The Challenge of running Applications with different Criticality Levels

In many areas of Safety-critical applications, multiple independent applications are executed in a common machine. Besides helping to reduce hardware complexity (thus increasing its reliability) this also reduces cost. However, such a configuration creates new potential for problems: Without special precautions, the programs are able to disturb each other, so each of them has to trust all others to behave correctly. Any program is able to cause a malfunction of any other program. Thus, if the functions have different criticality levels, the highest of those levels now implicitly applies to all software in the system.

Modern Safety-critical systems often require applications with different levels of criticality to run on the same hardware platform — to reduce complexity, save costs, and improve maintainability.

PikeOS enables this by combining real-time virtualization with strong resource partitioning, allowing applications to operate independently and securely, even when consolidated. Each guest OS runs in its own isolated virtual machine with dedicated spatial and temporal resources, supporting independent certification for each partition.

This makes it possible to safely combine legacy software like Linux with Safety-critical components, while preserving hard real-time behavior. Unlike general-purpose virtualization platforms, PikeOS is purpose-built for embedded and certifiable environments, minimizing the trusted code base and making it ideal for projects requiring compliance with strict Safety standards.

More on Safety Certification

One example of resource partitioning and virtualization in Safety-critical systems is the use of PikeOS by Airbus for their next generation aircraft. Airbus is using PikeOS for certified equipment to be deployed on the A350 XWB aircraft.

Among the many requirements related to this new Airbus architecture, the following were particularly important:

• a multi-partitioned system that provides POSIX as one of the main requirements
• the ability to develop certifiably safe software while also allowing high flexibility including the reuse of existing code
• the possibility to easily build upon the existing technology to provide a secure storage device and network connection access
• a flexible platform that allows interactive display functionality

The two key aspects of PikeOS architecture that enable mixed certification platforms are resource partitioning and virtualization. PikeOS partitions resources both spatially and temporally. Spatial partitioning provides separate resource pools for user memory and kernel memory. Temporal partitioning ensures deterministic access of a program to processor time.

Strict partitioning is what enables each application to have its own level of criticality and certifiability, without impact from other partitions.

More and more industry sectors are concerned by providing the necessary level of Safety for the equipments they propose to their customers. Some industries require an official approval from independent authorities according to international standards. This requirement translates into a special process called certification.

When an entire equipment is certified, evidence must be provided to the certification authority. Those evidences concern both hardware and software parts. As such, PikeOS is required to provide the same documents, source code and other test results as any other software component for the certified system.

Overview of our Certification Kits