Safe motor controller in a mixed-critical environment with runtime updating capabilities

Safety-critical systems and certification standards are the bare essential elements for the development process of avionics,automotive and industrial embedded systems. the necessity of including non-safety capabilities to reduce the price of these systems has resulted in a new type of critical systems,the mixed-criticality ones. these systems should be able to execute safety-critical applications but,at the same time,to run non-safety-critical functionalities without affecting the integrity of the safety-critical tasks. this paper presents a new system architecture which includes safety- critical and non-safety-critical parts in order to form a mixed-criticality system. the system consists of a reliable platform with a dual-core processor (implemented using a fpga) architecture designed as open-hardware,running two isolated real time oper ating systems which are connected through a safe core-to-core communication channel that executes the safety-critical applications. moreover,the safety-critical system is connected to an external processor,an arm9,which is used as an external sensing system. the arm9 runs the non-safety-critical applications and allows the system to insert modifications updating without affecting the safety capabilities of the safety- critical part. this platform is described providing evidences of the isolation between safety-critical (sc) and non-safety-critical (nsc) applications,as well as describing an updating methodology for non-safety-critical applications. this system is validated using a complete and reliable application for safe emergency stop applications for in- dustrial machinery.