Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Confidential © HIPPEROS 2015
1
Developping An Avionics Certifiable RTOS
Skywin Meets ICT, Apr 26th 2015
Ben Rodriguez, CEO...
Confidential © HIPPEROS 2015
2
Company
Spin-off of ULB, incubated by WSL since March 2013
Supported by the ESA BIC Progr...
Confidential © HIPPEROS 2015
3
Mission
Embedded Software Solutions Provider
specialized in Real-Time Operating Systems
for...
Confidential © HIPPEROS 2015
4
Challenges
Next Generation Embedded Systems need
High Reliability, Security, Performance &
...
Confidential © HIPPEROS 2015
5
The Solution is HIPPEROS
High Performance Parallel Embedded Real-time Operating
Systems
Mul...
Confidential © HIPPEROS 2015
6
History
Real-Time
Embedded
Footprint
Weight
Latency
Power
Heat
Failsafe
Methodology
&
Conce...
Confidential © HIPPEROS 2015
7
Sample Applications
Some sample applications based on ongoing projects:
Autonomous mobile ...
Confidential © HIPPEROS 2015
8
Products, Services & Core Competences
HIPPEROS Product Family
 RTOS design and developmen...
Confidential © HIPPEROS 2015
9
HIPPEROS Customers, Partners & Network
Confidential © HIPPEROS 2015
10
HIPPEROS Unique Combination of Features
 Certifiable & Compliance to Industrial Norms & L...
Confidential © HIPPEROS 2015
11
Reliability
 Optimization of OS code layout
 Two-tiered ISR system
 Avoidance of cache ...
Confidential © HIPPEROS 2015
12
Constraints
HIPPEROS can be configured using the OMETRIS off-line multi-
criteria tool to ...
Confidential © HIPPEROS 2015
13
HIPPEROS Multiple Criticality
HIPPEROS can combine tasks of different criticalities withou...
Confidential © HIPPEROS 2015
14
HIPPEROS Software Development
Process
Principles:
 Apply and reuse proven professional ex...
Confidential © HIPPEROS 2015
15
HIPPEROS Target Metrics & Development
Code Metrics
 Total kernel system size ~20000 ELOC,...
Confidential © HIPPEROS 2015
16
HIPPEROS DO-178
RTCA DO-178
Software Considerations
In Airborne Systems
And
Equipment Cert...
Confidential © HIPPEROS 2015
17
HIPPEROS DO-178
Current
Company
Processes
DO-178/
DO-254
Processes
Overlap
Confidential © HIPPEROS 2015
18
HIPPEROS DO-178
DO-178 & DO-254: principle Pyramid
Adherence to five key processes
Impleme...
Confidential © HIPPEROS 2015
19
HIPPEROS DO-178
Three Key Processes
1. Planning Process
2. Development Process
3. Correctn...
Confidential © HIPPEROS 2015
20
HIPPEROS DO-178
Safety Assessement Concepts
 Establish system criticality level
 Catastr...
Confidential © HIPPEROS 2015
21
HIPPEROS DO-178
Detailed Planning
Plans must precede development
Plans must address ever...
Confidential © HIPPEROS 2015
22
HIPPEROS DO-178
Quality Assurance (QA)
 Addresses role of QA throughout process
 Ensures...
Confidential © HIPPEROS 2015
23
HIPPEROS DO-178
Design Coupling and Cohesion
(Like Good and Bad Cholesterol)
Cohesion (Goo...
Confidential © HIPPEROS 2015
24
HIPPEROS DO-178
MCDC Testing
DO-178 Definition:
“Every decision has taken all possible out...
Confidential © HIPPEROS 2015
25
HIPPEROS DO-178
Time Partitioning
 Time partitioning = deterministic scheduling and execu...
Upcoming SlideShare
Loading in …5
×

