- The operating system must be multithreaded and preemptive.
- The operating system must support thread priority.
- A system of priority inheritance must exist.
- The operating system must support predictable thread synchronization mechanisms.
- The maximum time during which an interrupt can be disabled by the operating system or device drivers must be known.
- The time it takes the interrupt to run (interrupt latency) must be within the requirements of the application.
The Windows CE operating system meets the criteria to be classed as a real-time operating system, but in its current implementation the architecture does not achieve these goals in a way that would promote the level of integrity required to host a mission critical application. To help you understand this better I should perhaps explain how the interrupt processing is performed. Interrupts are events triggered by external components to announce that an event has occurred. Because I know a little about aircraft, I shall use an aircraft warning system to draw an analogy-note that the examples are not strictly accurate but are simply designed to illustrate the point. Imagine an autopilot that is equipped with a collision avoidance system. In the event of a collision warning, the collision avoidance device should notify the autopilot, which in turn must take corrective action. This might be in the form of an audible warning and also might automatically adjust the aircraft controls to miss the obstacle. In a real-time system you would expect that once the warning (or interrupt) has occurred the autopilot will react and perform the required actions within a stipulated time. Figure 5-5 shows a simplified diagram of how such functionality might be handled by the Windows CE operating system.
Figure 5-5 Real-time processing in Windows CE
An external device notifies the operating system of an event by way of an interrupt, or more correctly, an interrupt request line (IRQ). Each IRQ has an associated interrupt service routine (ISR). When an interrupt occurs the Kernel calls the associated ISR, which returns the ID of the interrupt service thread (IST) for the IRQ. Once the Kernel has the thread ID it notifies the IST, which starts the required processing. There are a couple of reasons why you might not want this system in a Boeing 777 on final approach. First, interrupts cannot be nested-that is, once an interrupt has occurred no further interrupts can be processed until the IST has started for the previous interrupt. Second, imagine the scenario where there are multiple ISTs each on 0, the highest priority. Because critical threads are not preempted any further IST will not be able to run until the first IST has finished. So, in the case of our 777, whose computer also handles the fire extinguisher, we could deal with the collision warning, but we could not deal with a fire until the collision warning's IST completed. Microsoft is working hard to cater to these demanding requirements of real-time mission critical applications. Version 3 of the Windows CE operating system will be able to handle nested interrupts and will have interrupt latencies of less than 50 milliseconds.