ARINC 653

From Wikipedia, the free encyclopediaJump to navigationJump to search

ARINC 653 (Avionics Application Standard Software Interface) is a software specification for space and time partitioning in safety-critical avionics real-time operating systems (RTOS). It allows the hosting of multiple applications of different software levels on the same hardware in the context of an Integrated Modular Avionics architecture.^[1]

It is part of ARINC 600-Series Standards for Digital Aircraft & Flight Simulators.

Contents

• 1Overview

• 2History

• 2.1Initial version

• 2.2ARINC 653-1

• 2.3ARINC 653-2

• 2.4Current Organization of Standard

• 3Basic principles of partitioning

• 3.1ARINC 653 Platform

• 3.2Initialization

• 3.3Error handling

• 3.4Mode management

• 3.5The processes of a partition

• 4API services

• 5Links to POSIX and ASAAC

• 6References

• 7See also

Overview[edit]

In order to decouple the real-time operating system platform from the application software, ARINC 653 defines an API called APplication EXecutive (APEX).

Each application software is called a partition and has its own memory space. It also has a dedicated time slot allocated by the APEX API. Within each partition, multitasking is allowed. The APEX API provides services to manage partitions, processes and timing, as well as partition/process communication and error handling. The partitioning environment can be implemented by using a hypervisor^[2] to map partitions to virtual machines, but this is not required.

The current work of the AEEC APEX Subcommittee includes the enhancement of ARINC 653 for multicore processor architectures.^[3]

History[edit]

Initial version[edit]

The initial version of ARINC 653 was published on October 10, 1996.

ARINC 653-1[edit]

Supplement 1 was published on January 1997 and introduced the concepts of APEX and Time and Space partitioning.

ARINC 653-2[edit]

Supplement 2 was published in 3 parts between March 2006 and January 2007:^[4]

• Part 1 (mandatory services): ARINC 653 partition management, Cold start and warm start definition, Application software error handling, ARINC 653 compliance, Ada and C language bindings;

• Part 2 (optional services): File system access, Data logging, Service Access points, ...

• Part 3 (Conformity Test Specification);

Current Organization of Standard[edit]

• Part 0 - Introduction to ARINC 653 (currently at revision 1, released June 2013)^[5]

• Part 1 - Required Services (currently at revision 4, released August 2015)^[6]

• Part 2 - Extended Services (currently at revision 3, released August 2015)^[7]

• Part 3 - Conformity Test Specification (currently at revision 1, released 16 Oct 2006)^[8]

• Part 4 - Subset Services (currently at revision 1, released June 2012)^[9]

• Part 5 - Core Software Recommended Capabilities (currently at revision 1, released December 2014)^[10]

Basic principles of partitioning[edit]

ARINC 653 Platform[edit]

An ARINC 653 platform contains:

• A hardware platform allowing real-time computing deterministic services.

• An abstraction layer managing the timer and space partitioning constraints of the platform (memory, CPU, Input/output).

• An implementation for the ARINC 653 services (the APEX API).

• An interface to be able to configure the platform and its domain of use.

• Various instrumentation tools.

Initialization[edit]

Initialization of an ARINC 653 partition creates resources used by the partition. Resources creation (PROCESS, EVENT, SEMAPHORE...) is performed by calling API services named CREATE_xxxx.

Error handling[edit]

The process error handler is a preemptive process of the highest priority dedicated to handle partition exceptions. It is created by the service CREATE_ERROR_HANDLER during partition initialization.

The API allows the error handler to stop a faulty process (STOP_SELF). In that case, the RTOS scheduler will elicit the next process with the highest priority.

ARINC 653 does not specify how the scheduler should behave if the error handler does not stop a faulty process. In some (theoretical) cases, this could lead to an infinite loop between the faulty process and the error handler.

The error handler can obtain information about the source and the context of the exception.

