hipperos contraintes du logiciel embarqué et la certification
TRANSCRIPT
Confidential © HIPPEROS 2015
1
Developping An Avionics Certifiable RTOS
Skywin Meets ICT, Apr 26th 2015
Ben Rodriguez, [email protected]
www.hipperos.com
High Performance Parallel Embedded Real-time Operating Systems
Confidential © HIPPEROS 2015
2
Company
Spin-off of ULB, incubated by WSL since March 2013
Supported by the ESA BIC Program
Member of several RW clusters and poles(Infopole, Wallonie Espace)
HIPPEROS S.A. founded in January 2014Located in iTech-incubator @ Gosselies (Belgium)
Team of 5 associates and external R&D team.
HIPPEROS S.A. combines 20+ years of R&D results.
Confidential © HIPPEROS 2015
3
Mission
Embedded Software Solutions Providerspecialized in Real-Time Operating Systems
for Critical Applications
“Help Industries makeReliable, Secure, Safe & Efficient
Embedded Systems,in less time & at lower cost
by using Innovative RTOS Solutions”
Confidential © HIPPEROS 2015
4
Challenges
Next Generation Embedded Systems needHigh Reliability, Security, Performance &
Intelligence
Smart systems, smart monitoring, IoT, autonomous robots, …
AI, auto pilots, image recognition, collision avoidance, …
Optimal control, faster reactions, constraints satisfaction, …
Power optimization, fault tolerance, less hardware …
Confidential © HIPPEROS 2015
5
The Solution is HIPPEROS
High Performance Parallel Embedded Real-time Operating Systems
Multicore
RTOSReal-Time Operating
System
= =+ +
Reliability Real-Time Performance
Reliability and Safety Hard Real Time & Optimized Performance
Multicore Scalability
Years of R&D in Kernel Design, IPC, Scheduling, …to create the RTOS designed for multicore platforms
Confidential © HIPPEROS 2015
6
History
Real-TimeEmbeddedFootprintWeightLatencyPowerHeat
Failsafe
Methodology&
Concepts
Requirements&
Constraints
HIPPEROS derives from Space Technologies…
… with many Space and Earth Applications.
TRLDALV&VECSSSIL
AS 9100ISO 9000D0178
HIPPEROS and Aerospace
Confidential © HIPPEROS 2015
7
Sample Applications
Some sample applications based on ongoing projects:
Autonomous mobile robot with collision avoidance, autopilot for survey and monitoring in industrial installations
Real-time image recognition of persons for security application with detection of intruders
Automated control and monitoring for an industrial high speed drilling machine for mining
Software based power control system for satellite platforms based on multicore microcontroller
Power optimization of sensor systems in isolated areas
Confidential © HIPPEROS 2015
8
Products, Services & Core Competences
HIPPEROS Product Family
RTOS design and development
Embedded & real-time software development
Design, validation, simulation & optimization
Software quality, certification & compliance
Problem solving, training, support, …
Confidential © HIPPEROS 2015
9
HIPPEROS Customers, Partners & Network
Confidential © HIPPEROS 2015
10
HIPPEROS Unique Combination of Features
Certifiable & Compliance to Industrial Norms & Legacy Efficient Multicore OS Parallelism to optimize hardware usage
Efficient 100% Reliable Hard Real-Time Utilization Limit Fault Tolerance
Power & Thermal Optimization Secured
Configurable
Certification &
Complianc
e
EfficientMulticore Parallelism
Safe High Utilization
Fault Tolerance
Power & Thermal
Optimization
Configurable Security Drivers &
Platforms
Co-Designed for Embedded Platforms under Constraints Independent EU Technology, Free of ITAR Limitations
Confidential © HIPPEROS 2015
11
Reliability
Optimization of OS code layout Two-tiered ISR system
Avoidance of cache misses Avoidance context switches
Avoidance of migrations Avoidance of preemptions
Fault tolerance, replication / redundance Watchdogs, task recovery, self-healing
Strict memory protection & stack size controls
Confidential © HIPPEROS 2015
12
ConstraintsHIPPEROS can be configured using the OMETRIS off-line
multi-criteria tool to cope with constraints/issues such as:
Size Weight
Performance Footprint
Low power Thermal issues
Criticality / Robustness Security Isolation Fast boot
Confidential © HIPPEROS 2015
13
HIPPEROS Multiple Criticality
HIPPEROS can combine tasks of different criticalities without losing the advantage of the multicore platform. The HIPPEROS kernel acts has a thin layer hypervisor for
a non RT OS (eg linux).
