Developing software for safety-critical systems? This book is for you

In-depth volume covers development of systems under the IEC 61508, ISO 26262, EN 50128, and IEC 62304 standards

In June, I told you of an upcoming book by my colleague Chris Hobbs, who works as a software safety specialist here at QNX Software Systems. Well, I’m happy to say that the book is now available. It’s called Embedded Software Development for Safety-Critical Systems and it explores design practices for building medical devices, railway control systems, industrial control systems, and, of course, automotive ADAS devices.

The book:
  • covers the development of safety-critical systems under ISO 26262, IEC 61508, EN 50128, and IEC 62304
  • helps developers learn how to justify their work to external auditors
  • discusses the advantages and disadvantages of architectural and design practices recommended in the standards, including replication and diversification, anomaly detection, and so-called “safety bag” systems
  • examines the use of open-source components in safety-critical systems
Interested? I invite to you to visit the CRC Press website, where you can view the full Table of Contents and, of course, order the book.

A version of this post originally appeared on the QNX Auto Blog.


The high cost of low-performing medical devices

Guest post by my colleague Patryk Fournier, medical marketing communications manager for QNX Software Systems

Manufacturers of consumer products have long used money-back guarantees to promote laundry detergent, newspapers, pizza, and yes, even beer, as a way to reassure consumers about the purchase they are making. You can now add medical devices to the list.

Last week, Reuters reported that medical device manufacturers have begun to offer device performance and reliability guarantees to hospitals:

“Medical device makers, facing sluggish sales and increasing pressure to prove the value of their products, are beefing up guarantees to compensate U.S. hospitals if a device does not perform as expected.”

Medical device manufacturers already operate in a challenging environment filled with stringent regulatory requirements and industry pressures. They must develop increasingly complex devices in timelines that are more typical of consumer-grade electronics, but difficult to meet in a regulated industry. The added burden of providing compensation to hospitals simply adds a cost line directly attributed to device performance or reliability issues.

These product guarantees underscore the importance of building a medical device on a solid, robust, and reliable realtime operating system. Not having a reliable OS will cost medical device manufacturers — literally and figuratively.

At QNX Software Systems, we’ve been taking reliability seriously for almost 35 years. That’s why our OS supports intelligent fault recovery to enable high uptimes, time partitioning to ensure availability of critical processes, security mechanisms to help devices from attack, and realtime determinism to help applications meet hard deadlines. Moreover, this OS technology has been deployed in dialysis machines, infusion pumps, angiography systems, CT scanners, surgical robots, heart defibrillators, and a host of other medical devices.

No, we don’t offer money-back guarantees. But I think we offer something better: tools, services, and certifications to help our medical-device customers save time, money, and effort in the first place.


They did it! Solar Impulse team makes non-stop flight from Japan to Hawaii

Solar-powered plane sets new endurance record while completing toughest leg of round-the-world journey.

Touching down in Kalaeloa
Source: Solar Impulse 
Now here's good news for a Friday afternoon: The Solar Impulse 2, a solar-powered plane outfitted with QNX technology, has landed safely in Kalaeloa, Hawaii, after completing the longest leg of its round-the-world mission and setting a new endurance record for solo flight.

The plane lifted off from Nagoya on June 28 and touched down in Kalaeloa almost 120 hours later, using the sun as its only power source. And did I mention? The plane had only pilot, André Borschberg, who was at the helm for the entire 5-day flight. Yes, he was able to take naps while the plane was on autopilot — but only 6 a day, each lasting 20 minutes. Color me impressed.

The team’s round-the-world flight, which started on March 9 in Abu Dhabi, hit a snag when the plane reached Nagoya, where weeks of bad weather threatened to cancel the project. But, finally, a five-day window of clear weather opened and the team was able to resume its historic journey, which is dedicated to the promotion of green energy.

The team’s other pilot, Bertrand Piccard, will fly the next leg, from Honolulu to Phoenix, Arizona. Piccard’s name may ring a bell, but not because of any Star Trek connection: In 1999, he became the first person to complete a non-stop balloon circumnavigation of the earth.

QNX Software Systems is the official realtime OS partner for the Solar Impulse team, and the plane uses the QNX Neutrino OS for several control and data communication functions. Read my previous posts for more information on the Solar Impulse project.


Developing software for safety-critical systems? Have I got a book for you

Chris Hobbs is the only person I know who holds a math degree with a specialization in mathematical philosophy. In fact, before I met him, I didn’t know such a thing even existed. But guess what? That’s one of the things I really like about Chris. The more I hang out with him, the more I learn.

