WITTENSTEIN high integrity systems (WHIS) has long recognised that there is an increasing need for safe, secure, embedded solutions. Our Automotive RTOS package provides responsive, feature rich functionality within a networked environment. SAFERTOS is the perfect Real Time Operating System for the Automotive sector.
- SAFERTOS – Available pre-certified to ISO 26262 ASIL D. A high performance, small footprint RTOS
- SAFECheckpoints – fulfils the requirement of ISO 26262 ASIL C&D software designs to have a runtime monitor
- OSEK OS Adaptation Layer – creating a ‘drop-in’ OSEK OS RTOS package ideal for Automotive designs
See customer reviews, download demos, or contact us to discuss your automotive requirements.
SAFERTOS Pre-Certified to ISO 26262 ASIL D by TÜV SÜD.
SAFERTOS® is available pre-certified to ISO 26262 -2,-6,-8 ASIL D by TÜV SÜD. The perfect Automotive RTOS solution.
The ISO 26262 standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/ Electronic Systems. ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems to ensure the safety requirements are met.
ASIL D is the highest degree of automotive safety rating under this standard. ASIL D and is achieved by performing a risk analysis of a potential hazard that examines the severity, exposure and controllability of the vehicle operating scenario – determining the levels of risk.
When designing SAFERTOS, our engineers have made assumptions about the safety goals and ASIL level required. These safety goals are described within the SAFERTOS Safety Manual along with the installation and integration instructions. Developers using SAFERTOS need to confirm that the safety goals defined by SAFERTOS meet the requirements of their projects.
SAFERTOS supports certification to ISO 26262 -2,-6,-8 ASIL D for use within automotive safety products.
OSEK OS Adaptation Layer (Optional)
OSEK is an open standard, published by a consortium founded by the automobile industry. OSEK was designed to provide a standard software architecture for the various Electronic Control Units (ECUs) in a vehicle.
SAFERTOS® can be supplied with an optional OSEK OS adaptation layer, supporting OSEK OS Conformance Classes BCC1, BCC2, ECC1 and ECC2. This allows SAFERTOS to be used as a drop-in component within OSEK OS compliant systems, which are frequently used within automotive embedded systems.
SAFECheckpoints Runtime Verification Monitoring (Optional)
There is an expectation within ISO 26262 that runtime verification monitors will be used to detect, indicate and handle systematic faults within software rated ASIL C and D.
SAFERTOS® includes a range of built-in error checking routines. Additionally, there is the optional SAFECheckpoints module which provides SAFERTOS with a sophisticated Task Monitoring capability, ensuring the scheduling of Tasks is occurring as intended. The Checkpoints mechanism allows the user to specify timing tolerances for critical sections of code; this can be used to ensure that:
- Periodic tasks run within tolerances.
- Sections of processing within tasks complete on time.
- Interrupt event to handler task processing completes within allowable tolerances.
- Complex functionality involving multiple tasks completes within allowable tolerances.
Individual checkpoints can specify their own call back function or the system error hook can be activated.
- Single shot and Periodic checkpoints can be created.
- Periodic checkpoints can operate in fixed or relative timing modes.
Supported Processors
SAFERTOS® supports all the common architectures used within automotive devices. We have worked closely with Texas Instruments to create a highly optimised port of SAFERTOS for the Hercules safety controller family, with Infineon for the AURIX Tri-core, and with many other semiconductor companies.
To see our currently supported platforms please see our SAFERTOS page, or contact us for the most up to date list.
Free Demos & Manuals
Download fully functional, time-limited SAFERTOS demos, plus manuals, datasheets, and more.
Safety & Performance
Risk reduction is imperative in road vehicle applications that could become life threatening should they fail.
- SAFERTOS® provides high speed and high performance without compromising safety.
- SAFERTOS is a highly deterministic micro kernel that has a minimum ROM footprint in the region of 10 K Bytes.
- SAFERTOS contains no dead or unused code and is statically defined at compile time.
