Safe motor controller in a mixed-critical environment with runtime updating capabilities

Safety-critical systems and certification standards are the bare essential elements for the development process of avionics,automotive and industrial embedded systems. The necessity of including non-safety capabilities to reduce the price of these systems has resulted in a new type of critical systems,the mixed-criticality ones. These systems should be able to execute safety-critical applications but,at the same time,to run non-safety-critical functionalities without affecting the integrity of the safety-critical tasks. This paper presents a new system architecture which includes safety- critical and non-safety-critical parts in order to form a mixed-criticality system. The system consists of a reliable platform with a dual-core processor (implemented using a FPGA) architecture designed as open-hardware,running two isolated real time oper ating systems which are connected through a safe core-to-core communication channel that executes the safety-critical applications. Moreover,the safety-critical system is connected to an external processor,an ARM9,which is used as an external sensing system. The ARM9 runs the non-safety-critical applications and allows the system to insert modifications updating without affecting the safety capabilities of the safety- critical part. This platform is described providing evidences of the isolation between safety-critical (SC) and non-safety-critical (NSC) applications,as well as describing an updating methodology for non-safety-critical applications. This system is validated using a complete and reliable application for safe emergency stop applications for in- dustrial machinery.