ARINC 653
Encyclopedia
ARINC 653 is a software specification for space and time partitioning in Safety-critical
avionics
Real-time operating system
s. It allows to host multiple applications of different software levels on the same hardware in the context of a Integrated Modular Avionics
architecture.
It is part of ARINC 600-Series Standards for Digital Aircraft & Flight Simulators.
platform from the application software, ARINC 653 defines an API
called APplication EXecutive (APEX).
Each application software is called a partition and has its own memory space. It also has a dedicated time slot allocated by the APEX API. Within each Partition multitasking
is allowed. The APEX API provides services to manage partitions, processes and timing, as well as partition/process communication and error handling.
process
of the highest priority dedicated to handle partition exceptions. It is created by the service CREATE_ERROR_HANDLER during partition initialization.
The API allows the Error Handler to stop a faulty process (STOP_SELF). In that case, the RTOS scheduler
will elicit the next process with the highest priority.
ARINC 653 does not specify how the scheduler should behave if the Error Handler does not stop a faulty process. In some (theoretical) cases, this could lead to an infinite loop between the faulty process and the Error Handler.
The Error Handler can obtain information about the source and the context of the exception.
The SET_PARTITION_MODE service allows to manage these states. It can be called by any process in the partition. Entering the IDLE state is irreversible for the partition. Only an external event (such as a platform restart) can change the state to another mode when the partition is in this state.
.
Process scheduling is preemptive
. The scheduler is called either by a timer or by API services.
calls
belonging in six categories:
No ARINC 653 services are provided for the memory management
of partitions. Each partition has to handle its own memory (still under the constraints of memory partitioning enforced by ARINC 653).
Each service returns a RETURN_CODE value which indicates if the call has been successful:
Def Stan 00-74. However, there are differences between the two standards.
Some ARINC 653 (APEX) calls have a POSIX
equivalent, but are different from how they are defined in POSIX.
For example, the following call defined in ASAAC:
receiveBuffer
would be translated in ARINC 653 by:
RECEIVE_BUFFER
and also in POSIX by:
recv
Life-critical system
A life-critical system or safety-critical system is a system whose failure ormalfunction may result in:* death or serious injury to people, or* loss or severe damage to equipment or* environmental harm....
avionics
Avionics
Avionics are electronic systems used on aircraft, artificial satellites and spacecraft.Avionic systems include communications, navigation, the display and management of multiple systems and the hundreds of systems that are fitted to aircraft to meet individual roles...
Real-time operating system
Real-time operating system
A real-time operating system is an operating system intended to serve real-time application requests.A key characteristic of a RTOS is the level of its consistency concerning the amount of time it takes to accept and complete an application's task; the variability is jitter...
s. It allows to host multiple applications of different software levels on the same hardware in the context of a Integrated Modular Avionics
Integrated Modular Avionics
Integrated modular avionics represent real-time computer network airborne systems. This network consists of a number of computing modules capable of supporting numerous applications of differing criticality levels....
architecture.
It is part of ARINC 600-Series Standards for Digital Aircraft & Flight Simulators.
Overview
In order to decouple the RTOSReal-time operating system
A real-time operating system is an operating system intended to serve real-time application requests.A key characteristic of a RTOS is the level of its consistency concerning the amount of time it takes to accept and complete an application's task; the variability is jitter...
platform from the application software, ARINC 653 defines an API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
called APplication EXecutive (APEX).
Each application software is called a partition and has its own memory space. It also has a dedicated time slot allocated by the APEX API. Within each Partition multitasking
Computer multitasking
In computing, multitasking is a method where multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is actively executing instructions for...
is allowed. The APEX API provides services to manage partitions, processes and timing, as well as partition/process communication and error handling.
ARINC 653-1
Supplement 1 was published on January 1997 and introduced the concepts of APEX and Time and Space partitioning.ARINC 653-2
Supplement 2 was published in 3 parts between March 2006 and January 2007:- Part 1 (mandatory services): ARINC 653 partition management, Cold start and warm start definition, Application software error handling, ARINC 653 compliance, AdaAda (programming language)Ada is a structured, statically typed, imperative, wide-spectrum, and object-oriented high-level computer programming language, extended from Pascal and other languages...
and CC (programming language)C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
language bindings; - Part 2 (optional services): File systemFile systemA file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
access, Data logging, Service Access points, ... - Part 3 (Conformity Test Specification);
ARINC 653 Platform
An ARINC 653 platform contains:- A hardware allowing Real-time computingReal-time computingIn computer science, real-time computing , or reactive computing, is the study of hardware and software systems that are subject to a "real-time constraint"— e.g. operational deadlines from event to system response. Real-time programs must guarantee response within strict time constraints...
deterministic services. - An abstraction layerAbstraction layerAn abstraction layer is a way of hiding the implementation details of a particular set of functionality...
managing the timer and space partitioning constraints of the platform (memoryRandom-access memoryRandom access memory is a form of computer data storage. Today, it takes the form of integrated circuits that allow stored data to be accessed in any order with a worst case performance of constant time. Strictly speaking, modern types of DRAM are therefore not random access, as data is read in...
, CPUCentral processing unitThe central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
, Input/outputInput/outputIn computing, input/output, or I/O, refers to the communication between an information processing system , and the outside world, possibly a human, or another information processing system. Inputs are the signals or data received by the system, and outputs are the signals or data sent from it...
