The pre-certified Flexible Safety RTOS

Real-Time Operating System (RTOS)

A real-time operating system (RTOS) provides services, which helps to manage the continuously rising complexity of software development in embedded systems. In comparison to an operating system (OS) like Linux or Windows, the RTOS provides:
Deterministic and highspeed event handling
A scheduler which is able to meet timing deadlines
Usable from tiny microcontrollers to big processors
Note: When discussing the fundamental properties of a real-time operating system, it is not about super fast timings (of course, they are super fast) - more important is the guarantee and determinism of achieving the timing deadlines.
The following figure visualizes the term "deadline", often used in relation with real-time systems:
The timing deadline for system reactions
The timing deadline for system reactions
You see a task (in blue) which is starting to work with potential operations (read inputs, generate reaction and write outputs) on a system event. The timing deadline is the maximum allowed time until the task produces a system reaction.

Supported Services

Multi-Tasking Scheduler
The core service, called scheduler, is selecting and changing the currently running task
Priority based preemptive multi-tasking policy
Optional cooperative multi-tasking policy
Constant runtime on any number of tasks
Software Timer
The software timer service provides the ability to execute callback functions at a specific time
Cyclic callback function execution
One shot timer callback function
System tick or hardware timer as time base
Space Protection
The space protection module is managing the MPU or MMU of the hardware core
Group one or more tasks with same permissions
Separate RTOS memory space from application
Optional activate tasks executing in privileged mode
Memory Management
The memory management is based on equal sized memory block arrays, called partitions
Any number of memory partitions allowed
Support multiple block sizes for different partitions
Constant runtime for fetching and releasing blocks
Event Flags
The event flags is a service which allows synchronization based on multiple conditions
Up to 32 flags in a single flag group
Supports operation if any masked flag is set
Supports operation if all masked flags are set
Semaphores
The semaphore service combines the classic features of counting and binary semaphores
Provides counting semaphores
Supports binary semaphores
Mutex
The mutex service is designed to avoid priority inversion during accessing shared resources
Supports the priority inheritance protocol
Queue
The queue is a data queueing service to pass a series of data between tasks
Supports queueing mode: first-in-first-out (FIFO)
Supports stacking mode: last-in-first-out (LIFO)
Communication with zero copy technology
Mailbox
The mailbox service is an event signaling service, which offers the transport of a single event data set
Event data is consumed autonomously
Communication with zero copy technology
Shared Memory
Shared memory adds a defined memory area to one or more tasks with enabled write permissions
Grants memory access to one or more tasks
Hardware Monitoring
This module provides monitoring of some hardware components
Task and hardware stack monitoring
Memory protection register monitoring
Space protection configuration monitoring
Hook Function
The kernel provides several hook function interfaces to adjust or extend the system
Task lifecycle hooks (create & delete)
Timing hooks (system tick & idle time)
System hooks (context switch & task return)

Pre-certified Safety RTOS

Safety Capability

When using a real-time operating system in a safety system, we need to ensure the correct function. The way and depth for proving of the functional behavior depend on the target market of the safety system. Each primary market has definitions and rules for the way to prove the correct behavior, written in standards:
Industrial: IEC 61508
Medical: IEC 62304
Automotive: ISO 26262
Railway: EN 50128
Aerospace: DO-178C
We call the activities, required to pass the independent safety assessment for a specific standard: the certification. When performing these activities out of the context of a real safety system, we call the resulting component: a pre-certified component.
For the required depth for proving the functional behavior, the standards define safety capability levels with different names. The levels are derived from the occurrence probability of potential risks and the severity when happening:
Safety Capability Overview
Safety Capability Overview
Unfortunately, there is no simple mapping of safety capabilities from one market to another. The figure above shows a rough overview, based on the failure rate per hour. Some additional factors are important to consider (e.g., controllability, definitions of severity or risk acceptability frontier)

Your benefits, provided by the Flexible Safety RTOS

RTOS Safety Capability
The Flexible Safety RTOS is pre-certified for all standards, which allows a pre-certification. We achieve in all certifications the highest safety capability a pre-certified software can achieve.
Automotive: ISO 26262 - ASIL D
Industrial: IEC 61508 - SIL 3
Medical: IEC 62304 - Class C
Railway: EN 50128 - SIL 4
Note: The safety capability, according to the basic standard IEC 61508 - SIL3, covers many other standards as well. For example Nuclear Sector (IEC 61513), Machinery Guidance (ISO 13849), Process Industry (IEC 61511) or Machinery (IEC 62061)
Compiler Independence
The certification is performed in a way, that no certified Compiler is required. We can perform certification of the Flexible Safety RTOS with all ANSI-C compiler. Popular compilers are:
IAR Embedded Workbench
Tasking Compiler
Keil Microcontroller Development Kit (MDK)
HiTec Development Platform
Safety with Certificate
Independent assessors have been checked the development multiple times and confirm the safety capability of Flexible Safety RTOS with a certificate. All you need for your safety system development:
Certificate with a RTOS Version List
Safety Manual
User and Integration Manuals
Flexible Certification
The development and certification process is designed to achieve the highest possible flexibility for all end-users of the Flexible Safety RTOS:
Free device selection for a certified CPU core
Change compiler switches or use compiler updates
RTOS is independent of the hardware manufacturers

Supported Hardware Platforms

Infineon
TriCore™ AURIX™ Microcontroller
TriCore™ AUDO Microcontroller
XMC 4000 Microcontroller
Read more
Texas Instruments
Hercules MCUs for functional safety
Digital signal processors (DSP)
Tiva C Series
Sitara processors
Read More
NXP
Power Architecture MCUs and MPUs
Automotive Arm MPUs
Arm-based MCUs and MPUs
Coldfire+/Coldfire MCUs and MPUs
Read More
Xilinx
Zynq-7000 SoC
Zync Ultrascale+ MPSoC
MicroBlaze Soft Core
Read More
ST Microelectronics
STM32 32-bit Arm Cortex MCUs
SPC5 32-bit Automotive MCUs
STM32 Arm Cortex MPUs
Read more
Microchip
SAM 32bit Microcontrollers
CEC 32bit Microcontrollers
SAM 32bit Microprocessors
Read More
Renesas
RH850 Family (Automotive only)
RZ Family of Arm-based High-End MPUs
Learn More
Generic Arm Cores
In addition to the already listed devices, the Flexible Safety RTOS supports all devices with the following Arm CPU Cores:
Cortex-A5, A9 Microcontroller
Cortex-M3, M4F, M7F Microcontroller
Cortex-R4F, R5F Microcontroller

Want to learn more...

Customer References

  • Sick Stegmann
Item 1 of 21
Create Your Free Account
Create an account to get access to free Embedded Office services
Access free Embedded Office services
Flyer: Flexible Safety RTOS
Go to Portal
Related Links
How to use dynamic memory in IEC61508 systems
Learn more about the pre-certified safety measures
© Copyright 2019. Embedded Office GmbH & Co. KG. All rights reserved. (Version: 0f9b52c)