Electronics Guide

Understanding Real-Time Systems

Real-time systems must respond to events within guaranteed time bounds. Missing a deadline in such systems can range from degraded performance to catastrophic failure, depending on the application criticality level.

Hard vs. Soft Real-Time

Understanding the distinction between real-time categories fundamentally shapes platform selection:

• Hard real-time systems: Missing a deadline constitutes system failure. Examples include airbag deployment controllers, anti-lock braking systems, and nuclear reactor control systems. Hardware and software must guarantee worst-case response times under all conditions
• Firm real-time systems: Occasional deadline misses are tolerable but result in degraded quality or value. Video streaming and telecommunications systems often fall into this category, where late data has no utility but system operation continues
• Soft real-time systems: Deadlines represent targets rather than absolute constraints. User interfaces and non-critical monitoring systems typically operate in soft real-time, where responsiveness matters for user experience but delays do not compromise safety

Determinism and Predictability

Real-time platforms must exhibit deterministic behavior where the same inputs always produce the same outputs within bounded time:

• Interrupt latency: The time from interrupt assertion to handler execution must be bounded and predictable. Development platforms provide characterization data specifying worst-case interrupt response times
• Context switch time: Task switching overhead in multi-tasking systems must be minimal and predictable. RTOS kernels designed for real-time use specify maximum context switch times
• Memory access timing: Cache behavior, memory wait states, and bus arbitration can introduce timing variability. Real-time platforms often provide options to disable caching or use tightly-coupled memory with predictable access times
• Priority inversion: When a high-priority task waits for a resource held by a lower-priority task, unbounded delays can occur. Real-time systems implement priority inheritance or priority ceiling protocols to bound blocking times

Timing Analysis

Demonstrating that real-time constraints are satisfied requires rigorous analysis:

• Worst-case execution time (WCET): Static analysis tools determine upper bounds on execution time for code segments, accounting for all possible paths and cache states
• Schedulability analysis: Mathematical techniques verify that all tasks will meet deadlines given their periods, execution times, and priorities
• Response time analysis: Calculation of actual worst-case response times accounting for preemption, blocking, and resource contention
• Jitter measurement: Variation in execution timing must be characterized and minimized for applications requiring precise temporal behavior

Functional Safety Fundamentals

Functional safety ensures that systems achieve safe states in response to failures or hazardous conditions. Safety-critical platforms implement hardware and software mechanisms to detect faults, prevent hazardous outputs, and maintain system integrity.

Safety Integrity Levels

International standards define safety integrity levels (SILs) that specify required risk reduction:

• IEC 61508: The foundational functional safety standard defines SIL 1 through SIL 4, with increasing requirements for failure probability, diagnostic coverage, and development rigor. SIL 4 represents the highest integrity level with probability of dangerous failure less than 10^-8 per hour
• ISO 26262 (ASIL): The automotive-specific standard defines Automotive Safety Integrity Levels A through D. ASIL D corresponds roughly to SIL 3 and applies to systems where malfunction could cause life-threatening injuries
• DO-178C (DAL): Aerospace software certification defines Design Assurance Levels A through E. Level A applies to software whose anomalous behavior would prevent continued safe flight
• IEC 62304: Medical device software standard defines Class A, B, and C based on hazard severity. Class C software requires the most rigorous development processes and documentation

Hardware Safety Mechanisms

Safety-critical platforms incorporate dedicated hardware features to detect and respond to faults:

• Lockstep processing: Dual processor cores execute identical code simultaneously, with comparison logic detecting any divergence indicating a fault
• Error correcting code (ECC) memory: RAM with ECC can detect double-bit errors and correct single-bit errors, preventing memory corruption from causing hazardous behavior
• Memory protection units (MPU): Hardware-enforced memory boundaries prevent tasks from corrupting each other's data or code space
• Watchdog timers: Independent timing circuits detect software execution anomalies and trigger safe-state transitions when periodic refresh fails
• Built-in self-test (BIST): Dedicated logic performs continuous testing of processor, memory, and peripheral integrity during operation
• Clock monitoring: Independent oscillators and cross-checking detect clock failures that could cause timing violations
• Voltage monitoring: Supply voltage supervisors detect brownout conditions and ensure proper power sequencing during startup and shutdown

Software Safety Considerations

Safety-critical software development follows rigorous processes documented in comprehensive evidence packages:

