By: Barry Kavanagh, Chief Executive Officer, O.C.E. Technology Ltd.
Polarfire® SoC FPGA RISC-V space applications can now take advantage of an RTOS compliant to ESA standards and designed to police applications providing maximum availability.
Developers who have struggled with the harsh radiation environment of space can now improve application reliability thanks to OCEOSmp, the new multicore RTOS developed for the European Space Agency.
O.C.E. Technology has been developing software tools and high-reliability operating systems for the European Space Agency almost since its foundation in 2013. Building on its single-core RTOS, called OCEOS, designed for radiation-hardened microcontrollers, it recently showcased the multicore version of the product on the Polarfire® SoC FPGA at Embedded World. The RTOS boasts some unique (patent pending) features to improve application reliability.
One of the first applications is an optical inter-satellite communications constellation where small memory footprint, high-efficiency, and application policing features make it the RTOS of choice.
Credit: DARPA
So how does OCEOSmp achieve better reliability than other RTOSes?
- The single-stack per core design makes deadlocks impossible on single-cores and warnings are provided on multicore where mutexes are obtained in a different order by different tasks.
- Another common problem is avoided as unbounded priority inversion and chained blocking cannot occur by design.
- Task scheduling information is available to the application e.g. longest time on the ready-to-run queue, the shortest time between task finish and next start, the maximum time to finish after starting, and the maximum number of times the task was pre-empted). This information can be used to ensure that the design assumptions are holding true and if not problem avoidance action may be taken.
- Return codes for each warning or error again provide the application with useful information on which decisions can be made about the state of the system.
- Logging of system and application errors to non-volatile memory provides for pre or post-issue analysis.
- Cores can be switched on or off or disabled in the case of core damage by high-velocity particles.
Many COTS components are moving to radiation-tolerant fabrication processes e.g. FD-SOI giving them good TID performance but still exposure to SEUs. In many cases the software has to mitigate the SEU effects. “New Space” companies design-in these rad-tolerant COTS parts. Their prototypes are often based on an RTOS with no safety certification, but production models generally move to a safety-certified RTOS usually driven by their experience from their early missions. OCE has noted this trend with its space customers. Beus-Dukic in his paper about RTOS for space says “in applications with safety-critical software components, COTS RTOS needs to be certifiable, the challenge only a few vendors can currently meet”.
The design of the Polarfire® SoC FPGA allows for parallel execution of a high-reliability RTOS and Linux. Many “New Space” applications need to take advantage of APIs available under Linux which leaves the real-time processing to the RTOS running on other cores.
In summary, OCEOSmp offers the following features:
- Fixed priority pre-emptive scheduling
- Based on the Stack Resource Policy – unbounded priority inversion and chained blocking cannot occur. Deadlocks are impossible on a single core and warnings are provided on multicore.
- Single stack per CPU rather than separate stack for each task
- Small code footprint ( <30 kB for core functionality)
- Mutex (standard & read/write), counting semaphore, and data queue support
- High precision timed actions independent of scheduling (data output and task start)
- Supports SPARC, ARM, and RISC-V processor architectures
- DMON debug tool support showing task/interrupt execution timeline
- Certification service for OCEOSmp to run on customer- designed boards
- Support & Independent Software Validation services available from OCE
- Compliant with ESA ECSS Category B standard
If OCEOSmp sounds suitable for your application, the company will certify it as your customer-designed board as part of the development kit sale. Any questions can be directed to sales@ocetechnology.com or visit our booth at the next European space exhibition.