RSS
The Elusive 64-Bit RTOS for DO-178C DAL A Avionics
Most software engineers take 64-bit architectures and operating systems for granted. Unix-style 64-bit operating systems have been around since 1993 with DEC Tru64 UNIX running on DEC Alpha CPU, and Windows XP 64-Bit Edition was released in 2001. Even real-time operating systems (RTOSs) have long had 64-bit support, starting with Green Hills INTEGRITY running on DEC Alpha in 1999.
Full 64-bit support for RTCA/DO-178C "Software Considerations in Airborne Systems and Equipment Certification," however, is more challenging. The INTEGRITY-178 tuMP RTOS stands alone with a DAL A certification on 64-bit Arm cores, and 64-bit certification packages are underway for both Intel and Power Architectures. While most other safety-critical RTOS suppliers claim to have 64-bit support for their products targeted at DO-178B/C up to DAL A, none of them have ever announced a DAL A certification with 64-bit support instead of 32-bit support.
Why does 64-bit support matter for DAL A avionics applications? The main advantages revolve around larger addressable memory and higher performance, including:
- Addressable memory beyond 4GB (or beyond 3GB depending on how much the operating system reserves for its use or for I/O space.
- Ability to run 64-bit virtual machines (VMs), which will also require larger addressable memory.
- Better performance resulting from more registers, wider registers, and wider data paths for compute-intensive workloads. For example, encoders, decoders, encryption, and video processing can benefit greatly from 64-bit registers and memory access.
- Support for more instruction set architectures (ISA), such as AVX and SHA extensions.
- Support for 64-bit integers, which is needed for accurate long-term timekeeping in avionics and space applications and greatly speeds encryption and secure boot algorithms.
- Some applications only run on 64-bit architectures or are optimized for 64-bit operations, including some AI/ML applications.
Of course, there are situations where a 32-bit operating system is preferable, but those are generally limited to running on a 32-bit CPU, being very memory constrained, or needing to support legacy 16-bit applications. When addressing legacy application, you should also consider the security ramifications. For example, running a legacy application inside a virtual machine (VM) might avoid a costly port to a newer architecture, but that VM needs to run on top of a hypervisor that likely has many critical vulnerabilities, with more found every week. See our page on Secure Virtualization for a way to run legacy applications without increasing the trusted computing base (TCB).
But just because you have one or more avionics applications that need to run at DAL A doesn’t mean you have to endure a 32-bit operating system. Green Hills Software can provide DAL A certification evidence for the INTEGRITY-178 tuMP RTOS with full 64-bit support on Arm, Intel, and Power Architectures. Requiring DAL A also doesn’t mean you need to accept running on a single core of a multicore processor, but that is a topic for another day.