• Requirements traceability: Every software requirement traces to system requirements and hazard analysis, with test cases demonstrating satisfaction
• Coding standards: MISRA C, CERT C, and similar standards prohibit language features prone to errors and mandate defensive programming practices
• Static analysis: Tools analyze source code for potential defects, standards violations, and security vulnerabilities without executing the code
• Dynamic analysis: Run-time checking detects memory errors, race conditions, and other defects during testing
• Code coverage: Testing must exercise specified percentages of statements, branches, and modified condition/decision combinations depending on integrity level
• Configuration management: All artifacts must be under version control with complete audit trails documenting all changes

RTOS Development Boards

Real-time operating system development boards provide hardware platforms optimized for running certified or certifiable RTOS kernels. These boards typically feature microcontrollers with deterministic interrupt handling, sufficient memory for RTOS overhead, and debugging interfaces compatible with real-time analysis tools.

FreeRTOS Development Platforms

FreeRTOS has become the most widely deployed real-time kernel, with support across virtually all microcontroller families:

• AWS FreeRTOS qualification: Amazon's IoT-focused FreeRTOS distribution runs on numerous qualified boards with integrated connectivity libraries
• STM32 with FreeRTOS: STMicroelectronics provides extensive FreeRTOS integration through STM32CubeMX, generating configured project templates for any STM32 device
• NXP MCUXpresso: NXP's development environment includes FreeRTOS support with RTOS-aware debugging and system analysis tools
• Espressif ESP-IDF: The ESP32 platform runs FreeRTOS as its native operating system, providing real-time capabilities alongside WiFi and Bluetooth connectivity
• SAFERTOS: The safety-certified version of FreeRTOS provides identical API with pre-certified code for IEC 61508 SIL 3 applications

Zephyr RTOS Platforms

The Linux Foundation's Zephyr project provides a scalable RTOS with growing industry adoption:

• Supported hardware: Over 400 boards supported including ARM Cortex-M, RISC-V, x86, and other architectures
• Security features: Memory protection, secure boot, and trusted execution environment support for security-critical applications
• Power management: Sophisticated power management framework enables ultra-low-power applications
• Connectivity stacks: Built-in Bluetooth, WiFi, Thread, and other networking support simplifies connected device development
• Safety certification: Active work toward IEC 61508 certification positions Zephyr for safety-critical applications

Commercial RTOS Development Kits

Vendor-supported commercial RTOS platforms provide certified solutions with professional support:

• VxWorks development systems: Wind River's VxWorks runs on dedicated development boards with DO-178C and IEC 61508 certification credentials
• QNX development platforms: BlackBerry QNX provides microkernel RTOS certified for automotive, medical, and industrial applications
• Nucleus RTOS: Siemens Mentor's Nucleus offers certified RTOS with extensive middleware for medical and industrial markets
• ThreadX (Azure RTOS): Microsoft's ThreadX provides certified real-time kernel with safety certifications for medical, industrial, and automotive applications
• INTEGRITY RTOS: Green Hills INTEGRITY provides separation kernel architecture with EAL 6+ security certification and DO-178C certification

Functional Safety Development Kits

Functional safety development kits provide complete platforms designed specifically for developing safety-critical applications. These kits combine safety-qualified microcontrollers with certified software, comprehensive documentation, and tools supporting safety lifecycle activities.

Automotive Safety MCU Development Kits

Major semiconductor vendors offer development kits for ISO 26262 compliant automotive applications:

• Infineon AURIX TriCore: Development kits for AURIX TC3xx and TC4xx families featuring lockstep cores, extensive safety mechanisms, and ASIL D qualification. The kits include SafeTpack software demonstrating diagnostic library usage
• NXP S32K Safety: S32K3 development platforms with ARM Cortex-M7 lockstep cores, hardware security module, and comprehensive safety documentation supporting ASIL B and ASIL D applications
• Renesas RH850: Development boards for RH850/P1x and RH850/U2x families providing lockstep operation, ECC memory, and safety island architecture for ASIL D systems
• Texas Instruments Hercules: TMS570 and RM4x development kits with dual-core lockstep ARM Cortex-R processors designed from inception for functional safety to IEC 61508 SIL 3
• STMicroelectronics Stellar: Stellar family development platforms supporting automotive safety applications with hardware safety mechanisms and ASIL D capable architecture

Industrial Safety Platforms

Industrial applications require platforms supporting IEC 61508 functional safety standards:

