In today's global economy, industrial control and automation systems need to maximize system throughput and quality of output—while at the same time continually striving to lower operational costs. Beyond functional requirements, today's systems must run at peak efficiency and be completely secure from external influences that could disrupt safe and optimal operation. Reliability, safety, and security are critical as the consequences of failure may be human lives or significant revenue loss.
The Green Hills Platform for Industrial Safety provides a complete solution for building the software components of safe, secure, and reliable control systems—even those that require certification up to the demanding IEC 61508 Safety Integrity Level 4 (SIL 4). The Platform is equally applicable to other safety- and security-critical domains:
- automotive (ISO 26262)
- railway (EN 50128)
- nuclear energy (IEC 61513)
- Applications of mixed criticality can be safely and securely separated
- Faster time-to market
- Reduced certification effort & program risk
- Lower cost of goods and certification through consolidation of multiple levels of criticality onto a single CPU
The INTEGRITY real-time operating system (RTOS) provides the foundation for the Platform. For applications requiring IEC 61508 certifications, a pre-certified IEC 61508 SIL 3 RTOS kernel is available. IEC 61508 is an international standard for the functional safety of electrical/electronic, programmable electronic systems (PES) and is well established in the industrial process control and automation industry.
Because IEC 61508 serves as the meta-standard for a range of industries and published standards, the Platform for Industrial Safety is directly applicable to railway (CENELEC EN 50128), medical (IEC 60601), nuclear (IEC 61513), process control (IEC 61511), and automotive (ISO 26262).
Safety Critical components require the most scrutiny and can be the most expensive in terms of time, cost, and certification effort. For software components, IEC 61508 requirements are met by employing a rigorous, systematic development process that emphasizes traceability, criticality analysis, validation, and verification procedures.
The INTEGRITY IEC 61508 SIL 3 certified kernel has been developed according to a systematic development process based on ISO 9001/90003/12207 quality management processes and procedures as well as the IEC 61508 life cycle. This process emphasizes requirements traceability, design control, risk analysis, and validation. The resulting life cycle documentation and records, as well as source code, are optionally available to support the developer's development and certification activities.
INTEGRITY separation kernel architecture
INTEGRITY is the first RTOS to provide separation kernel technology enabling industrial automation and control applications of varying levels of criticality to be safely and securely separated, even if they run on the same processor.
INTEGRITY achieves this secure application separation by providing the developer with capabilities for complete time, space, and resource partitioning between applications. With this architecture it is possible to divide application software into components of various criticality levels and be assured that a failure in a non-critical component—such as a display or communication stack—cannot cause a failure in a critical component—such as a process controller.
INTEGRITY is also a true, hard real-time, deterministic, operating system that never sacrifices real-time performance for security and protection. INTEGRITY can respond to events in nanoseconds, guaranteed.
The INTEGRITY Safety Manual provides guidelines on usage of INTEGRITY in safety system applications and outlines the robust set of Application Programming Interfaces (APIs) that are available for use.
INTEGRITY is fully integrated with a complete range of feature-rich middleware components for interaction with other applications and systems in the industrial device environment.
- Networking support. A complete suite of integrated networking and communications products is provided with INTEGRITY. INTEGRITY supports a variety of wired, wireless, and industrial networking communications protocols as well as the latest secure communications protocols. These protocol stacks and security components can be placed in secure partitions with access given to only authorized applications.
- USB. High-performance USB solutions provide both host and device (function) support and include numerous class drivers and example applications (source code provided for stacks and drivers).
- File systems. INTEGRITY's Virtual File System (VFS) framework makes it easy to add and remove support for various file system formats and media types. The VFS server supports UNIX-like file systems, DOS/FAT 12/16/32, ISO 9660, and a Partitioning Journaling File System (PJFS) that provides data resiliency against power failures and unexpected power interruptions. Wear Leveling Flash Storage (WLFS) for both NOR and NAND device file types is also supported.
- Industrial Protocols. INTEGRITY has been integrated with common industrial field bus and Ethernet-based protocols such as PROFIBUS, CANopen, EtherNet/IP™, PROFINET, and EtherCAT from leading providers such as acontis, IXXAT, KW-Software, and Molex.
- IEC 61131. INTEGRITY supports the open PLC programming language with run time environments from 3S-Software and KW-Software. With INTEGRITY's strong separation policies it is possible to host multiple independent soft PLCs in a single system.
- Embedded databases. Green Hills Software has integrations with several leading embedded database providers to fit a variety of application needs. The database solutions for INTEGRITY range from those with extremely small footprints, to distributed databases with real time updates, to full-featured SQL-compliant databases.
- Embedded Firewall Technology. Icon Labs' Floodgate – Packet Filter™ embedded firewall technology adds another layer of security to the Platform for Industrial Safety, allowing networked devices to control the packets they process and protecting those devices against potentially malicious attacks. Floodgate offers both rules-based filtering such as white-listing and black-listing, as well as threshold-based filtering protecting against denial of service attacks and broadcast storms. Floodgate also provides Stateful Packet Inspection (SPI), allowing filtering decisions based on the state of the connection for greater protection.
