Software architects designing critical embedded systems have tough choices to make when selecting an operating system. Decisions can be both simplified and complicated with new framework and platform initiatives coming into being.
Operating
systems that control critical embedded systems have many stringent
requirements that they must be able to address in order for them to be
considered for deployment. There will always be debate about the best operating
systems to deploy in critical applications. However, improvements in real-time
operating capabilities in Windows and Linux have
opened up the door to options in addition to traditional Real-Time Operating Systems
(RTOSs).
Requirements to deploy
Most of the requirements to deploy a critical system are
based on the real-time response of the system to the processes they monitor and
control. The top requirements are related to:
- Memory protection - A misbehaved thread can corrupt the kernel's own code or internal data structures causing all types of bad behaviors to the system.
- Fault tolerance and high availability - Even the best software has latent bugs. As applications become more complex and perform more functions, the number of bugs in fielded systems continues to rise. System designers must, therefore, plan for failures and employ fault recovery techniques.
- Mandatory vs. discretionary access control - Mandatory access control provides guarantees to the access of a device or file. Discretionary access controls are only as effective as the applications using them, and these applications must be assumed to have bugs in them.
- Guaranteed resource availability: space domain and time domain - A critical process cannot, as a result of malicious or careless execution of another process, run out of memory resources or deadlock due to priority conflicts that block resources.
- Schedulability - Meeting hard deadlines is especially important, and missing a deadline can be a critical fault; the access to system services must be deterministic.
- Interrupt latency - Some interrupts are higher priority and require a faster response time than others; how long it takes to respond is critical.
- Bounded execution times - Just as response time is critical, how long a task takes to execute is also important.
- Priority inversion - A lower task can block a higher priority task; predictably resolving the block is a must.
- Security - Everything is becoming connected, so trusted computing is more important than ever to prevent malicious attacks.
沒有留言:
張貼留言