C/C++ Development Platform

HighTec offers optimized automotive grade open-source based C/C++ compiler suites for applications with high safety requirements in automotive and industrial domains.

 

 

  1. HighTec utilizes GCC and LLVM based open-source technologies to develop safety qualified C/C++ compiler suites for leading microcontroller families and embedded microprocessors.
  2. Multiarchitecture support allows easy scaling of software between different MCU and MPU architectures
  3. Multicore support enables efficient and safe software mapping for homogenous and heterogenous multicore architectures

 

Supported Architectures:

  • TriCore used in the Infineon AURIXTM microcontroller family TC2x, TC3x and TC4x
  • ARM v8-M, ARM v8-R 32-bit and ARM v8 64-bit
  • PowerPC Architecture used in ST and NXP microcontrollers
  • ARC EVx used for the PPU integrated in the AURIX TC4x family
  • GTM/ MCS
  • RISC-V
  • 8051/SCR as used as standby controller in the AURIX microcontroller family

 

LLVM Based C/C++ Compiler Suite

The modern LLVM open-source compiler technology for proven established and new microcontroller generations.

  • Most widely used C/C++ compiler with a huge support community
  • User friendly Apache 2.0 license terms
  • ISO 26262 ASIL D qualification package
  • HighTec has developed an optimized TriCore LLVM backend with leading benchmark results
  • Highly optimized for ARM targets and ARC cores
  • Superior Clang analysis support
  • C++14 and C++17 support
  • Fast build times
  • Advanced multicore support
  • Windows and Linux Host OS support
  • IDE with project wizard and board support packages

 

GCC Based C/C++ Compiler Suite

HighTec enabled the broadly used GCC technology to meet the strict requirements of the automotive industry:

  • ISO 26262 ASIL D qualification package
  • Extremely stable and reliable code generation, proven in use in many safety-critical automotive applications
  • Optimized Commercial standard and math libraries
  • Long term support and frozen version support
  • Highly optimized to the various targets such as TriCore and Power Architecture
  • Advanced multicore support
  • Windows and Linux Host OS support
  • IDE with project wizard and board support packages

 

    • TriCoreFull and complete support for all AURIX familiy: TC2x, TC3x and TC4x. Further info here
    • Proven GCC based C/C++ TriCore compiler for TC2x and TC3x
    • Widely used, modern and efficient LLVM based C/C++ TriCore compiler for TC3x and TC4x
    • Leading in benchmark results for TriCore
    • C/C++ MetaWare tool and SW set for PPU in TC4x family
    • C compiler for HSM in TC2x and TC3x
    • C compiler for standby controller (SCR) in TC2x, TC3x and TC4x
    • ISO 26262 ASIL D qualification kit
    • Highly efficient code generation utilizing unique TriCore HW features (SIMD, loop optimization)
    • AUTOSAR MCAL driver support (including sales and on-site training)
    • Support for AUTOSAR BSW from all relevant AUTOSAR vendors such as Vector, Elektrobit or ETAS
    • Easy system integration with PXROS-HR safety multicore OS and iLLDs, MCALs, SafeTlib/ SafeTPack, etc.
    • Infineon Preferred Design House (PDH) with comprehensive technical support and training offerings and one-stop-shop for compilers and software
     
  • Synopsys ARC® MetaWare Development Kit for Infineon AURIX, distributed by HighTec

    • LLVM base architectures ensures seamless integration with TriCore code
    • C/C++ LLVM compiler optimized for the PPU, including extensions for Parallel C
    • Extensive mathematical library for the PPU
    • Runtime system for the PPU
    • Software package for inter-processor communication (IPC) between the PPU and the TriCore multicore architecture with two implementations: a simple bare-metal version and a version as AUTOSAR complex device driver (CDD)
    • MATLAB plug-in for generating PPU-optimized code with the Simulink embedded coder,
    • xNN software development kit (SDK) for building a neural network for AI/machine learning algorithms
    • PPU simulator and debugger


    Further info here

     
     
