[fargle]

i wish i could, but that's part of the problem. possibly -the- problem.

i've worked on vxworks, integrity, and qnx. if you are a licensee (which is ridiculously expensive), you typically see most or all of the code for this type of embedded os. and it's uniformly atrocious.

but, since it's proprietary, you can't review it or critique it publicly. all you can see is glossy press releases and whitepapers. i assure you, pull the curtain back, and what you find is beyond bad.

it's the exact same issue with internet-of-crap devices, which is more widely known. just slapping a "safety critical" label on a product or paying millions for certification doesn't fundamentally change anything: they will put out the cheapest thing they can get away with. things like DO-178, MISRA, etc. even formal-methods. are supposed to help, but they don't, especially with low-level code like an embedded os. the effort spent certifying means even less time and money available ensuring things like that their drivers flush/invalidate caches correctly and that they use memory barriers right. certification doesn't prove that at all.

we need to make ALL safety critical and security software open-source or at minimum source-available, even if it retains a proprietary license.

[mighmi]

Thank you! Do you have visibility into the certifications or business structure here? Like how does a company enter this space with random subpar software? Do the certifications automatically preclude open source software at the moment?

[fargle]

> Like how does a company enter this space with random subpar software?

i don't think they did. they date back to the 1980s and there was a time when just about every printer and wireless router (WRT54) ran on vxworks. they didn't start out doing safety and security. but then much of that embedded space got eaten up, rightly so, by Linux.

so the companies focused more on security safety, automotive, aerospace, side of the market.

but then SoCs keep changing, ports to PPC and RISC-V, multicore. and lots and lots of new drivers for new hardware.

at the same time, compiler technology stopped being driven by proprietary vendor tools and the open source compilers and debuggers eclipsed the proprietary ones in terms of quality. so now what was once secret-sauce is just repackaging open-source.

so less and less real tech to differentiate themselves. and of course mergers and acquisitions happened to most (i believe green-hills is still founder owned)

so: - aging base software that was embedded, but not necessarily designed for safety - much less market share due to Linux - continuous need to add features to keep up with hardware and competition - original engineering teams and management long gone - result: sky-high prices, less money for engineering. it's a death spiral.

> Do the certifications automatically preclude open source software at the moment?

not at all. obviously, not any sprawling typical open-source hobby project is going to be suitable. but for example i like the FreeRTOS/OpenRTOS/SafeRTOS model, and take for example seL4 which is very interesting. and SQlite.

an RTOS, especially a safety-critical one, should be a tiny, simple, thing. 10-50KSLOC. what's making the commercial ones big and complicated are features being pushed by dying companies desperate to differentiate themselves and lock big programs into their product.