What Are ARINC 653–Compliant Safety-Critical Applications?
Safety-critical applications in avionics must comply with ARINC 653 principles.
ARINC 653 is a standard developed by the Aeronautical Radio, Inc. (ARINC) organization. It defines a specification for the development of avionics software applications with real-time and safety-critical requirements, which must function correctly even in the presence of failures or abnormal conditions.
An ARINC 653-compliant safety-critical application, therefore, is a software application that adheres to the guidelines and requirements outlined in the ARINC 653 specifications document. This document defines a partitioned operating system environment for running multiple software applications (referred to as partitions) on a single hardware platform. Each partition is isolated, ensuring that any failures or issues it experiences do not affect the operation of other partitions.
Key Principles of ARINC 653
ARINC 653 outlines several specific principles that must apply to compliant applications:
- Partitioning: The foundation of ARINC 653 lies in the concept of partitioning. Each partition operates as a distinct entity, encapsulating a specific software application. Partition isolation prevents cross-partition interference, safeguarding the integrity of critical systems.
- Time and space partitioning: ARINC 653 takes partitioning a step further with time and space partitioning, which allocates specific time slots and memory regions to each partition. As a result, each partition has predictable execution times and clearly defined memory boundaries, contributing to system predictability.
- Communication mechanisms: While isolation is essential, communication between partitions is equally vital in complex avionics systems. ARINC 653 defines communication mechanisms that support controlled and deterministic data exchange between partitions in a way that maintains strict timing constraints.
- Health monitoring and error handling: ARINC 653 addresses the prioritization of safety by incorporating health monitoring and error handling mechanisms. These help the system detect anomalies in partitions and respond to errors promptly for fast recovery and minimized disruptions.
Significance in Aviation and Safety-Critical Applications
The importance of ARINC 653 in the aviation industry cannot be overstated. It supports:
- Enhanced safety and reliability: ARINC 653’s partitioning approach prevents the propagation of faults by ensuring that issues in one partition remain confined and do not compromise the operation of the entire system. This isolation mechanism contains and mitigates the impact of potential failures, enhancing overall system safety.
- Predictable performance: ARINC 653’s time and space partitioning elements address the crucial need for predictability by predefining timing constraints, enabling critical processes to execute precisely when needed. This feature is particularly significant in avionics systems, where split-second decisions and actions can make all the difference in ensuring safe flight operations.
- Fault tolerance and rapid recovery: The health monitoring and error handling mechanisms outlined in ARINC 653 are of paramount significance in maintaining system resilience. Safety-critical applications are designed to detect anomalies and errors in real time, enabling swift and automated responses. Even in the presence of unexpected issues, the system can recover rapidly and continue functioning within operational bounds. This capability is essential in preventing disruptions and minimizing downtime.
- Streamlined certification processes: The aviation industry is subject to rigorous regulatory oversight, and the certification process for safety-critical systems can be intricate. ARINC 653‘s standardized approach to software development streamlines the certification process significantly. Regulatory authorities are familiar with the principles and methodologies outlined in ARINC 653, which expedites the review and approval of safety-critical applications. This reduces development time, accelerates time-to-market, and ensures that certified systems adhere to industry-recognized best practices.
- Industry-wide standardization and consistency: ARINC 653’s widespread adoption fosters a standardized approach across the aviation industry. Manufacturers, suppliers, and regulatory bodies all operate within a common framework, ensuring consistent practices and a shared understanding of safety-critical software development. This level of industry-wide standardization significantly enhances communication, collaboration, and interoperability, while also bolstering the reputation and credibility of organizations adhering to ARINC 653.
Additional Avionics Standards
Careful consideration of the context and industry determines which avionics safety standards to follow when developing a given application.
There are several other specifications and standards for the development of avionics software applications with real-time and safety-critical requirements, in addition to ARINC 653. These standards cover different aspects of software development, safety, and certification. Notable examples include:
- DO-178C/ED-12C – Software Considerations in Airborne Systems and Equipment Certification: This is one of the most widely recognized certification documents for software development in the aviation industry. It provides guidelines for development, verification, and certification processes, with a focus on safety-critical systems. It addresses planning, requirements, design, coding, configuration management, and other aspects of avionics software development.
