This technical paper presents recent trends in the development of safety-critical avionics systems. It discusses the emergence of Integrated Modular Avionics (IMA) architectures and standards and the resulting impact on the development of a commercial off-the-shelf (COTS) RTOS that is standards-compliant.

Many avionics systems have been successfully developed using custom hardware and software. However, in recent years, the full life-cycle costs of customized systems have forced original equipment manufacturers (OEMs) to consider the use of COTS-based systems. At the same time, there has been a noticeable migration away from federated architectures, where each individual subsystem performs a dedicated function toward generic computing platforms that can be used in multiple types of applications and, in some cases, run multiple applications concurrently. This approach, known as Integrated Modular Avionics (IMA), results in fewer subsystems, reduced weight, less power consumption, and less platform redundancy. A number of civil and military research programs have sought to define IMA architectures, and while they differ in their approaches, they share the same highlevel objectives:

Common processing subsystems: These should allow multiple applications to share and reuse the same computing resources. This results in a reduced number of subsystems that need to be deployed and more efficient use of system resources, leaving space for future expansion.

Software abstraction: This should isolate the application not only from the underlying bus architecture but also from the underlying hardware architecture. This enhances portability of applications between different platforms and also enables the introduction of new hardware to replace obsolete architectures.

Maximize reuse: An IMA architecture should allow for reuse of legacy code. This reduces development time while affording the developer a method of redeploying existing applications without extensive modifications.

Cost of change: An IMA architecture should reduce the cost of change since it facilitates reuse and lowers retest costs because it simplifies the impact analysis by decoupling the constituent pieces of the platform that execute on the same processor.

IMA also facilitates support for applications that have ever-increasing levels of functionality, including the interactions between complex applications, such as head-up displays, map display systems, and weather radar displays.  Although a number of IMA architectures and standards has emerged, the ACR Specification  and ARINC Specification 653 appear to have the widest adoption in the avionics community. The ACR Specification addresses architectural considerations, whereas ARINC Specification 653 defines at a high level an instance of a software implementation for an IMA architecture. These and other IMA standards place new demands on the software architecture, especially the RTOS implementation provided by the COTS supplier. Wind River has specifically addressed these needs by developing the VxWorks 653 Platform, which is being employed by the C-130 Avionics Modernization Program and 767 Tanker. Boeing has chosen to use Wind River’s VxWorks 653 Platform for the development of the Boeing 787 Dreamliner Common Core System (CCS). Other Wind River customers, including EADS , are using the platform to develop avionics systems and safety-critical applications.

To read the remainder of the white paper go to https://support.windriver.com/selfservicewebapp/register.action and click on Safety-Critical Software Development for Integrated Modular Avionics. You will be directed to a registration/login page that automatically redirects you to the white paper page after you login. Logging in requires a free registration.