Real time embedded FreeRTOS RSS feed 
Homepage FreeRTOS+ Products FreeRTOS Labs Integration Services Contact / Enquiries

SafeRTOS Usage Scenario #3

Multiple Redundant System with SafeXchangeTM of Data


Using SafeRTOS on a single simple architecture microcontroller


Suitability
Higher criticality applications

Description
This is the usage scenario that provides the highest level of fault detection. It provides spacial and temporal separation, and a platform for control, sensing and processing redundancy.

The application is split across two or more microcontrollers that exchange data using a robust protocol with determinable fault detection.


Why Use SafeRTOS in this Scenario?

This scheme can be architected in a number of different ways, with the optimal solution depending on the problem domain. Below is a non-exhaustive list of examples chosen to demonstrate the diversity of options:
  1. Isolate all the safety critical code onto a single microcontroller, and in so doing minimising the amount of code that has to be developed to the highest (and also most lengthy and costly), safety standards.

  2. Execute the entire application on a single microcontroller, with a second microcontroller replicating, monitoring and/or comparing inputs and outputs that have a direct safety impact.

  3. Executing the entire application on both microcontrollers simultaneously, using separate (redundant) sensor inputs. In this architecture, one microcontroller can generate the control outputs, and the other can monitor the generated control outputs.

  4. Extend the previous example by executing different implementations of the entire application on both microcontrollers simultaneously. This adds software implementation redundancy to the already present sensor and actuator redundancy.

This usage scenario provides an alternative to using a large and complex separation kernel on a single processor. Separation kernels are a well understood, trusted, and appropriate solution for many problem domains. They will however result in a sub optimal design if they are used unnecessarily. This is because large separation kernels are themselves more complex, and require the use of more complex, expensive, and power hungry processors, increasing both your development and recurring costs.



[ Back to the top ]    [ About FreeRTOS ]    [ FreeRTOS+ Sitemap ]    [ Main FreeRTOS Sitemap ]    [ ]


Copyright (C) Amazon Web Services, Inc. or its affiliates. All rights reserved.