Green Hills Software RTOS selected for sophisticated aerospace engine control system
Keywords: Aerospace, Engines, Control Systems, Software
It is reported that Goodrich Corporation, the world-wide supplier of aerospace components and systems, has selected the Green Hills Software INTEGRITY-178B real-time operating system (RTOS) for use in its EMC-100 Full Authority Digital Engine Control (FADEC) system. Goodrich will use INTEGRITY-178B to achieve DO-178B certification, including Level A, the highest safety level defined by the RTCA (Radio Technical Commission for Aeronautics)for software used in airborne systems (Plate 6).
The EMC-100 is a sophisticated engine control system used in a variety of military and commercial aerospace applications including helicopter engine controls. The system consists of a controller box or ECU that determines how much power a turbo shaft engine produces, and a hydromechanical metering system that handles fuel delivery to the engine.
Plate 6 Green Hills Software
INTEGRITY-178B runs on a PowerPC processor within the ECU, hosting embedded software that Goodrich developed using Green Hills Software's MULTI Integrated Development Environment (IDE). This software, together with INTEGRITY-178B,controls the engine by setting the metering system to deliver the appropriate amount of fuel to the aircraft's turbo shaft engines, thereby providing optimum engine and rotor speed control. Goodrich plans to use INTEGRITY-178B, along with the Green Hills GMART Ada run-time environment, to achieve additional DO-178B certification (levels A through E) within other partitions in the near future.
"We looked at VxWorks, Enea OSE, and our own proprietary RTOS, but INTEGRITY-178B was the only one that provided a secure ARINC-653-compliant partition scheduler, deterministic response and the only commercial royalty-free RTOS that allows us to achieve the DO-178B, Level A certification that we need",said Lou Pannullo, director of Electronics at Pump & Engine Control Systems,Goodrich Corporation. "In addition, INTEGRITY'S superior partitioning enables us to add new functionality at Level A or lower levels without having to disrupt and re-certify the entire engine control system."
INTEGRITY-178B is an ARINC-653- compliant subset of the INTEGRITY real-time operating system, optimised for safety-critical applications containing multiple programs with different safety levels, all executing on a single processor. The RTOS uses a number of hardware and software mechanisms to implement a securely partitioned architecture that reportedly ensures time/space protection and prevents errant and malicious tasks from corrupting user data, the kernel,inter-process communications, device drivers and other user tasks. INTEGRITY-178B also enhances reliability and security by guaranteeing deterministic access to both the CPU and memory for critical tasks.
INTEGRITY-178B is available with a SPARK-compliant, minimal Ada run-time system known as GMART (Green Hills Minimal Ada Run Time) or with a Ravenscar-compliant Ada run-time system known as GSTART (Green Hills Safe-Tasking Ada Run Time). Operating in a secure partition under INTEGRITY-178B, GMART is optimised for safety-critical, single- threaded applications, while GSTART is optimised for safety-critical applications that require Ada tasking support. INTEGRITY-178B comes with a complete DO-178B certification package, including detailed documentation of kernel calls to the source line, and complete coverage analysis data for the kernel.
Detail available from: Green Hills Software Ltd; Tel: +44 (0)1962 829820;Fax: +44 (0)1962 890300; E-mail: mktg-europe@ghs.com;Web site: www.ghs.com