Mode management[edit]

Each partition can be in several activation modes:

• COLD_START and WARM_START: Only the initialization process is executed,

• NORMAL: The initialization process is stopped, and the other partition processes are called by the RTOS scheduler depending on their priority,

• IDLE: No process is executed. However an implementation could still in theory execute a hidden process of the lowest priority, for example to start an infinite loop.

The SET_PARTITION_MODE service allows to manage these states. It can be called by any process in the partition. Entering the IDLE state is irreversible for the partition. Only an external event (such as a platform restart) can change the state to another mode when the partition is in this state.

The processes of a partition[edit]

Each partition has at least one process.

Process scheduling is preemptive. The scheduler is called either by a timer or by API services.

API services[edit]

The ARINC 653 APEX services are API calls belonging in six categories:

• Partition management

• Process management

• Time management

• Inter-partition communication

• Intra-partition communication

• Error handling

No ARINC 653 services are provided for the memory management of partitions. Each partition has to handle its own memory (still under the constraints of memory partitioning enforced by ARINC 653).

Each service returns a RETURN_CODE value which indicates if the call has been successful:

• NO_ERROR: the service performed nominally after a valid request

• NO_ACTION: the state of the system has not changed after executing the service

• NOT_AVAILABLE: the service is temporarily unavailable

• INVALID_PARAM: at least one of the service's parameters is invalid

• INVALID_CONFIG: at least one of the service's parameters is incompatible with the current configuration of the system

• INVALID_MODE: the service is incompatible with the current mode of the system

• TIMED_OUT: the delay for the execution of the service has expired

Links to POSIX and ASAAC[edit]

The field covered by ARINC 653 is similar to ASAAC Def Stan 00-74. However, there are differences between the two standards.^[11]

Some ARINC 653 (APEX) calls have a POSIX equivalent, but are different from how they are defined in POSIX.^[11]

For example, the following call defined in ASAAC:

 receiveBuffer

would be translated in ARINC 653 by:

 RECEIVE_BUFFER()

and also in POSIX by:

 recv()

References[edit]

1. Jump up^ "ARINC 653 - An Avionics Standard for Safe, Partitioned Systems" (PDF). Wind River Systems / IEEE Seminar. August 2008. Archived from the original (PDF) on 2009-10-07. Retrieved 2009-05-30.

2. Jump up^ VanderLeest, S. H. (2010-10-01). "ARINC 653 hypervisor". 29th Digital Avionics Systems Conference: 5.E.2–1–5.E.2–20. doi:10.1109/DASC.2010.5655298.

3. Jump up^ "APEX Subcommittee". AEEC. August 2008. Retrieved 2013-10-20.

4. Jump up^ "Product Focus: ARINC 653 and RTOS". aviationtoday.com. 2004-07-01. Retrieved 2009-05-30.

5. Jump up^ "Avionics Application Software Standard Interface: ARINC Specification 653 Part 0". Aeronautical Radio, Inc. June 2013.

6. Jump up^ "Avionics Application Software Standard Interface: ARINC Specification 653P1-3, Required Services". Aeronautical Radio, Inc. 2010-11-15. Retrieved 2013-10-20.

7. Jump up^ "Avionics Application Software Standard Interface: ARINC Specification 653P2-2, Part 2, Extended Services". Aeronautical Radio, Inc. 2012-06-01. Retrieved 2012-10-20.

8. Jump up^ "Avionics Application Software Standard Interface: ARINC Specification 653P3, Conformity Test Specification". Aeronautical Radio, Inc. 2006-10-20.

9. Jump up^ "Avionics Application Software Standard Interface: ARINC Specification 653 Part 4, Subset Services". Aeronautical Radio, Inc. 2012-06-01. Retrieved 2013-10-20.

10. Jump up^ "ARINC Store". ARINC IA. 2014-12-01. Retrieved 2015-04-23.

11. ^ Jump up to:^a b "Flexibility and Manageability of IMS Projects" (PDF). University of York. Retrieved 2008-07-27.

See also[edit]

• Integrated modular avionics

• ASAAC

• ARINC

• DO-178B

• Adaptive partition scheduler