Building a safe and secure embedded world

Functional Safety Run-time System

Run-time system for functional safety applications

Arm FuSa RTS is a complete offering of embedded software components qualified for use in the safety-critical applications such as automotive, medical and industrial systems. With FuSa RTS developers receive a robust real-time operating system (RTOS), independent processor abstraction layer and verified C library that are highly optimized for Cortex-M processors by Arm architecture experts. 

Safety-qualified Arm C/C++ compilerArm Keil MDK development tools and FuSa RTS components are natively integrated together and significantly simplify system design, development, validation and certification processes for safety applications.

Supported safety standards

Arm FuSa RTS is certified for the following safety standards:

  • Automotive:   ISO26262, ASIL D
  • Industrial:      IEC61508, SIL 3
  • Railway:        EN50128,  SIL 4
  • Medical:        IEC62304, Class C

FuSa RTS safety compliance is confirmed by the TÜV Süd Certificate.

Supported devices

FuSa RTS fully utilizes advanced hardware features that Arm specifies for its processors. It provides support for devices with the following Arm Cortex-M cores:

  • Cortex-M0/M0+
  • Cortex-M3
  • Cortex-M4
  • Cortex-M7


Overview: Arm FuSa RTS components


Functional Safety RTX RTOS for safety-critical applications

The use of a real-time operating system (RTOS) in a safety-critical system demands that the RTOS component also undergoes rigorous verification. In cases when regulatory certification is mandatory this also implies specific documentation and testing processes for the targeted safety standards. To enable and streamline the product safety certification, Arm provides FuSa RTX RTOS as part of FuSa RTS package, that is qualified for use in automotive, industrial, railway and medical applications.


Functional Safety RTX RTOS

FuSa RTX RTOS is a deterministic real-time operating system (RTOS) that reliably manages multiple application threads with priority-based, pre-emptive scheduling. FuSa RTX RTOS offers all services needed in complex real-time applications, such as threads, timers, memory and object management, message exchange and others. The RTX kernel is highly optimized for Cortex-M architecture and has multiple provisions that naturally improve the reliability of an embedded application.

Strictly validated code

FuSa RTX RTOS is written in C using C99 language extensions with MISRA C:2012 guidelines being applied to it. FuSa RTX RTOS code has gone through stringent safety analysis and rigorous testing. It is approved for use in applications with the most demanding safety integrity levels (SIL). See above for the list of applicable safety standards.

Designed for engineering efficiency

FuSa RTX RTOS is designed for small memory footprint, i.e. it requires minimum amount of system memory, starting from 5 KB ROM. In addition it supports low-power mode, i.e. it has tick-less operation mode for low power devices.

Easy to configure and use

FuSa RTX RTOS is provided as a CMSIS component and can be easily managed in a µVision Run-Time Environment dialog. In addition there is the Configuration Wizard support: FuSa RTX RTOS provides a number of configuration parameters for the kernel operation as well as for the RTX objects such as threads, mutex and semaphores. Integrated support of MDK Configuration Wizard makes the parameter settings clear and intuitive.

Reliable execution

FuSaRTX RTOS utilizes the LDEX/STEX instruction available on most Cortex-M processors and therefore user interrupts are never disabled. This results in a time-deterministic interrupt execution.

Safe operation

FuSa RTX RTOS operates with separate stacks for ISR/RTOS and threads: the RTOS kernel executes in handler mode with stack separated from user threads which avoids unexpected stack loads. In addition FuSa RTX RTOS implements a software stack overflow checking: This detects stack overruns.Object identifiers are validated at run-time for type-mismatches and are protected from inadvertently accesses by the user application.

Flexible memory management

The object-specific memory pools assure dedicated fixed-size memory blocks for each object type avoids memory fragmentation during run-time and makes object creation and destruction time deterministic.The user application may rely on static memory for kernel objects, which guarantees that the RTOS system can never run out of storage during run-time.

RTOS-aware debugging

All important internal FuSa RTX RTOS events can be logged and analyzed using MDK Event Recorder and System Analyzer. Alternatively 3rd party tools such as Percepio's Tracelyzer can be used as well. Special provisions in FuSa RTX RTOS allow MDK debugger to determine during run-time the current and the maximum stack usage for each thread. Built-in mechanism help to analyze the maximum memory usage for each RTX object type.


Functional Safety Event Recorder

The FuSa Event Recorder provides an API (function calls) for event annotations in the application code. These functions record events along with timestamps and additional information. The data is stored in the event buffer located in the RAM of the target hardware. The µVision debugger reads the content of the event buffer and displays it in the FuSa Event Recorder window. The graphical display over time is available in the System Analyzer window. Other timing and power data can be observed in the Event Statistics window.

Event Recorder Benefits

  • Visibility to the dynamic execution of an application at little (memory) cost.
  • Adding RTOS awareness to a development tool does not require complex DLL programming.
  • For Arm Cortex-M3/M4/M7/M33 processor based devices, Event Recorder functions will not disable interrupts.
  • Adding printf re-targeting for devices without ITM, such as Arm Cortex-M0/M0+/M23.
  • Fast time-deterministic execution of event recorder functions with minimal code and timing overhead.
  • No need for a debug or release build as the event annotations can remain in production code.
  • Saving the event data in local memory ensures fast recording.
  • Collecting the data from the on-chip memory is done using simple read commands. These commands work on all Cortex-M processor based devices and require only JTAG or SWD connectivity to the debug adapter.
  • Using the DWT Cycle Count register for creating time stamps reduces code overhead (available on Arm Cortex-M3/M4/M7/M33).


Functional Safety CMSIS-Core

FuSa CMSIS-Core (Cortex-M) implements the basic run-time system for a Cortex-M device and gives the user access to the processor core and the device peripherals. In detail it defines:

  • Hardware Abstraction Layer (HAL) for Cortex-M processor registers with standardized definitions for the SysTick, NVIC, System Control Block registers, MPU registers, FPU registers, and core access functions.
  • System exception names to interface to system exceptions without having compatibility issues.
  • Methods to organize header files that makes it easy to learn new Cortex-M microcontroller products and improve software portability. This includes naming conventions for device-specific interrupts.
  • Methods for system initialization to be used by each MCU vendor. For example, the standardized SystemInit() function is essential for configuring the clock system of the device.
  • Intrinsic functions used to generate CPU instructions that are not supported by standard C functions.
  • A variable to determine the system clock frequency which simplifies the setup the SysTick timer.


Functional Safety C library

Arm provides a special C library targeting functional safety applications. The library implements a restricted subset of functions specified in the ISO C99 C language standard and comes with usage guidelines and examples on how to work effectively with it.

Arm runtime C libraries

The runtime Arm C library consists of all functions that are defined by the ISO C99 library standard. It allows users to redefine these functions in own application. And it also contains functions that are called implicitly by the Arm Compiler and Arm extensions, that are not defined by the ISO C library standard, but are included in the library.

Arm functional safety C library

The FuSa C Library provides a limited subset of the C library suitable for developing safety-critical embedded applications on Arm architecture compliant devices.

Specifically, it provides the following:

  • A subset of the functions defined in the ISO C Language Specification.
  • The Run-time Application Binary Interface (ABI) for the Arm Architecture.
  • Utility support functions.

FuSa RTS documentation provides vital usage instructions along with important information about the behavior of the FuSa C Library.


Search FormContactOnlineshop