Brussels / 30 & 31 January 2016

schedule

GNU/Linux for Safety Related Systems

Architectural and Procedural Issues


This talk outlines the architectural approach proposed for utilizing GNU/Linux in safety related systems up to a mid-level integrity (IEC 61508 Ed 2 SIL2, ISO 26262 ASIL B, DO 178C Level D/C) and how the qualification process could look like.

Furthermore the current status of OSADLs SIL2LinuxMP project is reported on. The SIL2LinuxMP Project was started in April 2015 and strives for qualification by mid 2017.

Traditionally, safety-critical systems isolate the safety-related functions ideally into a simple node, exclusively covering a minimal and simple functionality. Such safe computing nodes traditionally run on "simple" single-core processors and use a minimum software stack. Contemporary single core CPUs are no longer simple and the growing complexity of systems, e.g. including network security requirements, complex control algorithms and even cognitive functions for autonomy raise the complexity beyond what small and simple single core CPUs can handle. This traditional approach to functional safety is changing as nicely expressed by NASA procedural requirements for safety related software:

"This Standard does not discourage the use of software in safety-critical systems. When designed and implemented correctly, software is often the first, and sometimes the best, hazard detection and prevention mechanism in the system." [NASA NPR 8719.13B 1.2]

The changes noted above coincide with significant developments of the past decade impacting the design of safety-related systems · growing system complexity and safety demands · broad introduction of multi-core CPUs · significant change in the development dynamics · dramatically increasing algorithmic complexity

Staying at "simple" single-core computers would come at the price of de-coupling from the main-stream chip and computer-science development and that, in the long run, would induce more risks than it will mitigate.

In this talk we outline the architectural approach we propose for utilizing GNU/Linux for safety related systems up to a mid-level integrity (IEC 61508 Ed 2 SIL2, ISO 26262 ASILB, DO 178C Level D/C) and what the qualification process of a GNU/Linux RTOS based system, as an example of a OSS based safety related system, could look like.

We also report on the current status of OSADLs SIL2LinuxMP project that was started in April 2015 and strives for qualification by mid 2017.

Speakers

Nicholas Mc Guire

Attachments

Links