Keil Logo

Keil RTX5 RTOS for safety-critical applications

Learning Platform

The use of an RTOS in a safety-critical system demands that the RTOS component also undergoes rigorous verification. In cases when regulatory certification is mandatory this also implies specific documentation and testing processes against required safety standards. 

To enable the product safety certification where required, Arm has been working with TÜV on the qualification of RTX5 RTOS according to safety standards ISO 26262 up to ASIL D for automotive and IEC 61508 up to SIL 3 for industrial.

 


Keil RTX RTOS

Keil RTX is a royalty-free, deterministic real-time operating system for Arm Cortex processor-based devices. It reliably manages multiple application threads with priority-based, pre-emptive scheduling.

RTX offers many services needed in real-time applications, such as periodical activation of timer functions, memory management, and message exchange between threads with time limits.

RTX5 RTOS is available as part of CMSIS and supports all Arm Cortex-M processors and Cortex-A5/A7/A9 processors.


Designed for safety

During the development of Keil RTX5, the engineering team considered several safety relevant aspects. The RTX kernel has therefore provisions that naturally improve the reliability of an embedded application:

  • Thread and handler mode: the RTOS kernel executes in handler mode with stack separation which avoids unexpected stack loads.
  • Time-deterministic interrupt execution: RTX5 utilizes the LDEX/STEX instruction available on most Cortex-M processors and therefore user interrupts are never disabled.
  • Runtime check of kernel objects: object identifiers are validated at runtime for type-mismatches and are protected from inadvertently accesses by the user application.
  • Stack overrun checking: RTX fills the top of a thread stack with a known value and verifies that this known value is not overwritten during a thread switch.
  • Object-specific memory pools: dedicated fixed-size memory management for each object type avoids memory fragmentation during runtime and makes object creation and destruction time deterministic. 
  • Static object memory allocation: optionally, the user application may provide static memory for kernel objects, which guarantees that the RTOS system can never run out of storage during runtime.
  • MISRA C:2012 compliance: RTX is written in C using C99 language extensions with MISRA C:2012 guidelines being been applied to it.

To enable the product safety certification where required, Arm has been working with TÜV on the qualification of RTX5 RTOS according to safety standards ISO 26262 up to ASIL D for automotive and IEC 61508 up to SIL 3 for industrial applications.

Designed for security

Many Cortex-M processor-based microcontrollers include a Memory Protection Unit (MPU) which allows to isolate memory and peripheral accesses from various processes. The safety certified RTX variant, provides optional MPU support that further improves the safety aspects of embedded applications with integrated process isolation.

To simplify the system setup and process protection for data and peripherals, Arm has introduced a new CMSIS component: CMSIS-Zone. It includes an interactive tool that seamlessly manages system configuration and is suitable for single and multi-processor environments. This tool gives an overview of all available system resources and aids the software architect with the assignment of processor core, memory, and peripherals to independent project zones. At project level, the memory and peripherals can be further assigned to execution zones with MPU regions for safe process execution.

Designed for engineering efficiency

RTX has been specifically designed for embedded systems and thus uses the minimum amount of system memory, with a memory footprint as small as 5 KB (ROM). 

RTX makes use of the Cortex-M thread and handler modes. The RTX kernel itself executes in privileged handler mode with stack separation. Kernel function execution does not require additional stack on the user thread which avoids unexpected stack loads. User application threads execute in unprivileged thread mode. This allows the system to continue operation even if a non-privileged task has failed. 

Time-deterministic interrupt execution is key for real-time applications. RTX utilizes the LDEX/STEX instructions that are available on most Cortex-M processors and therefore user interrupts are never disabled. This guarantees time-deterministic behavior and thus improves the reliability of the overall system. 

  Arm logo
Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

Change Settings

Privacy Policy Update

Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.