Come to think of it, helping people learn has become something of a specialty for Chris. He is, for example, a flying instructor and the author of Flying Beyond: The Canadian Commercial Pilot Textbook. And, as a software safety specialist at QNX Software Systems, he regularly provides advice to customers building systems that must comply with functional safety standards like IEC 61508, EN 5012x, and ISO 26262.

Chris has already written a number of papers on software safety, some of which I have had the great privilege to edit. You can find several of them on the QNX website. But recently, Chris upped the ante and wrote an entire book on the subject, titled Embedded Software Development for Safety-Critical Systems. The book:

  • covers the development of safety-critical systems under ISO 26262, IEC 61508, EN 50128, and IEC 62304
  • helps readers understand and apply remarkably esoteric development practices and be prepared to justify their work to external auditors
  • discusses the advantages and disadvantages of architectural and design practices recommended in the standards, including replication and diversification, anomaly detection, and so-called “safety bag” systems
  • examines the use of open-source components in safety-critical systems

I haven’t yet had a chance to review the book, but at 358 pages, it promises to be a substantial read.

Interested? Well, you can’t get the book just yet. But you can pre-order it today and get one of the first copies off the press. It’s scheduled for release September 1.

A version of this post appeared in the QNX Auto Blog.


The June edition of the QNX Source newsletter is now online. So what are you waiting for?

I've said it before and I'll say it again: it pays to get your information straight from the source. I am speaking, of course, of the QNX Source newsletter.

The Source is your passport to the latest QNX videos, webinars, whitepapers, articles, press releases, product updates, and board support packages. If you ask me, subscribing is the best way to go. But if you're not the subscribing kind, there is an alternative: you can bookmark your browser to the Source newsletter archive.

Here, for example, is a taste of the June 2015 edition, which is available now on the archive:


QNX boards the bus: an automated fare collection system from MSI Global

You can find QNX technology in almost every form of transportation imaginable, from cars and trains to boats and planes. It’s even used in motorcyles. If you download the infographic, “35 Ways QNX Touches Our Lives,” you’ll find lots of examples, including in-car infotainment, locomotive control, and cruise-ship navigation. But here’s the thing: the infographic doesn’t say a thing about buses. Not a single mention.

Enter an announcement that fills the gap. Earlier today, QNX revealed that the QNX Neutrino OS is powering an automated fare collection system used throughout Singapore, the Philippines, and Thailand. The system comprises automatic gates, ticketing machines, and yes, onboard bus equipment, including a console for the driver and a smartcard validation system for passengers. The system was created by MSI Global, an international system integrator specializing in land-transport solutions and a subsidiary of the Land Transport Authority (LTA) of Singapore.

Silvester Prakasam, head of the fare system business unit at MSI, has good things to say about QNX. “MSI’s experience with QNX Neutrino has been very favorable and we will continue to leverage the same secure OS for our future projects. Creating a solution that could gain widespread adoption was a key consideration in our choice of OS, and with QNX Neutrino we were able to create a design that is fast and reliable, yet affordable to customers in cost-sensitive regions.”

Read the press release to learn more. Meanwhile, I thought you would enjoy some images of the fare collection system, starting with the smartcard reader:

Here's an example of the ticketing machines:

And here's an example of the automatic gates:


QNX brings medical device info days to Europe

Commercializing a medical device is always a challenge. But with the right knowledge, you can mitigate project risk and ease the path to regulatory approval.

On May 19 and 21, QNX will host info
days in Cambridge 
and Paris.
For almost 30 years, QNX Software Systems has been helping its customers build dialysis machines, infusion pumps, angiography systems, CT scanners, surgical robots, heart defibrillators, and a host of other medical devices. Moreover, we have built an OS that complies with international standards like IEC 62304 (medical device software) and IEC 61508 (functional safety systems). In the process, we’ve learned a thing or two about medical devices and how their software must specified, designed, developed, and maintained.

