Hipperos contraintes du logiciel embarqué et la certification

Confidential © HIPPEROS 2015

1

Developping An Avionics Certifiable RTOS

Skywin Meets ICT, Apr 26th 2015

Ben Rodriguez, [email protected]

www.hipperos.com

High Performance Parallel Embedded Real-time Operating Systems


2

Company

Spin-off of ULB, incubated by WSL since March 2013

Supported by the ESA BIC Program

Member of several RW clusters and poles(Infopole, Wallonie Espace)

HIPPEROS S.A. founded in January 2014Located in iTech-incubator @ Gosselies (Belgium)

Team of 5 associates and external R&D team.

HIPPEROS S.A. combines 20+ years of R&D results.


3

Mission

Embedded Software Solutions Providerspecialized in Real-Time Operating Systems

for Critical Applications

“Help Industries makeReliable, Secure, Safe & Efficient

Embedded Systems,in less time & at lower cost

by using Innovative RTOS Solutions”


4

Challenges

Next Generation Embedded Systems needHigh Reliability, Security, Performance &

Intelligence

Smart systems, smart monitoring, IoT, autonomous robots, …

AI, auto pilots, image recognition, collision avoidance, …

Optimal control, faster reactions, constraints satisfaction, …

Power optimization, fault tolerance, less hardware …


5

The Solution is HIPPEROS

High Performance Parallel Embedded Real-time Operating Systems

Multicore

RTOSReal-Time Operating

System

= =+ +

Reliability Real-Time Performance

Reliability and Safety Hard Real Time & Optimized Performance

Multicore Scalability

Years of R&D in Kernel Design, IPC, Scheduling, …to create the RTOS designed for multicore platforms


6

History

Real-TimeEmbeddedFootprintWeightLatencyPowerHeat

Failsafe

Methodology&

Concepts

Requirements&

Constraints

HIPPEROS derives from Space Technologies…

… with many Space and Earth Applications.

TRLDALV&VECSSSIL

AS 9100ISO 9000D0178

HIPPEROS and Aerospace


7

Sample Applications

Some sample applications based on ongoing projects:

Autonomous mobile robot with collision avoidance, autopilot for survey and monitoring in industrial installations

Real-time image recognition of persons for security application with detection of intruders

Automated control and monitoring for an industrial high speed drilling machine for mining

Software based power control system for satellite platforms based on multicore microcontroller

Power optimization of sensor systems in isolated areas


8

Products, Services & Core Competences

HIPPEROS Product Family

RTOS design and development

Embedded & real-time software development

Design, validation, simulation & optimization

Software quality, certification & compliance

Problem solving, training, support, …


9

HIPPEROS Customers, Partners & Network


10

HIPPEROS Unique Combination of Features

Certifiable & Compliance to Industrial Norms & Legacy Efficient Multicore OS Parallelism to optimize hardware usage

Efficient 100% Reliable Hard Real-Time Utilization Limit Fault Tolerance

Power & Thermal Optimization Secured

Configurable

Certification &

Complianc

e

EfficientMulticore Parallelism

Safe High Utilization

Fault Tolerance

Power & Thermal

Optimization

Configurable Security Drivers &

Platforms

Co-Designed for Embedded Platforms under Constraints Independent EU Technology, Free of ITAR Limitations


11

Reliability

Optimization of OS code layout Two-tiered ISR system

Avoidance of cache misses Avoidance context switches

Avoidance of migrations Avoidance of preemptions

Fault tolerance, replication / redundance Watchdogs, task recovery, self-healing

Strict memory protection & stack size controls


12

ConstraintsHIPPEROS can be configured using the OMETRIS off-line

multi-criteria tool to cope with constraints/issues such as:

Size Weight

Performance Footprint

Low power Thermal issues

Criticality / Robustness Security Isolation Fast boot


13

HIPPEROS Multiple Criticality

HIPPEROS can combine tasks of different criticalities without losing the advantage of the multicore platform. The HIPPEROS kernel acts has a thin layer hypervisor for

a non RT OS (eg linux).

