What Are Mixed-Criticality
OS Environments?

Learn how OS environments can support varying criticality levels within a single system, and how Wind River solutions help.

Speak to an Expert
 

What Are Mixed-Criticality OS Environments?

Mixed-criticality operating system (OS) environments support diverse applications with varying levels of criticality, all within a single system. In safety-critical systems — such as automotive, aerospace, or medical devices — it is common for different tasks to have different safety requirements. These can range from non–safety-critical functions to tasks with stringent safety standards, such as real-time response and fault tolerance.

In a mixed-criticality OS environment, then, the challenge lies in ensuring that low- and high-criticality tasks coexist without compromising the overall system integrity. This is achieved by implementing partitioning mechanisms that isolate critical tasks from less critical ones, preventing lower-priority activities from affecting the timely execution of safety-critical functions.

These environments provide a framework to integrate diverse applications while meeting the stringent requirements of safety standards and real-time performance.

Developers must ensure that low- and high-criticality tasks in the same environment do not compromise the overall system.

Mixed-Criticality OS Environments and Safety-Critical Systems

Mixed-criticality OS environments play a pivotal role in safety-critical systems by addressing the intricate challenge of managing diverse tasks of varying levels of criticality. A mixed-criticality OS allows partitioning of resources to ensure that safety-critical components are shielded from potential disruptions caused by lower-priority activities. This segregation enhances the overall predictability and reliability of the system.

These environments provide a framework for adaptive resource allocation and graceful degradation. In situations where system load increases or failures occur, the OS can dynamically adjust the criticality levels of tasks. This ensures that, even under adverse conditions, safety-critical functions can continue to operate with reduced functionalities, preventing a complete system shutdown and mitigating potential risks. This flexibility supports optimized resource utilization and enhances the overall dependability of the system.

Examples of Mixed-Criticality OS Environments

Mixed-criticality OS environments are versatile and applicable in many industries. In the automotive sector, for example, today’s complex vehicles require both safety-critical functions, such as anti-lock braking systems and collision-avoidance monitoring, and noncritical elements, such as infotainment systems.

In avionics, critical systems include flight control, navigation, and communication, which exist alongside less-critical passenger entertainment systems. Medical devices such as patient monitoring systems integrate tasks ranging from real-time vital sign monitoring to less time-sensitive data logging and display functions. In industrial automation, mixed-criticality OS environments ensure stable and secure operation of manufacturing processes while allowing the integration of additional functionalities such as data logging and diagnostics.

In each case, the OS manages the prioritization and isolation of these different tasks, preventing the noncritical activities from compromising the performance of critical functions.

What Makes up a Mixed-Criticality OS Environment?

Several elements collectively contribute to the system’s ability to support a range of tasks of varying criticality levels while upholding safety, reliability, and real-time performance:

  • Partitioning: Tasks are isolated into different partitions based on their criticality levels. Each partition is allocated specific resources, and mechanisms are in place to prevent lower-criticality tasks from adversely affecting higher-criticality ones.
  • Schedulers: Schedulers determine the order and timing of task execution. They prioritize high-criticality tasks to meet stringent timing requirements. In dynamic environments, adaptive scheduling mechanisms can adjust task priorities in real time, allowing the system to respond to changes in workload or to performance threats.
  • Communication protocols: These facilitate interaction between partitions and ensure that critical data is transmitted with minimal latency.
  • Security: Security measures safeguard against potential threats, since safety-critical systems are often prime targets for malicious activities.
Developers employ partitions, schedulers, and other elements to ensure smooth functioning of mixed-criticality systems.

Considerations and Challenges

Understanding mixed-criticality OS environments involves recognizing certain considerations and challenges:

  • DevOps and continuous integration/continuous deployment (CI/CD): Many safety-critical industries have stringent certification standards. Mixed-criticality systems must adhere to these standards, such as ISO 26262 in automotive or DO-178C in avionics, to ensure that they meet the required safety and reliability levels.
  • Resource management: Efficient utilization of resources includes managing CPU time, memory, and other hardware resources to meet the real-time requirements of critical tasks while also ensuring optimal performance for noncritical functions.
  • Deterministic behavior: The OS must provide mechanisms to guarantee that high-criticality tasks consistently meet their deadlines and that the entire system’s behavior is predictable.
  • Integration with development tools: Seamless integration with development and testing tools is vital for these systems’ design, implementation, and verification. Tools that support tasks such as partitioning and scheduling analysis are critical elements of the development lifecycle.
  • Runtime adaptability: Some mixed-criticality systems must adapt dynamically during runtime, adjusting criticality levels, reallocating resources, or modifying task schedules in response to changing system conditions or failures.
  • Inter-partition communication: Communication mechanisms should introduce minimal latency and maintain necessary data integrity and confidentiality.
  • Lifecycle maintenance: Managing the lifecycle of mixed-criticality systems begins during initial development and carries through ongoing maintenance and modifications. Updates must never compromise safety or reliability.
  • Power management: A mixed-criticality OS may need to incorporate power management strategies to optimize energy consumption while meeting critical task requirements.

