Sciopta Safety Certified Real-Time Kernels
SCIOPTA is a preemptive multitasking high performance real-time kernel which includes many built-in safety features.
The SCIOPTA Safety Kernel architecture has been designed with the focus on real-time performance and small size. Internal data structures, memory management, inter-process communication, and time management are highly optimized.
As an asynchronous direct message-passing kernel, SCIOPTA is suited best to be used in safety-critical applications.
Safety properties
The following properties of the SCIOPTA Safety Kernel facilitate safety-related applications:
- Message-based inter-process communication
- Deterministic behaviour
- Encapsulation and data protection by organizing memory in data pools
- Centralized error handling
Certified Data Transfer
The SCIOPTA kernel may observe data transfer between processes by testing checksums over message data areas. These certified functions ease the workload of the designer of safety software considerably. Leaving this duty to the kernel results in shorter development time and reduced costs.
The SCIOPTA message consists of a header including the process ID of the sender, owner and addressee, a data area of any size and an end-mark which is checked by the kernel.
Safe Memory Management
Processes and message pools are grouped together in SCIOPTA modules.
Modules can be separated with the SCIOPTA Memory Management System (SMMS) and a Memory Management Unit (MMU) or Memory Protection Unit (MPU).
This provides a full freedom of interference for memory.
No Shared Memory
Shared memory is the standard method for interprocess communication in traditional real-time operating systems. The user is fully responsible to protect shared memory with semaphores and to associate semaphores with data areas and types.
There is no need for shared memory in a SCIOPTA system. Direct message passing is safer. All data is encapsulated inside messages and the kernel protects message data by controlling ownership.
Certified by TÜV SÜD
SCIOPTA provides a Real-Time Operating System which is certified by TÜV SÜD in Munich according to IEC 61508 up to SIL3, CENELEC EN 50128 up to SIL4 and ISO 26262 up to ASIL D.
Please contact sales@sciopta.com for supported architectures.
IEC 61508
IEC61508 is the international standard focusing on safety-related systems that incorporate electrical, electronic and/or programmable electronic (E/E/PE) instruments and devices.
Initially mainly used in the automation and process control industry, IEC61508 is more and more accepted for applications in other industries including automotive and medical where safety and reliability are paramount.
The 7 Parts of IEC 61508
IEC 61508-1, General requirements
IEC 61508-2, Requirements for (E/E/PE) safety-related systems
IEC 61508-3, Software requirements
IEC 61508-4, Definitions and abbreviations
IEC 61508-5, Examples of methods for the determination of safety integrity levels
IEC 61508-6, Guidelines on the application of IEC 61508- 2 and IEC 61508-3
IEC 61508-7, Overview of measures and techniques.
EN 50128
CENELEC EN 50128 is a European Standard specifies procedures and technical requirements for the development of software used in railway control and protection applications. It is aimed at use in any area where there are safety implications.
This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part.
50128 is an application standard derived from IEC 61508. The requirements for software
development can be seen as equivalent between the two standards.
ISO 26262
The standard ISO 26262 is an adaptation of the Functional Safety standard IEC 61508 to comply with needs specific to the application sector of Automotive Electric/ Electronic (E/E) Systems within road vehicles.
ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems in order to guarantee compliance with safety requirements.
ASIL D represents the highest degree of automotive hazard. ASIL D classification is more hazardous and will need more stringent safety goals as compared to ASIL A. The ASIL D is determined by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario.
Road vehicles – Functional safety
Part 2: Management of functional safety
Part 6: Product development at the software level
Part 8: Supporting processes
SCIOPTA Safety Kernel Deliverables
The SCIOPTA Safety Kernel delivery contains the Certificate, the Certification Report of Functional Safety and the Safety Manual.