Which brings me to the medical information days that QNX will host this coming month in Cambridge and Paris. In both events, industry experts like Rob Higgins (head of regulatory affairs at MHRA, the agency that regulates medical devices in the UK) and Florence Collé (regulatory affairs manager at SNITEM, the national association of medical device manufacturers in France) will address regulatory and commercial challenges faced by today’s medical device manufacturers. Experts from IHS and, of course, QNX will also be on hand to deliver presentations and share their insights. Topics covered will include:

  • Understanding regulations in Europe and North America
  • Getting up to speed on IEC 62304 compliance
  • Streamlining software integration
  • Ensuring medical device safety
  • Mitigating project risk
  • Easing the path to end-device approval

Interested? Click on the links to learn more:

Cambridge, UK, May 19
The Cambridge Belfry
Back Lane, Cambourne, Cambridge, CB23 6BW
Download the agenda and view the speaker bios
Register to attend

Paris, France, May 21
Hilton Paris La Défense
2 place de la Défense CNIT, 92053 Paris
Download the agenda
Register to attend

There is no charge to participate in either event.

Further reading:


    Behind the controls of the Solar Impulse

    Virtual cockpit lets you follow progress of round-the-world flight in real time.

    What’s it like to get behind the controls of a solar-powered plane a plane now in the process of circumnavigating the globe? You and I will never really know, but we can enjoy the next best thing: a virtual cockpit that provides a pilot’s eye view of the plane’s instrument panel.

    Just point your browser to the Solar Impulse website whenever the plane is in the air, and you will see real-time updates to the plane’s flight instruments. For instance, in this screen capture, you can see the current position of the ailerons, airbrakes, elevators, and rudder, along with the airspeed (in knots), vertical speed (rate of climb or descent), heading, and altitude:

    And in the following screen capture, you can see much of the same information, presented in a different fashion, along with the attitude indicator, which shows whether the wings are level and whether the nose is pointing above or below the horizon:

    I've covered only a subset of the real-time information displayed on the Solar Impulse website. For example, you can also view a map of the plane’s progress, a video feed of the mission-control center, and the current power mode of the plane’s electrical system:

    QNX Software Systems is the official realtime OS partner for the Solar Impulse team, and the plane uses the QNX Neutrino OS for several control and data communication functions.


    Explaining a technical product to non-technical people

    When people ask what your company does, what do you say? If your company makes cars or chairs or smartphones, the answer is relatively easy. But if your company makes FPGAs, realtime operating systems, or programming tools, the answer can be too down in the weeds for most people.

    Explaining a technical product to a non-technical audience is a challenge. To succeed, you have to meet people on their level, without being condescending. Most people love a good explanation, but everyone hates being talked down to.
    One secret is to connect your product to things people do every day. At QNX, for example, we realized that our technology affects people whether they drive to work, flip a light switch, or use a credit card. So thats how I often start the conversation.
    Chances are, you used QNX technology today, without knowing it. I find this a good opening sentence. I follow it up with some examples that QNX recently published in the infographic, 35 Ways QNX Touches Our Lives (see below). For example, QNX touches your life when you:
    • Flip a light switch — QNX technology controls thousands of power generation systems, from wind turbines to nuclear stations to hydroelectric plants.
    • Go online — QNX technology is at the core of massive Internet routers that handle data, voice, and video traffic for hundreds of millions of users every day.
    • Use a credit card — Banks the world over use QNX-based systems to issue payment cards and PINs, facilitating secure, reliable transactions.
    • Take a nap — QNX-based spinning and weaving systems produce high-quality fabrics for everything from bed sheets to towels, sweaters, and furniture.
    • Keep house — QNX-based robot vacuums can clean your entire home, even under beds and other furniture. So you can sit back instead of hurting your back.
    Once I've provided a few of these examples, it's easier to gauge whether the listener is interested more of a deep dive  the how, rather than the what.
    What about you? Have you had success explaining your technical product to non-technical audiences, be they reporters, analysts, or your great aunt Mildred? If so, what worked? What didn't?


    Flying in the dark on solar energy

    Crew of QNX-equipped Solar Impulse plane gears up for historic flight.

    The Solar Impulse 2, aka SI2
    Source: Solar Impulse
    The countdown has begun. On Monday, March 9, the Solar Impulse 2, a one-of-a-kind airplane that runs exclusively on solar power, will take off from an airport in Abu Dhabi. The destination? Abu Dhabi!

    That’s right, this is a round trip — but not just any round trip. It is, in fact, the first attempt to fly around the world using only the power of the sun. On board will be André Borschberg, the former jet pilot who, together with Bertrand Piccard, cofounded the Solar Impulse project 12 years ago. (Piccard’s name may ring a bell — as well it should. In 1999, he became the first person to complete a non-stop balloon circumnavigation of the earth.)

