LynxOS-178® Logo white blue drop shadow

POSIX® DO-178B/C RTOS

LynxOS-178 is a native POSIX, hard real-time partitioning operating system developed and certified to FAA DO-178B/C DAL A safety standards. It is the only Commercial-off-the-Shelf (COTS) OS to be awarded a Reusable Software Component (RSC) certificate from the FAA for re-usability in DO-178B/C certification projects.

LynxOS-178 is the primary host for real-time POSIX and FACE™ applications within the LYNX MOSA.ic™ development and integration framework. LynxOS and LynxOS-178 have been deployed in millions of safety-critical applications worldwide, including multiple military and aerospace systems.

Get Evaluation Version

Airbus Boeing Bosch Collins Denso Elekta GA GD GE bigger L3 LM Nasa Raytheon Rhode Sandia Toy

LynxOS-178 Architecture v01

 

Architecture & overview

LynxOS-178 is a COTS RTOS supporting both Intel® Pentium® and PowerPC® platforms. It is based on open standards and is designed specifically to fulfill the stringent needs of multithread and multiprocess applications in safety-critical real-time systems, providing security through virtual machine (VM) brick-wall partitions which make it impossible for system events in one partition of the RTOS to interfere with events in another—as if each partition were its own separate computer.

 

features and benefits

The following table provides a high-level summary of various features and benefits of LynxOS-178:

Feature Customer Benefit   Additional Detail

DO-178B/C Level A Reusable Certification

Reduced program risk

 

Reusable Software Component (RSC)

Eliminates time and cost of certification effort

First and only time and space partitioned, FAA-accepted RSC

Conformance to Open Standards

Ensures application portability, software reuse and interoperability

POSIX®

ARINC 653-1 APplication EXecutive (APEX)

FACE™

Certifiable Networking

Accelerates platform development and certification cycles

Support for TCP/IP, UDP, ADP, ICMP, IGMP, FTP and TFTP protocols on a per partition basis, certifiable up to DO-178B/C DAL A

Support for Arm, PowerPC and x86 Architectures

Provides system developer with maximum flexibility to select the architecture/ chip/ supplier that best meets their requirement

 
GNU C/C++ Compiler and Eclipse Toolchain Support

Harnessing industry-standard tools reduces project costs and accelerates program development

 

 

Product Details

 

RTOS for DO-178B/C Certification of Secure Multithread, Multiprocess Applications

LynxOS-178 provides previously certified software and artifacts in order to fully satisfy, right out of the box, the DO-178B/C level A requirement that every line of software in the system be verified with Modified Condition/Decision Coverage. The DO-178B/C certification process is so time- and labor-intensive that vendors may experience an output of just 125 lines of code per man-month. Testing of complex code could quickly add up to millions of dollars.

RTOS with a Secure System Tradition

LynxOS and LynxOS-178 have been deployed in millions of safety-critical applications worldwide, including multiple military and aerospace systems certified to DO-178B/C, up to level A. LynxOS-178 is a FAA-recognized Reusable Software Component (RSC) and provides previously certified software and artifacts so that developers can speed their safety-critical systems to market. LynxOS-178 certified software provides full DO-178B/C traceability through requirements, design, code, test, and test results. Real-time systems programmers also get a boost with Lynx Software Technologies' DO-178B/C RTOS training courses.

Full FAA Acceptance at DO-178B/C Level A

As an FAA-recognized Reusable Software Component (RSC) that meets the objectives of RTCA/DO-178B/C, LynxOS-178 may be used on more than one project without having to regenerate certification artifacts.

LynxOS-178 RSC is more than just a set of DO-178B/C artifacts. The documentation set includes a detailed partitioning and interface analysis that focuses on time, space and resource partitioning as well as timing margin analysis so developers can allocate budgets to use operating system services. The set of RSC guidance documentation includes requirements, design data, test suites and coverage analysis to meet DO-178B/C requirements.

Full Requirements-Based Testing (Structural Coverage) on 100% of Code

One of the most costly efforts of DO-178B/C level A certification is the requirements-based testing, also known as the Structural Coverage requirement. For DO-178B/C level A, the code is required to be verified with Modified Condition/Decision Coverage (MCDC), which means that every point of entry and exit in a program must have been invoked at least once in testing, every decision in the program must have taken all possible outcomes at least once, and each condition in a decision must have been shown to independently affect that decision's outcome.

LynxOS-178 satisfies the 100 percent MCDC structural coverage requirement out-of-the-box, allowing systems developers to concentrate on their applications rather than trying to get those last lines of system code exercised for system certification.

Unmatched Interpartition Communication Capabilities

LynxOS-178 offers developers the flexibility of advanced networking features that are unmatched by the competition. The Lynx Certifiable Stack provides users with TCP/IP, UDP, ARP, ICMP, IGMP, FTP and TFTP protocols on a per partition basis certifiable up to DO-178B/C Level A. Users can configure network applications with SNMPv3 and SNTP for added flexibility. Applications can also make use of the ARINC-653 ports interface to communicate across partition boundaries. These ARINC ports can be configured on multiple hardware modules to make communication with other applications seamless.

