Linked by James Ingraham on Mon 24th Jul 2006 11:15 UTC
QNX In today's entry in our Alternative OS Contest, James Ingraham takes a close look at QNX, the operating system based on the Neutrino microkernel. He concludes that "While you can probably find solutions for just about all of your desktop computing needs using the QNX RTOS, that is not QNX's strong suit. Its focus is real-time, embedded, and mission critical applications." Read on for the whole article.
Thread beginning with comment 146224
To view parent comment, click here.
To read all comments associated with this story, please click here.
ingraham
Member since:
2006-05-20

"Linux may be suited for the desktop... but that doesn't mean it isn't suited for critical embedded applications too."

Depends on what you mean by "critical." I would not trust Linux if life and limb were at stake. Nor do most of the people designing "life at stake" systems. My industrial embedded "critical" applications would do okay on Linux, but "crtical" here means "critical to production" not "if you screw up people die." The arguments are many and varied, but for me it boils down to this; the Linux kernel is not pre-emptable. That means you can never ever reliably guarantee system response time. Is it "fast enough?" Yes, generally. Has anyone decided to trust it fly a jet fighter? No.

I'm actually not aware of any medical equipment running on Windows XP that is actually life-crtical, e.g. delivering anasthesia, running a dialysis machine, etc. Controlling an X-ray machine or MRI maybe. Of course, one of the most famous software blunders in history was an X-ray machine that occaissionally delivered lethal doses of radiation (they wrote their own OS). If there ARE life-critical machines running Windows XP, I agree that it is quite terrifying.

Windows CE, on the other hand, IS in fact a real-time OS, and can reliably run critical systems. But nobody's controlling jet fighters with it, either.

By the way, NASA ground control at Johnson Space Center in Houston (as in "Houston, we have a problem") is chock full of Windows machines. This is fine, because you can just switch to another machine if you need to. The International Space Station, however, runs QNX.

You're right that Linux isn't automatically out of the running simply because it can be a decent desktop OS. In fact, nobody is really sure just how good (or bad) Linux is at "Real-Time Critical" applications. Such things are notoriously hard to measure. But I feel safer with the "traditional" commercial RTOSes, e.g. VxWorks, Integrity, QNX, etc.

Reply Parent Score: 1

CrLf Member since:
2006-01-03

"the Linux kernel is not pre-emptable"

If you mean that a process can be preempted while executing kernel code, then that's not true at least since early 2004 (check http://kerneltrap.org/node/2702).

"Depends on what you mean by "critical." I would not trust Linux if life and limb were at stake."

If one defines "critical" or "life-critical" in terms of reliability, then I think Linux is reliable enough to handle such critical tasks, especially after shaving off all unneeded bits. However, if "critical" is defined in terms of real-time guarantees, then I wouldn't use Linux either.

Linux isn't an RTOS and it probably will never be (real-time and general purpose capabilities don't seem to be a particularly good match).

"If there ARE life-critical machines running Windows XP, I agree that it is quite terrifying."

I can't say for sure, but I'm quite certain that there are a lot of stuff being controlled by software running on Windows XP boxes that one could consider "life critical". If you have a couple of big industrial robots running an RTOS inside, but being controlled by some software running on Windows XP, then that could be considered life critical too. If the Windows box goes mad and one of the robots chops the head out of a worker nearby, then that could be considered life critical ;)

Reply Parent Score: 1

ingraham Member since:
2006-05-20

"If the Windows box goes mad and one of the robots chops the head out of a worker nearby, then that could be considered life critical ;) "

Can't happen. The rules regarding industrial machinery require physical barriers. If there is a way through the barrier (e.g. a gate in the fence around the machine), when opened it must remove all motive power through a double-redundant, safety-rated hardware circuit. The software can go as screwy as it wants, and nobody gets hurt. If a guy jumps the fence or comes up with some other clever way to defeat the safety circuit, he's as likely to be killed by a working system as a non-working one. He'd better HOPE for a blue-screen at that point. :-)

Incidentaly, I like the fact that I can't kill anyone with my job. I have no desire to write software for medical devices, jet planes, or nuclear power plants.

Reply Parent Score: 1