). - An implementation for the ARINC 653 services (the APEX API).
- An interface to be able to configure the platform and its domain of use.
- Various instrumentation tools.
Initialization
Initialization of an ARINC 653 partition creates resources used by the partition. Resources creation (PROCESS, EVENT, SEMAPHORE...) is performed by calling API services named CREATE_xxxx.Error Handler
The partition Error Handler is a preemptivePreemption (computing)
In computing, preemption is the act of temporarily interrupting a task being carried out by a computer system, without requiring its cooperation, and with the intention of resuming the task at a later time. Such a change is known as a context switch...
process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
of the highest priority dedicated to handle partition exceptions. It is created by the service CREATE_ERROR_HANDLER during partition initialization.
The API allows the Error Handler to stop a faulty process (STOP_SELF). In that case, the RTOS scheduler
Scheduling (computing)
In computer science, a scheduling is the method by which threads, processes or data flows are given access to system resources . This is usually done to load balance a system effectively or achieve a target quality of service...
will elicit the next process with the highest priority.
ARINC 653 does not specify how the scheduler should behave if the Error Handler does not stop a faulty process. In some (theoretical) cases, this could lead to an infinite loop between the faulty process and the Error Handler.
The Error Handler can obtain information about the source and the context of the exception.
Mode management
Each Partition can be in several activation modes:- COLD_START and WARM_START: Only the initialization process is executed,
- NORMAL: The initialization process is stopped, and the other partitions processed are called by the RTOS schedulerScheduling (computing)In computer science, a scheduling is the method by which threads, processes or data flows are given access to system resources . This is usually done to load balance a system effectively or achieve a target quality of service...
depending on their priority, - IDLE: No process is executed. However an implementation could still in theory execute a hidden process of the lowest priority, for example to start an infinite loop.
The SET_PARTITION_MODE service allows to manage these states. It can be called by any process in the partition. Entering the IDLE state is irreversible for the partition. Only an external event (such as a platform restart) can change the state to another mode when the partition is in this state.
The processes of a partition
Each partition has at least one processProcess (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
.
Process scheduling is preemptive
Preemption (computing)
In computing, preemption is the act of temporarily interrupting a task being carried out by a computer system, without requiring its cooperation, and with the intention of resuming the task at a later time. Such a change is known as a context switch...
. The scheduler is called either by a timer or by API services.
API Services
The ARINC 653 APEX services are APIApplication programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
calls
Subroutine
In computer science, a subroutine is a portion of code within a larger program that performs a specific task and is relatively independent of the remaining code....
belonging in six categories:
- Partition management
- Process management
- Time management
- Inter-partition communication
- Intra-partition communication
- Error handling
No ARINC 653 services are provided for the memory management
Memory management
Memory management is the act of managing computer memory. The essential requirement of memory management is to provide ways to dynamically allocate portions of memory to programs at their request, and freeing it for reuse when no longer needed. This is critical to the computer system.Several...
of partitions. Each partition has to handle its own memory (still under the constraints of memory partitioning enforced by ARINC 653).
Each service returns a RETURN_CODE value which indicates if the call has been successful:
- NO_ERROR: the service performed nominally after a valid request
- NO_ACTION: the state of the system has not changed after executing the service
- NOT_AVAILABLE: the service is temporarily unavailable
- INVALID_PARAM: at least one of the service's parameters is invalid
- INVALID_CONFIG: at least one of the service's parameters is incompatible with the current configuration of the system
- INVALID_MODE: the service is incompatible with the current mode of the system
- TIMED_OUT: the delayTimeout (telecommunication)In telecommunication and related engineering , the term timeout or time-out has several meanings, including...
for the execution of the service has expired
Links to POSIX and ASAAC
The field covered by ARINC 653 is similar to ASAACAllied Standards Avionics Architecture Council
Allied Standards Avionics Architecture Council, or ASAAC, is an effort to define and validate a set of Open Architecture Standards for Avionics Architecture, particularly in the field of Integrated Modular Avionics....
Def Stan 00-74. However, there are differences between the two standards.
Some ARINC 653 (APEX) calls have a POSIX
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
equivalent, but are different from how they are defined in POSIX.
For example, the following call defined in ASAAC:
receiveBuffer
would be translated in ARINC 653 by:
RECEIVE_BUFFER
and also in POSIX by:
recv
See also
- Integrated Modular AvionicsIntegrated Modular AvionicsIntegrated modular avionics represent real-time computer network airborne systems. This network consists of a number of computing modules capable of supporting numerous applications of differing criticality levels....
- ASAACAllied Standards Avionics Architecture CouncilAllied Standards Avionics Architecture Council, or ASAAC, is an effort to define and validate a set of Open Architecture Standards for Avionics Architecture, particularly in the field of Integrated Modular Avionics....
- ARINCARINCAeronautical Radio, Incorporated , established in 1929, is a major provider of transport communications and systems engineering solutions for eight industries: aviation, airports, defense, government, healthcare, networks, security, and transportation...
- DO-178BDO-178BDO-178B, Software Considerations in Airborne Systems and Equipment Certification is a document dealing with the safety of software used in airborne systems....
- Adaptive Partition SchedulerAdaptive Partition SchedulerAdaptive partition schedulers are a relatively new type of partition scheduler, pioneered with the most recent version of the QNX operating system. Adaptive partitioning, or AP, allows the real-time system designer to request that a percentage of processing resources be reserved for a particular...