    • ARMC/C++ compiler for Cortex Mx/Rx/Ax
    • Support for NXP S32-series, ST Stellar (Cortex-R52), Infineon TRAVEO II, TI Cortex-Rx series, Renesas ARM and many more
    • Auto-Vectorizer and Advanced Neon instructions (SIMD)
    • Adaptive AUTOSAR support (C++14)
    • Link-time optimization
    • Pipe-line optimization
    • Shared library support
    • Thumb2 instruction set
    • VFP support
    • Cortex M3/M4 support (incl. AURIX HSM)
    • C compiler for GTM/MCS
    • STMicroelectronics SPC56x, SPC57x, SPC58xPower Architecture
    • NXP Qorivva MPC56xx, MPC57xx, MPC58xx
    • Supporting VLS, SAT, LSP and pipeline optimized dual issue
    • Mix of NON-VLE and VLE var. length encoding instructions
    • Legacy NON-VLE to equivalent VLE code translation
    • Small Data Pointer functionality: about 20% code and run-time improvement
    • SIMD and FPU support
    • C compiler for GTM/MCS
    • Position Independent Code (PIC) and Data (PID)
    • Sales and support partner for AUTOSAR libraries from STMicroelectronics
  • C compiler supports GTM/MCS v3.x and v4.x core level and derivatives like:

    • Infineon AURIX 2G - TC3xx series
    • STMicroelectronics Stellar, SPC58NE84E7, SPC58NE84C3
    • NXP S32-series, MPC5777M, MPC58xx
    • Renesas RH850/P1H-C, RH850/P1M-C
    • and upcoming variants with v4.x GTM core levels

    The Assembler supports all core levels of the GTM/MCS (V1 and later)

    HighTec's C/C++ compilers for AURIX, Power Architecture and ARM do include the GTM/MCS assembler in the delivery. The C compiler for GTM/MCS is optionally available as standalone solution. 

 

AURIX TC4x: Safety Solutions from HighTec

HighTec is your one-stop vendor if you are looking for dependable safety solutions for the Infineon AURIX TC4x microcontroller family.

Source: Infineon Technologies

HighTec offers a complete C/C++ compiler suite including compilers for all CPU cores, a Rust compiler tool set for TriCore, a multi core safety RTOS with PXROS-HR and AUTOSAR MCAL packages.

 

 

Highlights:

  • Modern LLVM based open source compiler technology
  • Compliant with ISO 26262 ASIL D
  • Performance leading optimizations
  • Compliant with a large 3rd party ecosystem such as AUTOSAR stack, COM stack, debugger solutions or verification and test suites
  • Fast and competent technical support including examples and training
  • One-stop vendor for TC4x products

Explore our comprehensive suite of products, tailored for the AURIX TC4x family, ensuring safety, performance, and reliability for your next safety-critical project.

Free evaluation versions of all compiler tools and software can be requested from here.

 

Complete Compiler Solution for All the Architectures Within AURIX TC4x

  • TriCore 1.8 including Cyber-Security Real-Time Module (CSRM)

    • C++ Compiler based on the latest LLVM infrastructure , featuring support for double precision floating point, hypervisor support, and 128-bit load/store capabilities. Achieving leading edge benchmark results

    • Rust Compiler based on latest LLVM technology, featuring memory safety, concurrency, type safety, type state and C/C++ interoperability. For further details, visit the dedicated HighTec Rust page
     
  • Parallel Processing Unit (PPU) and Converter-Digital Signal Processing (CDSP)

    • Parallel C and C/C++ compiler based on LLVM technology developed by Synopsys, supported and distributed by HighTec. It offers complete MetaWare ecosystem support and seamless interoperability with all HighTec compiler solutions
  • SCR: 8-bit standby controller

    • C compiler support for small and large memory models, as well as inline assembler functionality
  • GTM/MCS v4.x: A Generic Timer Module with high timer resolution

    • C compiler based on LLVM technology that provides built-in compiler intrinsic functions for special function registers, wait instructions, and ARU and AEI bus access.

 

 

Development Platform IDE

Eclipse based IDE allows the managed build using the HighTec compiler tools. The IDE includes a project wizard with pre-configured board support packages. Ready to uses examples projects can be downloaded and imported via the content manager.

 

ISO 26262 ASIL D Certification and QKit

HighTec offers for its compiler an ISO 26262 Tool Qualification with an ASIL D methodology certified by TÜV.

Ensures the highest safety standards for your safety-critical application while maintaining for the customer a simple and straightforward process.

