5 Freedom from Interference

IEC 61508 clearly expresses non-interference in terms of independence of execution between software elements, which are hosted on a single computer system. The term independence of execution means that elements do not adversely interfere with each others execution behavior such that a dangerous failure can occur. Independence of execution shall be achieved and demonstrated both in the spatial and temporal domains. All of this can be achieved by using a certified separation kernel, such as the INTEGRITY RTOS from Green Hills Software. INTEGRITY is a Separation Kernel that provides strict separation of memory, CPU time and other resources. This separation capability is certified according to the above-mentioned safety standard.

The benefits of this separation are numerous: you can run quality managed applications and safety critical software partitions side-by-side on the same system. This means that there is no need to re-certify the device when the quality managed application partitions are updated. Additionally standard non-certified communication such as Ethernet, TCP/IP, or CAN stacks can run from non-critical partitions with the safety critical application passing data over a “black channel” to a safety application in a critical partition. Black channel communication principle is common layered approach where the safety function does not rely on the communication medium for specified delivery of content. The safety protocol performs all the required safety checks for end-to-end protection of communication from sensor to compute. The net result is less software to certify less frequently, which is a significant development cost saving, even while allowing frequent updates to the quality managed application without compromising the required safety level.