• Safety controller evaluation boards: Development boards featuring safety PLCs with redundant processing, safe inputs/outputs, and SIL 3 certifiable architectures
• Safety relay module development: Platforms for developing safety relay and safety PLC modules meeting EN ISO 13849-1 Performance Level requirements
• Safety drive development kits: Reference designs for developing SIL 2 and SIL 3 motor drive safety functions including safe torque off and safe limited speed
• Functional safety reference implementations: Complete reference designs with certified software demonstrating safety function implementation patterns

Safety Documentation and Evidence

Safety development kits provide extensive documentation supporting certification activities:

• Safety manuals: Detailed documents describing hardware safety mechanisms, assumptions of use, and diagnostic coverage calculations
• FMEDA reports: Failure Modes, Effects, and Diagnostic Analysis quantifying device failure rates and diagnostic coverage
• Development evidence: Documentation of device development process compliance with relevant safety standards
• Application notes: Guidance on implementing specific safety functions and meeting safety requirements
• Certification artifacts: Third-party assessment reports and certificates from accredited certification bodies

AUTOSAR Development Platforms

AUTOSAR (AUTomotive Open System ARchitecture) standardizes automotive software architecture, enabling software component reuse and multi-vendor integration. AUTOSAR development platforms support both Classic Platform for deeply embedded ECUs and Adaptive Platform for high-performance computing applications.

Classic AUTOSAR Development

Classic AUTOSAR targets traditional automotive microcontrollers with static configuration:

• AUTOSAR MCAL: Microcontroller Abstraction Layer software packages from MCU vendors provide standardized hardware access for Classic AUTOSAR
• Basic software bundles: Complete Classic AUTOSAR basic software stacks from vendors like Vector, ETAS, and Elektrobit support development on reference hardware
• Configuration tools: AUTOSAR authoring tools like DaVinci, EB tresos, and ARTOP enable visual configuration of complex software architectures
• Evaluation kits: Hardware platforms pre-integrated with AUTOSAR basic software provide rapid starting points for application development
• Testing support: Hardware-in-the-loop simulation platforms enable comprehensive testing of AUTOSAR-based ECUs

Adaptive AUTOSAR Platforms

Adaptive AUTOSAR addresses high-performance automotive computing with service-oriented architecture:

• High-performance ECU platforms: Development boards based on multi-core ARM Cortex-A processors or automotive-grade SoCs support Adaptive AUTOSAR deployment
• Adaptive AUTOSAR stacks: Software platforms from Vector (MICROSAR Adaptive), ETAS (RTA-VRTE), and Elektrobit (EB corbos) implement Adaptive AUTOSAR specifications
• POSIX-based development: Adaptive AUTOSAR runs on POSIX-compliant operating systems, enabling development on Linux-based platforms
• Container and virtualization: Modern automotive ECU platforms support containerization and hypervisor-based isolation for mixed-criticality systems

AUTOSAR Tool Chains

Complete AUTOSAR development requires integrated tool chains spanning system design to ECU deployment:

• System design tools: SystemDesk, PREEvision, and similar tools support AUTOSAR system architecture definition
• Code generators: Tools generate AUTOSAR-compliant runnable entities from Simulink models or other modeling environments
• Calibration tools: INCA, CANape, and ETAS INCA enable parameter calibration and measurement during development and production
• Diagnostic tools: ODX-based diagnostic authoring and ECU diagnostic development support AUTOSAR diagnostic stacks

Aerospace-Grade Development Systems

Aerospace development platforms meet the stringent requirements of DO-178C software certification and DO-254 hardware certification for airborne systems. These platforms provide documented design assurance evidence supporting certification to the required Design Assurance Level.

DO-178C Compliant Development

Software development for airborne systems follows DO-178C objectives based on criticality level:

• Level A platforms: Development environments for catastrophic failure condition software include certified compilers, qualified tools, and complete traceability infrastructure
• Certified RTOS: VxWorks 653, LynxOS-178, PikeOS, and INTEGRITY-178 tuMP provide DO-178C Level A certified operating system foundations
• ARINC 653 compliance: Aerospace RTOS platforms implement ARINC 653 time and space partitioning for integrated modular avionics
• Qualified compilers: DO-178C compliant compilers from Green Hills, Wind River, and others provide certification credit for generated code
• Structural coverage tools: Qualified coverage analysis tools demonstrate MC/DC coverage required for Level A certification

Aerospace Hardware Platforms

Aerospace development hardware must support rigorous design assurance activities:

