An upcoming operating system (OS) from Wind River Technologies, code-named Cirrus, will benefit from a new memory-management model. Protected Domains differs from conventional virtual-memory protection models, as it lets designers select the level of protection and isolation their application needs. This development promises to change the way embedded-system software takes advantage of memory-management hardware.
Selectable application isolation and protection lets users trade performance and determinism for improved security and reliability. Generally, designers have had trouble building fully protected virtual-memory systems for fast, deterministic task switching. Many embedded applications require this ability.
Alternatively, engineers would have to move time-critical applications into device drivers that often operate below the virtual-memory system. Essentially, this method creates three choices: determinism with no protection, nondeterminism and full protection, or a custom real-time operating-system (RTOS) protection model. This last option requires a significant investment by the developer, making such an approach difficult to justify in terms of time and effort.
A Cirrus-protected domain supports one or more applications and threads. The domain has its own protection-level setting. All domains task-switch in a deterministic fashion, although the time to perform a switch will be based upon the level of protection selected for the domain.
The importance of multiple protection levels is increasing, due to the rising use of field-upgradable software and the execution of unproven or third-party applications on an embedded system. A newly updated application may warrant a higher level of isolation and protection until the application has proven to be stable. In this case, the application's protected domain may be reconfigured once the application is trusted. Even then, it may not be given unrestricted access to system services. Downloaded applications like Java applets often may be run with full protection to prevent accidental corruption of the underlying system.
Cirrus builds on VxWorks technology. It has a common, compatible application-programming interface (API). Modular construction tools are based on VxWorks and Tornado RTOS development tools. Still, Cirrus is designed to augment Wind River's product line. It doesn't replace VxWorks. An enhanced linker/loader augments the new protection model. The combination primarily targets smart devices, such as cell phones and Internet appliances, that will be upgraded in the field.
Cirrus will find a home in telecom, medicine, military, aerospace, and other high-availability, mission-critical applications. The OS fits custom as well as commercial off-the-shelf embedded-system requirements.
With over 200 engineering years of development time, Wind River has invested a lot in Cirrus. Details on the OS and its protected do-mains are very limited, so it is difficult to compare it to currently available technology. Now in beta test, commercial delivery is scheduled for this fall.
For more information about Protected Domains, visit Wind River Systems at www.windriver.com.