Non RT Tasks
Non RT MW
Host OS(Linux)
HIPPEROSRTOS
RT MW
RT Tasks
HIPPEROS ThinVisor
Confidential © HIPPEROS 2015
14
HIPPEROS Software Development Process
Principles: Apply and reuse proven professional experiences
Software development methods, tools and practices Follow accepted norms and standards
Software Production Process Software Development Team Management
Maturity of CMMI Process with Agile Methodology Software Life Cycle Management (IEC 12207)
Software Quality Methodology (SQUALE)
Software Project Management Tool (Polarion) Software Quality Assessment Tool (Parasoft)
Integrated Development Environment (Eclipse) Version Control, Compliance, Coverage, Tests & Traceability
Phased HIPPEROS Development Roadmap
Confidential © HIPPEROS 2015
15
HIPPEROS Target Metrics & Development
Code Metrics Total kernel system size ~20000 ELOC, smallest configuration 5k
ELOC Configurations binary code size 5kB ~10kB
Functional cyclomatic complexity maximum < 9
Code Quality Adherence to MISRA C Rules
Strict SQALE Code Quality & Technology Debt Indexes
DevelopmentReach TRL 5 by end 2013, then climb to TRL >=8
Eclipse IDE with Test and QC tools (coverage, CC, etc) Using KEIL, LLVM or gcc with strict check flags
Software Development Team Management Combine Maturity of V-Process with Scrum Agile Methodology
Software Life Cycle Management (IEC 12207)
Confidential © HIPPEROS 2015
16
HIPPEROS DO-178
RTCA DO-178
Software Considerations
In Airborne Systems
And
Equipment Certification
Confidential © HIPPEROS 2015
17
HIPPEROS DO-178
Current Company Processes
DO-178/DO-254
Processes
Overlap
Confidential © HIPPEROS 2015
18
HIPPEROS DO-178
DO-178 & DO-254: principle Pyramid
Adherence to five key processesImplementation follows plan
ConsistencyDeterminism
DocumentationGuilty until proven innocent; prove your innocence
ReviewsProving adherence to D)-178
Traceability
Confidential © HIPPEROS 2015
19
HIPPEROS DO-178
Three Key Processes
1. Planning Process
2. Development Process
3. Correctness Process
Confidential © HIPPEROS 2015
20
HIPPEROS DO-178
Safety Assessement Concepts
Establish system criticality level
Catastrophic, hazardous, major, minor
Determine design assurance Level (A, B, C, D, E)
Iterate the process to contribute to architectural definition
Use architectural definition to mitigate design assurance level
Safety flows from function(s) provided
Failure, potential failure, of function assessed at all levels of
hierarchical abstraction
Confidential © HIPPEROS 2015
21
HIPPEROS DO-178
Detailed Planning
Plans must precede development
Plans must address every aspect of DO-178
Must provide proof that plans are followed
Plans address what, when, and who … and a small amount of how
Plans are typically written, accepted and followed by QA, and
approved by a DER
Confidential © HIPPEROS 2015
22
HIPPEROS DO-178
Quality Assurance (QA)
Addresses role of QA throughout process
Ensures that all plans are coordinated and integral part of process, and are followed
Ensures that transition criteria are adhered to
Addresses conformity reviews and inspections
Provides guidance and timelines for audit/reviews by QA (including the checklists)
Confidential © HIPPEROS 2015
23
HIPPEROS DO-178
Design Coupling and Cohesion(Like Good and Bad Cholesterol)
Cohesion (Good): the degree to which functions within a module are related to each other
Coupling (Bad): the degree to which function’s interaction may result in unintended side effect
Low:Bad
High:Good
Low:Good
High:Bad
Confidential © HIPPEROS 2015
24
HIPPEROS DO-178
MCDC Testing
DO-178 Definition:
“Every decision has taken all possible outcomes at least once,
and every condition in a decision is shown to independently affect
that decision’s outcome.”
A condition independently affects a decision’s outcome
if that condition alone affects the outcome
Confidential © HIPPEROS 2015
25
HIPPEROS DO-178Time Partitioning
Time partitioning = deterministic scheduling and execution
Must provide execution overrun detection
No variability in scheduler
Bounded computation time for all system calls
Prevent usage of system calls which cannot guarantee
No dynamic data structures
Memory allocation only at system startupPrevent usage of semaphores (blocking and synchronization issues)