The IEC 61508 trifecta: certified kernel and certified BSP running on certified hardware

Guest post by my colleague Terry Staycer, global business development manager at QNX.

When it comes to building a safety-critical system, you can’t afford to gamble. Not only must you reduce risk of harm, you must also minimize the risk of failing to achieve certification. Your best bet is to start with pre-qualified components that minimize certification efforts and let you focus on adding true differentiation to your product:

Step 1. A realtime operating system (RTOS) kernel designed for safety-critical systems can’t simply be reliable or elegantly designed. The requirements become especially severe for an OS kernel certified at IEC 61508 Safety Integrity Level 3, or SIL3. In fact, a system certified at SIL3 must have a probability of dangerous failure below 1 in 10 million per hour of operation. Achieving such a low risk of failure is non-trivial, to say the least. In fact, it’s nearly impossible to satisfy the above requirements unless they are baked into the very design of the kernel.

Step 2. The same rigid safety must also be applied to the board support package (BSP). This is the bridge code that connects the RTOS to the hardware features on a particular board.

Step 3. Now drop these two safety-critical pieces of software onto a single-board, multi-processor, commercial off-the-shelf (COTS) platform and you are providing an invaluable service to the development team. All they have to do is drop their application on top of this pre-certified environment and they are one system certification away from delivering a completed safety-critical product.

We always hear of decreasing the time it takes to deliver a product from requirements to revenue. I can’t think of a better way to achieve this goal than to go with a conversion of these three building blocks that are already completed and awaiting the unique value of your development team’s application.

No comments: