Product Information

LynxOS-178 2.0 Certifiable RTOS for safety-critical computing

LynxOS-178 ushers in a new era of -178 security and productivity for ● Low risk—known DO-178B level A safety-critical system development certifiable, real-time operating sys- tem package at a known cost

● Reduced costs—eliminates man- years of effort and significantly The LynxOS®-178 2.0 RTOS is the first ing algorithm ensures that the system is lowers overall cost of certification and only hard real-time DO-178B level A- deterministically safe by providing each certifiable to offer the partition with fixed cycles of execution ● High value—most robust feature interoperability benefits of POSIX® along time. set of any DO-178B certifiable OS enables rapid time-to-market with support for the ARINC 653 What's more, DO-255-compliant system APplication EXecutive (APEX). ● POSIX conformance—the only DO- partitioning allows real-time applications 178B-certifiable RTOS available LynxOS-178 is based on open standards of various DO-178B criticality levels to be today for safety-critical systems and is designed specifically to fulfill the securely executed concurrently in differ- with POSIX conformance stringent needs of multithread and multi- ent partitions on the same processor, ● Support for ARINC 653—ensures process applications in safety-critical sys- according to the needs of each individual application portability, software tems. project. And for additional flexibility and reuse and interoperability between embedded systems security, file systems in DRAM, Flash, and USB devices can be mounted read-write Time and space partitioning for or read-only. fault containment

Security is achieved through Virtual Secure multithread, multiprocess Machine (VM) brick-wall partitions which applications Companies seeking a proven, low-risk path make it impossible for system events in Of course, communications in safety-criti- to DO-178B or EUROCAE/ED-12B certifica- one partition to interfere with events in cal systems need to be just as secure and tion can leverage LynxOS-178 and save years another. It's as if each partition were its flawless as the operating system. Here too, of costly effort. LynxOS-178 fully satisfies, own separate computer. LynxOS-178 delivers, as it teams up with right out of the box, the DO-178B level A requirement that every line of software in Memory and resources are never shared the Certifiable Stack (LCS)—the only the system be verified with Modified between the partitions in a LynxOS-178 DO-178B certifiable standalone COTS Condition/Decision Coverage (MCDC). system, and an ARINC 653-based schedul- TCP/IP stack. Without LynxOS-178, testing complex code Open standards open the market ARINC 653 space and time parti- could quickly add up to millions of dollars. tioning At the core of the LynxOS-178 operating system is LynxOS, a mature ®-style Conformance to ARINC 653 partitioning More than an operating system operating system (born 1988) that was and scheduling is increasingly required in designed from the start for hard real-time safety-critical avionics systems. LynxOS-178 provides previously certified determinism. LynxOS and LynxOS-178 software and artifacts that allow develop- Each ARINC 653 partition supports full- have been deployed in millions of safety- ers to speed safety-critical systems to mar- fledged multithread, multiprocess applica- critical applications worldwide, including ket. LynxOS-178 software provides full tions. The application executive (APEX) multiple military and aerospace systems DO-178B traceability through require- manages system execution by alloting a certified to DO-178B, up to level A. ments, design code, test and test results. dedicated time slice to each partition. With the release of LynxOS-178 2.0, LynxOS-178 saves more money by allow- LynxOS-178 conforms to the ARINC 653-1 LynuxWorks reaffirms its longstanding ing the use of dynamic device drivers and APEX interface and provides the following support of open standards by offering a applications that are not linked to the mandated system service groups: powerful combination of POSIX and ARINC operating system. DO-178B can require 653 compliance that was previously ● Partition management that an entire operating system be recerti- unavailable in the avionics industry. Open ● Process management fied if modifications to it occur, but standards promote application portability, ● Time management LynxOS-178 is here to help cut expenses software reuse and system interoperability, ● Interpartition communications and move projects forward. and this translates into time-to-market and (sampling ports and queueing ports) But LynxOS-178 isn't just an operating sys- investment-protection benefits for develop- ● Intrapartition communications tem. It's a full-fledged development envi- ers. (buffers, blackboards, semaphores and ronment with an IDE and the right tools events) For further programmer efficiency and for debugging and fine-tuning the per- ● Health monitoring integration with readily available software, formance of safety-critical systems. And LynxOS-178 supports communications it's a complete package that includes full based on the TCP/IP de facto standard Full POSIX conformance customer support and DO-178B consult- through the use of the Lynx Certifiable ing services from the specialists at Stack, our COTS DO-178B-certifiable pro- The POSIX standard was developed by the LynuxWorks. tocol stack. Institute of Electrical and Electronics Engineers (IEEE) and is maintained by The Open Group. POSIX is recognized by the International Organization for Standardization (ISO) and American DO-178B DO-178B DO-178B National Standards Institute (ANSI). LEVEL A LEVEL C LEVEL A APPLICATION APPLICATION APPLICATION DO-255-compliant system partitioning allows real-time applications of various POSIX conformance assures code porta- PARTITION 1 PARTITION 2 PARTITION n DO-178B criticality levels can be secure- bility between systems and is increasingly SYSTEM PARTITIONS ly executed concurrently in different mandated for commercial applications partitions on the same processor, and government contracts. POSIX is the according to the needs of each individ- native LynxOS interface, and POSIX calls -178 ual project. are not an optional add-on library for the