As technologies advance, developers must keep abreast of developments in these areas in order to design and maintain robust and reliable mixed-criticality systems.

How Can Wind River Help?

Wind River Helix Virtualization Platform

Wind River Helix™ Virtualization Platform is a safety certifiable, multi-core, multi-tenant platform designed for systems that require mixed levels of criticality.

It consolidates multi-OS and mixed-criticality applications onto a single edge compute software platform, simplifying, securing, and future-proofing designs in the aerospace, defense, industrial, automotive, and medical markets. It delivers a proven, trusted environment that enables adoption of new software practices with a solid yet flexible foundation of known and reliable technologies on which the latest innovations can be built.

Its key features include:

» Read the Helix Platform Product Overview
» Watch the Helix Platform Video

VxWorks

VxWorks® is the industry’s most trusted and widely deployed real-time operating system (RTOS) for mission-critical embedded systems that must be secure and safe. It delivers a proven, real-time, and deterministic runtime combined with a modern approach to development.

Its features include:

  • Extensive multi-core and multiprocessing support: VxWorks supports 32-bit and 64-bit multi-core processors based on Intel®, Arm®, Power, and RISC-V architectures. Its comprehensive processor support allows OS configurations for asymmetric multiprocessing (AMP), symmetric multiprocessing (SMP) with CPU affinity to address bound multiprocessing (BMP) scenarios, and hardware-optimized multi-core acceleration.
  • OCI containers: Package and deploy any and all applications using IT-like tools and methods. Push your applications to standard container registries (such as Docker Hub, Amazon ECR, or Harbor) and pull them from your deployed VxWorks-based devices.
  • Security: VxWorks integrates an extensive and continuously evolving set of security capabilities that map to the CIA triad. From booting operations to power down, these capabilities allow architects to develop a level of security appropriate for the attack surface and the threats unique to the application and environment.
  • Certifiability: VxWorks has an extensive portfolio of safety certification history, including 600+ programs with more than 360 individual customers. Conformance to POSIX®, the FACE™ Technical Standard, and similar standards has been leveraged in the certification of VxWorks to DO-178C, IEC 61508, IEC 62304, and ISO 26262 safety standards.
  • Rich connectivity and communications: VxWorks supports IPv4 and IPv6 stacks, Routing Information Protocol (RIP), quality of service (QoS), and more. Additionally, VxWorks enables Time-Sensitive Networking (TSN), guaranteeing real-time communication and packet delivery within a bounded time or latency on a switched Ethernet network. VxWorks supports innovative industrial applications based on OPC Unified Architecture (OPC UA). It also supports SocketCAN, used in automotive applications, and provides host, target, and OTG USB support.
  • Broad board support: Working with our ecosystem of partners, we have optimized VxWorks for the latest advanced processors and SOCs. It includes the most extensive list of board support packages in the embedded software industry, offering early prototyping, cost savings, and flexibility of choice.
  • Customization and tuning: Tailor your design to your specific needs with access to full source code, and/or use the various configuration options to include or exclude predefined components and/or parameters.
  • Virtualization: Choose among flexible deployment options, from native to cloud. VxWorks is available as a guest operating system for a variety of virtualization environments, including but not limited to Helix Platform, QEMU, VMware, and KVM.
  • Fault-tolerant file system: Take advantage of integrated fault tolerance. VxWorks comes with a certifiable fault-tolerant file system.
  • Multimedia: VxWorks offers support for many standard graphic libraries, such as OpenGL, OpenGL ES, OpenCV, and Vulkan, as well as libraries that handle JPEG and PNG images.
  • Artificial intelligence and machine learning: Technologies such as pandas and TensorFlow Lite are integrated to easily add AI/ML applications to the device.
  • Python: VxWorks supports Python, an easy-to-learn programming language ideal for the quick prototyping, testing, and integration of high-level programs.
  • Feedback loop: For digital transformation enablement, VxWorks comes with a variety of communication protocols that allow developers to collect device information and send it to the cloud for mining and analysis.
» Read the VxWorks Product Overview
» Read About Real-Time and Safety-Critical Systems