• Radiation-tolerant platforms: Development systems based on radiation-hardened processors enable software development for space applications
• DO-254 development boards: Hardware designed with DO-254 compliance in mind facilitates programmable logic development for airborne systems
• Environmental qualification support: Platform documentation supports analysis for DO-160 environmental qualification
• Flight heritage: Development platforms based on devices with flight heritage reduce certification risk

Model-Based Development for Aerospace

Model-based development approaches enhance rigor while managing complexity:

• Simulink with DO-178C: MathWorks provides DO-178C qualification kits for code generation from Simulink models
• SCADE Suite: ANSYS SCADE provides qualified model-based development with DO-178C Level A certified code generator
• Model verification: Tools for formal verification of model properties complement testing with mathematical proof

Medical Device Prototyping Platforms

Medical device development platforms support IEC 62304 software lifecycle processes and integration with IEC 60601 electrical safety requirements. These platforms enable rapid prototyping while maintaining traceability to regulatory requirements.

IEC 62304 Development Environments

Medical device software development follows IEC 62304 process requirements:

• Class C development platforms: Development systems supporting the most stringent Class C requirements include formal methods tools, extensive testing frameworks, and comprehensive documentation generation
• Risk management integration: Platforms integrate with ISO 14971 risk management processes, maintaining traceability from hazards to software safety requirements
• SOUP management: Tools and processes for managing Software of Unknown Provenance, including qualification activities for operating systems and libraries
• Cybersecurity considerations: FDA premarket cybersecurity guidance drives platform requirements for secure boot, encryption, and vulnerability management

Medical Microcontroller Platforms

Microcontroller platforms designed for medical applications include appropriate safety and reliability features:

• Medical-qualified devices: Some microcontrollers receive specific qualification for medical applications with extended temperature range, enhanced documentation, and extended availability commitments
• Isolation and safety: Development platforms demonstrate proper isolation techniques and safe output control required for patient-connected devices
• Battery management: Reference designs for medical-grade battery management support portable device development
• Wireless connectivity: BLE medical profile implementations and WiFi reference designs support connected medical device development

Regulatory Compliance Support

Medical device platforms facilitate regulatory submission preparation:

• Design history file: Documentation systems support FDA 21 CFR Part 820 design control requirements
• Software documentation: Templates and guidance for IEC 62304 software development documentation
• Verification and validation: Testing frameworks supporting comprehensive V&V activities with traceable evidence
• 510(k) and PMA support: Platform documentation suitable for inclusion in FDA premarket submissions

Industrial Safety Controllers

Industrial safety controller platforms enable development of safety functions for machinery and process safety applications according to IEC 62443 industrial security and IEC 61508 functional safety standards.

Safety PLC Development

Programmable safety controller development platforms support certified safety function implementation:

• Safety logic solver platforms: Development environments for SIL 3 certified safety PLCs including redundant processing architectures
• Function block certified libraries: Pre-certified safety function blocks for common safety functions like emergency stop, guard monitoring, and safe speed monitoring
• Safety fieldbus integration: Support for PROFIsafe, CIP Safety, and FSoE protocols enabling distributed safety architectures
• Safety application programming: IEC 61131-3 programming environments with extensions for safety programming following PLCopen safety guidelines

Machine Safety Development

Development platforms for machine safety functions implement EN ISO 13849-1 requirements:

• Safety relay reference designs: Development platforms for compact safety relay modules achieving Performance Level e
• Safe motion control: Reference implementations for SLS (Safe Limited Speed), SOS (Safe Operating Stop), and other drive safety functions
• Light curtain interfaces: Safe input circuits for light curtain and safety sensor integration
• Safety output modules: Safe semiconductor and relay output stage reference designs

Process Safety Applications

Safety instrumented system development for process industries follows IEC 61511:

• SIS development platforms: Safety instrumented system logic solver development environments
• SIF implementation: Reference designs for safety instrumented functions including emergency shutdown and fire and gas detection
• Proof test support: Platforms supporting periodic proof testing required for maintaining SIL
• Hart and fieldbus safety: Safe sensor interface implementations for Hart and Foundation Fieldbus safety

Certification-Ready Hardware

Certification-ready hardware platforms provide development environments where the hardware component has already achieved relevant safety certification, reducing project certification scope to the application software.