EMBEDDED HARDWARE operating system. DO-178B certification DO-178B includes such requirements as: LynxOS-178 2.0–the smart choice

The military and aerospace industry man- ● Partitioning so that independent compo- Certification of software to DO-178B and dates rigorous technical and process nents are isolated to contain faults EUROCAE/ED-12B has traditionally requirements for safety-critical computing. ● Rigorous software analysis and testing demanded multiple man-years of effort, In the U.S., these are expressed in the ● Safety monitoring of functions that could resulting in considerable costs and time- Radio Technical Commission for conceivably contribute to failures in a to-market penalties. Aeronautics (RTCA) DO-178B standard for safety-critical system But now, LynxOS-178 enables companies the production of software for airborne DO-178B processes and objectives must be to mitigate this risk. LynxOS-178 provides a systems. In Europe, the analogous stan- auditable and traceable with documented known-certifiable package at a predictable dard is EUROCAE/ED-12B. artifacts of the software development and cost, potentially saving thousands of man- Until the formidable specifications of these maintenance process. The process is high- hours and tens of millions of valuable dol- standards are met, safety-critical systems ly time- and labor-intensive, and is so lars over the course of a certification proj- literally can't get off the ground. DO-178B meticulous that vendors may experience an ect. Developers can now bring their safety- certification is an expensive fact of life for output of just 125 lines of code per man- critical products to market faster than ever companies engaged in aeronautics and month. by leveraging software and artifacts that safety-critical projects in areas such as have been previously certified. nuclear, medical and communications. Once again, LynuxWorks leads the industry, as LynxOS-178 ushers in a new era of security and productivity for safety-critical system development. -178

Aerial refueling and airlift—the essential tanker comes of age

The U.S. Air Force's decision to update its KC-135 Stratotankers to The primary mission of the KC-135 Stratotanker is air refueling of Global Air Traffic Management (GATM) guidelines and the DO- strategic long-range bombers, and it also provides air refueling 178B standard has provided them with significant benefits in terms support to Air Force, Navy and Marine Corps aircraft as well as air- of aircraft operation, maintenance and cost of ownership. craft of allied nations. Through the years, this mission-critical jet has been altered to perform as airborne command posts, weather The Rockwell Collins' Integrated Processing Center (IPC) units aircraft, and highly specialized electronic reconnaissance aircraft. provide a processing and data networking system that can host multiple mission, flight management, or display management pro- The KC-767 tanker, also with the LynxOS-178 RTOS inside, stands cessing functions while providing extensive functional growth for ready to provide a quantum leap forward for the U.S. Air Force's additional applications. air refueling capability, replacing the oldest KC-135E tankers, which have been in service for more than 40 years. The IPC is interfaced to an avionics-quality Ethernet Local Area Network (LAN). Inside the IPC cabinet is a series of Line The KC-767 is essentially four aircraft in one: while maintaining its Replaceable Modules (LRMs). The LynxOS-178 certifiable, safety- tanker capability, its cabin floor can be configured for passenger; critical RTOS powers the IPC Common Computing Module (CCM) freighter; convertible (passenger or freighter); and combination and the Input/Output Concentrator Module. (passenger and freighter), making it highly utilitarian.

1.800.255.5969 LynuxWorks, Inc. LynuxWorks Europe 855 Embedded Way 2, allée de la Fresnerie San José, CA 95138-1018 78330 Fontenay-le-Fleury 408.979.3900 France 408.979.3920 fax +33 1 30 85 06 00 www.lynuxworks.com +33 1 30 85 06 06 fax

©2005 LynuxWorks, Inc. LynuxWorks and the LynuxWorks logo are trademarks, and LynxOS and BlueCat are registered trademarks of LynuxWorks, Inc. is a registered trademark of Linus Torvalds. POSIX is a registered trademark of the IEEE. All other trademarks are the trademarks and registered trademarks of their respective owners. All rights reserved. Printed in the USA.