HIPPEROS is a family of new multicore hard real-time operating systems (RTOS) for safety critical applications, specifically designed to provide the highest reliability, predictability, security and performance while using multicore architectures efficiently, taking into account their specific constraints and features.

HIPPEROS is a highly configurable and modular family or RTOSs. This way, we can produce different kernels that satisfy different requirements, adapting to different use cases. All these "flavors" share nevertheless compatibility for applications.

HIPPEROS is predictable, fully preemptive and multitasking. Its architecture makes it scalable and efficient for multicore platforms. Specific features have been included in its design to ensure fault tolerance, redundancy and to obtain its formally proven reliability.

HIPPEROS is aimed at certifiability by different norms. It is prepared to meet the requirements and growing complexity of different application domains taking into account the specific needs of every case.

HIPPEROS application domains include:

• Aerospace
• Avionics & Defense
• Robots and Industrial Control
• Car Safety
• Medical Devices
• Virtual & Enhanced Reality

Currently available RTOS in the market were not originally designed for multicores. Therefore, they do not scale well and their design is not able to cope efficiently with the challenges of multicore architectures or growing application demands. This is either unsafe or an inefficient use of computing resources.

HIPPEROS fills the multicore performance gap while remaining totally reliable.

HIPPEROS was created at the PARTS (Parallel Architectures for Real-Time Systems) Research Center of the ULB, to incorporate major scientific results in the area of real-time scheduling, resource sharing, scalable Inter Process Communication protocols and operating systems kernel architectures.

HIPPEROS has a unique combination of innovations:

Robust master/slave micro kernel architecture

HIPPEROS uses the new concept of master/slave micro kernel architecture for safety and redundancy

• Master handles most kernel data and manages scheduler and sharing
• Slave executes tasks on each processor minimizing context switches

The advantages are less overheads, less or no cache misses and optimal scheduling (ex UEDF) and almost lack of kernel locks.

This architecture is highly scalable for multicores.

Partitioned & clustered time & space task isolation modes

Time and space isolation, using MMU or MPU, achieves optimal reliability, making HIPPEROS suitable for critical applications.

Offline configuration tool partitions the task sets into subsets of tasks where high safe utilizations bounds are feasible. Optimizer avoids preemptions, migrations and contexts switches, which cause cache misses and bad WCET. Task subsets are assigned to processor clusters. Adequate scheduling policies are chosen for each cluster.

HIPPEROS processor clustering has next advantages:

• Each can have own scheduler
• Non blocking communication
• Smaller data structures
• Cluster protection inside same OS

HIPPEROS supports 64 clusters of 64 processors each

Efficient configurable scheduling algorithms

HIPPEROS provides different schedulers.

HIPPEROS provides efficient configurable hierarchical, static or fixed task priority scheduling algorithms

HIPPEROS includes a library of easy to extend plugin policies:

• Hierarchical: RR, TS, ...
• Static: RM, DM, ...
• Fixed: EDF, EDFk, UEDF (optimal)
• Dynamic (only for benchmarking): PFAIR, LSF, ...

This way a safe reliable utilization limit close to 100% of CPU usage becomes feasible.

Preemption avoiding mechanism

HIPPEROS implements a preemption avoiding mechanism to avoid cache faults and provide lowest WCET

HIPPEROS has a small footprint (typical down to <= 20k ELOC, low task switch latency (typical down to ~5μs depending on architectures), almost zero interrupt latency and high task set safe utilization limits (typical >90%).

This small footprint makes it suitable for very high performance computing tasks, as code runs "almost like on bare metal".

HIPPEROS already supports or aims to support supports 32-bits and 64-bits architectures with or without MMU, of different vendors:

• ARM A9, ARM Cortex-A8+, ARM Cortex-R+
• IA 32 x86, IA 64 x86
• ARC
• Leon3, 4
• PPC
• MIPS

HIPPEROS can be tailored for specific MPSoC designs.

Specific versions for 16 bits architectures or hybrid architectures without MMU are foreseen for microcontrollers, eg MSP430 and AVR.

HIPPEROS is compatible with most embedded toolchains, including IAR, Keil, and GCC.

HIPPEROS product features include concurrency mechanisms like spinlocks (avoided when possible), mutexes, semaphores, message passing, mailboxes, signals and shared memory. It includes events, timers, alarms and very efficient and scalable IPC and resource sharing protocols. Starvation and deadlock detection and avoidance mechanisms are part of the design, as well as recovery watchdogs and priority inheritance & priority ceiling mechanisms.

HIPPEROS Monitor serves as a watchdog to ensure no corruptions happens on any component of the system:

• Kernel
• Drivers
• Services
• Application Tasks

HIPPEROS Monitor will catch & handle faults, cleanup and restart processes and services. It prevents rogue applications or byzantine processes to create trouble. It can recover any part of the system, including itself. System restart should never happen, unless there is a major hardware fault.

HIPPEROS also provides tracing & profiling features:

HIPPEROS can handle mixed criticality periodic, sporadic or aperiodic tasks and provides configurable processor affinity.

HIPPEROS is developed according to traceable strict software engineering and quality assurance process. It is aimed at certifiability by norms such as:

• Avionics DO178B/C at Level DAL C or +
• Safety Life Cycle IEC 61508 SIL3 or +
• Automotive Functional Safety ISO 26262
• Common Criteria EAL4

Besides its native API, other APIs are foreseen for compliance and to make migration of legacy code as easy as possible:

• POSIX 1003.12 RTOS Compliance
• OSEK/AUTOSAR
• ARINC 653 Downward
• ITRON

HIPPEROS code follows software development standards and technologies to ensure code safety, portability and reliability:

• Adherence to MISRA C Rules
• Strict SQARE Code Quality & Technology Debt Indexes
• Tools (V&V, process, methodology, QA, automated testing, …)