Pre-Certified Development Boards

Some development platforms include pre-certification for specific standards:

• IEC 61508 pre-certified: Safety MCU evaluation boards with completed FMEDA and safety manual enabling SIL 2 or SIL 3 system development
• ISO 26262 SEooC: Safety Element out of Context development assumes certain integration requirements documented in safety manuals
• Medical pre-compliance: Development platforms meeting IEC 60601-1 electrical safety requirements simplify medical device development
• EMC pre-compliance: Platforms designed for electromagnetic compatibility reduce EMC certification risk

Certification Ecosystem

Development platform vendors provide certification support services:

• Certification consulting: Guidance from vendors and partners experienced in navigating certification processes
• Assessment support: Assistance preparing for third-party certification body assessments
• Tool qualification: Support for tool qualification activities required when using development tools in certified projects
• Training: Functional safety training covering standards, processes, and platform-specific implementation guidance

Production Transition

Safety-critical development platforms support transition from development to production:

• Production programming: Tools and fixtures for safe, traceable production programming
• End-of-line testing: Reference test implementations validating safety function operation in production
• Component availability: Long-term availability programs ensure component supply throughout product lifecycle
• Change notification: Product change notifications enable proactive management of component changes affecting certified products

Development Tools for Safety-Critical Systems

Beyond hardware platforms, safety-critical development requires specialized software tools that themselves may require qualification for use in certified projects.

Static Analysis Tools

Static analysis identifies potential defects without code execution:

• MISRA compliance: Tools like Polyspace, PC-lint, and Parasoft verify MISRA C/C++ coding standard compliance
• Formal verification: Mathematical proof tools like Astrée and PolySpace prove absence of run-time errors
• Security analysis: Static application security testing (SAST) tools identify vulnerabilities in safety-critical code
• Metrics analysis: Complexity metrics, coupling analysis, and other quality metrics supporting safety arguments

Dynamic Analysis and Testing

Runtime analysis complements static techniques:

• Coverage analysis: Tools measuring statement, branch, MC/DC, and other coverage metrics required by safety standards
• Memory analysis: Detection of memory leaks, buffer overflows, and other memory-related defects
• Timing analysis: Measurement and verification of execution times and deadline satisfaction
• Fault injection: Tools simulating hardware faults to verify fault handling and safety mechanism effectiveness

Requirements and Traceability

Safety projects require complete traceability through all lifecycle phases:

• Requirements management: IBM DOORS, Polarion, and Jama Connect support safety requirements with attributes for hazard association and verification status
• Bidirectional traceability: Linking requirements to design, code, tests, and evidence ensures complete coverage
• Impact analysis: Traceability enables efficient impact analysis when requirements or design changes occur
• Audit support: Generated reports demonstrate traceability for certification audits

Best Practices for Safety-Critical Development

Successfully developing safety-critical systems requires disciplined processes throughout the development lifecycle:

• Early safety planning: Engage safety engineering from project inception. Retrofit safety into existing designs proves far more expensive than designing for safety from the start
• Requirements quality: Safety requirements must be unambiguous, testable, and traceable. Invest in requirements review and validation before implementation
• Defensive programming: Assume hardware will fail and software will have bugs. Implement checking, assertion, and graceful degradation throughout
• Independent verification: Have safety functions reviewed and tested by engineers independent from the developers
• Configuration management: Maintain rigorous version control with complete change history for all artifacts
• Documentation discipline: Generate documentation concurrently with development rather than at project end
• Incremental certification: Plan certification activities throughout development rather than attempting comprehensive assessment at the end
• Lessons learned: Capture and apply experience from previous projects and industry incident reports

Selecting the Right Platform

Choosing a real-time or safety-critical development platform requires careful consideration of multiple factors:

• Target safety standard: Select platforms with documentation and certification support aligned with your applicable standard (ISO 26262, IEC 61508, DO-178C, etc.)
• Integrity level: Higher integrity levels require more sophisticated hardware safety mechanisms and more rigorous development processes
• Tool chain maturity: Evaluate the completeness of the development ecosystem including compiler, debugger, RTOS, and analysis tools
• Vendor support: Safety-critical projects benefit from direct vendor engagement for technical questions and certification guidance
• Production path: Verify that development platform learnings transfer effectively to production hardware
• Long-term availability: Safety-critical products often have long lifecycles requiring extended component availability
• Training and resources: Consider availability of training, application notes, and reference implementations
• Industry experience: Platforms with demonstrated deployment in your target industry reduce certification risk

Related Topics

• Microcontroller Development Platforms
• Development Platforms and Prototyping Tools
• Design, Development, and Manufacturing