Green Hills Platform for Industrial Safety

A complete solution for building safe, secure, reliable systems

The Green Hills Platform for Industrial Safety provides a complete solution for building the software components of safe, secure, and reliable control systems—even those that require certification up to the demanding IEC 61508 Safety Integrity Level 4 (SIL 4). The Platform is equally applicable to other safety- and security-critical domains:

• automotive (ISO 26262)
• railway (EN 50128)
• nuclear energy (IEC 61513)

Key benefits:

• Faster time-to-market
• Reduced certification effort and program risk
• Lower costs of goods and certification through consolidation of mutlple levels of criticality onto a single CPU

IEC 61508 SIL 3-certified RTOS

The INTEGRITY RTOS provides the foundation for the Platform. For applications requiring IEC 61508 certifications, a TÜV-certified IEC 61508 SIL3 RTOS kernel is available. IEC 61508 is an international standard for the functional safety of electrical/electronic, programmable electronic systems (PES) and is well established in the industrial process control and automation industry.

Because IEC 61508 serves as the meta-standard for a range of industries and published standards, the Platform for Industrial Safety is directly applicable to railway (EN 50128-CENELEC), medical (IEC 60601), nuclear (IEC 61513 and process control (IEC 61511).

Safety Critical components require the most scrutiny and can be the most expensive in terms of time, cost, and certification effort. For software components, IEC 61508 requirements are met by employing a rigorous, systematic development process that emphasizes traceability, criticality analysis, validation, and verification procedures.

Proven in safety-critical systems

INTEGRITY and INTEGRITY-178B have been deployed in a wide range of safety-critical systems, including

• multiple DO-178B level A certified systems
• FDA-approved Class II/III medical devices
• IEC 61508 SIL 3 certified systems

The INTEGRITY IEC 61508 SIL3 certified kernel has been developed according to a systematic development process based on ISO 9001/90003/12207 quality management processes and procedures as well as the IEC 61508 life cycle. This process emphasizes requirements traceability, design control, risk analysis, and validation. The resulting life cycle documentation and records, as well as source code, are optionally available to support the developer's development and certification activities.

INTEGRITY separation kernel architecture

INTEGRITY is the first RTOS to provide complete support for industrial automation and control applications containing software of multiple levels of safety criticality (Safety Critical, Safety Relevant, Interference Free) running concurrently on a single microprocessor. With INTEGRITY, multiple software applications can share a common hardware platform and developers can design applications such that an error or failure in one application cannot negatively impact the operation of other applications.

INTEGRITY achieves this secure application separation by providing the developer with capabilities for complete time, space, and resource partitioning between applications. With this architecture it is possible to divide application software into components of various criticality levels and be assured that a failure in a non-critical component—such as a display or communication stack—cannot cause a failure in a critical component—such as a process controller.

The INTEGRITY Safety Manual provides guidelines on usage of INTEGRITY in safety system applications and outlines the robust set of Application Programming Interfaces (APIs) that are available for use.

Integrated middleware

INTEGRITY is fully integrated with a complete range of feature-rich middleware components for interaction with other applications and systems in the industrial device environment.

• Networking support. A complete suite of integrated networking and communications products is provided with INTEGRITY. INTEGRITY supports a variety of wired, wireless, and industrial networking communications protocols as well as the latest secure communications protocols. These protocol stacks and security components can be placed in secure partitions with access given to only authorized applications.
• Industrial Protocols. INTEGRITY has been integrated with common industrial field bus and Ethernet-based protocols such as PROFIBUS, CANopen, EtherNet/IP™, PROFINET, and EtherCAT from leading providers such as acontis, IXXAT, KW-Software, and Molex.
• IEC 61131. INTEGRITY supports the open PLC programming language with run time environments from 3S-Software and KW-Software. With INTEGRITY's strong separation policies it is possible to host multiple independent soft PLCs in a single system.
• USB. High-performance USB solutions provide both host and device (function) support and include numerous class drivers and example applications (source code provided for stacks and drivers).
• File systems. INTEGRITY's Virtual File System (VFS) framework makes it easy to add and remove support for various file system formats and media types. The VFS server supports UNIX-like file systems, DOS/FAT 12/16/32, ISO 9660, and a Partitioning Journaling File System (PJFS). Along with file system support, Wear Leveling Flash Storage (WLFS) for both NOR and NAND device file types is supported, providing resiliency against power failures and unexpected power interruptions.
• Embedded databases. Green Hills Software has integrations with several leading embedded database providers to fit a variety of application needs. The database solutions for INTEGRITY range from those with extremely small footprints, to distributed databases with real time updates, to full-featured SQL-compliant databases.
• Embedded Firewall Technology. Icon Labs' Floodgate—Packet Filter™ embedded firewall technology adds another layer of security to the Platform for Industrial Safety, allowing networked devices to control the packets they process and protecting those devices against potentially malicious attacks. Floodgate offers both rules-based filtering such as white-listing and black-listing, as well as threshold-based filtering protecting against denial of service attacks and broadcast storms. Floodgate also provides Stateful Packet Inspection (SPI), allowing filtering decisions based on the state of the connection for greater protection.
• Graphics. INTEGRITY offers extensive support for embedded graphics development spanning deeply embedded, small footprint 2D graphics to advanced 3D environments with OpenGL. HMI development tools, services, and graphics drivers from Altia, ALT Software, Digia, DiSTi, Esterel, Freescale PEG, and Nokia Qt round out the extensive offering from our partner ecosystem.

