LithOS is a para-virtualised guest operating system ARINC-653 compliant.
ARINC-653 specification provides a standarized interface between the OS within IMA and the application software which specifies the interface and the behavior of the API services but leaves implementation details to OS developers.
In this way, the Application Execution(APEX) not only standarizes the definiton of services, but also the interface of the undelying OS. Therefore, the ARINC-653 specification defines an interface independent of hardware and Operating System(OS) and provides significant benefits: portability, reusability, modularity and integration of software building blocks.
LithOS provides the services to create the system resources (blackboards, buļ¬ers, events, semaphores...) and the mechanisms to create threads, timers and the process scheduler.
Services
Partition management: The main concept of the ARINC-653 is partitioning. A partition is an execu- tion environment with separate memory space and strictly protected time, without affecting another partition on any way , according to the IMA architecture. Partitions are scheduled according to a cyclic scheduler which is specified in the configuration file.
All resources used by a partition (processes, blackboards, semaphores, ports, ...) have to be defined at system configuration time and created and initialised during the initialisation phase of the partition. Once all resources have been allocated, the partition can execute a mode change to NORMAL.
The mandatory services basically provide mechanisms for getting the state of the partition and request- ing a change to its operating mode.
Process management: A partition comprises one or more processes that interact dinamically to provide the partition functionality. Processes are the execution unit within a partition of ARINC-653 . Processes can be periodic and aperidic and have associated a priority. The scheduler works according a fixed- priority preemptive policy.A process with an higher current priority can preempt the running process.
These services permit to manage the processes in the partition in a way that satisfies the requirements of the application. The processes are only visible inside the partition.
Time management: is the basic module to manage time in the OS and ensure hard real-time require- ments are met. Time management module uses the hardware timers to read the current time and provide the time requests. Applications solicit the time management services in one or another way. An application may solicit a time-out, delay, periodicity, process scheduling...Each partition runs for a specified duration, the OS provides time slicing for partition scheduling.
Inter-partition communication: This module denes the communication mechanism between two or more partitions. The inter-partition communication method is via messages. A port allows a specific partition to writte and read messages from a channel, between a source and a destination port, specified in the configuration data. Channels, ports, maximum message size and maximum number of messages are completely defined at system configuration time. These services include Sampling Port and Queuing Ports. In the sampling mode, each new instance of a message overwrites the current message. The destination partition only can access to the latest message. In the queuing mode, messages are queued and therefore a new instance of a message do not overwrite previous ones.
Intra-partition communication: These services dene the mechanisms used for communication and syn- chronization between processes within the same partition. Blackboards and buffers are provided for intra-partition communication. Both support the communication of a single message between multiple source and destination, but only buffers allow message queuing. Semaphores and events are provided for intra-partition synchronization. Semaphores are commonly used to protect resources from a concur- rent access. Events are used to control processes flux. Processes wait for an event until the contidition occurs.
The health monitoring: the health monitor is the mechanism proposed by the ARINC-653 to reporting and monitoring error. The error handling is the most prioritary process, when a fault takes place it is invoked. The health monitor may ignore the fault and log it or call the error handler to manage the error which defines how the partition should respond.
