UST034

85 execution, or a combination of the two. This is potentially at odds with the latency and reliability of the system. If the time slot is too long, the latency is high and other tasks may miss out, yet if the time slot is too short and a task isn’t completed in time, the system might have to send an error message or even reset. The RTOS also has to take into account the time needed to switch the data for a task in and out of memory to allow the next task to execute. This ‘context’ switching is a key factor in reducing the latency but also in ensuring that data does not leak across tasks, and is a security risk as well as a performance challenge. All these factors have to be considered for a safety-critical system. That challenge is made much harder with multiple cores that might be running multiple tasks (also called threads in a ‘multi-threaded’ processor core). There is a further challenge to do all that in a small amount of code for the leading embedded processors, Intel x86 and ARM, as well as legacy PowerPC processors. But a reliable and safe RTOS gives a huge amount of flexibility for the system’s designer. A whole ecosystem of software has grown up around the use of an RTOS as a result. A major associated piece of software is the hypervisor. This is an even smaller piece of software that makes use of hooks in multicore processor hardware to allow virtualisation. It controls access to the cores to create ‘partitions’ where an operating system or application can run. This then allows an RTOS to run in one partition to control the real-time responses of the system, with a larger, non-real time operating system such as Linux or Windows running in another partition. As most machine learning frameworks run on Linux, the hypervisor allows the ML capability to operate alongside the RTOS, with the communication between the partitions handled by the hypervisor. This software usually comes precompiled as binary code for specific processors, fully tested with certification documentation that supports the DO-178 standard for aircraft or the ISO 26262 safety standards for automotive designs. However, an RTOS can also be used as a hypervisor, and can be supplied as source code so that developers can change it or use it on processors that are not directly supported. That then raises the issue of the tools. Compilers that take the code, in C or a language such as Ada, and convert it to machine code on the processor can also introduce errors. These compilers also link in and compile libraries Real-time operating systems | Focus Unmanned Systems Technology | October/November 2020 The VSR400 UAV is controlled using the VxWorks/Cert RTOS from Wind River and applications from AdaCore (Courtesy of Airbus Helicopter) This image contains a trace of the Vector autopilot software execution. It shows how a task gets blocked after ‘taking’ a semaphore to launch a serial peripheral interface transaction (Courtesy of UAV Navigation)