    The Solar Impulse can fly at night, using energy stored in its lithium-ion batteries. But it’s no fly-by-night operation. Borschberg and Piccard have spent the last 12 years on this project and have set 8 world records in the process, including longest uninterrupted flight (26 hours, 10 minutes) and highest altitude (9235 meters) for a solar-powered plane. That’s pretty impressive, but then, everything about this plane is remarkable, from the wingspan (72 meters) to the number of voltaic cells (17250) that power its electric motors.

    Solar Impulse bootup screen. Screen-grab from video.
    The human element is equally impressive. To cross the Pacific or Atlantic ocean, the plane, which has a cruise speed of 90  km/h, will need to stay airborne for about 5 days, nonstop. And that means the pilot also needs to stay airborne for 5 days, in an unheated, unpressurized cabin with temperatures ranging from -40°C to +40°C. Yes, the pilot is allowed to take naps, but only 6 a day, each lasting 20 minutes. Not surprisingly, both pilots (Borschberg and Piccard will each take turns flying the plane), have learned self-hypnosis and meditation techniques to help them enter and exit deep sleep as quickly as possible. The plane can accommodate only one pilot at a time, and the team plans a total of five stops to allow changes of pilots.

    As mentioned in previous posts, QNX Software Systems is the official realtime OS partner for the Solar Impulse team, and the plane uses the QNX Neutrino OS for several control and data communication functions. So, as you can imagine, come next Monday, my browser will be tuned to the Solar Impulse website. I hope yours will, too.

    Until then, here's a “making of” video of the Solar Impulse 2. Enjoy.


    Hypervisors, virtualization, and creating a safety-critical system that keeps up with the Joneses

    A new webinar on how virtualization can help you add new technology to existing designs.

    First things first: should you say “hypervisor” or “virtual machine monitor”? Both terms refer to the same thing, but is one preferable to the other?

    Hypervisor certainly has the greater sex appeal, suggesting it was coined by a marketing department that saw no hope in promoting a term as coldly technical as virtual machine monitor. But, in fact, hypervisor has a long and established history, dating back almost 50 years. Moreover, it was coined not by a marketing department, but by a software developer.

    “Hypervisor” is simply a variant of “supervisor,” a traditional name for the software that controls task scheduling and other fundamental operations in a computer system — software that, in most systems, is now called the OS kernel. Because a hypervisor manages the execution of multiple OSs, it is, in effect, a supervisor of supervisors. Hence hypervisor.

    No matter what you call it, a hypervisor creates multiple virtual machines, each hosting a separate guest OS, and allows the OSs to share a system’s hardware resources, including CPU, memory, and I/O. As a result, system designers can consolidate previously discrete systems onto a single system-on-chip (SoC) and thereby reduce the size, weight, and power consumption of their designs — a trinity of benefits known as SWaP.

    The QNX Hypervisor is an example of a 
    Type 1 “bare metal” hypervisor.
    That said, not all hypervisors are created equal. There are, for example, Type 1 “bare metal” hypervisors, which run directly on the host hardware, and Type 2 hypervisors, which run on top of an OS. Both types have their benefits, but Type 1 offers the better choice for any embedded system that requires fast, predictable response times — most safety-critical systems arguably fall within this category.

    Moreover, some hypervisors make it easier for the guest OSs to share hardware resources. The QNX Hypervisor, for example, employs several technologies to simplify the sharing of display controllers, network connections, file systems, and I/O devices like the I2C serial bus. Developers can, as a result, avoid writing custom shared-device drivers that increase testing and certification costs and that typically exhibit lower performance than field-hardened, vendor-supplied drivers.

    Adding features, without blowing the certification budget
    Hypervisors, and the virtualization they provide, offer another benefit: the ability to keep OSs cleanly isolated from each other, even though they share the same hardware. This benefit is attractive to anyone trying to build a safety-critical system and reduce SWaP. Better yet, the virtualization can help device makers add new and differentiating features, such as rich user interfaces, without compromising safety-critical components.

    That said, hardware and peripheral device interfaces are evolving continuously. How can you maintain compliance with safety-related standards like ISO 26262 and still take advantage of new hardware features and functionality?

    Enter a new webinar hosted by my inimitable colleague Chris Ault. Chris will examine techniques that enable you to add new features to existing devices, while maintaining close control of the safety certification scope and budget. Here are some of the topics he’ll address:

    • Overview of virtualization options and their pros and cons
    • Comparison of how adaptive time partitioning and virtualization help achieve separation of safety-critical systems
    • Maintaining realtime performance of industrial automation protocols without directly affecting safety certification efforts
    • Using Android applications for user interfaces and connectivity

    Webinar coordinates:
    Exploring Virtualization Options for Adding New Technology to Safety-Critical Devices
    Time: Thursday, March 5, 12:00 pm EST
    Duration: 1 hour
    Registration: Visit TechOnLine

    A version of this post was published on the QNX Auto Blog.


