We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!

Microchip and O.C.E. Technology Deliver High-Reliability RTOS for PolarFire® SoC FPGA Space Applications

PolarFire® SoC FPGA RISC-V space applications can now take advantage of an RTOS that complies with ESA standards and is designed to police applications, providing maximum reliability.

Page link copied to clipboard

O.C.E. Technology's Breakthroughs in High-Reliability RTOS for Space Applications

O.C.E. Technology has been developing software tools and high-reliability operating systems for the European Space Agency almost since its foundation in 2013. Building on its single-core Real-Time Operating System (RTOS), called OCEOS, designed for radiation-hardened microcontrollers, it recently showcased the multicore version of the product on the PolarFire® System-on-Chip Field-Programmable Gate Array (SoC FPGA) at Embedded World. The RTOS boasts some unique (patent pending) features to improve application reliability.

One of the first applications is an optical inter-satellite communications constellation where small memory footprint, high efficiency and application policing features make it the RTOS of choice.

Credit: DARPA

So how does OCEOSmp achieve better reliability than other RTOSs?

  • The single-stack per core design makes deadlocks impossible on single-cores and warnings are provided on multicore where mutexes are obtained in a different order by different tasks.
  • Another common problem is avoided as unbounded priority inversion and chained blocking cannot occur by design.
  • Task scheduling information is available to the application (e.g. longest time on the ready-to-run queue, the shortest time between task finish and next start, the maximum time to finish after starting and the maximum number of times the task was pre-empted). This information can be used to ensure that the design assumptions are holding true and, if not, problem avoidance action may be taken.
  • Return codes for each warning or error again provide the application with useful information on which decisions can be made about the state of the system.
  • Logging of system and application errors to non-volatile memory provides for pre- or post-issue analysis.
  • Cores can be switched on or off or disabled in the case of core damage by high-velocity particles.

Many Commercial-Off-the-Shelf (COTS) components are moving to radiation-tolerant fabrication processes, such as Fully Depleted Silicon On Insulator (FD-SOI), giving them good Total Ionizing Dose (TID) performance but still exposure to Single-Event Upsets (SEUs). In many cases, the software has to mitigate the SEU effects. “New Space” companies design-in these radiation-tolerant COTS parts. Their prototypes are often based on an RTOS with no safety certification, but production models generally move to a safety-certified RTOS usually driven by their experience from their early missions. OCE has noted this trend with its space customers. Beus-Dukic in his paper about RTOS for space says that “in applications with safety-critical software components, COTS RTOS needs to be certifiable, the challenge only a few vendors can currently meet.”

The design of the PolarFire SoC FPGA allows for parallel execution of a high-reliability RTOS and Linux. Many “New Space” applications need to take advantage of APIs available under Linux which leaves the real-time processing to the RTOS running on other cores.

In summary, OCEOSmp offers the following features:

  • Fixed priority pre-emptive scheduling
  • Based on the Stack Resource Policy—unbounded priority inversion and chained blocking cannot occur 
  • Deadlocks are impossible on a single core and warnings are provided on multicore
  • Single stack per CPU rather than separate stack for each task
  • Small code footprint (<30 kB for core functionality)
  • Mutex (standard and read/write), counting semaphore and data queue support
  • High-precision timed actions independent of scheduling (data output and task start)
  • Supports SPARC, ARM and RISC-V processor architectures
  • DMON debug tool support showing task/interrupt execution timeline
  • Certification service for OCEOSmp to run on customer-designed boards
  • Support & Independent Software Validation services available from OCE
  • Compliant with ESA ECSS Category B standard

If OCEOSmp sounds suitable for your application, the company will certify it as your customer-designed board as part of the development kit sale. Any questions can be directed to sales@ocetechnology.com or visit our booth at the next European space exhibition.

Barry Kavanagh, Chief Executive Officer, O.C.E. Technology Ltd., Aug 1, 2024
Tags/Keywords: Aero-Defense