- Graphics. INTEGRITY offers extensive support for embedded graphics development spanning deeply embedded, small footprint 2D graphics to advanced 3D environments with OpenGL. HMI development tools, services, and graphics drivers from Altia, ALT Software, DiSTi, Esterel, Freescale PEG, and Digia Qt round out the extensive offering from our partner ecosystem.
The Green Hills Platform for Industrial Safety incorporates best-in-class tools to aid in all stages of the software development life cycle.
Green Hills Software's MULTI integrated development environment (IDE) has led the industry for decades with tools that dramatically improve debugging productivity. By using MULTI, developers can:
- Produce a reliable product. The faster you can find bugs, the more you can fix.
- Reduce development cost. If you save time debugging, you can speed your time to market even while developing a superior product.
The MULTI toolchain has been certified to meet the highest levels of tool qualification specified in the IEC 61508:2010 (Industrial), EN 50128:2011 (Railway) and ISO 26262:2011 (Automotive) functional safety standards. MULTI is the only commercially available toolchain certified to satisfy both SIL 4 (Safety Integrity Level) and ASIL D (Automotive Safety Integrity Level) tool qualification requirements.
MULTI supports more target processors, operating systems, and third-party tools than any other IDE—making it ideal for enterprise-wide use. By using a common set of development tools across projects, industrial device developers can more easily share code or move between projects without compromising productivity. With MULTI, you can develop code in C, C++, EC++, MISRA C and Ada95.
Green Hills Software's TimeMachine Suite extends MULTI's capabilities by enabling visual analysis of execution to improve application reliability and shorten development time. Industrial system software developers can use these tools for code coverage testing, forward and backward debugging, performance profiling, and source-level verification.
SysML/UML modeling & code generation
The IBM Rational Rhapsody Model-driven Development Environment based on SysML (System Modeling Language) and UML 2.0 (Unified Modeling Language) helps software teams move from requirements through system architecture phase with advanced modeling tools. Rhapsody is capable of fully modeling system architectures across any discipline and allows the execution, implementation and testing of those models in an easy push button environment.
Tightly integrated with MULTI and INTEGRITY, Rhapsody can generate code for INTEGRITY-based systems from the models created with UML. You can also debug Rhapsody models side-by-side with generated source code in MULTI.
SCADE software modeling & IEC 61508
certified code generation
Esterel Technologies' SCADE Gateway for Rhapsody bridges SysML, UML and safety-critical software development, thus enabling a complete workflow from high-level system requirements down to IEC 61508 certified generated code. An IEC 61508 certified SCADE KCG C code generator can produce code for the INTEGRITY RTOS at any time in the development cycle. Using a pre-validated code generator eliminates the need for low level unit testing for this code. SCADE is also ideal for final development of the algorithmic safety critical functions of a system (e.g., a control function). High level SysML/UML models can be imported from Rhapsody and refined in the SCADE graphical modeling/simulation environment.
Software test & code coverage
VectorCAST line of products—which are integrated with both INTEGRITY and MULTI—reduce the burden placed on individual industrial device developers by automating and standardizing application component level testing—the next generation of intelligent test tools. VectorCAST is a world class integrated software test solution that automates the tasks associated with testing software components for C/C++, Embedded C++, and Ada83/Ada95 programs. Automation includes: complete test harness construction, test generation, test execution, code coverage analysis, regression testing and static measures for code complexity and basis path analysis.
The Platform for Industrial Safety offers comprehensive services to complement the product offering. In addition to IBM, Esterel Technologies, and Vector Software, Green Hills has partnered with both TÜV and exida—leaders in the field of safety systems methodology—to provide another layer of safety, reliability, and automation expertise to our clients. As a result, we can provide the end-to-end services required to develop highly reliable embedded software for safety-critical devices and meet a range of certification requirements.
- Analysis and reports—functional safety management, safety life cycle, FMEA, FMEDA, HAZOP, cyber-security
- Automation solutions for safety-critical problems Equipment certification assistance for IEC and CENELEC electrotechnical standards
- Custom engineering for functional safety
- Certified Safety Board Support Package and device driver development
- Training—FMEA, FMEDA, HAZOP, IEC 61508; Certified Functional Safety Expert (CFSE) exam preparation
Tools and RTOS support
The following services are available for INTEGRITY, MULTI, µ-velOSity, VectorCAST, and Rhapsody:
- Tools training
- Quick start consulting—delivery, installation, configuration
- Best practices assessment for use of tools
- Product customization
- Life cycle documentation/process support
- Supplier quality system audit services (at Green Hills Software site)
- Validation services to support customer's INTEGRITY based software validation