Safety-Certifiable Software Frameworks Commonly Used in Safety-Critical Systems

When developing software for safety-critical systems, whether in aerospace, automotive, medical, or industrial domains, engineers must ensure compliance with rigorous international standards such as DO-178C, ISO 26262, IEC 61508, and IEC 62304. Meeting these standards requires a high level of assurance in both software design and process maturity.

To streamline development and accelerate certification, many organizations turn to pre-qualified software frameworks. These frameworks are purpose-built or previously validated to align with specific safety standards, significantly reducing certification costs and risks. They are often accompanied by certification kits containing safety plans, test evidence, traceability data, and tool qualification artifacts that fit into a project’s overall safety case.

In this blog post, i will review and list few of the popular safety-certifiable / pre-qualified software frameworks commonly used in safety-critical systems.

Aerospace: DO-178C Compliant Platforms and Tools

In avionics and airborne systems, the most stringent Design Assurance Level (DAL A) demands robust and certifiable foundations. Key RTOS and toolchains include:

1. Real Time Operating Systems and IDEs

• VxWorks 653 (Wind River) – Supports ARINC 653 and DO-178C DAL A.
• INTEGRITY-178 (Green Hills) – Multicore partitioning, DO-178C DAL A.
• RTEMS – Open-source RTOS with DO-178C support via qualification kits.
• LynxOS-178 (Lynx Software Technologies) – Partitioned RTOS certified to DO-178C.
• Deos (DDC-I) – DO-178C DAL A certified with time and space partitioning.

2. Verification and Testing Toolchains

• AdaCore GNAT Pro Assurance – Ada/C/C++ toolchain qualified for DO-178C and other standards.
• Ansys SCADE Suite – Model-based development with certified code generators.
• LDRA Tool Suite – Static and dynamic code analysis tools with DO-178C support.
• VectorCAST – Automated testing and coverage tracking tools for critical software.
• Razorcat TESSY – Unit testing with certification artifacts for IEC/ISO/DO compliance.

Automotive: ISO 26262 Safety Integrity Level D (ASIL-D)

In automotive development, ISO 26262 ASIL D compliance is mandatory for systems like ADAS, ECUs, and braking systems.

1. Real Time Operating Systems and Platform Support

• QNX OS for Safety (BlackBerry) – Certified to ISO 26262 ASIL D and used in autonomous vehicle stacks.
• SafeRTOS – Lightweight RTOS tailored for functional safety.
• AUTOSAR Classic and Adaptive Platforms (Vector, EB tresos, ETAS RTA) – Widely adopted architecture with pre-certified components.

2. Automotive Toolchains

• Vector MICROSAR – AUTOSAR-compliant with configuration and validation tools.
• EB tresos Studio (Elektrobit) – Powerful toolchain for configuring and validating AUTOSAR stacks.
• ETAS RTA-BSW – ISO 26262-certified basic software components for automotive ECUs.

Industrial and Medical: IEC 61508 and IEC 62304 Compliant Solutions

In sectors like factory automation, robotics, and medical devices, deterministic behavior, traceability, and tool qualification are vital.

1. Industrial / Medical RTOS and Frameworks

• SEGGER embOS-Safe – IEC 61508 SIL 3 and ISO 26262 ASIL D certified.
• SafeTI (Texas Instruments) – Platform for IEC 61508-certified MCU-based systems.
• FreeRTOS with WHIS Certification Kit – Safety-qualified RTOS for industrial use.
• QNX OS for Medical – Compliant with IEC 62304 for Class II/III medical devices.

End-to-End Toolchain for Software Engineering in Safety-Critical Systems

To ensure traceability, code quality, and compliance throughout the development lifecycle, here are recommended tools for each stage:

• Requirements Management – IBM DOORS, Polarion ALM, Jama Connect – DO-178C, ISO 26262.
• Model-Based Design – Ansys SCADE, MATLAB/Simulink – DO-178C, ISO 26262.
• Static Code Analysis – LDRA, Polyspace, CodeSonar – DO-178C, IEC 61508.
• Unit Testing and Coverage – VectorCAST, TESSY, Cantata – ISO 26262, DO-178C.
• Continuous Integration and Build – Jenkins, GitLab CI, Bamboo (with qualified plugins) – Depends on tool qualification plan.
• Documentation and Traceability – Helix ALM, Reqtify, DOORS NG – IEC 61508, ISO 26262.
• Tool Qualification – VectorCAST Tool Qualification Kit, LDRA TBreq – DO-178C, ISO 26262 (TQL levels).

What “Pre-Qualified” Really Means

It’s important to note that pre-qualified platforms are not automatically certified for your specific project. Rather, they offer:

• Documentation artifacts (traceability, test results)
• Prior certification history
• Tool Qualification support
• Proven integration in certified projects

These assets accelerate certification by reducing the amount of new evidence required and by demonstrating compliance with industry standards.

Strategic Considerations for Selecting a Framework

When choosing a pre-qualified software framework, consider:

• Compatibility with your certification standard (e.g., DO-178C vs. ISO 26262)
• Prior use in similar certified systems
• Vendor support and availability of certification kits
• Support for partitioning, determinism, and real-time behavior
• Ecosystem integration: toolchains, static analyzers, test frameworks, CI pipelines

Conclusion

In safety-critical software engineering, success hinges on rigorous process, tools, and frameworks. Pre-qualified platforms serve as a launchpad for compliance, allowing development teams to focus on innovation and functionality while meeting the stringent demands of certification authorities.

By investing in the right mix of RTOS, middleware, and development tools, engineers can reduce risk, cut costs, and accelerate time-to-certification, without compromising on quality or safety.