» Learn More About DO-178C - DO-254/ED-80 – Design Assurance Guidance for Airborne Electronic Hardware: This document is specifically aimed at the development of airborne electronic hardware (integrated circuits, etc.).
- SAE ARP 4754A – Guidelines for Development of Civil Aircraft and Systems: This guideline provides a comprehensive system development and certification process framework that includes software aspects of civil aircraft and systems. It emphasizes the integration of safety, requirements, design, and validation.
- SAE ARP 4761 – Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment: This standard outlines methods for conducting safety assessments in avionics systems and equipment development, helping to identify potential hazards and assess their associated risks.
- IEC 61508 – Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems: This generic international standard applies to a wide range of industries, including avionics. It provides a framework for developing systems with functional safety requirements, covering both hardware and software aspects.
- NASA-STD-8739.8 – Software Assurance and Software Safety Standard: This NASA standard focuses on assurance processes and activities that ensure the reliability and safety of software used in spaceflight systems. While not exclusively for aviation, some aspects can be relevant.
The choice of which standard(s) to follow depends on the specific context, industry, and regulations governing the development and certification of a given avionics system.
How Can Wind River Help?
Wind River has a long and successful history of supporting safety-critical avionics projects.
VxWorks 653
VxWorks® 653 is a safe, secure, and reliable real-time operating system (RTOS) that delivers an open virtualization platform with robust time and space partitioning on the latest Arm®, Intel®, and PowerPC multi-core processor platforms. With technology proven by more than 360 customers over 600 safety programs in more than 100 civilian and military aircraft, VxWorks 653 is driving the transition to software-defined systems in aerospace and defense, bringing innovative technology that solves real business problems. It offers:
- Trust: VxWorks 653 is a world leader in ARINC 653 real-time operating environments, with a proven track record that includes the Boeing 787 Dreamliner, the Airbus A400M, and the Northrop Grumman UH-60V Black Hawk avionics upgrade.
- Robust partitioning: The RTOS provides support for a partitioned open architecture and robust partitioning that enables suppliers to modify an application that is part of an existing certified system, and only retest the scope of the components that have changed. This dramatically reduces recertification costs and total cost of ownership (TCO).
- Multilevel safety: High safety and security assurance comes from the multi-core scheduler that uses hardware virtualization assist.
- Commercial off-the-shelf (COTS) certification evidence: COTS certification artifacts can accelerate the time required to accomplish certification, reducing schedule risk.
- Independent build, link, and load: VxWorks 653 is designed around a multi-supplier, role-based supply chain, per RTCA DO-297. It allows application suppliers to asynchronously develop, test, and deliver software applications independently.
- Maintenance and support: Clients receive full access to the Wind River® worldwide support organization and a specialized team of Professional Services engineers with extensive experience in delivering design, integration, and optimization services.
- Unmodified guest OS: VxWorks 653 supports integration of both legacy applications and new applications to shared multi-core Arm, Intel, and Power PC architecture platforms; VxWorks and Wind River Linux guest OSes are supported out of the box.
» Learn More About VxWorks 653 Multi-Core Edition
VxWorks Cert Edition
VxWorks Cert Edition is a platform for safety-critical applications that require DO-178C, IEC 61508, IEC 62304, or ISO 26262 certification evidence for the avionics, transportation, industrial automation, and automotive industries.
For four decades, our software has been trusted to enable the highest levels of safety, security, and reliability in the world’s most critical systems. VxWorks Cert Edition provides a certifiable RTOS for regulated industries developing and certifying safe, secure, and reliable solutions.
VxWorks Cert Edition:
- Is tightly coupled to specific hardware
- Is written in lower-level languages such as C/C++
- Interacts directly with hardware (e.g., peripherals)
- Requires specialized development and management tools
- Tends to have a long lifecycle and stateful execution
- Faces an increasing diversity of end hardware and software deployed in the field