RTOS Safety

The software industry is probably unique in its custom to release products to the market even when they are likely to have residual bugs. For consumer goods users have come to accept that complex software programs apparently cannot be made bug-free, and have adjusted to the occasional system failure as a consequence of fast innovation. This, however, is entirely different in the area of Safety-critical software systems, and for good reason: A failure of such a system could harm or even kill humans. Therefore, it must be shown to be reliable before it can be allowed to control, e.g. an air plane, a chemical plant, a vehicle, and many more.

There is a number of internationally accepted standards for the certification of Safety-critical software such as DO-178C (Avionics), ISO 26262 (Automotive), IEC 61508 (Industrial Automation) or EN 50128 (Railway). As different as these standards may seem, they do share some common principles: The needed effort to obtain certification for a given program is generally high and it depends on two parameters:
 

Code Complexity

The effort of certifying a program is roughly proportional to the amount of code to be examined. This comprises the code of the program itself, but also that of the runtime environment (i.e. operating system, libraries, etc.) which the program relies on.

Criticality Level

The Safety standards assign levels of criticality to applications, according to the worst potential damage that could result from a malfunction. Although they use different nomenclatures, the general concept in all of the standards is similar: The higher the level, the more rigorous testing or even formal verification needs to be done.

In many areas of Safety-critical applications, multiple independent applications are executed in a common machine. Besides helping to reduce hardware complexity (thus increasing its reliability) this also reduces cost. However, such a configuration creates new potential for problems: Without special precautions, the programs are able to disturb each other, so each of them has to trust all others to behave correctly. Any program is able to cause a malfunction of any other program. Thus, if the functions have different criticality levels, the highest of those levels now implicitly applies to all software in the system.

Safety Certification

Safe Consolidation for Mixed-Criticality Systems

Modern Safety-critical systems often require applications with different levels of criticality to run on the same hardware platform — to reduce complexity, save costs, and improve maintainability.

PikeOS enables this by combining real-time virtualization with strong resource partitioning, allowing applications to operate independently and securely, even when consolidated. Each guest OS runs in its own isolated virtual machine with dedicated spatial and temporal resources, supporting independent certification for each partition.

This makes it possible to safely combine legacy software like Linux with Safety-critical components, while preserving hard real-time behavior. Unlike general-purpose virtualization platforms, PikeOS is purpose-built for embedded and certifiable environments, minimizing the trusted code base and making it ideal for projects requiring compliance with strict Safety standards.

More on Safety Certification

Safety in Avionics

One example of resource partitioning and virtualization in Safety-critical systems is the use of PikeOS by Airbus for their next generation aircraft. Airbus is using PikeOS for certified equipment to be deployed on the A350 XWB aircraft.

Among the many requirements related to this new Airbus architecture, the following were particularly important:

  • a multi-partitioned system that provides POSIX as one of the main requirements
  • the ability to develop certifiably safe software while also allowing high flexibility including the reuse of existing code
  • the possibility to easily build upon the existing technology to provide a secure storage device and network connection access
  • a flexible platform that allows interactive display functionality

The two key aspects of PikeOS architecture that enable mixed certification platforms are resource partitioning and virtualization. PikeOS partitions resources both spatially and temporally. Spatial partitioning provides separate resource pools for user memory and kernel memory. Temporal partitioning ensures deterministic access of a program to processor time.

Strict partitioning is what enables each application to have its own level of criticality and certifiability, without impact from other partitions.

Safety & Certification

More and more industry sectors are concerned by providing the necessary level of Safety for the equipments they propose to their customers. Some industries require an official approval from independent authorities according to international standards. This requirement translates into a special process called certification.

When an entire equipment is certified, evidence must be provided to the certification authority. Those evidences concern both hardware and software parts. As such, PikeOS is required to provide the same documents, source code and other test results as any other software component for the certified system.

PikeOS has been designed from ground-up to be certified according to all major Safety standards like

  • Avionics: DO-178C
  • Space: ECSS-E-ST-40C
  • Railway: EN 50128 / EN 50657
  • Automotive: ISO 26262
  • Industrial: IEC 61508
  • Medical: IEC 62304

Overview of our Certification Kits

Customer Benefits

Check

Pre-certified for the highest Safety Levels

PikeOS is pre-certified up to DAL A, SIL 4, or ASIL D, and other industry-specific standards — reducing your certification workload and accelerating time-to-market

Check

Designed for Future Certification Needs

Our roadmap aligns with the latest Safety and Security regulations, ensuring long-term investment protection.

Check

Certified Building Blocks ready to use

Access pre-certified components like CIP, CFS, and CML to simplify and shorten system certification processes

Check

Strong ties to Certification Authorities

We collaborate directly with TÜV, BSI (Federal Cyber Security Authority), and other authorities — giving you a smoother path through audits and approvals

Check

Deep Certification Expertise in-house

80% of SYSGO engineers have hands-on experience in Safety-critical certification projects

Check

Certification Kits for fast Integration

Whether you're certifying a platform, adapting a BSP (Board Support Package), or preparing for audits, we offer tailored Certification Kits to support your process.

Safety & Security CertKits

Check

Proactive Safety Communication

Stay informed with Safety Bulletins covering vulnerabilities and mitigations relevant to your system

Check

Built for Mixed-Criticality Systems

PikeOS supports mixed-criticality applications on a single platform — saving cost while meeting Safety demands

Check

Minimal Trusted Codebase

Our architecture minimizes the trusted computing base, simplifying validation and reducing certification risk

Need more Information?

Tell us about your project and your needs.
 

Contact us