Development Tools

The Green Hills Platform for Industrial Safety incorporates best-in-class tools to aid in all stages of the software development life cycle.

MULTI IDE
Green Hills Software's MULTI integrated development environment (IDE) provides the industry's most powerful and proven tools for developing embedded software with total reliability, maximum performance, and minimum code size. With MULTI's sophisticated, intuitive capabilities, you can develop, debug, and optimize code more quickly, significantly reducing both development cost and time.

MULTI supports more target processors, operating systems, and third-party tools than any other IDE—making it ideal for enterprise-wide use. By using a common set of development tools across projects, industrial device developers can more easily share code or move between projects without compromising productivity. With MULTI, you can develop code in C, C++, EC++, MISRA C and Ada95.

Green Hills Software's TimeMachine Suite extends MULTI's capabilities by enabling visual analysis of execution to improve application reliability and shorten development time. Industrial system software developers can use these tools for code coverage testing, forward and backward debugging, performance profiling, and source-level verification.

SysML/UML modeling & code generation
The IBM Rational Rhapsody Model-driven Development Environment based on SysML (System Modeling Language) and UML 2.0 (Unified Modeling Language) helps software teams move from requirements through system architecture phase with advanced modeling tools. Rhapsody is capable of fully modeling system architectures across any discipline and allows the execution, implementation and testing of those models in an easy push button environment. Tightly integrated with MULTI and INTEGRITY, Rhapsody can generate code for INTEGRITY-based systems from the models created with UML. You can also debug Rhapsody models side-by-side with generated source code in MULTI.

SCADE software modeling & IEC 61508 certified code generation
Esterel Technologies' SCADE Gateway for Rhapsody bridges SysML, UML and safety-critical software development, thus enabling a complete workflow from high-level system requirements down to IEC 61508 certified generated code. An IEC 61508 certified SCADE KCG C code generator can produce code for the INTEGRITY RTOS at any time in the development cycle. Using a pre-validated code generator eliminates the need for low level unit testing for this code. SCADE is also ideal for final development of the algorithmic safety critical functions of a system (e.g., a control function). High level SysML/UML models can be imported from Rhapsody and refined in the SCADE graphical modeling/simulation environment.

Software test & code coverage Vector Software's
VectorCAST line of products—which are integrated with both INTEGRITY and MULTI—reduce the burden placed on individual industrial device developers by automating and standardizing application component level testing—the next generation of intelligent test tools. VectorCAST is a world class integrated software test solution that automates the tasks associated with testing software components for C/C++, Embedded C++, and Ada83/Ada95 programs. Automation includes: complete test harness construction, test generation, test execution, code coverage analysis, regression testing and static measures for code complexity and basis path analysis.

Platform services

The Platform for Industrial Safety offers comprehensive services to complement the product offering. In addition to IBM, Esterel Technologies, and Vector Software, Green Hills has partnered with exida.com, a leader in the field of safety systems methodology, to provide another layer of safety, reliability, and automation expertise to our client—bringing the end-to-end services required to develop highly reliable embedded software for safety-critical devices and meet a range of certification requirements.

Development services

• Analysis and reports—functional safety management, safety life cycle, FMEA, FMEDA, HAZOP, cyber-security
• Automation solutions for safety-critical problems Equipment certification assistance for IEC and CENELEC electrotechnical standards
• Custom engineering for functional safety
• Certified Safety Board Support Package and device driver development
• Training—FMEA, FMEDA, HAZOP, IEC 61508; Certified Functional Safety Expert (CFSE) exam preparation

Tools and RTOS support
The following services are available for INTEGRITY, MULTI, µ-velOSity, VectorCAST, and Rhapsody:

• Tools training
• Quick start consulting—delivery, installation, configuration
• Best practices assessment for use of tools
• Product customization
• Life cycle documentation/process support
• Supplier quality system audit services (at Green Hills Software site)
• Validation services to support customer's INTEGRITY based software validation