Avidyne Avionics Are Running Windows OS (Was: Why don't voice radio communications use FM?)
Jim Logajan writes:
It's been a while since I worked on any RTOS, but I seem to (probably
incorrectly) recall that applications running on VxWorks (the OS used on
the Mars Explorer, among other spacecraft) generally have full run of the
memory. That is, there is no distinction between the app and the OS as far
as access privileges to memory or I/O.
It makes sense, since anything used in a truly mission-critical
environment has to be error-free for the mission to succeed.
Protecting the OS against applications serves no purpose, because any
error in the applications will negatively impact or destroy the
mission, anyway. In other words, even if the OS is protected against
an application bug, the mere fact that there is a bug is going to
prevent the mission from being carried out, so one gains nothing by
protecting the OS.
Ultimately you end up with a system that is entirely OS, with
everything being privileged. A system that enforces restricted user
privileges just does so to protect against poorly-written software;
but you cannot afford poorly-written software to begin with in
mission-critical systems, so such restrictions are too little, too
late, if something goes wrong.
And I'll admit it eventually doesn't matter how reliable the OS is once it
passes a certain reasonable level, since the application(s) are always
going to be less reliable.
And vice versa. If it's all mission-critical, there's no reason to
restrict any of it, because it all has to be 100% trustworthy to begin
with.
--
Transpose mxsmanic and gmail to reach me by e-mail.
|