LithOS in De-RISC

Jul 29, 2021

ARINC-653 Application/Executive (APEX) is a standard interface for avionic software applications allowing to build partitioned systems. The combination of XtratuM and LithOS, as a hypervisor’s guest Operating System (OS), allows building partitioned systems based on ARINC-653.

LithOS offers the ARINC-653 P1, Multiple Module Schedule ARINC-653-P2 and a set of extended non portable services adapted to the needs of the Integrated Modular Avionics (IMA) for Space to control the execution of other partitions. The concept of system partitions supported by XtratuM has been integrated in the last version of the ARINC-653 standard and is supported by LithOS.

As LithOS provides this ARINC-653 interface, it is expected to be an asset for aeronautics applications beyond space. Therefore, it plays a key role in De-RISC becoming a full platform consisting of hardware and software for future European developments within space and aeronautical applications.

Software scheme with XRE and LithOS as guest operating systems

The main features of LithOS are:

  • ARINC-653-P1 compatible guest-OS for XtratuM, including:
    • Partition management
      • Supporting the operational modes defined in ARINC-653 and providing the services to control the partition modes.
    • Process management
      • A LithOS partition comprises one or more processes that may operate concurrently in order to achieve their functional and real-time requirements. 
      • Multiple periodic and aperiodic processes are therefore supported within the partition. 
      • LithOS offers the services for process management and control.
      • Processes in LithOS are scheduled under a fixed priority scheduling policy.
    • Inter-partition communication
      • Providing the services to exchange messages between partitions with the mechanisms defined in ARINC-653: sampling and queuing ports. 
      • LithOS uses the XtratuM services for encapsulating and transporting messages.
      • XtratuM guarantees the integrity of the communications.
    • Intra-partition communication services
      • LithOS implements the internal to the partition mechanisms to support the abstractions defined in ARINC-653 for synchronization (events and semaphores) and communication (buffers and blackboards).
    • Time Management
      • Services to get the system clock value, to update processes’ deadlines or to suspend processes an amount of timer or until the next release point in the case of periodic processes.
    • Health Monitor services
      • Health Monitor is an integral component of the LithOS. 
      • It detects and reports the partition errors and, in conjunction with XtratuM, performs the actions to isolate faults in the system.
      • LithOS provides the services for Partition Health Monitor. 
      • Used in conjunction with XtratuM Health Monitor, it permits building reliable and secure applications.
  • Multiple Module Schedule (defined in ARINC-653-P2) compatible
    • Multiple cyclic scheduling plans can be managed through the services implemented by LithOS.
    • Partitions can request to XtratuM a plan change.
  • Extended System and Partition services
    • LithOS extends the ARINC 653 with additional services that allow partitions with the necessary rights (“system” partitions) to modify the state of other partitions and the hypervisor itself allowing the control of the running state of the virtualized environment as a whole.
    • For example, the extended services allow a LithOS partition to act as a monitor of the system and take the necessary actions when a fault is detected.
  • Configurable at compilation time and scalable
    • LithOS allows the partition developer to define the maximum amount of resources that the partition is allowed to request in terms of number of processes, number of sampling/queuing ports, number of buffers, process stack size, etc.
    • The amount of resources available to the resources is only limited by the amount of memory allocated to the partition by the system integrator.

In the previous figure the reader can see the De-RISC platform ruled by XtratuM which has 3 partitions. 2 of them are LithOS based, which can have just one or several user applications. The other partition does not have any OS. In this case a minimal execution environment provided by XRE (XtratuM Runtime Environment) is required by the user application to run.