Unmanned Systems Technology 001 | UAV Factory Penguin C | Real-time operating systems | Hirth S1218 two-stroke twin | Base stations | ASV C-Enduro | Composites | Datacomms

29 those timeframes; an application is also given its own memory partition. The RTOS can then run in the minor timeframe, and this gives a huge advantage in terms of safety certification, as the RTOS can be securely checking the activity of the application in the major timeframe of the scheduler. While this provides multiple levels of safety on one processor by having the RTOS check the operation of the applications, the more checks that are made, the slower the system runs. Commercial RTOS vendors have also made their offerings modular, so that only the required elements need to be used, although this creates a problem with certification. It is easier to certify a complete software system, and then re- use it in other designs, than constantly build and certify new, more optimised software systems from modules. As a result, vendors have had to combine all the modules into a single product and certify them as such. An RTOS is a key piece of the unmanned system design because safety and security is a hierarchical challenge, with ‘strength in depth’. The heart of with the communications protocol stacks – implementations of a networking protocol suite – while making sure it still functions as intended, and this creates a more complex software environment. Adding more and more sensors to a system to provide more information for the decision-making process also increases the complexity of the software, making it harder to certify a bare-metal design as safe. The connection to the network potentially makes these systems more vulnerable to attack. Hackers are always scouring the world for unprotected industrial real-time control systems, and in the past they have accessed those in medicine, transport and some utilities. Clearly then, a system that is not secure cannot be regarded as safe – if it can be hacked, it can be dangerous, particularly with regards to autonomous vehicles, where not only passengers but other people can be put at risk. For example, a driverless car or delivery drone that has been taken over by a hacker – even for fun – can potentially cause significant damage and loss of life. This issue has generated a greater demand for commercial RTOS implementations whose safety and security can be fully tested and documented. The scheduler is no longer a differentiating factor for a design, so spending millions on developing – and, more important, testing, certifying and supporting – their own is a costly approach that slows down the overall project development. Instead, companies are adopting commercial RTOS software so that they can focus on areas such as sensor-fusion algorithms that combine visual data, radar, and infrared for detecting the world around themselves, and code-learning software. That said, there is still innovation at the heart of the RTOS, with the idea of a two-level scheduler using major and minor timeframes. Major timeframes are assigned to an application such as a sensor input or a communications link, and they are the only things that run in There is still innovation at the heart of the RTOS, with the idea of using major and minor timeframes Real-time operating systems | Focus How the Integrity RTOS is used in safety software development Unmanned Systems Technology | November 2014