SAN FRANCISCO — Most people haven’t heard of QNX Software, though they’ve likely come in contact with it.
The real-time operating system is used where software failure can lead to catastrophic consequences, even death – from high-speed trains to air traffic control towers to highway toll systems. It’s also used in more than 100 different types of cars on the road.
For Atomic Energy of Canada Ltd., which operates nuclear power plants in Canada, China and Slovenia, downtime just isn’t an option. About 15 to 20 years ago, the Mississauga, Ont.-based company turned to QNX’s real-time operating system to keep its plants running. Since then, it’s upgraded to version 4.0 and is now rolling out 6.0 – and that’s it.
“We chose QNX initially because of its micro-kernel architecture, its performance and its real-time capabilities,” said Ross Judd, manager of information and control systems development with Atomic Energy. “Our applications are real-time applications – they involve data acquisition through machine interfaces and control rooms.”
It recently upgraded the hardware in its Slovenia plant, but didn’t have to upgrade the software except for one driver, he said. That application has been running for more than 10 years, and the company doesn’t anticipate upgrading the software for another 15 to 20 years.
“I don’t know how they do it, but they have a product line that seems to be very stable,” said Judd. Nuclear power plants have a lifecycle of about 30 years, he said, so these plants require technology that’s stable over long periods of time.
“That’s what QNX has given us in contrast to some other operating systems like Windows, (where) you’re upgrading all the time, mostly for security reasons,” he said. “Besides its basic capabilities, (QNX) has features that protect it from failures that aren’t available in other operating systems.”
Atomic Energy is using QNX and its own in-house applications; it doesn’t use any other third-party products. And this provides the company with better control, said Judd, since it has to meet certain regulatory requirements and standards for its software.
“They provided redundant network support early on,” he said. “They have their own networking protocols that allow you to create distributed applications very easily. Combined with their message handling, they meet our regulatory requirements as well as our need for quality assurance.”
The QNX operating system is a micro-kernel operating system, which means it consists of a relatively small base of code. “Take a string of Christmas lights,” said Darrin Shewchuk, head of communications with Kanata, Ont.-based QNX Software Systems Ltd. “Remember the old style of Christmas lights where you had a big long string and if one bulb burned out the whole thing burned out and you had to go through each one and find out which single bulb failed? That’s Microsoft.”
Only a few components that are critical to maintaining the operation of a function are in what’s called the protected kernel. All other elements are in modules that plug into the kernel. That means if one function fails, it won’t bring down the other functions; they’re protected from corrupting each other.
“When you’ve got Microsoft on your desktop and you have a problem with Explorer or Excel, it can hang up your computer where your only option is to shut the entire thing down,” said Shewchuk. “It might be something as silly as a printer driver, but it affects the whole operating system because all the code is in this monolithic structure.”
In a micro-kernel operating system, upgrading software consists of slotting in one module, rather than bringing down the entire system. “If you want to go from having one switch to multiple switches, you can link those together seamlessly without bringing the entire system down and having to reboot an entirely new system up,” he said.
The old-fashioned way of thinking was that when you hard-wired all these applications together, your systems could run faster. That was true 20 years ago when systems were much less complex, said Shewchuk, but nowadays even simple devices connect to the Internet and have a graphical capability, and many of them are networked.
“The amount of code and complexity of coding becomes more and more difficult and the amount of discipline it takes to maintain the operating system in those environments is incredibly complex,” he said. “It’s a more clean, defined process for coding in a micro-kernel.”