    Autonomous forklifts gear up with QNX and HTML5

    Warehouse robots need reliable realtime control. They also need an intuitive user interface. Can one OS handle both?

    When it comes to forklifts, I am as dumb as they come. I had always assumed that one forklift is much like any other, aside from obvious differences in size and color. Boy, did I get that wrong. A quick perusal of Wikipedia reveals some 30 forklift types, ranging from “walkie stackers” (which, true to their name, are walked, not ridden) to “EX-rated lift trucks” (which, contrary to their name, aren’t designed to carry erotica but to be explosion proof).

    Forklifts also come in driverless variants called automated guided vehicles, or AGVs. Case in point: the QNX-powered AGVs built by Euroimpianti, a global leader in automated warehouse systems. These vehicles can, without human intervention, load and unload trucks, as well as move materials from one area of a warehouse or factory to another. Moreover, they can operate 24/7, using a list of prioritized missions downloaded from a central management system.

    As you might expect, Euroimpianti uses the QNX Neutrino OS in the realtime control systems of its AGVs. After all, predictable response times and high reliability — qualities essential to safe operation of a driverless vehicle in a busy warehouse — are QNX Neutrino’s stock-in-trade.

    But here’s the thing: Euroimpianti has also decided to standardize on QNX Neutrino for the human machine interfaces (HMIs) of its operator panels. Why do that, when the HMIs could run on an OS like Windows Embedded or Android? The answer lies in the many features introduced in the QNX Neutrino OS 6.6 and the new QNX SDK for Apps and Media.

    These features include a framework for creating apps and HMIs with industry-standard technologies like HTML5, JavaScript, and CSS, and a graphical composition manager that can seamlessly blend apps and graphical components created in HTML5, OpenGL ES, Qt, and other environments, all on the same display. In addition, the SDK offers secure application management, comprehensive multimedia support, mobile device connectivity, an optimized HTML5 engine, and other features for building mobile-class user experiences into embedded systems — including, of course, AGVs.

    To quote Maurizio Calgaro, electronic engineering manager, Euroimpianti, “With its new QNX SDK for Apps and Media, QNX Neutrino enables us to create dynamic HMIs that leverage the latest Web technologies, including HTML5. Our operator panels and control systems can now run on the same, standards-based OS, and that means greater productivity for our developers and, ultimately, faster time-to-market for our solutions.”

    The QNX SDK for Apps and Media includes an HTML5 environment to create and deploy applications.
    Euroimpianti's QNX-based robotic systems also include Cartesian robots, anthropomorphic robots, and selective compliance assembly robot arms (SCARA). The systems are deployed internationally in the automotive, beverage, cosmetic, food, dairy, electrical, glass, and pharmaceutical industries. Learn more on the Euroimpianti Website, which includes many videos of the robots in action.

    Using the same OS for both realtime control and user interface control.


    Bend it, shape it, any way you want it

    Last year, at Embedded World 2014, QNX Software Systems demonstrated three systems built by its customers: a touch display that connects washing machines to the Web, an operator panel that controls forklifts and bulldozers, and an inspection system that detects cracks in gas pipelines. These systems perform very different functions, and operate in very different environments, yet they have one thing in common: the QNX Neutrino OS.

    Fast-forward to Embedded World 2015, where, once again, QNX will showcase the remarkable flexibility of its OS technology, in everything from a medical device that saves lives to a robot that cleans carpets. Of course, the new demos aren’t just about flexibility. They also showcase how QNX technology can make embedded systems easier to build, easier to certify, and easier to use. Not to mention more reliable.

    So if you’re at Embedded World this week, come on over and visit us at Booth 4-358. In the meantime, here's a quick peek at what we plan to showcase:

    Demo #1: The autonomous vacuum
    Chances are, the QNX booth will have the cleanest floor in all of Embedded World. And for that, you can blame the Neato Botvac robot vacuum.

    This Botvac is one smart appliance: Before it starts to suck up dirt, it scans and maps the entire room so it can work as quickly and methodically as possible. It’s also smart enough, and quick enough, to maneuver around furniture and to avoid staircases.