Hipperos contraintes du logiciel embarqué et la certification

500 views

Published on

-

Published in: Technology
  • Be the first to comment

Hipperos contraintes du logiciel embarqué et la certification

  1. 1. Confidential © HIPPEROS 2015 1 Developping An Avionics Certifiable RTOS Skywin Meets ICT, Apr 26th 2015 Ben Rodriguez, CEO brodriguez@hipperos.com www.hipperos.com High Performance Parallel Embedded Real-time Operating Systems
  2. 2. Confidential © HIPPEROS 2015 2 Company Spin-off of ULB, incubated by WSL since March 2013 Supported by the ESA BIC Program Member of several RW clusters and poles (Infopole, Wallonie Espace) HIPPEROS S.A. founded in January 2014 Located in iTech-incubator @ Gosselies (Belgium) Team of 5 associates and external R&D team. HIPPEROS S.A. combines 20+ years of R&D results.
  3. 3. Confidential © HIPPEROS 2015 3 Mission Embedded Software Solutions Provider specialized in Real-Time Operating Systems for Critical Applications “Help Industries make Reliable, Secure, Safe & Efficient Embedded Systems, in less time & at lower cost by using Innovative RTOS Solutions”
  4. 4. Confidential © HIPPEROS 2015 4 Challenges Next Generation Embedded Systems need High Reliability, Security, Performance & Intelligence  Smart systems, smart monitoring, IoT, autonomous robots, …  AI, auto pilots, image recognition, collision avoidance, …  Optimal control, faster reactions, constraints satisfaction, …  Power optimization, fault tolerance, less hardware …
  5. 5. Confidential © HIPPEROS 2015 5 The Solution is HIPPEROS High Performance Parallel Embedded Real-time Operating Systems Multicore RTOS Real-Time Operating System = =+ + Reliability Real-Time Performance  Reliability and Safety  Hard Real Time & Optimized Performance  Multicore Scalability Years of R&D in Kernel Design, IPC, Scheduling, … to create the RTOS designed for multicore platforms
  6. 6. Confidential © HIPPEROS 2015 6 History Real-Time Embedded Footprint Weight Latency Power Heat Failsafe Methodology & Concepts Requirements & Constraints HIPPEROS derives from Space Technologies… … with many Space and Earth Applications. TRL DAL V&V ECSS SIL AS 9100 ISO 9000 D0178 HIPPEROS and Aerospace
  7. 7. Confidential © HIPPEROS 2015 7 Sample Applications Some sample applications based on ongoing projects: Autonomous mobile robot with collision avoidance, autopilot for survey and monitoring in industrial installations Real-time image recognition of persons for security application with detection of intruders Automated control and monitoring for an industrial high speed drilling machine for mining Software based power control system for satellite platforms based on multicore microcontroller Power optimization of sensor systems in isolated areas
  8. 8. Confidential © HIPPEROS 2015 8 Products, Services & Core Competences HIPPEROS Product Family  RTOS design and development  Embedded & real-time software development  Design, validation, simulation & optimization  Software quality, certification & compliance  Problem solving, training, support, …
  9. 9. Confidential © HIPPEROS 2015 9 HIPPEROS Customers, Partners & Network
  10. 10. Confidential © HIPPEROS 2015 10 HIPPEROS Unique Combination of Features  Certifiable & Compliance to Industrial Norms & Legacy  Efficient Multicore OS Parallelism to optimize hardware usage  Efficient 100% Reliable Hard Real-Time Utilization Limit  Fault Tolerance  Power & Thermal Optimization  Secured  Configurable Certification & Compliance Efficient Multicore Parallelism Safe High Utilization Fault Tolerance Power & Thermal Optimization Configurabl e Security Drivers & Platforms  Co-Designed for Embedded Platforms under Constraints  Independent EU Technology, Free of ITAR Limitations
  11. 11. Confidential © HIPPEROS 2015 11 Reliability  Optimization of OS code layout  Two-tiered ISR system  Avoidance of cache misses  Avoidance context switches  Avoidance of migrations  Avoidance of preemptions  Fault tolerance, replication / redundance  Watchdogs, task recovery, self-healing  Strict memory protection & stack size controls
  12. 12. Confidential © HIPPEROS 2015 12 Constraints HIPPEROS can be configured using the OMETRIS off-line multi- criteria tool to cope with constraints/issues such as:  Size  Weight  Performance  Footprint  Low power  Thermal issues  Criticality / Robustness  Security  Isolation  Fast boot
