verify and certify.
Interval scheduling and management are handled by the OS. ARINC653 specifies a cyclic scheduling algorithm based on time windows. Each time frame is divided into intervals, and the OS uses a configuration table to activate the corresponding interval within the allocated time window.
ARINC653 Supplement 1 clarifies the main time frame definition and introduces interval attributes and start conditions. Intervals can operate in idle, cold start, hot start, or normal modes. Resources are defined during system build, and intervals are initialized before execution. The OS starts the interval when entering run mode, and monitors it for fatal errors, restarting or stopping as needed.
**Design and Implementation of A-RTOS System**
The architecture of A-RTOS is shown in Figure 4. Each application runs in its own interval, isolated from the kernel and other applications by protective walls, ensuring the reliability of the core module.
**Isolation and Protection Mechanisms**
Isolation and protection are key features of ARINC653. A-RTOS uses two main methods: memory management unit (MMU) and system calls. The MMU translates logical addresses to physical ones and controls access rights, preventing applications from damaging the kernel or other applications.
System calls allow the kernel to run in system mode, while applications run in user mode. Applications must use TRAP instructions to switch to system mode for kernel calls. This ensures secure communication between the kernel and applications.
Another mechanism is the CALL-LIB library, which supports dynamic loading and updating of components, enhancing flexibility.
**Interval Scheduling Mechanism**
ARINC653 specifies that intervals are the scheduling unit, with no priority and a fixed, repeatable algorithm. A-RTOS modifies this slightly, allowing intervals to have priority, but maintains compatibility with ARINC653 specifications.
Two system intervals—Kernel and Idle—are introduced. The Kernel interval has the highest priority and manages system-level processes, while the Idle interval fills unused time slots.
The scheduling mechanism uses a two-level approach: interval priority and process scheduling. This ensures deterministic behavior and consistent real-time performance.
**Process Pool Mechanism**
The process pool in A-RTOS provides services for applications. When an application requests a service, the system assigns an idle process from the pool. This is commonly used for timer services, interrupt handling, and asynchronous IO.
**Asynchronous Signal and Asynchronous IO Mechanism**
A-RTOS supports asynchronous signaling, allowing the COS to send signals to the POS. This is especially useful for asynchronous IO, where blocking operations can be avoided.
When an application makes an asynchronous IO request, the system creates a worker process to handle the operation. The original process is placed in a wait queue until the worker completes the task and sends a signal to resume it.
**Figure 7: Asynchronous IO Workflow**
This mechanism prevents the entire interval from being blocked, ensuring efficient and reliable system operation.
Photovoltaic Bracket ,Solar Panel Bracket
Photovoltaic Bracket,Photovoltaic Power,Solar Panel Bracket
BAODING JIMAOTONG IMPORT AND EXPORT CO., LTD , https://www.chinagroundscrew.com