We are happy to announce that our operating system now has been officially safety approved. HighTec just received the certificate confirming the fitness of PXROS-HR for safety-related applications up to SIL2 (IEC61508).
The certificate includes an assessment report containing the assessment results of the certification authority, TÜV-Nord Systems GmbH & Co. KG. We are really impressed with the thorough understanding of the design principles of PXROS-HR that is shown by the report.
The report summarizes them as follows:
"The main principles of HR PXROS are safety, reliability, portability and expandability. To achieve these goals, PXROS-HR relies on the following principles:
- No Periphery of the kernel function: For instance, the time-handling of the system is done in response to a predetermined tick-signal of the application.
- General concept of resource allocation: resources are divided into objects and dedicated for certain purposes only. Preallocation can ensure that for a certain purpose, the required resources are available (e.g. memory for sending a message).
- Separation of the interrupt system of the microkernel: the interrupt system is not influenced by the kernel; in particular, there are no interrupt locks. The interrupt system is dedicated to the application layer.
- No lack of resources due to excessive interrupt load:
- System calls, which result from interrupt, do not require any resources.
- If necessary the resources will be rearranged.
- Freedom of interference between tasks: The address ranges of tasks can be separated completely. The communication is performed through messages only.
- Concept of the termination of functions: This ensures the correct exception handling."
Further the report characterizes our operating system as a "Safety Element out of Context" (SEooC, this terminology is taken from ISO 26262). This means that PXROS-HR as a basis of your safety critical application has not to be assessed completely from scratch but it suffices to show that it can safely be integrated into your application context.
The benefit that you draw from the use of PXROS-HR is threefold:
- First, you can be sure, that your safety critical real-time application is build on a sound basis.
- Second, you can save time and money because PXROS-HR as a basis of your safety critical application need not to be assessed completely from scratch but it suffices to show that it can safely be integrated into your application context.
- Third you can safe time and money: because of the principle "Freedom of interference" you are entitled to run those parts of your application that are not relevant to safety on the same ECU as the safety critical without the extra effort of validating the non critical parts.