PRODUCT DETAILS

RTOS FOR DO-178C CERTIFICATION OF SECURE MULTITHREAD, MULTIPROCESS APPLICATIONS

LynxOS-178 provides previously certified software and artifacts in order to fully satisfy, right out of the box, the DO-178C DAL A requirement that every line of software in the system be verified with Modified Condition/Decision Coverage. The certification process is so time- and labor-intensive that Testing of complex code could quickly add up to millions of dollars.

FULL FAA ACCEPTANCE AT DO-178C DAL A

LynxOS-178 has been deployed in certified commercial and military avionics systems that have flown hundreds of millions hours. LynxOS-178 is a FAA-recognized Reusable Software Component (RSC) and provides previously certified software and artifacts so that developers can speed their safety-critical systems to market. LynxOS-178 certified software provides full DO-178C traceability through requirements, design, code, test, and test results.

LynxOS-178 RSC is more than just a set of DO-178C artifacts. The documentation set includes a detailed partitioning and interface analysis that focuses on time, space and resource partitioning as well as timing margin analysis so developers can allocate budgets to use operating system services.

FULL REQUIREMENTS-BASED TESTING (STRUCTURAL COVERAGE) ON 100% OF CODE

One of the more costly efforts of DO-178C DAL A certification is the requirements-based testing, also known as the Structural Coverage requirement. For DO-178C level A, the code is required to be verified with Modified Condition/Decision Coverage (MCDC), which means that every point of entry and exit in a program must have been invoked at least once in testing, every decision in the program must have taken all possible outcomes at least once, and each condition in a decision must have been shown to independently affect that decision's outcome.

LynxOS-178 satisfies the 100 percent MCDC structural coverage requirement out-of-the-box, allowing systems developers to concentrate on their applications rather than trying to get those last lines of system code exercised for system certification.

UNMATCHED INTERPARTITION COMMUNICATION CAPABILITIES

LynxOS-178 offers developers the flexibility of advanced networking features that are unmatched by the competition. The Lynx Certifiable Stack provides users with TCP/IP, UDP, ARP, ICMP, IGMP, FTP and TFTP protocols on a per partition basis. Users can configure network applications with SNMPv3 and SNTP for added flexibility. Applications can also make use of the ARINC-653 ports interface to communicate across partition boundaries. These ARINC ports can be configured on multiple hardware modules to make communication with other applications seamless.

IPv6 SUPPORT

In June 2022, Lynx released a UDP IPv6 stack. This has been certified to DO-178C DAL A. This provides the general benefits of IPv6 including:
•   128-bit addressing which offers up to 340 sextillion addresses
•   Simplified packet processing and efficient routing resulting in much better performance for handling unicast & multicast traffic
•   Improved support for quality of service (QoS) parameters that helps prioritize different types of network traffic flows
•   An improved mechanism for IPsec and allows for encrypted payloads to be efficiently handled

Our small IPv6 includes support for the following RFCs:
•   RFC 8200
•   RFC 4443
•   RFC 4291
•   RFC 2464
•   RFC 3493

POSIX

The POSIX standards provide for communication between an application and the underlying operating system. Because POSIX conformance ensures code portability between systems, it is increasingly mandated for commercial applications and government contracts. LynxOS-178 offers POSIX.1 conformance and supplies all the services specified by POSIX 1.b (real-time extensions) and POSIX 1.c (threads extensions). The real-time extensions include priority scheduling, real-time signals, clocks and timers, semaphores, message passing, shared memory, asynch and synch I/O, and memory locking. The threads extensions include specifications for thread creation, control, and cleanup; thread scheduling; thread synchronization; and signal handling.

ARINC 653 SERVICES

LynxOS-178 conforms to the ARINC 653-1 Application Executive Software (APEX) Interface defined by the ARINC 653-1 standard.

TIME PARTITIONING IN THE RTOS

Time partitioning is implemented through a fixed-cyclic time-slice scheduler, which allocates periods of time to each partition. During each time slice, only processes in the assigned partition are permitted to execute. LynxOS-178 implements an ARINC 653-1-based time partition scheduling algorithm that gives each partition fixed execution time so that the system can be deterministically safe.

MEMORY PARTITIONING 

Memory partitioning is achieved by dividing RAM into discrete blocks of non-overlapping physical address space. Each RTOS partition is assigned one and only one block of memory. Within the partition, the virtual address spaces of various processes are mapped to memory from the assigned memory block.

RESOURCE PARTITIONING 

Resource partitioning means that each device can be assigned to only one partition of the RTOS. This means that a fault in a device or its driver will be contained within a single RTOS partition. Each partition mounts a RAM-based file system for data storage. The file systems are private to the individual partitions and are never shared with other partitions.