The HighTec Qkit provides a collection of documents that serves as evidence that the developed application using the HighTec compiler is compliant with the safety standard ISO 26262.

For further details, visit our Qkit page.

 

PPU: MetaWare for AURIX Distribution

Complete MetaWare ecosystem, including optimization libraries and math functions.

The MetaWare compiler, developed by Synopsys and supported and distributed by HighTec, is based on LLVM technology, allowing for straightforward integration with HighTec's compiler solutions.

This collaboration and shared LLVM compiler technology ensure that our customers can effortlessly leverage the benefits of both compiler technologies, guaranteeing seamless interoperability.

 

PXROS-HR

In addition to the safety compiler solution, HighTec offers a safety certified multicore RTOS, tailored for the AURIX family including TC4x. PXROS-HR distinguishes itself from other RTOS solutions through its unique set of features, which includes:

  • MPU Protection: All objects in the system are MPU protected
  • Multicore RTOS: No data copying, safe IPC and flexible assignment of tasks.
  • Safety Certified RTOS: ASIL D (ISO 26262) and SIL 3 (IEC 61508)
  • High Performance: No interrupt locks or spin locks.
  • Integration: Seamless integration with MCALs, SafeTPack, COM stacks (TCP/IP, DDS, …)
  • Dynamic Runtime Features: Flexible resource management with runtime generation, allocation, and release of objects.

For further information, please contact us.

 

Ecosystem

Complete HighTec AURIX TC4x ecosystem overview:

  • TriCore 1.8: Rust and C/C++ compiler
  • Cyber-Security Real-Time Module (CSRM): Rust and C/C++ compiler
  • PPU and CDSP: Parallel C and C/C++ compiler
  • Complete MetaWare Ecosystem: Including optimization libraries and functions
  • GTM/MCS v4.x: C compiler
  • SCR: C compiler
  • Tool Qualification Certified by TÜV: Up to ASIL D (ISO 26262)
  • Development platform IDE
  • Safety Multicore RTOS: PXROS-HR certified up to ASIL D (ISO 26262), SIL 3 (IEC 61508)
  • Windows and Linux Support
  • AUTOSAR MCAL Drivers: Worldwide reseller
  • SafeTPack Drivers: Worldwide reseller
  • Preferred Design House (PDH) of Infineon
  • Compliant with 3rd party Ecosystems: Debuggers, COM stacks, Verification and Test suites
  • Detailed Product Documentation: In-depth documentation, user guides, and datasheets for all AURIX TC4x products
  • Examples: For all TC4x products with different levels of complexity

 

One-Stop Vendor Advantage

HighTec with its broad offering of safety solutions is your one-stop vendor for Infineon AURIX TC4x, ensuring:

  • Seamless interoperability
  • Scalable solutions according to your requirements
  • Consistency in our support for you
  • Efficient use of time and resources
  • Comprehensive communication and support

 

 

 

 

 

Rust Development Platform for Infineon AURIX

The novel HighTec Rust Compiler, tailored for AURIX TC3x and TC4x microcontrollers, leverages the advanced open-source LLVM technology to deliver the full range of Rust language features, including memory safety, concurrency, and interoperability, for applications with safe, secure, high-performance, and rapidly deployable requirements.

Ecosystem

This platform provides a framework for building Rust applications or integrating Rust into existing C/C++ applications. The HighTec Rust Development Platform is a comprehensive toolset that includes:

  • HighTec AURIX Rust Compiler
  • Cargo Build System and Package Management
  • Rust libraries
  • Hardware Abstraction Layer (HAL), and Board Support Package (BSP)
  • Examples (Usage of peripheral drivers, …)
  • Documentation, Getting Started material
  • Windows and Linux support
  • VS Code IDE support
  • 3rd party Debugger support (Lauterbach, pls)
  • Further examples (e.g. from Infineon, ELEXIR) are in preparation and customers will be informed about availability. Rust Partner Ecosystem

Features and Benefits

HighTec’s Rust Development Platform enables the implementation of the Rust features for the AURIX multicore architecture, including:

  • Ownership and borrowing system ensures that memory-related vulnerabilities such as null pointers and buffer overflows are prevented at compile time. This makes Rust applications safe and secure.
  • Support for threads and async/await allow software developers to write concurrent programs that can take advantage of modern multicore processors such as the AURIX microcontrollers, improving performance and responsiveness. Allows the integration with RTOS (e.g PXROS-HR, …)
  • Allows integration of existing C/C++ code with Rust, enabling developers to use Rust's memory-safe and performance features without redesigning their entire application
  • Allows developers to write high-level code that can be compiled to efficient low-level machine code without sacrificing performance. This makes Rust suitable for applications where performance is critical.
  • Provides a built-in set of tools that assist developers in managing their projects efficiently, resulting in improved code quality and maintainability. Cargo simplifies the process of building, testing, and packaging Rust projects, while also ensuring the dependency management, versioning, and distribution of code packages are handled seamlessly
  • Strong type system prevents many common programming errors and improves code reliability, maintainability, and developer productivity
  • Allows better static analysis of the code and enforces more fine-grained constraints at compile time on the use of resources, double-free errors, and preventing race conditions between threads, resulting in a more robust and reliable system

Request Rust Evaluation Package

To evaluate our new Rust Development Platform fill in the registration form at Request of Evaluation Key and select:

  1. Microcontroller TriCore/AURIX (TC4xx, TC3xx)
  2. Rust as Programming Language

Our sales team will review your request and send you the evaluation license key with the credentials to gain access to the Rust Development Platform in our download area.

The HighTec Rust Development Platform package that you will have access to, includes the Rust compiler tools including cargo build system, safety libraries, hardware abstraction and BSP (Board Support Package) for TC3x, integrated examples including the usage of C based peripheral drivers and a documentation including “Getting started” instructions.

The evaluation version of our compiler is not restricted in functionality. The evaluation license that we will provide to you is valid for 30 days and is subject to our End-User-License-Agreement (EULA). If you have any questions regarding the usage of our tools, please contact our support team during your evaluation period and we will gladly to support you.

ASIL-D Qualification of C/C++ Libraries

The ISO 26262 standard requires for ASIL-D the qualification of tools (see chapter 8.11) and a qualification of software components like C/C++ libraries of a compiler (see chapter 8.12).

The ISO 26262 standards defines a software tool (see definition I-1.124) e.g. compiler as computer program used in the development. HighTec performs the tool qualification (see ISO26262 ASIL-D Qkit) with a TÜV certified methodology (provided by Validas AG) which is compliant to chapter 8-11. 

The requirements of the qualification of libraries e.g. C/C++ (software components) differ compared to the qualification of tools. The following graphic illustrates the main differences of requirements.

tools vs library

The relevant items in the ISO 26262 standard for “Qualification of software components” e.g. C/C++ libraries are:

Part 6 - Clause 7 7.4.6 Reused without modifications and 7.4.8 Safety-related software components that are used without modifications shall be qualified in accordance with ISO 26262-8:2011 Clause 12
ASIL-D: 12.4.3.3 requires MC/DC Code Coverage
ASIL-C:

12.4.3.1 The specification of the software component shall include the requirements of the software component …

12.4.3.2 To provide evidence that a software component complies with its requirements the verification of this software component shall show a requirement coverage in accordance with ISO 26262-6:2011, Clause 9.

HighTec's library qualification kit is using the same Validas methodology for tools and library qualification and is compliant to chapter 8-12.

The following graphic illustrates the basic work-flow of the certification process.

ISO26262 library certification

To achieve ASIL-D for C/C++ libraries the following requirements must be fulfilled.

  • 100% MC/DC Coverage
  • Equivalence tests, Negative tests, Requirements based tests

The Library Qkit enables users to perform standard compliant qualification in a simple and easy way, supporting qualification up to ISO26262 ASIL D.

Library Qkit is available for multiple architectures, such as TriCore/Aurix, ARM and Power Architecture. To request more detailed information about Library Qkit, please contact our Qkit experts team.

Contact Sales

Please fill out the form below in case you have any request or suggestion to our sales & marketing team.

You can ask here for more product details, a web presentation or a quotation for example.

Sales

By submitting this form, you are agreeing to our Privacy Policy have taken note and that you agree with the storage of your entered data!
Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Invalid Input

Please mention if you like to receive a quotation, detailed product information, a web demonstration, etc.

Buying C compilers, RTOS, MCAL and more

You can purchase the HighTec C/C++ compilers for TriCore, AURIX, ARM and PowerPC directly from one of the HighTec sales offices, or from one of our authorized sales and support partners. Through our sales network we can assist you on your purchase decisions, both from a technical perspective as from a best-fit licensing model for your use-case or development set-up.

Generally a tool is just a small part of the complete development chain that you need to able to overlook. HighTec can provide however already a larger part of that chain, such as the C/C++ compiler, MCAL or SafeTlib libraries, a safety-approved multi-core RTOS, on-site training and consultancy. This guarantees a delivery of products that are proven-in-use and compatible with each other, providing you the possibly the main/core part of the total solution that you require.

Contact our Sales & Marketing team for detailed information or assistance.

C/C++ compiler licensing models

We offer a multitude of different license models to fit your needs and development set-up. Whether you are a single developer, or part of a large team with locations all over the globe, we support various different models:

  • Standalone single-user license
  • Floating license, for single-site or multiple sites, with roaming option
  • Build-server license
  • Licenses for Windows, Linux or other hosts

HighTec applies a fair licensing policy to its users. While you are using the IDE, no license is being allocated, so you can simply edit your program code without worrying about locking a license. Instead of an unproductive license linger (block) time, we offer a configurable license cache-time to fit your development set-up and working model. This will keep your build times short and your team's productivity high!

MCAL, SafeTlib and PXROS-HR licensing

Software libraries and RTOS products are usually offered through Development Licenses and Production Licenses, or a combination by means of Project Licenses. We help you to understand the models offered by the semiconductor vendors and advise you on the best fit for your application.

For PXROS-HR, HighTec's RTOS for TriCore, we offer Production Licenses based on volume, or as buy-out model.

Proven-in-use versions

We frequently get requests to deliver product versions that are slightly older than the actual product release. This due to validated compatibility/qualification with certain products from third parties. HighTec can deliver these "legacy" products and licenses with the purchase of the actual release, giving you the option to benefit from a compatible compiler version and/or to develop with the "latest and greatest" version that provides support for the newest microcontroller derivatives from the semiconductor partners.

Product training

We are ready to run training courses and integration workshops on the Development Platform (compiler), MCAL, SafeTlib and PXROS-HR on-site at your location. While our courses are prepared to touch the most requested topics and development challenges, we often get requests to extend or tailor a course to the needs of the customer for a specific project/application.

Such custom extensions can usually be developed quickly, due to the broad knowledge base that our trainers have on both hardware and software matters. Please contact us to discuss your wishes.

And did you know that the HighTec C/C++ compiler for TriCore / AURIX is featured in this Infineon training video:

 

MCAL and More...

As Infineon Preferred Design House and STMicroelectronics authorized partner, HighTec markets various software frameworks from these semiconductor vendors, such as AUTOSAR MCAL libraries, safety related libraries (SafeTlib) and security software.

HighTec supports its customers with design-in decisions, purchasing, technical support and in-house trainings. Project consultancy support is also provided by the experienced Application Engineers from the HighTec Prague office. The team has gained extensive experience at various semiconductor vendors, supporting end-users in a wide range of hardware and software challenges, including AUTOSAR based developments.

Below an overview is listed of HighTec's offering for Infineon/AURIX and STMicroelectronics Power Architecture and ARM based applications.

AURIX TC399 LFBGA 516

Infineon and STMicroelectronics AUTOSAR MCAL

  • HighTec is world-wide reseller
  • MCAL configuration, review and integration in customer application framework
  • AUTOSAR Complex Driver development
  • MCAL integration with multi-core RTOS

Infineon SafeTLib for AURIX and SafeTPack for AURIX 2G

  • SafeTLib/SafeTPack integration in a customer application framework
  • Test framework setup and configuration

STMicroelectronics safety components

  • CST (CoreSelfTest), IST (InstructionSelfTest) integration support
  • MCAL Qualification Package for ISO 26262 compliant software development

Driver development

  • Custom driver development for Infineon and STMicroelectronics devices
  • Custom integration of low level drivers/MCAL based drivers
  • Integration of advanced SW layers, such as Bootstrap, TCP/IP stacks, files system, etc.
  • PXROS-HR RTOS driver development

System architecture and design

  • Single-core to multi-core migration
  • Multi-core based application architecture and partitioning design
  • Porting of non-OS based applications to OS-based system

