* [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety
@ 2016-07-29 20:25 Darren Hart
2016-07-29 20:48 ` Rafael J. Wysocki
2016-07-30 3:00 ` Steven Rostedt
0 siblings, 2 replies; 4+ messages in thread
From: Darren Hart @ 2016-07-29 20:25 UTC (permalink / raw)
To: ksummit-discuss; +Cc: Nicholas Mc Guire, Jason Cooper
We are seeing a surge in demand for using Linux in safety critical systems, from
a broad spectrum reaching from automotive and industrial automation to rail and
aerospace.
Functional Safety is about risk management. It involves identification of
hazards to systems which may impact the proper operation of a safety function
and minimizing those risks. It is a complex end-to-end systematic process
embodied in industry standards, principally IEC 61508 Ed 2 as well as derivative
domain specific standards, such as ISO 26262 (Passenger vehicles below 3.5
Tons).
These standards were developed to support purpose built MCU class hardware and
very small software stacks (3 orders of magnitude smaller than the Linux
kernel). Applying them to modern general purpose computer systems and operating
systems is not straight forward. It requires a thorough mapping of processes and
development of a convincing set of claims, argumentation, and evidence to
certify these elements to the required safety integrity levels (discrete levels
describing the overall risk reduction capabilities of a system).
The OSADL SIL2LinuxMP project has been working at developing these mappings and
a body of evidence into a generic compliance route, conforming to IEC 61508
Ed 2. The approach is largely dependent on the rigorous development model of key
software stack elements, most notably glibc and the Linux kernel. Git provides
traceability for all changes and ample meta-data to apply statistical models to
determine the quality and risk associated with each change. The static analysis
tools add further confidence in the codebase by eliminating common classes of
errors and enforcing a consistency which facilitates systematic and effective
maintenance.
Additional tools are being developed to aid in the compliance route. A team at
Hitachi, for example, is developing code minimization tooling to help minimize
the lines of code which are included in the scope of the certification.
I believe understanding the ways in which our processes are being used to
qualify Linux based safety critical systems is important for every maintainer to
have. There may also be opportunity to incorporate some of this tooling into the
mainstream development and reduce the need for secondary tooling. Even in this
early stage, a stream of patches emerging from API compliance checkers has
already found its way into the mainline kernel. The attendees are sure to have
insight into their subsystem which will lead to improved analysis.
Potential Participants:
Darren Hart
Nicholas Mc Guire
Thomas Gleixner
Linus Walleij
Jason Cooper
--
Darren Hart
Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety
2016-07-29 20:25 [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety Darren Hart
@ 2016-07-29 20:48 ` Rafael J. Wysocki
2016-07-30 3:00 ` Steven Rostedt
1 sibling, 0 replies; 4+ messages in thread
From: Rafael J. Wysocki @ 2016-07-29 20:48 UTC (permalink / raw)
To: ksummit-discuss, Darren Hart; +Cc: Nicholas Mc Guire, Jason Cooper
On Friday, July 29, 2016 01:25:00 PM Darren Hart wrote:
> We are seeing a surge in demand for using Linux in safety critical systems, from
> a broad spectrum reaching from automotive and industrial automation to rail and
> aerospace.
>
> Functional Safety is about risk management. It involves identification of
> hazards to systems which may impact the proper operation of a safety function
> and minimizing those risks. It is a complex end-to-end systematic process
> embodied in industry standards, principally IEC 61508 Ed 2 as well as derivative
> domain specific standards, such as ISO 26262 (Passenger vehicles below 3.5
> Tons).
>
> These standards were developed to support purpose built MCU class hardware and
> very small software stacks (3 orders of magnitude smaller than the Linux
> kernel). Applying them to modern general purpose computer systems and operating
> systems is not straight forward. It requires a thorough mapping of processes and
> development of a convincing set of claims, argumentation, and evidence to
> certify these elements to the required safety integrity levels (discrete levels
> describing the overall risk reduction capabilities of a system).
>
> The OSADL SIL2LinuxMP project has been working at developing these mappings and
> a body of evidence into a generic compliance route, conforming to IEC 61508
> Ed 2. The approach is largely dependent on the rigorous development model of key
> software stack elements, most notably glibc and the Linux kernel. Git provides
> traceability for all changes and ample meta-data to apply statistical models to
> determine the quality and risk associated with each change. The static analysis
> tools add further confidence in the codebase by eliminating common classes of
> errors and enforcing a consistency which facilitates systematic and effective
> maintenance.
>
> Additional tools are being developed to aid in the compliance route. A team at
> Hitachi, for example, is developing code minimization tooling to help minimize
> the lines of code which are included in the scope of the certification.
>
> I believe understanding the ways in which our processes are being used to
> qualify Linux based safety critical systems is important for every maintainer to
> have. There may also be opportunity to incorporate some of this tooling into the
> mainstream development and reduce the need for secondary tooling. Even in this
> early stage, a stream of patches emerging from API compliance checkers has
> already found its way into the mainline kernel. The attendees are sure to have
> insight into their subsystem which will lead to improved analysis.
>
> Potential Participants:
> Darren Hart
> Nicholas Mc Guire
> Thomas Gleixner
> Linus Walleij
> Jason Cooper
I'm interested in this too.
Thanks,
Rafael
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety
2016-07-29 20:25 [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety Darren Hart
2016-07-29 20:48 ` Rafael J. Wysocki
@ 2016-07-30 3:00 ` Steven Rostedt
2016-07-31 17:01 ` Shuah Khan
1 sibling, 1 reply; 4+ messages in thread
From: Steven Rostedt @ 2016-07-30 3:00 UTC (permalink / raw)
To: Darren Hart; +Cc: Nicholas Mc Guire, Jason Cooper, ksummit-discuss
On Fri, 29 Jul 2016 13:25:00 -0700
Darren Hart <dvhart@infradead.org> wrote:
> Potential Participants:
> Darren Hart
> Nicholas Mc Guire
> Thomas Gleixner
> Linus Walleij
> Jason Cooper
>
You forgot me ;-)
-- Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety
2016-07-30 3:00 ` Steven Rostedt
@ 2016-07-31 17:01 ` Shuah Khan
0 siblings, 0 replies; 4+ messages in thread
From: Shuah Khan @ 2016-07-31 17:01 UTC (permalink / raw)
To: Steven Rostedt; +Cc: Nicholas Mc Guire, Jason Cooper, ksummit-discuss
On Fri, Jul 29, 2016 at 9:00 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Fri, 29 Jul 2016 13:25:00 -0700
> Darren Hart <dvhart@infradead.org> wrote:
>
>
>> Potential Participants:
>> Darren Hart
>> Nicholas Mc Guire
>> Thomas Gleixner
>> Linus Walleij
>> Jason Cooper
>>
>
I am interested in this topic.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-31 17:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-29 20:25 [Ksummit-discuss] [TECH TOPIC] Linux and Functional Safety Darren Hart
2016-07-29 20:48 ` Rafael J. Wysocki
2016-07-30 3:00 ` Steven Rostedt
2016-07-31 17:01 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox