The world of medical electronics is shifting fundamentally. Where equipment designs have traditionally lasted 20 years, more innovation is now demanded. With new features and new versions being developed more quickly, more focus is being put on cost effective implementation.
This means more innovation is moving to the software domain, which is creating significant challenges in a sector where safety is critical. While some software elements have to remain fixed, providing verified safety critical functions, other elements can introduce new functionality while keeping the hardware fixed to comply with various medical standards.
Addressing safety concerns is vital, but it has been expensive and slow to take advantage of the changes in the performance and cost of electronics systems.
New approaches – such as multicore processors and hypervisor software technology – are key enablers, driving consolidation of hardware and software while providing a mechanism for enhancing safety to IEC61508 standards.
In medical applications, there is an increase in the use of complex equipment for diagnostics, with machines supporting automated report generation and networking while reducing costs.
Traditionally, these areas have been upgraded with separate hardware systems; in particular, to conform to medical standards such as IEC60601 and ISO14971. This architecture has used one board for the safety critical elements, often hardwired without software or with simple software that is well-established and proven over many years, and a second board to add the non critical functions.
While this has been adequate in the past, adding new standards and new features – as well as cost and space reduction – means the two board approach is no longer viable. Now, features added to software must be proven and compliant with safety critical standards as directed by the US Food and Drug Administration or its European counterpart, where standards such as IEC62304 define software life cycle processes.
Multicore devices are a key way to tackle these demands. These devices are now becoming available for the embedded market with the performance and support for the five to ten years demanded by the market. However, they still take advantage of the availability of commercial operating systems and application software, along with the cost reduction and integration driven by the pc and enterprise markets.
Using multiple processor cores can provide a way of consolidating the existing board architecture onto one board, using one core for safety critical software and other cores for other non critical functions.
This is all very well in principle, but designing a system using this 'bare metal' approach can take time, money and a large, experienced design team. It also requires certification evidence to be developed with many thousands of lines of test and verification code.
With new features being introduced more quickly, certification of safety software is changing from a 'proven in use' model to a more formal tools oriented model. This is, perhaps, the biggest shift in this market, leaving developers unsure of how to approach these changes and how to know their investment in software and tools will ensure certification while extending to third party software components.
This is driving a move to new software approaches, such as the hypervisor. This allows different operating systems to run on different cores on a single platform, allowing the designer to make use of a wider range of third party software alongside legacy safety critical software. Often, this safety critical software can run on a dedicated processor while others are running a real time or a non real time operating system. Different levels of criticality on the same system platform or processor also drive the need to combine off the shelf software with an RTOS specialised for device certification.
Consolidated platforms will drive the need for a variety of OS platforms. RTOSs have a greater advantage when considering determinism and decreased complexity than, say, Linux, which makes them an ideal candidate for certification. Linux has advantages when implementing rapidly evolving consumer communication standards or graphical user interfaces. It therefore makes sense to use both on the same system and hypervisors make this a real possibility.
However, the issue of support arises. Too often, manufacturers attempt to cobble together free Linux distributions instead of choosing a supported and validated commercial distribution. The complexity of Linux and the business challenges are underestimated. Training, stability of the distribution, open standard compliance, indemnification, documentation and scalability are just some of the pitfalls.
Linux provides the ability to partition safety and non safety critical elements of the same application on a single hardware platform. It also provides high potential for features and innovative middleware, often adding a layer of complexity if safety is required.
Hypervisor technology makes it possible to consolidate Linux and RTOSs at the software layer, allowing safety and non safety applications to run on the same hardware platform. Multicore processor technology, together with hypervisors, enables multiple operating systems to run concurrently on the same hardware platform but in partitioned, protected spaces.
At the same time, safety critical tasks can operate within a certified application in an RTOS like VxWorks, with communication protocols running under VxWorks or Linux and perhaps another OS. Hypervisor technology enables simpler porting of legacy applications because the partitioned architecture allows different versions of the same OS to run simultaneously. So existing code can run unchanged, while new code can make use of the added features in new versions.
But using multiple OSs creates difficulties if separate toolchains need to be used. This can slow down development and lead to the risk of more bugs – a major issue for a safety critical medical system.
The medical sector is part of the industrial market, which comprises of six independent areas with similar requirements. All these sectors are seeing similar demands. For example, new factories or plants need to be built more quickly, while maintaining quality and safety standards. Similarly, in robotics, manufacturers are adding differentiation while ensuring safe operations with increased uptime. Machine tools, meanwhile, need to integrate common pc software while adding secure connections to other equipment.
A consolidated toolchain such as Wind River Workbench, based on the Eclipse open framework, supports the trend toward multiple OSs, allowing applications targeting different OSs to be developed at the same time in the same environment. The concept allows unitary testing or static analysis tools to be used, providing a benefit to development teams. The openness of the Eclipse framework, allowing other tools to be integrated with it, is now becoming key to machine developers.
The combination of multicore hardware, OSs specialised for device certification, hypervisor software and a consolidated, but open, development toolchain are key to providing the support medical system designers need. This combination helps designers and system architects make use of the consolidation in hardware, reducing cost and reducing time-to-market while providing a secure, stable platform for adding new features and innovation in software and maintaining a certified environment while reusing as much legacy code as possible, all of which is vital for developing the next generation of safety critical medical and industrial systems.