Real-Time Operating System

• Maximum performance, security, reliability
• Integrated middleware and platforms
  
• Guaranteed separation
  
• Architected for reliability
  
• True, hard real-time performance
  
• Guaranteed memory resources
• Advanced multicore support
• Embedded virtualization

From inception, the INTEGRITY RTOS was designed so that embedded developers could ensure their applications met the highest possible requirements for security, reliability, and performance.

To achieve this, INTEGRITY uses hardware memory protection to isolate and protect embedded applications. Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses.

Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.

To help developers jumpstart product development, Green Hills Software offers an extensive array of middleware integrated and validated for INTEGRITY, including:

• FFS, FAT, NFS, and journaling file systems
• IPv4/IPv6 host and routing networking stacks
• network security protocols
• advanced Layer 3 routing and Layer 2 switching protocols
• complete Wi-Fi support
• USB host stack, device stack and class drivers
• 2d, 3D, and OpenGL graphcs

Each of these middleware packages has been pre- integrated and tested to run seamlessly with and take full advantage of INTEGRITY’s advanced RTOS capabilities. For selected industries, Green Hills Software offers platforms that provide an completely integrated ecosystem. Each platform includes the INTEGRITY RTOS as well as development tools, industry-specific middleware, reference hardware, and documentation.

By combining all the core software and documentation into a highly-integrated platform developers can:

• more readily develop and deploy a targeted device
• accelerate time-to-market
• reduce development risk
• focus more on quality and innovation

The INTEGRITY RTOS provides all the capabilities embedded designers need to enforce the policies of separation, damage limitation, and information flow control as well as provide secure networking for today’s more complex and connected applications.

INTEGRITY's separation kernel protects against damage from errant or malicious code by preventing processes from writing beyond assigned memory regions. In addition, INTEGRITY’s partitions prevent unintended access to data from outside the partition where the data resides.

To guarantee minimum interrupt latency, the INTEGRITY kernel never blocks masks or interrupts even while manipulating critical data structures.

*Based on the Freescale QorIQ P2020 at 1200MHz

As one of the first RTOSes to leverage hardware memory-management units (MMUs), INTEGRITY is a true, hard real-time operating system that never sacrifices real-time performance for security and protection. INTEGRITY can respond to events in nanoseconds, guaranteed.

All INTEGRITY kernel services have been carefully optimized to minimize the overhead of system calls. System calls can be suspended to allow others to execute. INTEGRITY uses a true real-time scheduler that supports multiple priority levels and enables complete control over CPU percentage allocation.

The INTEGRITY RTOS always services the highest priority interrupt with absolute minimum latency. To guarantee this, the kernel never masks or blocks interrupts. The kernel also avoids instructions with long latencies that could temporarily block interrupts on some systems.

The INTEGRITY RTOS protects memory many ways:

• from exhaustion
• from damage
• from unauthorized access

INTEGRITY’s unique memory quota system keeps one address space from exhausting the memory of any other.

To ensure adequate kernel memory, INTEGRITY requires that kernel memory not be used for messages, semaphores, or other kernel objects created in response to process requests. Instead, the kernel performs all services requested by a process using the memory resources that the requesting process supplies.

To prevent the risk of user stack overflow, INTEGRITY’s kernel has its own memory stack. Without this, the kernel would need to access the user process’ stack. But this can lead to problems because it is impossible for the user process to anticipate the maximum stack size if it is subject to use by unknown code (i.e., the kernel).

INTEGRITY's flexible multicore processor support provides users with a wide range of system architecture possibilities while delivering real-time deterministic performance with secure, reliable separation policies.

The modern architecture of INTEGRITY is well suited for multicore processors targeting embedded systems. INTEGRITY provides complete Asymmetrical Multiprocessing (AMP) and Symmetrical Multiprocessing (SMP) support that is optimized for embedded and real-time use. Embedded system designers can select the multiprocessing architecture that is right for the task. When coupled with the advanced multicore debugging features found in the Green Hills MULTIŽ tool suite, developers will reduce their time-to-market while increasing system performance and reliability.

INTEGRITY Multivisor: combining general purpose guest operating systems with a comprehensive ecosystem of real-time applications, middleware, and drivers. (Click to see larger view)

INTEGRITY­ Multivisor is a robust and portable virtualization infrastructure with an architecture flexible enough to handle the wide variety of hardware capabilities available across today’s microprocessors. ISV maximizes the use of available hardware virtualization facilities while minimizing or eliminating modifications to guest operating systems.

On hypervisor acceleration-enabled processors such as Intel VT, Freescale QorIQ, and ARM TrustZone, ISV supports high performance “full virtualization” where no changes to the guest operating system are needed.

On processors lacking hypervisor mode assistance, ISV applies carefully crafted, minimally intrusive modifications to the guest operating system to maximize performance without sacrificing ease of migration and portability.

INTEGRITY Multivisor provides flexible and powerful mechanisms for managing cores. INTEGRITY Multivisor can statically bind guest operating systems to cores, in an AMP model, or dynamically schedule workloads in a SMP model, depending on system requirements.