  13. 13. Confidential © HIPPEROS 2015 13 HIPPEROS Multiple Criticality HIPPEROS can combine tasks of different criticalities without losing the advantage of the multicore platform. The HIPPEROS kernel acts has a thin layer hypervisor for a non RT OS (eg linux). Non RT Tasks Non RT MW Host OS (Linux) HIPPEROS RTOS RT MW RT Tasks HIPPEROS ThinVisor
  14. 14. Confidential © HIPPEROS 2015 14 HIPPEROS Software Development Process Principles:  Apply and reuse proven professional experiences  Software development methods, tools and practices  Follow accepted norms and standards Software Production Process  Software Development Team Management  Maturity of CMMI Process with Agile Methodology  Software Life Cycle Management (IEC 12207)  Software Quality Methodology (SQUALE)  Software Project Management Tool (Polarion)  Software Quality Assessment Tool (Parasoft)  Integrated Development Environment (Eclipse)  Version Control, Compliance, Coverage, Tests & Traceability Phased HIPPEROS Development Roadmap
  15. 15. Confidential © HIPPEROS 2015 15 HIPPEROS Target Metrics & Development Code Metrics  Total kernel system size ~20000 ELOC, smallest configuration 5k ELOC  Configurations binary code size 5kB ~10kB  Functional cyclomatic complexity maximum < 9 Code Quality  Adherence to MISRA C Rules  Strict SQALE Code Quality & Technology Debt Indexes Development Reach TRL 5 by end 2013, then climb to TRL >=8  Eclipse IDE with Test and QC tools (coverage, CC, etc)  Using KEIL, LLVM or gcc with strict check flags  Software Development Team Management  Combine Maturity of V-Process with Scrum Agile Methodology  Software Life Cycle Management (IEC 12207)
  16. 16. Confidential © HIPPEROS 2015 16 HIPPEROS DO-178 RTCA DO-178 Software Considerations In Airborne Systems And Equipment Certification
  17. 17. Confidential © HIPPEROS 2015 17 HIPPEROS DO-178 Current Company Processes DO-178/ DO-254 Processes Overlap
  18. 18. Confidential © HIPPEROS 2015 18 HIPPEROS DO-178 DO-178 & DO-254: principle Pyramid Adherence to five key processes Implementation follows plan Consistency Determinism Documentation Guilty until proven innocent; prove your innocence Reviews Proving adherence to D)-178 Traceability
  19. 19. Confidential © HIPPEROS 2015 19 HIPPEROS DO-178 Three Key Processes 1. Planning Process 2. Development Process 3. Correctness Process
  20. 20. Confidential © HIPPEROS 2015 20 HIPPEROS DO-178 Safety Assessement Concepts  Establish system criticality level  Catastrophic, hazardous, major, minor  Determine design assurance Level (A, B, C, D, E)  Iterate the process to contribute to architectural definition  Use architectural definition to mitigate design assurance level  Safety flows from function(s) provided  Failure, potential failure, of function assessed at all levels of hierarchical abstraction
  21. 21. Confidential © HIPPEROS 2015 21 HIPPEROS DO-178 Detailed Planning Plans must precede development Plans must address every aspect of DO-178 Must provide proof that plans are followed Plans address what, when, and who … and a small amount of how Plans are typically written, accepted and followed by QA, and approved by a DER
  22. 22. Confidential © HIPPEROS 2015 22 HIPPEROS DO-178 Quality Assurance (QA)  Addresses role of QA throughout process  Ensures that all plans are coordinated and integral part of process, and are followed  Ensures that transition criteria are adhered to  Addresses conformity reviews and inspections  Provides guidance and timelines for audit/reviews by QA (including the checklists)
  23. 23. Confidential © HIPPEROS 2015 23 HIPPEROS DO-178 Design Coupling and Cohesion (Like Good and Bad Cholesterol) Cohesion (Good): the degree to which functions within a module are related to each other Coupling (Bad): the degree to which function’s interaction may result in unintended side effect Low: Bad High: Good Low: Good High: Bad
  24. 24. Confidential © HIPPEROS 2015 24 HIPPEROS DO-178 MCDC Testing DO-178 Definition: “Every decision has taken all possible outcomes at least once, and every condition in a decision is shown to independently affect that decision’s outcome.” A condition independently affects a decision’s outcome if that condition alone affects the outcome
  25. 25. Confidential © HIPPEROS 2015 25 HIPPEROS DO-178 Time Partitioning  Time partitioning = deterministic scheduling and execution  Must provide execution overrun detection  No variability in scheduler  Bounded computation time for all system calls Prevent usage of system calls which cannot guarantee No dynamic data structures Memory allocation only at system startup Prevent usage of semaphores (blocking and synchronization issues)

×