Whether a life- or mission-critical device is an infusion pump or an ADAS vehicle, it has become more and more dependent on complex heterogeneous SoC processors to run its sophisticated applications.
The onus of designing safety-certified systems now settles on developers of boards or designers of chips that feature safety-critical microcontrollers and multicore processors.
Proper design of a safety-certified heterogeneous solution (whether in the form of a board or an SoC) requires more than just the insertion of a safety micro. It needs multicore CPUs running an RTOS – possibly pre-certified to high SIL levels in ISO 26262 and IEC 61508, for example – that safely functions and communicates with an embedded microcontroller running yet another safety RTOS.
It turns out that running two RTOSes – one on MCU and another on multicore CPU – on a single solution while certifying the safety of the whole system is easier said than done. Given different sets of tools and development environments offered by two operating systems, integrating them together safely is a time-consuming challenge for any system developer.
Blackberry, an owner of QNX, and Wittenstein high integrity systems (WHIS), a Bristol, UK-based developer and supplier of mission- and safety-critical RTOS, launched this week a new embedded software platform that enables the development of safety-certified and mission-critical applications on heterogenous system-on-chip (SoC) processors.
*How Blackberry's QNX RTOS works with WHIS' SafeRTOS inside an SoC (Source: Blackberry) *
In an interview with EE Times, Grant Courville, vice president, product management and strategy at BlackBerry QNX, observed, “We’ve all seen a huge growth in software used in automotive – including ADAS and AVs. As a result, more operations inside a car have become ‘software-controlled,” which has, in turn, prompted more ECUs to get consolidated.”
Typically, such consolidated ECUs (engine control units) feature one or more high-performance CPUs and one or more microcontrollers. They can be consolidated on a board, Courville said. Or, as Renesas and others have done it, they can integrate that little embedded microcontroller on a bigger chip. “As more companies started doing that, we began getting requests from our customers. They asked us, ‘Hey, QNX, we already use your RTOS on our high-performance processors. Can you help us on integrations with safety microcontrollers?’”
“At that point, we had two options,” said Courville. “We could have stripped down QNX and made it work on those little microcontrollers. Or, we go to the best safety-certified microcontroller RTOS that we could find, form a partnership, and do technology integration.”
Courville’s team chose the latter. They found WHIS safety-critical RTOS to be an ideal partner and formed a bond. “We allowed common tools, developed common means of communication between the two, and completed the tight integration,” according to Courville. So, when Tier One’s or OEMs come to Blackberry, “We can now offer a complete solution, supporting the same tools and the same development environment.”
Highlighting its unified development environment tool chain and an efficient inter-processor communication capability, Blackberry claims that this “multi-level, policy-driven, security model helps guard against system malfunctions, malware and cyber-attacks.”
According to Blackberry, evaluation software can be obtained under license from either BlackBerry QNX or WHIS.