POSIX

The POSIX standards provide for communication between an application and the underlying operating system. Because POSIX conformance ensures code portability between systems, it is increasingly mandated for commercial applications and government contracts. LynxOS-178 offers POSIX.1 conformance and supplies all the services specified by POSIX 1.b (real-time extensions) and POSIX 1.c (threads extensions). The POSIX real-time and thread extensions are later additions to the original POSIX.1 standard, and they have extensive applicability for real-time and embedded systems. The real-time extensions include priority scheduling, real-time signals, clocks and timers, semaphores, message passing, shared memory, asynch and synch I/O, and memory locking. The threads extensions include specifications for thread creation, control, and cleanup; thread scheduling; thread synchronization; and signal handling.

ARINC 653 Services

LynxOS-178 conforms to the ARINC 653-1 Application Executive Software (APEX) Interface defined by the ARINC 653-1 standard and provides the following system service groups in accordance with the ARINC 653-1 standard:

  • ARINC 653 Partition Management: services related to partition management. GET_PARTITION_STATUS and SET_PARTITION_MODE are Partition Management service requests.
  • ARINC 653 Process Management: services related to process management. GET_PROCESS_ID and GET_PROCESS_STATUS are Process Management service requests.
  • ARINC 653 Time Management: services related to time management. TIMED_WAIT and PERIODIC_WAIT are Time Management service requests.
ARINC 653 Interpartition Communication: services responsible for communication between processes residing in different partitions. There are two types of Interpartition Communication services:
  1. Sampling Port Services: A sampling port is a communication object allowing a partition to access a channel of communication configured to operate in sampling mode. CREATE_SAMPLING_PORT and WRITE_SAMPLING_MESSAGE are Sampling Port Services service requests.
  2. Queuing Port Services: A queuing port is a communication object allowing a partition to access a channel of communication configured to operate in queuing mode. CREATE_QUEUING_PORT and SEND_QUEUING_MESSAGE are Queuing Port Services service requests.

ARINC 653 Intrapartition Communication: services responsible for communication between processes residing in the same partition. There are four types of Intrapartition Communication service requests:

  1. Buffer Services: A buffer is a communication object used by processes of a same partition to send or receive messages. CREATE_BUFFER and SEND_BUFFER are Buffer Services service requests.
  2. Blackboard Services: A blackboard is a communication object used by processes of the same partition to send or receive messages. CREATE_BLACKBOARD and DISPLAY_BLACKBOARD are Blackboard Services service requests.
  3. Semaphore Services: A counting semaphore is a synchronization object commonly used to provide access to partition resources. CREATE_SEMAPHORE and WAIT_SEMAPHORE are Semaphore Service service requests.

Event Services: An event is a synchronization object used to notify the occurrence of a condition to processes that may wait for it. CREATE_EVENT and SET_EVENT are Event Services service requests.

ARINC 653 Health Monitoring: The Health Monitor (HM) is invoked by an application calling the RAISE_APPLICATION_ERROR service or by the OS or hardware detecting a fault. LynxOS-178 achieves system security through Virtual Machine (VM) brick-wall partitions of time, memory and resources. Real-time systems programmers get a boost with Lynx Software Technologies' DO-178B/C RTOS training courses.

Each RTOS partition performs like a stand-alone real-time operating system. System events in one RTOS partition can neither share resources nor interfere with events in another RTOS partition (except for "VM0," a partition with special root privileges).The DO-255-compliant system partitioning allows secure RTOS execution of applications of various DO-178B/C criticality levels—concurrently—in different partitions on the same processor, according to the needs of the product. For example, the OS can run a DO-178B/C level A application in one VM while a level C application is running in another. The LynxOS-178 RTOS partitioning involves exclusive access of three kinds: time, memory and resources.

Time Partitioning in the RTOS

Time partitioning is done through a fixed-cyclic time-slice scheduler, which allocates periods of time to each partition. During each time slice, only processes in the assigned partition are permitted to execute. LynxOS-178 implements an ARINC 653-1-based time partition scheduling algorithm that gives each partition fixed execution time so that the system can be deterministically safe.

Memory Partitioning

Memory partitioning is achieved by dividing RAM into discrete blocks of non-overlapping physical address space. Each RTOS partition is assigned one and only one block of memory. Within the partition, the virtual address spaces of various processes are mapped to memory from the assigned memory block.

Resource Partitioning

Resource partitioning means that each device can be assigned to only one partition of the RTOS. This means that a fault in a device or its driver will be contained within a single RTOS partition. Each partition mounts a RAM-based file system for data storage. The file systems are private to the individual partitions and are never shared with other partitions.

Additional Product Details

Choosing an RTOS

We want our customers to buy what they need—and only what they need. Real-time operating systems can provide a tremendous amount of value, but they are NOT required for every embedded system design. The guide linked to the button below, "How Choose an RTOS," is meant to help those who know they need a real-time operating system for the embedded system design.

For a more complete listing of our RTOS-related resources, visit our Embedded Systems Learning Center, which is filled with helpful material for making software purchase decisions as you design or update your system and consider which real-time platform vendor is right for you.


READ MORE

 

Lynx RTOS eBooks

 

 

Get Evaluation Version

 

 

What to Expect

Your information is always considered completely confidential and is not shared with anyone outside of Lynx Software Technologies without your expressed permission. We respond to these form inputs within 1-2 business days.

 

The information you provide will help Lynx to better understand your requirements at the high level and enable us to do research on your behalf so that we can be best prepared for our next interaction.