HighTec Solutions

  • Application and build frameworks based on HighTec C/C++ compiler (ARM (e.g. Stellar), Power Architecture, AURIX)
  • Build Toolchain migration into HighTec Toolchain
  • Safety multi-core real-time operating system design with PXROS-HR RTOS
  • ISO26262, IEC61508 Build Tool Qualification

Advanced technical trainings

Example of hands-on exercise in PXROS training
  • HighTec Build Tools
  • Infineon SafeTLib/SafeTPack Integration
  • MCAL Integration drivers
  • PXROS-HR RTOS Technical Trainings
  • Using Advanced AURIX Peripherals: GTM/MCS and HSM

Detailed information about our training programs is available in 2-page PDF brochures. Contact us for the courses of your choice and our training team will follow up with you. We do 2-day in-house trainings in your company, but we also provide various free 1-hour webtrainings.

Qkit - ISO 26262 Tools Qualification Kit

ISO 26262The HighTec compiler product (called "Development Platform") is a NQA certified software tool according to ISO 26262 for safety related development. The NQA assessment and resulting tool certification of the HighTec products offer development organization the required evidence to demonstrate compliance with ISO 26262 standards.

Since 2016 the certificate has been replaced by HighTec's popular and highly respected ASIL-D ISO 26262 "Qkit" qualification kit

Qkit enables users to perform standard compliant qualification in a simple and easy way, supporting qualification up to ISO26262 ASIL D, IEC61508 SIL 4 and EN50128 SIL 4.

ISO26262 qualification compiler

The HighTec Qkit approach consists of:

  • Qualification Support Tool (QST) developed in cooperation with Validas AG, an authoritative company in library and tool qualification
    • Includes a detailed model of the compiler tool chain
    • Generates the customer tests and documents needed for the qualification, based on the customer's specific use-case
  • Automated Test Framework (Test Automation Unit)
    • Integrates different test suites
    • Extendible to support additional test cases

The generated Safety Documents:

    • Tool Classification Report
    • Tool Safety Manual (measures to mitigate potential errors)
    • Tool Qualification Plan (validation goals, requirements of standard)
    • Tool Qualification Report (use cases and features that have been qualified, Test Resulting Tool Confidence Level) 

Qualification kit Qkit ISO26262

The following graphic illustrates the basic work-flow of the certification process.

ISO26262 compiler certification

Contrary to standard Safety Manuals based on fixed default tool settings and non-relevant test suites, HighTec's unique approach provides the user with a tailored set of Safety Documents based on the user's specific and optimized tool settings related to the application that is subject to the certification. To request more detailed information about Qkit, please contact our Qkit experts team.

Qkit is available for multiple architectures, such as TriCore/Aurix, ARM and Power Architecture. Qkit can be used for various certification processes, such as ISO 26262, ISO-13849, EN50128 and IEC61508.

PXROS - Real-time OS for TriCore and AURIX

PXROSPXROS-HR is an object oriented real-time operating-system (RTOS) with a very modern micro-kernel and outstanding features, especially suited for deployment on advanced multi-core MCUs. The latest version of PXROS-HR improves the concepts of encapsulation and robustness by using fine granular hardware protection mechanisms (MPU), available in modern micro-controllers like the AURIX.

PXROS-HR HighTec safety approved ASIL DThe PXROS-HR operating-system for TriCore has been officially safety approved. HighTec received the certificate confirming the fitness of PXROS-HR for safety-related applications up to SIL 3 (IEC61508) and ASIL D (ISO 26262).

The certification includes an assessment report containing the assessment results of the certification authority, TÜV-Nord Systems GmbH & Co. KG. 

PXROS-HR is developed with the HighTec C/C++ compiler for TriCore/AURIX and best suited for industrial applications, as well as automotive applications where safety is key. The RTOS integrates with Infineon's MCAL and SafeTlib software frameworks, while being non-AUTOSAR based and highly optimized for the TriCore architecture, providing multi-core support for the AURIX family.

