This summit is the second summit in the area of open-source software and safety-critical systems, being a further evolution of the last year's Linux in Safety-Critical Systems Summit 2018. In addition to Linux, this year we will reach out and include presentations from activities and experts around other open-source projects that aim towards use in safety-critical systems.
This is a chance to get together in-person to present ideas and discuss how to achieve safety of current and future systems that use open-source software.
This summit should be of interest to:
- Open-source projects who want to share how they plan to make their software and development process suitable for the use in the safety-critical systems
- Experts from certification agencies to present their expectations on certification of open-source software projects and its proper use in safety-critical systems
- Product developers to present their system context, relevant safety requirements and how open-source software may contribute to these safety requirements
- Safety Element out of context (SEooC) providers, e.g., providers of hardware or software elements in safety-critical systems, to exchange on assumed safety requirements and a reasonable allocation to system elements.
Program and ScheduleSpeaker: Lars Kurth
Session Title: The Road to Safety Certification: How the Xen Project is Making Progress
Abstract:
Safety certification is an essential requirement for software that will be used in highly regulated industries. The Xen Project, a stable and secure hypervisor that is used in many different markets, has been exploring the feasibility of building safety-certified products on Xen for the last year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable with open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes, and community challenges. Safety certification for commercial software based on an open-source hypervisor is an exciting and challenging goal.
Speaker: Anas Nashif
Session Title: Introduction on Zephyr
Abstract:
Open-source software development and how open-source projects are run is often seen as incompatible with functional safety requirements and established processes and standards. Open-source has been used on a regular basis in applications with safety requirements however in most cases the open-source software is forked and developed behind closed doors to comply with safety standards and processes and using existing infrastructure and tools not common or not available in public and in open-source.
This talk will show how the Zephyr project is moving to a new development model and methodology that uses existing and public tools to address many of the requirements and foundations that would help with using Zephyr in applications with functional safety requirements.
Speaker: Aymeric Rateau
Session Title: Introduction on ELISA
Abstract: Aymeric will depict the background and challenges of using Linux for safety critical embedded applications : cultural clash of OSS community vs. classical waterfall development, many difficult to access and understand standard specifications, custom and expensive developments, etc.
On this basis, Aymeric will introduce ELISA’s current status, direction and goals.
- 10:30-11:00 Break
- 11:00-11:30
Speaker: John MacGregor
Session Title: Walk Before We Run? Nope, Let's Get Our Heads Up First
Abstract:
There is quite a buzz at the moment about safety-certifying open-source software. The initial discussions have centered around which standards to use and which domains/industries/applications should be certified first. Some of the proposals were for extremely complex state-of-the-art domain applications which have, as yet, not even reached the stage of commercialization. A pretty common aspect of most of these discussions focus on the end state of the certification approaches and ignore the question of "how do we get there". Borrowing from a tired old metaphor, sometimes it's like we're talking about climbing Mount Everest when we haven't even learned to walk.
It's not like we're starting from scratch, however. There are time-honoured principles for going about certifying new products. Some open source projects have already learned some lessons from their certification efforts while other projects have some good insights about how they want to approach certifying their open source software. There are possibilities to cooperate and learn from each other.
This talk will present the basic issues facing a project that wants to start a safety-certification initiative and some of the options that they have. It focuses on incremental and evolutionary approaches that minimize the risk that the initiative will fail.
Speaker: Naoto YAMAGUCHI
Session Title: Functional safety and Quality Management issues in AGL Instrument Cluster Expert Group
Abstract:
AGL Instrument Cluster Expert Group want to create a base platform for Cluster. There are different system requirements between IVI and Cluster. Instead of a system based on the conventional IVI system, it is necessary to consider a new system suitable for Instrument Cluster.
Functional safety and Quality Management is one of the important issues. Instrument Cluster requires higher quality management than the IVI system.
We want to solve this issue by collaboration with the ELISA project. In this presentation we share to ELISA members "what we aim" and "our architecture".
- 12-13:30: Lunch (on your own)
- 13:30-14:15
Speaker: Chris Temple
Session Title: SW Safety Elements out of Context - Understanding the Not Understandable
Abstract:
The safety element out of context (SEooC) is popular amongst SW developers seeking to develop SW for safety critical systems. The ISO 26262 standard defines a SEooC as a “safety-related element which is not developed in the context of a specific item”. A safety-related SW element is a SW component or SW unit “that has the potential to contribute to the violation of or achievement of a top-level safety requirement”.
According to the Oxford dictionary “context” is “the circumstance that forms the setting for a statement in terms of which it can be fully understood”, and “out of context” as “not fully understandable”.
This presentation looks at the role of context, the implications of developing SW out of context and what this implies when SW is put into context later on by means of an example. It concludes by musing on whether something that is “not fully understandable” can be safe.
Speaker: Shaun Mooney
Session Title: STPA: Developing safety and security requirements of complex systems and STPA Documentation Tooling
Abstract:
Systems are becoming increasingly complicated, and current safety techniques which focus on failure rate
Discussion with presenters for informal questions and answers, as well as a discussion of next steps.
