SAFERTOS

SAFERTOS® is a pre-certified safety Real Time Operating System (RTOS) developed by WHIS, a safety systems company. It delivers superior performance and pre-certified dependability, whilst utilizing minimal resources. It is based on the FreeRTOS functional model, with simple migration possibilities. SAFERTOS is available pre-certified to IEC 61508-3 SIL 3 by TÜV SÜD or pre-certified to ISO 26262 ASIL D by TÜV SÜD. 

SAFERTOS Features

With an imperceptible boot time, SAFERTOS is an ideal choice in systems that need to protect users and equipment from hazards quickly after a power on or brown out event.

Responsiveness

SAFERTOS provides deterministic event handling, frequently used in motor control applications requiring precision control. It is the ideal choice for systems that need to respond quickly to safety events, where the system must be placed into a safe state in the shortest possible time.

Ultra-Low Power Mode

It is common to reduce the power consumed by the processor by using the idle Task hook to place the processor into a low power state. The power saving that can be achieved by this simple method varies depending on CPU utilisation but is limited by the necessity to periodically exit and then re-enter the low power state to process RTOS tick interrupts.

Alternatively, when supported by the processor, SAFERTOS can be purchased supporting a tickless Ultra-Low Power Mode. Here power is saved by completely stopping the RTOS tick interrupt during idle periods and placing the system in a power saving mode. Stopping the tick interrupt allows the processor to remain in a deep power saving mode longer until either an interrupt occurs, or it is time for the RTOS to re-activate a Task.

No Dynamic Memory Operations

An RTOS that undertakes dynamic memory allocation can introduce a significant risk into a safety critical system. What happens when the RTOS needs to allocate more memory to execute a safety Task, but no more memory exists?

SAFERTOS does not perform any dynamic memory allocation operations, but instead requires the application to allocate a block of memory for SAFERTOS  during the initialisation sequence. Reference to this memory block is passed to SAFERTOS  via the API during the initialisation phase. Application designers are still able to use dynamic memory allocation within their designs.

The SAFERTOS pre-emptive real time scheduler has the following characteristics:

• Any number of tasks can be created – system RAM constraints are the limiting factor.
• Each task is assigned a priority – any number of priorities can be used.
• Any number of tasks can share the same priority – allowing for maximum application design flexibility.
• The highest priority task that is able to execute (i.e. that is not blocked or suspended) will be the task selected by the scheduler to execute.
• Supports time sliced round robin scheduling for tasks of equal priority.
• Queues can be used to send data between tasks, and to send data between tasks and interrupt service routines.
• Binary semaphores and counting semaphores make use of the queue primitive – ensuring code size is kept to a minimum.
•  Tasks can block for a fixed period.
• Tasks can block to wait for a specified time.
• Tasks can block with a specified timeout period to wait for events.
• Task Notification Feature
• FPU support.
• Definition and manipulation of MPU/MMU regions on a per task basis.
• Run time statistics.
• Software Timers
• Ultra-Low Power Mode Option
• MISRA C Compliant
• 100% MC/DC verification coverage

Compact Footprint

• Typical ROM Requirements 6-15kB.
• Typical RAM Requirements 500 bytes.
• Typical Stack Requirements 400 bytes/task.