TriCore Multi-core Support

RTOS Introduction

PXROS-HR (High Reliability) is the successor of the original real-time micro-kernel PXROS, that was first developed in 1983, which is in successful use since 1985 on thousands of different applications/devices in the field. There were three very important design goals set for the original PXROS, which were fully achieved:

  • Excellent interrupt behavior (no interrupt locking!)
  • Philosophy of OS leads to a good structure and architectural clearness
  • Extreme robust behavior under heavy load

One of the most important principles underlying PXROS is encapsulation of information and activity.

Both help to improve the reliability and protection against unintended or malicious interference. Activities (tasks in the sense of processes) live in capsules and can only communicate by exchanging message objects and signals. Processes of this kind only know the objects needed to fulfill their task and behave in a such way that the rest of the system is affected to the least possible extend. For example, they should never use hard interrupts locks, because this might destroy assumptions regarding timing behavior in other places. Resources should only be used in such a way, that a local bottleneck has no global effects.

TriCore MPU support

The PXROS-API offers the complete set of services required to achieve the above mentioned goals. This API also allows to emulate the APIs of many other OSs. In PXROS-HR the principles of encapsulation are ensured in the form of automatic run-time checks performed by the AURIX MPU. The AURIX MPU behaves like an address comparator for checking address boundaries. PXROS-HR manages the AURIX MPU and ensures that an illegal data access by a task will be immediately detected at run-time by the MPU, and any error propagation will be prevented. If a task is scheduled, PXROS-HR will switch the MPU configuration of the corresponding task.

In addition, PXROS-HR allows reloading and debugging tasks at run-time without stopping a running application. This encapsulation enables customers to perform a save function integration and to mix safety and non safety related software on a single AURIX without risk, since there is no error propagation. The most important concepts are explained below.

Tasks and Handlers

Because fast reactions to certain events are required in many technical applications, which should be executed with as little overhead as possible, PXROS implements the concept of complete interrupt transparency, i.e. PXROS never changes the state of the interrupt system of the microcontroller. This feature makes it possible to achieve warm start capability with PXROS. Thus, there are no interrupt locks caused by PXROS and interrupt services can always interrupt PXROS. The RTOS solely manages the remaining time resources of a main-loop. Due to the interrupt transparency, existing applications without OS can easily be ported to PXROS-HR as well as OS, which are partially or totally implemented on interrupt level. As the interrupt handling is not “predefined” or interfered by the microkernel, the application might implement any needed or reasonable check for the activity related to interrupts.

In the PXROS terminology the interrupt service routines are so called handlers, which, in principle, are completely under control of the application, but can still use a subset of PXROS services. These services are handled in a special way, in order to minimize the PXROS related overhead on interrupt level.
A handler can, for example, send signals (Events) to a task. This service is not executed on interrupt level, but is inserted into a list instead. Then this service is executed before returning from the interrupt levels to task level. This is in time, because the next task to be executed has to be determined before leaving the interrupt level.
PXROS fast handler The use of handlers guarantees optimal time response (just like without OS), but except for the highest interrupt level, has affects on other interrupts. Actions within a task have no effect on the interrupt system, but task scheduling and communication generate some overhead, and thus it is vital for the overall performance of an application to find a good balance between handler and task based execution of application parts.

In PXROS philosophy, a handler always belongs to a task and its address space. This means that in PXROS-HR, handlers will be controlled by the MPU. Handlers and the related task have a relation like interrupts to main-loop.
In dynamically configured PXROS - systems (static configuration is also possible), tasks are responsible for installing and uninstalling related handlers. This concept allows dynamic configuration and reconfiguration of a running system.
The PXROS-HR micro-kernel is executed in supervisor mode and handles the Memory Protection Unit of the controller. Tasks and handlers are executed in UserMode-0 or UserMode-1. In UserMode-1 the access to peripherals and the interrupt system is enabled. In the restricted UserMode-0 code can be executed, but the interrupt and peripherals cannot be accessed. Special PXROS-HR services allow selective access to peripherals in UserMode-0.

The supervisor mode and the User-Modes use separate sets of protection registers, which are switched automatically by the TriCore hardware without overhead. If the PXROS-HR kernel is active, the kernel restricts its access to the object that has to be modified.

Control of Resources

With respect to safety and robustness it is very important to avoid bottlenecks or at least to limit their global effects. For this reason resources are subject to quota. Thus, every task has accounts, from which consumed resources Static and dynamice memory allocation are deducted or to which released resources are reassigned. This also means, that objects are either free (unused) or assigned to a task. All special objects (mailboxes, memory classes, object pools, message objects) are created from free “universal” objects taken from object pools and become “universal” objects again when released.