It uses deterministic, pre-emptive, priority-based Task scheduling to ensure the primary safety goal – that the highest priority Task able to execute is the Task currently running. SAFERTOS delivers intrinsic safety checking of key data variables by using inverted mirrored data and enhanced parameter checking.
SAFERTOS contains features that assist designers of safety critical systems. For example, SAFERTOS provides tools allowing developers to add a degree of spatial separation between tasks, which used effectively, can help guard against tasks directly making unintentional or accidental access to incorrect memory regions.
With an imperceptible boot time SAFERTOS is an ideal choice in systems that need to protect users and automotive components from hazards quickly after a power on or brown out event.
Security in Your Automotive Application
Whilst security has always been important, it has become even more of a priority over the last few years. We take cyber security very seriously, and can provide a variety of solutions.
One cyber security risk factor to consider is the length of the supply chain. The more companies you have in your software supply chain, the greater the risk. SAFERTOS® is developed completely in-house here at WHIS, with every line of code accounted for and verified, providing a very strong justification for using SAFERTOS within security applications.
For additional security, we offer SAFECRC Checker, a safety component from WHIS that can be used in conjunction with SAFERTOS. SAFECRC Checker guards against corruption and malicious attack by confirming the correctness of your program memory. More about SAFECRC Checker here.
Automotive Design Assurance Pack
SAFERTOS® is supplied as source code and accompanied by a Design Assurance Pack (DAP). The DAP contains all the design and verification artefacts required to support the standards ISO 26262 ASIL D -2,-6,-8.
SAFERTOS is delivered tailored to your specific processor/compiler combination, removing the need for retesting on the target hardware, and creating a smooth path to certifying SAFERTOS integrated within a product. The DAP ensures:
- No retesting on target hardware is required
- Easy installation and integration into your development environment
- Reduced development costs and improved time to market
- Smooth path to certifying SAFERTOS within an application
Ask Us a Question
For pricing, licensing, or any other sales or product related questions, please contact us.
Support and Services
For every RTOS purchased, we supply 12 months free Support and Maintenance. For any question you want answered, any support or guidance that you need during design decisions, we are right there ready to help you. Our engineers enjoy sharing their engineering experiences, and take great pride in providing a responsive, friendly and helpful service. To see more about the support offered, including technical help and updates, view our support page.
One of the advantages of a Support and Maintenance contract is the re-validation of SAFERTOS®. Once per year, on request, WHIS will re- validate SAFERTOS for a newer version of the compiler, meaning you always have access to the latest tools.
Exceptional High Quality
WHIS uses a high integrity lifecycle to develop, maintain and support SAFERTOS® and its Design Assurance Packs that’s supported by a deeply institutionalised Quality Management System (QMS). Work started on the QMS in 1999, when WHIS was developing flight control systems. Over the subsequent years WHIS has developed its QMS to encompass the range of applications and standards it supports today, as demand for its products and services has broadened and deepened.
Lloyds Register LRQA UK independently certifies the WHIS QMS to ISO 9001, with the applicable scope:
“Design, development, installation and support of high integrity systems and software for medical, aviation and industrial applications.”
Lloyds Register LRQA UK
Beyond SAFERTOS for Automotive
- SAFERTOS CORE: for automotive devices that only need to consider safety and don’t require full certification.
- Safety Plugins: bring greater robustness to safety critical automotive designs. WHIS Safety components are available with a Design Assurance Pack supporting certification to automotive standards.
- Board Support Packages and Drivers: delivered either as commercial grade components, or with a Design Assurance Pack supporting submissions and certifications.
- Training: maximise the use of your RTOS and increase development proficiency by attending one of our comprehensive training courses.
- Peer review services: sometimes just a few hours of consultancy to review a preliminary automotive design, and check the proposed design approach is taken is correct, can deliver significant benefits to the outcome of a project.
- Consultancy services: designed to support our automotive customers, allowing us to share our knowledge and experience of automotive device development to help optimise the final design, improve the design processes and smooth the route to certification.