Using an IEC 61508 SIL3-certified RTOS for safety-critical systems

An operating system (OS) kernel designed for safety-critical systems can't simply be reliable or elegantly designed. For instance, it must also:

• protect applications from harming one another or the kernel itself


• guarantee CPU time for higher-integrity code in systems that combine applications of different safety integrity levels


• allow the developer to predict when processes will be scheduled for execution


• prevent applications from acccessing or corrupting internal kernel information

The requirements become especially severe for an OS kernel certified at IEC 61508 Safety Integrity Level 3, or SIL3. In fact, a system certified at SIL3 must have a probability of dangerous failure below 1 in 10 million per hour of operation.

Achieving such a low risk of failure is non-trivial, to say the least. In fact, it's well-nigh impossible to satisfy the above requirements unless they are baked into the very design of the kernel.

Recently, Chris Hobbs of QNX wrote an article on the characteristics of SIL3-certified kernel. The article, published last week in Industrial Embedded Systems magazine, also touches on some development techniques for creating safety-related applications. To read the article, click here.

Support Package
If you are attempting to navigate the complexities of the IEC 61508 certification process, you might also want to check out QNX's IEC 61508 Certification Support Package.