This means in particular, that as long as free objects are available, objects of any kind can be created and deleted during run-time. Every task gets memory and objects from its creator. With suitable quotas memory- and object-bottlenecks can be limited to the affected task or subsystem, and systems can be built, which are partially dynamic without bottlenecks having compromising effects to vital functions of the overall system.

Signaling and Communication

PXROS allows interaction between handlers and tasks and among tasks via events and message-objects. Events are short messages implemented as bit fields, for which tasks can wait selectively with the help of a bit mask, telling which of the bits should terminate the waiting state. Message objects consist of an object description only accessible for the OS and the related data area. The object description also contains the information, which task currently uses the object. Moreover, there are link elements allowing to link the object into a mailbox (list), so that a mailbox can receive an arbitrary number of messages. If the object is sent, it leaves the address space of the sender and becomes part of a mailbox. Receiving an object from a mailbox removes the object from the mailbox and assigns it to the address space of the receiving task. An additional PXROS service is then required by the receiving task to get a pointer to the data area. If the micro-controller (e.g. AURIX) has suitable memory protection, PXROS-HR can protect itself and all managed objects from faulty and illegal access.

Inter-task/inter-core communication

Sending of a message or event is asynchronous and the sending instance must not assume, that the effect of these operations would be immediate. Sychronisation has to be done explicitly!.

In PXROS-HR the content of messages is protected by the MPU, which leads to the highest level of data encapsulation and is relevant for achieving a high level of security.
For clean implementation of this protection concept for objects, the micro-controller should have a suitable memory protection unit (MPU) with fine granularity such as the AURIX . Without a suitable MPU there is either a compromise in safety and security, or an excessive use of resources. In contrast to semaphore based communication, message object passing like in PXROS means atomic transfer of reference and access rights. It can be ensured, that at any given point of time an object can only (!) be used or modified by a single instance. Common objects can still be handled safely if they are stored (deposited) in a mailbox currently not used by other instances. Just like other objects, mailboxes can be created and deleted dynamically.
PXROS allows simultaneous waiting for message objects and events

General abort mechanism

All services eventually leading to a waiting state can be terminated via Events. Moreover, an arbitrary function can be called in such a way that it is subject to termination via selected Events. This might be helpful in cases where computation has to be limited in time (convergence issues) or for other important reasons such as power fail situations.

Time management

PXROS Timing Objects

PXROS is completely event driven and thus does not need a tick for internal operation. Since software timers are often required or helpful, PXROS offers so called delay-jobs as basic timing mechanisms. A delay-job allows the execution of user defined functions (with parameters) after a given number of ticks. The tick period and thus time granularity is defined by the application. Delay-jobs are executed as handlers on the interrupt level of the tick source. The time base of these soft timers can of course be subject to jitter if higher interrupts exist.
As outlined, PXROS as an event controlled micro-kernel does not need timing events, yet it supports time slicing if ticks are available.

Improved computing power consequences

Safety and security measures often increase time and space requirements. In the past, this resulted in security or performance compromises. With modern high performance microcontrollers such as the TriCore, clean approaches and strict encapsulation become possible with minimal overhead. In PXROS-HR, the relevant overhead for encapsulation of tasks and message object transfer consists of the time that is needed for a Send and Receive operation with task scheduling.

Redundancy, voting, diversity and other advantages are now possible even for fast processes. Moreover, control instances can be inserted transparently into the data and control flow.

More information, webpresentations and training

While the above product description gives an overview to PXROS-HR and its capabilities, you may have questions or certain requirements that you like to discuss with our RTOS experts. Our team is ready to follow up with webpresentations of 1-2 hours to give you a deeper view into this product, or to setup a Q&A session to discuss your specific topics.

As PXROS-HR can integrate with Infineon's MCAL and SafeTlib frameworks, we can also present an introduction of such solution through a webpresentation.

We offer comprehensive 2-day RTOS training courses on PXROS-HR, which are generally organized on-site at the customer's location. Such training can be combined/extended with training on MCAL or SafeTlib, to give a development team a headstart on the integration of these libraries into an application.

News