    To quote Mike Perkins, vice president of engineering at Neato Robotics, “our autonomous home robots need fast, predictable response times, and the QNX OS enabled our engineers to achieve very high performance on cost-effective hardware. The QNX OS also helped us create a software architecture that can quickly accommodate new features, giving us the flexibility to scale product lines and deliver compelling new capabilities.”

    Check out this video of the Botvac in action:

    Demo #2: The defibrillator
    If you don’t already know, the QNX Neutrino OS is used in dialysis machines, infusion pumps, angiography systems, surgical robots, and a variety of other hospital-based medical devices. But it’s also used in mHealth devices that provide critical therapy or diagnostics when the nearest hospital is miles away. Case in point: the corpuls1, a defribrillator and patient monitor for fire fighters and other first responders, built by GS Elektromedizinische Geräte G. Stemple:

    Demo #3: The medical reference demo
    The QNX booth will also feature our latest medical reference demo, which integrates a suite of QNX, BlackBerry, and third-party technologies for building connected, safety-critical medical devices. Here is what the demo system looks like:

    And here is a sample of what’s under the covers:

    IEC 62304-compliant QNX OS for Medical
    HL7, the international standard for transfer of clinical data
     User interface based on the Qt application framework
    Java runtime engine
     Remote device management and end-to-end security of the BlackBerry BES12 architecture

    Demo #4: The QNX SDK for Apps and Media
    We released the first version of this SDK almost exactly one year ago. In a nutshell, it extends the capabilities of the QNX Neutrino OS 6.6, enabling embedded developers to create rich user interfaces and applications with HTML5, JavaScript, CSS, and other Web technologies. It also offers secure application management, comprehensive multimedia support, mobile device connectivity, an optimized HTML5 engine, and other advanced features for building mobile-class user experiences into embedded devices.

    You can learn more about the SDK on the QNX Website. In the meantime, here’s the home screen of the SDK, showing several of its built-in applications and demos:

    Demo #5: The [CENSORED] robot
    What kind of robot, you ask? Sorry, you’ll have to wait until the first day of Embedded World, when we will showcase a video of this (very cool) QNX system in action.

    Demo #6: The all-new QNX [CENSORED]
    Again, I can’t tell you what this is. I can’t even give you a hint. I can mention, however, that it’s a brand new product that will run on an automotive demo system in our booth. But don’t be fooled by the automotive connection! The new product can, in fact, be used in a wide variety of devices, not just cars. Stay tuned.

    Visit www.qnx.com to learn more about QNX at Embedded World, including presentations on IoT and safety-critical design. And while you're at it, download this infographic to see how flexible QNX technology really is.


    Breaking up is hard to do

    Separation can be painful. But often, the failure to separate can result in even more pain over the long haul.

    No, I’m not talking love, marriage, or other affairs of the human heart. I am talking software design. In particular, the design of complex software systems that must perform safety-critical functions. The software, for example, in a medical device, automotive ADAS unit, or train-control system.

    In systems like these, separation is critical: software components must be cleanly isolated from one another. Otherwise, you risk the chance that the behavior of one component will inadvertently interfere with the behavior of another. For this reason, component isolation is a key thrust of functional safety standards like IEC 61508 and ISO 26262.

    Several forms of interference, all undesirable.
    Interference can take many forms. For instance, a component could improperly use file descriptors or flash memory needed by other components. Or it could enter a tight loop under a failure condition and starve a more-critical component of CPU time. Or it could write to the private memory of another component.

    You could, of course, run every component on separate hardware. But that becomes an expensive proposition. Moreover, the market trend is toward hardware consolidation, which, for reasons of economy, merges previously discrete systems onto a single platform.

    It’s important, then, to embrace software-based separation techniques. These include OS mechanisms to prevent resource deprivation, time starvation, data corruption, and so on. For instance, the adaptive time partitioning provided by the QNX Neutrino OS can ensure that a software component always gets a minimum percentage of CPU time, whenever it needs it. That way, other components can't prevent it from running, either unintentionally or maliciously.

    Software separation is as much art as science. In fact, my colleague Yi Zheng goes further than that. She argues that there is as yet no precise methodology for separating system functions. There are no textbooks, no pat answers.

    So is separation only a matter of asking the right questions? That would be an oversimplification, of course. Skill also comes into play, as does experience, not to mention a good dose of thoroughness. But really, you should read Yi’s article, “The Art of Separation”, in Electronic Design and judge for yourself.