Peter Vranken

"Safe" RTOS for e200z4, technically ISO26262 compliant

Discussion created by Peter Vranken on Sep 9, 2019

As a matter of fact, the Internet is flooded with Open Source RTOS implementations and nobody here in the forum will be waiting for just another one. However, the choice of Open Source RTOSs reduces significantly if they need to comply with the demands of a relevant safety standard, like ISO 26262.


In GitHub, project TRK-USB-MPC5643L, LSM/safe-RTOS-VLE, you can find an Open Source RTOS which fulfills the technical requirements of ISO 26262 in that it can safely host processes of different criticality level, and without fearing that a failure in one such process would harm the proper execution of the other processes.

The RTOS has been made for NXP's MPC5643L; all tools, code, build and debugger scripts and samples will run out of the box for this derivate but the RTOS itself should be easily portable to other NXP micros with e200z4/7 core.


To meet the safety demands, the RTOS makes use of MMU/MPU and IVOR handlers, has a privileges concept for its potentially safety critical services, runs application code generally in user mode and specifies a driver model, which permits to extend the safety concept of the RTOS to the (user provided, not included) implementation of needed I/O drivers.

Even if it sounds like a contradiction: The RTOS is kept structurally very simple and lean, which strongly supports the required code inspections in a safety aware development environment.

To become a bit more concrete, let's have a look at a meaningful test case. In one of the processes a task repeatedly tries to execute this code:


    const uint32_t address = random();
    ((void (*)(void))address)();


... and of course it fails (nearly) each time. The kernel catches all possible exceptions caused by this code and and properly reports the failures through its diagnostic API. The other processes continue to run fine: their data objects are not touched and their timing is kept.

Please have a look!