Non RT Tasks

Non RT MW

Host OS(Linux)

HIPPEROSRTOS

RT MW

RT Tasks

HIPPEROS ThinVisor


14

HIPPEROS Software Development Process

Principles: Apply and reuse proven professional experiences

Software development methods, tools and practices Follow accepted norms and standards

Software Production Process Software Development Team Management

Maturity of CMMI Process with Agile Methodology Software Life Cycle Management (IEC 12207)

Software Quality Methodology (SQUALE)

Software Project Management Tool (Polarion) Software Quality Assessment Tool (Parasoft)

Integrated Development Environment (Eclipse) Version Control, Compliance, Coverage, Tests & Traceability

Phased HIPPEROS Development Roadmap


15

HIPPEROS Target Metrics & Development

Code Metrics Total kernel system size ~20000 ELOC, smallest configuration 5k

ELOC Configurations binary code size 5kB ~10kB

Functional cyclomatic complexity maximum < 9

Code Quality Adherence to MISRA C Rules

Strict SQALE Code Quality & Technology Debt Indexes

DevelopmentReach TRL 5 by end 2013, then climb to TRL >=8

Eclipse IDE with Test and QC tools (coverage, CC, etc) Using KEIL, LLVM or gcc with strict check flags

Software Development Team Management Combine Maturity of V-Process with Scrum Agile Methodology

Software Life Cycle Management (IEC 12207)


16

HIPPEROS DO-178

RTCA DO-178

Software Considerations

In Airborne Systems

And

Equipment Certification


17

HIPPEROS DO-178

Current Company Processes

DO-178/DO-254

Processes

Overlap


18

HIPPEROS DO-178

DO-178 & DO-254: principle Pyramid

Adherence to five key processesImplementation follows plan

ConsistencyDeterminism

DocumentationGuilty until proven innocent; prove your innocence

ReviewsProving adherence to D)-178

Traceability


19

HIPPEROS DO-178

Three Key Processes

1. Planning Process

2. Development Process

3. Correctness Process


20

HIPPEROS DO-178

Safety Assessement Concepts

Establish system criticality level

Catastrophic, hazardous, major, minor

Determine design assurance Level (A, B, C, D, E)

Iterate the process to contribute to architectural definition

Use architectural definition to mitigate design assurance level

Safety flows from function(s) provided

Failure, potential failure, of function assessed at all levels of

hierarchical abstraction


21

HIPPEROS DO-178

Detailed Planning

Plans must precede development

Plans must address every aspect of DO-178

Must provide proof that plans are followed

Plans address what, when, and who … and a small amount of how

Plans are typically written, accepted and followed by QA, and

approved by a DER


22

HIPPEROS DO-178

Quality Assurance (QA)

Addresses role of QA throughout process

Ensures that all plans are coordinated and integral part of process, and are followed

Ensures that transition criteria are adhered to

Addresses conformity reviews and inspections

Provides guidance and timelines for audit/reviews by QA (including the checklists)


23

HIPPEROS DO-178

Design Coupling and Cohesion(Like Good and Bad Cholesterol)

Cohesion (Good): the degree to which functions within a module are related to each other

Coupling (Bad): the degree to which function’s interaction may result in unintended side effect

Low:Bad

High:Good

Low:Good

High:Bad


24

HIPPEROS DO-178

MCDC Testing

DO-178 Definition:

“Every decision has taken all possible outcomes at least once,

and every condition in a decision is shown to independently affect

that decision’s outcome.”

A condition independently affects a decision’s outcome

if that condition alone affects the outcome


25

HIPPEROS DO-178Time Partitioning

Time partitioning = deterministic scheduling and execution

Must provide execution overrun detection

No variability in scheduler

Bounded computation time for all system calls

Prevent usage of system calls which cannot guarantee

No dynamic data structures

Memory allocation only at system startupPrevent usage of semaphores (blocking and synchronization issues)

Hipperos contraintes du logiciel embarqué et la certification

Technology

hipperos customers

hardware confidential

embedded platforms

smart monitoring

kernel design

satellite platforms

collision avoidance

optimal control