Multicore Is Key to Innovation in Medical Applications
Next generation of safety-critical medical systems requires secure, stable platform for innovation while reusing as much legacy code as possible.By Santhosh Nair and Jens Wiegand, Wind River
The world of medical electronics is shifting fundamentally. Equipment designs have traditionally lasted 20 years, with years of heritage and testing behind each design. Now more innovation is demanded, with new features and new versions being developed much faster, based on digital systems. More focus is being put on cost-effective implementation so more units can be deployed across more hospitals and surgeries.
To develop this next generation of safety-critical medical and industrial device, designers and system architects must consolidate hardware, reduce cost and reduce time-to-market while never compromising their platform’s stability, safety and security.
This article addresses what medical system designers require to meet today’s challenges: a combination of multicore hardware, operating systems specialized for device certification, hypervisor software and a consolidated but open development tool chain.
Today’s Safety-Critical Design Challenges
Increasingly, more medical system innovation is moving to software, which is creating a significant challenge in designs where safety is critical. Some elements of the software have to remain fixed, providing verified safety-critical functions, while other parts can add new functions and innovations while keeping the hardware fixed, to comply with various standards on interference and risk assessment.
Addressing the safety concerns and making the most of that heritage is vital. However, these areas have been isolated and fragmented, making them expensive and slow to take advantage of the phenomenal changes in the performance and cost of electronics systems, as well as making them slow to react to changing market conditions and costly to maintain over many years.
New approaches – such as multicore processors and hypervisor software technology that has been optimized for the embedded market – are key enablers for making this happen. This is driving consolidation of hardware and software that spurs innovation while providing a mechanism for enhancing safety requirements.
Historically these sectors were driven by functionality, but in each of these areas, safety, security, quality, maintainability and cost-efficiency are now of paramount importance. The overarching safety requirements in the basic functional safety standard IEC 61508 and its derivatives, applicable to all kinds of industries, are driving new challenges to comply with the standard and still meet functional requirements.
Multicore for Complex Medical Applications
In medical applications, there is an increase in the use of complex equipment for diagnostics, covering X-rays, CT scanners and dialysis machines that have to add features such as automated report generation and networking while reducing costs.
Traditionally these areas have provided innovation and upgradability with separate hardware systems, particularly to conform to medical standards such as IEC 60601 for electromagnetic compatibility – vital to prevent equipment interference – and ISO14971 on risk assessment. This architecture has used one board for the safety-critical elements, often hardwired without software or with simple software that is well-established and proven over many years.
A second board is used to add the additional non-critical functions such as administration and networking.
While this has been adequate in the past, adding new standards and new features–as well as the consolidation of systems for cost and space reasons–means that the two-board approach is no longer viable. Now, features added to software must be proven and compliant with safety-critical standards as directed by the U.S. Food and Drug Administration (FDA) or the European counterpart, where standards such as IEC 62304 define software lifecycle processes.
Multicore Devices are a Key Way to Tackle These Demands.
These devices are now becoming available for the embedded market with the performance and support for the five to 10 years demanded by these industrial markets. However, they still take advantage of the availability of commercial operating systems and application software along with the cost reduction and integration that is driven by the PC and enterprise markets.
Using multiple processor cores can provide a way of consolidating the existing board architecture onto a single board, making use of one core for the safety-critical software and other cores for other non-critical functions.
Hypervisor for System Consolidation
While this is all very well in principle, designing a system with this “bare metal” approach can require considerable time and cost as well as a large, experienced design team. This approach also requires the certification evidence to be developed with many thousands of lines of test and verification code that can take time to develop and run through the certification process.
With the faster introduction of new features, certification of safety software is changing from a “proven-in-use” model to a more formal tools-oriented model. This is perhaps the biggest shift in this market, leaving developers unsure of how to approach these changes and how to know that their investment in software and associated tools will ensure certification while extending to third-party software components. The criteria and requirements for pre market approval applications as defined by the FDA require valid scientific evidence to support a reasonable assurance of safety and effectiveness of the device. Providing evidence to off-the-shelf software can be expensive and causes unpredictability in the life cycle process.
This is driving the move to new software approaches such as the hypervisor. This allows different operating systems to run on different cores on a single platform, allowing the designer to make use of a wider range of third-party software alongside the existing legacy safety-critical software. Often this safety-critical software can be running on one dedicated processor while others are running a real-time operating system such as Wind River’s VxWorks or a non-real-time operating system such as Wind River Linux. Different levels of criticality on the same system platform or processor also drive the need to combine off-the-shelf software with a real-time operating system specialized for device certification such as VxWorks.
Consolidated platforms will drive the need for a variety of OS platforms. Real-time operating systems have a greater advantage when considering determinism and decreased complexity compared to a non-real-time OS such as Linux, which makes them the ideal candidate for certification. Linux has advantages when implementing rapidly evolving consumer communication standards or graphical user interfaces. It would therefore make sense to use both on the same system to get the best of both worlds. Using a consolidation technology such as a hypervisor, this becomes a real possibility.
Hypervisor technology makes it possible to consolidate Linux and real-time operating systems at the software layer, allowing safety and non-safety applications to run on the same hardware platform. Multicore processor technology, together with hypervisors, enables multiple operating systems to run concurrently on the same hardware platform but in partitioned, protected spaces.
At the same time, safety-critical tasks can operate within a certified application in a real-time operating system, with communication protocols running under a VxWorks or Linux and perhaps another operating system, providing supervisory functions on the same machine. Hypervisor technology also enables simpler porting of legacy applications because the partitioned architecture allows different versions of the same operating system to run simultaneously; so that existing code can run unchanged, but new code can make use of the added features in new versions. Integration services can further help customers take the risk out of safety and consolidation projects by guaranteeing a smooth and predictable route to market, with significant time-to-revenue advantages.
The combination of multicore hardware, operating systems specialized for device certification, hypervisor software and a consolidated but open development toolchain are key to providing the support medical system designers need. This combination helps designers and system architects make use of the consolidation in hardware. They can reduce cost and time-to-market while providing a secure, stable platform for adding new features and innovation in software, and maintaining a certified environment while reusing as much legacy code as possible. All of this is vital for developing the next generation of safety-critical medical systems.
Santhosh Nair is director for Wind River’s medical market segment where he is responsible for driving vertical strategy for medical and mobile healthcare. Mr. Nair joined Wind River from GE Healthcare where he was most recently the worldwide product manager for the CT business. As a veteran in the healthcare industry, Santhosh brings over 15 years of engineering and product management experience, having held various positions at GE Healthcare locations in the United States, Japan and India.
Jens Wiegand is vice president and general manager of Wind River’s industrial, medical, and machine-to-machine (M2M) market segments. Prior to Wind River, Mr. Wiegand joined Motorola as a result of their acquisition of Force Computers. While at Force Computers, he was the corporate director of worldwide strategic marketing, with responsibilities in strategic planning of system solutions and new technologies. A veteran in the industry, Mr. Wiegand brings over two decades of high-tech industry expertise in defense, automation and embedded computing sectors.