ARINC 653

From Wikipedia, the free encyclopedia
Jump to: navigation, search

ARINC 653 (Avionics Application Standard Software Interface) is a software specification for space and time partitioning in Safety-critical avionics Real-time operating systems. It allows to host multiple applications of different software levels on the same hardware in the context of an Integrated Modular Avionics architecture.[1]

It is part of ARINC 600-Series Standards for Digital Aircraft & Flight Simulators.

Overview[edit]

In order to decouple the RTOS platform from the application software, ARINC 653 defines an API called APplication EXecutive (APEX).

Each application software is called a partition and has its own memory space. It also has a dedicated time slot allocated by the APEX API. Within each Partition, multitasking is allowed. The APEX API provides services to manage partitions, processes and timing, as well as partition/process communication and error handling.

VisualSim[2] ARINC 653 is a system simulation library that contains the model of the real-time operating system (RTOS), components to emulate the software tasks, hardware components and analysis tools. The models can be used for timing analysis, power consumption and functional correctness.

The current work of the AEEC APEX Subcommittee includes the enhancement of ARINC 653 for multicore processor architectures.[3]

History[edit]

Initial version[edit]

The initial version of ARINC 653 was published on October 10, 1996.

ARINC 653-1[edit]

Supplement 1 was published on January 1997 and introduced the concepts of APEX and Time and Space partitioning.

ARINC 653-2[edit]

Supplement 2 was published in 3 parts between March 2006 and January 2007:[4]

  • Part 1 (mandatory services): ARINC 653 partition management, Cold start and warm start definition, Application software error handling, ARINC 653 compliance, Ada and C language bindings;
  • Part 2 (optional services): File system access, Data logging, Service Access points, ...
  • Part 3 (Conformity Test Specification);

Current Organization of Standard[edit]

  • Part 0 - Introduction to ARINC 653 (currently at revision 1, released June 2013)[5]
  • Part 1 - Required Services (currently at revision 3, released 15 Nov 2010)[6]
  • Part 2 - Extended Services (currently at revision 2, released June 2012)[7]
  • Part 3 - Conformity Test Specification (currently at revision 1, released 16 Oct 2006)[8]
  • Part 4 - Subset Services (currently at revision 1, released June 2012)[9]
  • Part 5 - Core Software Recommended Capabilities (currently under draft)[10]

Basic Principles of Partitioning[edit]

ARINC 653 Platform[edit]

An ARINC 653 platform contains:

  • A hardware allowing Real-time computing deterministic services.
  • An abstraction layer managing the timer and space partitioning constraints of the platform (memory, CPU, Input/output).
  • An implementation for the ARINC 653 services (the APEX API).
  • An interface to be able to configure the platform and its domain of use.
  • Various instrumentation tools.

Initialization[edit]

Initialization of an ARINC 653 partition creates resources used by the partition. Resources creation (PROCESS, EVENT, SEMAPHORE...) is performed by calling API services named CREATE_xxxx.

Error Handler[edit]

The partition Error Handler is a preemptive process of the highest priority dedicated to handle partition exceptions. It is created by the service CREATE_ERROR_HANDLER during partition initialization.

The API allows the Error Handler to stop a faulty process (STOP_SELF). In that case, the RTOS scheduler will elicit the next process with the highest priority.

ARINC 653 does not specify how the scheduler should behave if the Error Handler does not stop a faulty process. In some (theoretical) cases, this could lead to an infinite loop between the faulty process and the Error Handler.

The Error Handler can obtain information about the source and the context of the exception.

Mode management[edit]

Each Partition can be in several activation modes:

  • COLD_START and WARM_START: Only the initialization process is executed,
  • NORMAL: The initialization process is stopped, and the other partitions processed are called by the RTOS scheduler depending on their priority,
  • IDLE: No process is executed. However an implementation could still in theory execute a hidden process of the lowest priority, for example to start an infinite loop.

The SET_PARTITION_MODE service allows to manage these states. It can be called by any process in the partition. Entering the IDLE state is irreversible for the partition. Only an external event (such as a platform restart) can change the state to another mode when the partition is in this state.

The processes of a partition[edit]

Each partition has at least one process.

Process scheduling is preemptive. The scheduler is called either by a timer or by API services.

API Services[edit]

The ARINC 653 APEX services are API calls belonging in six categories:

  • Partition management
  • Process management
  • Time management
  • Inter-partition communication
  • Intra-partition communication
  • Error handling

No ARINC 653 services are provided for the memory management of partitions. Each partition has to handle its own memory (still under the constraints of memory partitioning enforced by ARINC 653).

Each service returns a RETURN_CODE value which indicates if the call has been successful:

  • NO_ERROR: the service performed nominally after a valid request
  • NO_ACTION: the state of the system has not changed after executing the service
  • NOT_AVAILABLE: the service is temporarily unavailable
  • INVALID_PARAM: at least one of the service's parameters is invalid
  • INVALID_CONFIG: at least one of the service's parameters is incompatible with the current configuration of the system
  • INVALID_MODE: the service is incompatible with the current mode of the system
  • TIMED_OUT: the delay for the execution of the service has expired

Links to POSIX and ASAAC[edit]

The field covered by ARINC 653 is similar to ASAAC Def Stan 00-74. However, there are differences between the two standards.[11]

Some ARINC 653 (APEX) calls have a POSIX equivalent, but are different from how they are defined in POSIX.[11]

For example, the following call defined in ASAAC:

 receiveBuffer

would be translated in ARINC 653 by:

 RECEIVE_BUFFER()

and also in POSIX by:

 recv()

References[edit]

See also[edit]