Overview

Functional safety is a key requirement in industries where real-time performance goals and mission-critical reliability is imperative.

Achieving certification to functional safety standards brings a new dimension of challenges. To address these challenges the QNX® OS for Safety is designed specifically for industrial, railway transportation and robotic systems that are required to be compliant with functional safety standards, such as IEC 61508 and market-specific standards derived from it. The product has been pre-certified by a leading auditing firm, TÜV Rheinland, as a compliant item for use in systems up to IEC 61508:2010 SIL3.

Explore the Solution

The knowledge level for functional safety and certification is one of the most important deciding factors for project success. Generally speaking, a project with functional safety certification requirements can easily double or triple the time it takes to complete a project without. Efforts invested in certification activities are often greater than efforts in straight development. This magnifying effect of the certification requirements is abated when knowledge level is high and amplified when knowledge level is low. The table below shows a fictitious scenario to illustrate this effect, assuming a development team with fairly a good knowledge in safety and certification. 

Using pre-certified components lower overall risk to system manufacturers through proven and reliable technologies. One of the most vital components in complex platforms consisting of hardware and software is the real-time operating system. A pre-certified operating system (OS) offers a high level of reliability and risk reduction for safety-critical systems that has been independently validated. It would be difficult to imagine a certified industrial control application without a pre-certified OS. This is an additional dimension to the build-or-buy decision for system manufacturers. Some companies have legacy home-grown components including operating systems. In most cases, the cost of certifying these home-grown components will outweigh the price tag of a pre-certified solution, simply due to the economy of scale factor. Hardware is a different story. Pre-certified hardware is difficult to find and hardware certification is a frequently asked question from system manufacturers. 

Ecosystem partners

The Modular Train Control System (MTCS) from MEN Mikro Elektronik offers a pre-integrated, ready to install platform that combines the ideal operating system from QNX Software Systems for reliability and easier programming of safety critical applications with the F75P solution, representing an extremely compelling offer to address regulatory pressures and cost effectiveness challenges. In addition to pre-certification credentials, MTCS offers high level of flexibility for system integrators, resulting in significant cost and time savings during computerization of the train. The combined solution allows users to quickly create new solutions which take advantage of the latest industrial safety and processing speed and real-time automation technology while allowing them to reuse or adapt existing automation algorithms. 

Certification

Standards-compliant for mission-critical systems

The QNX OS for Safety is designed to meet the IEC 61508 functional safety standard and those market-specific standards derived from it including IEC 61511 for factory automation, process control, and robotics, EN 50128 for train control systems, IEC 62304 for medical diagnostics machines, and surgical equipment, and ISO 26262 for passenger vehicles.

IEC 61508 demands specific processes related to functional safety above and beyond what’s found in standard quality management systems such as those overseen under ISO 9001. To comply with IEC 61508, a company must demonstrate the existence of the functional safety elements of the process and any development artifacts generated. 

Safety

Mission-critical system pedigree and certification experience

Certification requirements can significantly increase the scope of a project, consuming more money and time. QNX Software Systems is a true expert in functional safety and certification, reducing certification risk and providing realtime operating systems for millions of mission critical field installations. The QNX OS for Safety has a fundamental architecture designed to maximize availability without compromising safety. Using a pre-certified component of key importance to the overall integrity of the system, especially when the component is the OS, can contribute to a greater level of safety and make overall system certification much easier.

Foundation

Ideal foundation for safety-critical components

The QNX OS for Safety underwent stringent evaluation and testing by TÜV Rheinland, providing comprehensive assurance of a platform that truly meets the IEC 61508:2010 compliance requirements. The target software, including QNX® Neutrino® microkernel and process manager (with multicore support and adaptive partitioning scheduler), libc, and an API identical to the QNX Neutrino standard RTOS has been certified as a compliant element. The certification also includes the qualification of the toolchain – the C compiler, linker, and assembler that is an essential part of the QNX® Momentics® Tool Suite. Classified as TCL 3, the tool chain has been certified to be compliant with the requirements for supporting tools according to IEC 61508. 

At the Core

Microkernel architecture for increased separation

The microkernel architecture inherent in the QNX Neutrino RTOS ensures that any system faults are contained so that it affects only the faulty component. Failed components can be restarted dynamically while the system continues to operate. QNX adaptive partitioning technology further safeguards the operation of the safety-critical components by ensuring they are never starved of CPU cycles. This microkernel architecture reduces the scope of certification as traditional OS services are now contained in separate, hardware-protected address spaces in the same manner as applications.

Safety Challenges

  • Software is playing an increasingly important role in modern-day systems
  • Software functional safety is a brand new topic for majority of designers
  • Knowledge about software functional safety is maturing for both industries and standards bodies
  • The threshold to achieve high levels of safety integrity is rising – COTS will be scrutinized more closely
  • Pre-certified solutions are becoming available to help solve these problems
  • At the same time, conventional considerations in software design still persist, such as system evolution

Future Proofing

Support longevity for software is as important as it is for hardware

More importantly, the software must have the capability to evolve and extend

New product features

New standard definition

New component add-ons

Safety-critical functions should be well-contained and isolated from the rest

Future-proofing the software design may be the key differentiator in a competitive market place