Juan Zamorano and Juan Antonio de la Puente, Universidad Politécnica de Madrid (UPM), and Alfons Crespo, Universidad Politécnica de Valencia (UPV)

This paper describes the porting of ORK [4] to the hypervisor XtratuM [3] to build up an open source ARINC 653 platform [1] for avionics systems. The Integrated Modular Avionics (IMA) architecture requires a specialized operating system layer that provides temporal and spatial isolation between partitions. The ARINC 653 standard defines an architecture and an applications program interface (API) for such an operating system or application executive (APEX), in ARINC terms.

Temporal isolation is provided by using a two-level scheduling scheme. A partition scheduler allocates processor time to partitions according to a static cyclic schedule, where each partition runs in turn for the duration of a fixed slice of time (cf. figure 1). The ARINC global scheduler is a variant of a static cyclic executive, while the local schedulers are prioritybased. Spatial isolation between partitions is provided by implementing a separate address space for each partition, in a similar way as process address spaces are protected from each other in conventional operating systems. There are diverse ARINC 653 implementations available from multiple vendors, and the standard has been successfully used in a number of commercial and military avionics systems. However, there was not an open source ARINC 653 platform available.

ORK [2] is an open-source real-time kernel which provides full conformance with the Ravenscar tasking profile on embedded computers. The kernel has a reduced size and complexity, and has been carefully designed to allow the building of reliable software for embedded applications. This kernel is integrated in a cross-compilation system based on GNAT, supporting the subset of Ada tasking which is allowed by the Ravenscar profile in an efficient and compact way. ORK includes support for the new Ada 2005 timing features, such as execution time clocks and timers. XtratuM is an open-source hypervisor specially designed for real-time embedded systems. The hypervisor provides a framework to run several operating systems (or real-time executives) in a robust partitioned environment. XtratuMprovides strong temporal isolation and spatial isolation with a standard ARINC 653-1 API.

In this way, the combination of both tools provides an IMA platform that allows different criticality applications to share the same computer board. Those applications can be developed in an independent way and the ARINC 653 platform provides at run-time their corresponding time slots and memory in a safe and secure way.

[1] ARINC. Avionics Application Software Standard Interface — ARINC Specification 653-1, October 2003.

[2] Juan A. de la Puente, José F. Ruiz, and Juan Zamorano. An open Ravenscar real-time kernel for GNAT. In Hubert B. Keller and Erhard Plödereder, editors, Reliable Software Technologies — Ada-Europe 2000, number 1845 in LNCS, pages 5-15. Springer-Verlag, 2000.

[3] Miguel Masmano, Ismael Ripoll, Alfons Crespo, and Jean-Jacques Metge. Xtratum: a hypervisor for safety critical embedded systems. In 11^th Real-Time Linux Workshop, Dresden, Germany, 2009.

[4] Santiago Urueña, José Antonio Pulido, José Redondo, and Juan Zamorano. Implementing the new Ada 2005 real-time features on a bare board kernel. Ada Letters, XXVII(2):61-66, August 2007. Proceedings of the 13^th International Real-Time Ada Workshop (IRTAW 2007).