The LynxOS®-178 2.0 RTOS is the first and only hard real-time DO-178B level A-certifiable operating system to offer the interoperability benefits of POSIX® along with support for the ARINC 653 APplication EXecutive (APEX).
LynxOS-178 is based on open standards and is designed specifically to fulfill the stringent needs of multithread and multiprocess applications in safety-critical systems.
Time and space partitioning for fault containment
Security is achieved through Virtual Machine (VM) brick-wall partitions which make it impossible for system events in one partition to interfere with events in another. It’s as if each partition were its own separate computer.
Memory and resources are never shared between the partitions in a system, and an ARINC 653-based scheduling algorithm ensures that the system is deterministically safe by providing each partition with fixed cycles of execution time.
What’s more, DO-255-compliant system partitioning allows real-time applications of various DO-178B criticality levels to be securely executed concurrently in different partitions on the same processor, according to the needs of each individual project. And for additional flexibility and security, file systems in DRAM, Flash, and USB devices can be mounted read-write or read-only.
Secure multithread, multiprocess applications
Of course, communications in safety-critical systems need to be just as secure and flawless as the operating system. Here too, LynxOS-178 delivers, as it teams up with the Lynx Certifiable Stack (LCS) — the only DO-178B certifiable standalone TCP/IP stack.
Companies seeking a proven, low-risk path to DO-178B or EUROCAE/ED-12B certification can leverage LynxOS-178 and save years of costly effort. LynxOS-178 fully satisfies, right out of the box, the DO-178B level A requirement that every line of software in the system be verified with Modified Condition/Decision Coverage (MCDC).
Without LynxOS-178, testing of complex code could quickly add up to millions of dollars.
More than an operating system
LynxOS-178 provides previously certified software and artifacts that allow developers to speed safety-critical systems to market. LynxOS-178 software provides full DO-178B traceability through requirements, design code, test and test results.
LynxOS-178 saves more money by allowing the use of dynamic device drivers and applications that are not linked to the operating system. DO-178B can require that an entire operating system be recertified if modifications to it occur, but LynxOS-178 is here to help cut expenses and move projects forward.
But LynxOS-178 isn’t just an operating system. It’s a full-fledged development environment with an IDE and the right tools for debugging and fine-tuning the performance of safety-critical systems. And it’s a complete package that includes full customer support and DO-178B consulting services from the specialists at LynuxWorks.
Open standards open the market
At the core of the LynxOS-178 operating system is LynxOS, a mature UNIX®-style operating system (born 1988) that was designed from the start for hard real-time determinism. LynxOS and LynxOS-178 have been deployed in millions of safety-critical applications worldwide, including multiple military and aerospace systems certified to DO-178B, up to level A.
With the release of LynxOS-178 2.0, LynuxWorks reaffirms its longstanding support of open standards by offering a powerful combination of POSIX and ARINC 653 compliance that was previously unavailable in the avionics industry. Open standards promote application portability, software reuse and system interoperability, and this translates into time-to-market and investment-protection benefits for developers.
For further programmer efficiency and integration with readily available software, LynxOS-178 supports communications based on the TCP/IP de facto standard through the use of the Lynx Certifiable Stack DO-178B-certifiable protocol stack.
ARINC 653 safety-critical space and time partitioning
Conformance to ARINC 653 partitioning and scheduling is increasingly required in safety-critical avionics systems.
Each ARINC 653 partition supports full-fledged multithread, multiprocess applications. The application executive (APEX) manages system execution by alloting a dedicated time slice to each partition.
LynxOS-178 conforms to the ARINC 653-1 APEX interface and provides the following mandated system service groups:
- Partition management
- Process management
- Time management
- Interpartition communications (sampling ports and queueing ports)
- Intrapartition communications (buffers, blackboards, semaphores and events)
- Health monitoring
Full POSIX conformance
The POSIX standard was developed by the Institute of Electrical and Electronics Engineers (IEEE) and is maintained by The Open Group. POSIX is recognized by the International Organization for Standardization (ISO) and American National Standards Institute (ANSI).
POSIX conformance assures code portability between systems and is increasingly mandated for commercial applications and government contracts. POSIX is the native LynxOS interface, and POSIX calls are not an optional add-on library for the operating system.
The need for DO-178B certification
The military and aerospace industry mandates rigorous technical and process requirements for safety-critical computing. In the U.S., these are expressed in the Radio Technical Commission for Aeronautics (RTCA) DO-178B standard for the production of software for airborne systems. In Europe, the analogous standard is EUROCAE/ED-12B.
Until the formidable specifications of these standards are met, safety-critical systems literally can’t get off the ground. DO-178B certification is an expensive fact of life for companies engaged in aeronautics and safety-critical projects in areas such as nuclear, medical and communications.
DO-178B includes such requirements as:
- partitioning so that independent components are isolated to contain faults
- rigorous software analysis and testing
- safety monitoring of functions that could conceivably contribute to failures in a safety-critical system
DO-178B processes and objectives must be auditable and traceable with documented artifacts of the software development and maintenance process. The process is highly time- and labor-intensive, and is so meticulous that vendors may experience an output of just 125 lines of code per man-month.
LynxOS-178 2.0 — the smart choice
Certification of software to DO-178B and EUROCAE/ED-12B has traditionally demanded multiple man-years of effort, resulting in considerable costs and time-to-market penalties.
But now, LynxOS-178 enables companies to mitigate this risk. LynxOS-178 provides a known-certifiable package at a predictable cost, potentially saving thousands of man-hours and tens of millions of valuable dollars over the course of a certification project. Developers can now bring their safety-critical products to market faster than ever by leveraging software and artifacts that have been previously certified.
Once again, LynuxWorks leads the industry, as LynxOS-178 ushers in a new era of security and productivity for safety-critical system development.