By Bill Lamie
President/CEO, PX5
In business, “table stakes” represents a minimum requirement to participate in a market. Today, there are more than a hundred open-source and commercial RTOS in the embedded software market. A vast majority of those RTOS don’t have functional safety certification. Given this, it’s evident that a functional safety-certified RTOS is not table stakes today, but maybe it should be!
An RTOS is the foundation of embedded devices. All application-specific code relies on an RTOS for its execution. An RTOS is analogous to the foundation of a building. If the foundation isn’t strong, the entire building might fail. The same is true for embedded applications. If the embedded RTOS is faulty, the whole application might fail.
At the highest level, RTOS functional safety certification is an objective measure of proper operation and, by extension, quality. For example, RTOS functional safety certification often requires 100% C statement testing coverage and 100% branch/decision testing coverage. It also requires a verified software lifecycle and a safety manual to ensure developers use the RTOS correctly. This represents a level of rigor above and beyond common RTOS solutions. It’s worth saying that this extra rigor really amounts to industry best practices.
If your device requires functional safety certification, a pre-certified RTOS is of great direct value. The RTOS's certification documentation can be used in the device's certification, saving the developer from trying to certify the RTOS code in addition to the application code. Instead, the developer simply supplies the RTOS certification artifacts with the application certification—saving considerable time and money.
Even if your application doesn’t have an explicit functional safety certification requirement today, it might in the future. There is an ever-increasing stream of new legislation concerning product safety and security, e.g., General Product Safety Regulation (GPSR), EU Machinery Regulation, European Medical Device Regulation (EU MDR), European Cyber Resilience Act (CRA), and more. So, even if you don’t have regulatory requirements today, there will likely be some in the future. Using a pre-certified RTOS helps future-proof your embedded device for that eventuality.
The benefits of a functional safety-certified RTOS applies to all device makers. Following industry best practices is an essential first line of defense in product liability. An RTOS without functional safety certification typically does not follow best practices. It is deficient in some elements of the software lifecycle, most notably, insufficient verification. Using such an RTOS provides an easy opening for product liability.
As mentioned, an RTOS with functional safety certification has extensive testing which helps reduce development time. A better-quality RTOS also helps improve overall device quality and reduces the risk of recall when the device is in production. Avoiding the costs associated with a recall easily offsets the cost of a functional safety-certified RTOS.
RTOS security in embedded systems overlaps with functional safety. For example, if an issue in the RTOS causes memory corruption, a hacker can exploit this for a denial of service, improper information access, or even remote execution attack. A certified RTOS is less likely to have such a vulnerability.
The most common RTOS functional safety standard is IEC 61508, an international standard published by the International Electrotechnical Commission (IEC). The standard typically applies to functional safety for electrical, electronic, and programmable products. It applies to a wide range of devices. This standard has four safety integrity levels (SIL), ranging from SIL 1 to SIL 4. The higher the SIL level, the higher the safety classification. For example, software meeting only SIL 1 requirements should not be used in a safety-critical device requiring SIL 4. Related functional safety certifications exist for specific industries, e.g., ISO 26262 for automotive, IEC 62304 for medical, and EN 50128 for the rail industry. All of these functional safety standards have similar requirements and levels of safety classification.
Since RTOS functional safety benefits all embedded devices and ultimately represents industry best practices, it should be table stakes in the embedded market. Device makers that leverage an embedded RTOS with functional safety certification improve time-to-market, reduce product liability, and improve product quality. When you use a pre-certified RTOS, you can concentrate on growing your business rather than engaging in damage control associated with faulty devices. If all embedded devices were built with a pre-certified RTOS, the world would be a much safer and more reliable place!