Arm's new runtime software system to accelerate development of safety applications on Cortex-M devices

Building on the wide popularity of Arm-based SoCs in markets such as automotive, industrial and healthcare, we are thrilled to announce Arm’s own, highly optimized runtime software components for use in safety-related and safety-critical applications. The new runtime software system for functional safety includes a certified version of the popular Keil RTX5 real-time operating system (RTOS), hand-tuned C library functions and an extensive set of documentation to support product safety certification activities. Combined with the TÜV-certified Arm Compiler toolchain and software test libraries (STL), the runtime components provide a reliable, more secure, and highly optimized software platform to enable engineers to shift their efforts from low-level software layers onto the value-add application code, enhancing engineering efficiency and time to market for safety critical tasks.

Keil RTX5 RTOS diagram

Cortex-M runtime system for safety-critical systems

Designed for engineering efficiency

Keil RTX is a time-deterministic RTOS that allows developers to create programs that simultaneously perform multiple functions. It also helps developers create applications that are better structured and more easily maintained. Generally, an RTOS manages multiple application tasks, or threads, which results in a priority-based, pre-emptive scheduling for real-time responsiveness. As safety-critical systems evolve in complexity, the benefits of RTOS technology become evident.

If an RTOS is used in a safety-critical system, however, embedded engineers are challenged to comply with regulatory requirements that imply documentation and testing of the software that is developed. To simplify and accelerate software development for safety applications requiring certification, Arm has been working with TÜV SÜD on the certification of RTX according to safety standards ISO 26262 up to ASIL D for automotive, and IEC 61508 up to SIL 3 for industrial.

Designed for safety 

During the development of Keil RTX5, we considered several safety relevant aspects which means its kernel has provisions that naturally improve the reliability of an embedded application:

  • Thread and handler mode: the RTOS kernel executes in handler mode with stack separation to avoid unexpected stack loads.
  • Time-deterministic interrupt execution: RTX5 utilizes the LDEX/STEX instruction available on most Cortex-M processors and therefore user interrupts are never disabled.
  • Runtime check of kernel objects: object identifiers are validated at runtime for type-mismatches and are protected from inadvertently accesses by the user application.
  • Stack overrun checking: RTX fills the top of a thread stack with a known value and verifies that this known value is not overwritten during a thread switch.
  • Object-specific memory pools: dedicated fixed-size memory management for each object type avoids memory fragmentation during runtime and makes object creation and destruction time deterministic.
  • Static object memory allocation: optionally, the user application may provide static memory for kernel objects, which guarantees that the RTOS system can never run out of storage during runtime.
  • MISRA C:2012 compliance: RTX is written in C using C99 language extensions with MISRA C:2012 guidelines being been applied to it.

Process Protection

Many Cortex-M processor-based microcontrollers include a Memory Protection Unit (MPU) to allow isolation of memory and peripheral accesses from various processes. The safety certified RTX variant, provides optional MPU support that further improves the safety aspects of embedded applications with integrated process isolation.

To simplify the system setup and process protection for data and peripherals, Arm has introduced a new CMSIS component: CMSIS-Zone. This technology includes an interactive tool to seamlessly manage system configuration, and is suitable for single and multi-processor environments. This tool gives an overview of all available system resources and aids the software architect with the assignment of processor core, memory, and peripherals to independent project zones. At project level, the memory and peripherals can be further assigned to execution zones with MPU regions for safe process execution.


The runtime system for functional safety, comprising Keil RTX5, Arm Functional Safety C library, Safety Manual, Safety Case Report and TÜV certificate, is expected to become available in June 2018.

The certification enables the use of the runtime system in projects that run on Arm Cortex-M0, Cortex-M0+, Cortex-M3, Cortex-M4 and Cortex-M7, and target certification according to ISO 26262 and IEC 61508 up to ASIL D and SIL 3, respectively. Certification for Cortex-M23 and Cortex-M33 is planned for 2019.

Learn More