We had a successful and well-attended Open Source Software in Safety-Critical Systems Summit on October 31, 2019 in Lyon. Here is the list of sessions, abstracts, speakers, and their presentation slides (linked from the session titles).
9:00 – 9:30 Speaker: Lars Kurth
The Road to Safety Certification: How the Xen Project is Making Progress
Abstract: Safety certification is an essential requirement for software that will be used in highly regulated industries. The Xen Project, a stable and secure hypervisor that is used in many different markets, has been exploring the feasibility of building safety-certified products on Xen for the last year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable with open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes, and community challenges. Safety certification for commercial software based on an open-source hypervisor is an exciting and challenging goal.
9:30 – 10:00 Speaker: Anas Nashif
Introduction on Zephyr
Abstract: Open-source software development and how open-source projects are run is often seen as incompatible with functional safety requirements and established processes and standards. Open-source has been used on a regular basis in applications with safety requirements however in most cases the open-source software is forked and developed behind closed doors to comply with safety standards and processes and using existing infrastructure and tools not common or not available in public and in open-source.
This talk will show how the Zephyr project is moving to a new development model and methodology that uses existing and public tools to address many of the requirements and foundations that would help with using Zephyr in applications with functional safety requirements.
10:00 – 10:30 Speaker: Aymeric Rateau
Introduction on ELISA
Abstract: Aymeric will depict the background and challenges of using Linux for safety critical embedded applications : cultural clash of OSS community vs. classical waterfall development, many difficult to access and understand standard specifications, custom and expensive developments, etc.
On this basis, Aymeric will introduce ELISA’s current status, direction and goals.
11:00-11:30 Speaker: John MacGregor
Walk Before We Run? Nope, Let’s Get Our Heads Up First
Abstract: There is quite a buzz at the moment about safety-certifying open-source software. The initial discussions have centered around which standards to use and which domains/industries/applications should be certified first. Some of the proposals were for extremely complex state-of-the-art domain applications which have, as yet, not even reached the stage of commercialization. A pretty common aspect of most of these discussions focus on the end state of the certification approaches and ignore the question of “how do we get there”. Borrowing from a tired old metaphor, sometimes it’s like we’re talking about climbing Mount Everest when we haven’t even learned to walk.
It’s not like we’re starting from scratch, however. There are time-honoured principles for going about certifying new products. Some open source projects have already learned some lessons from their certification efforts while other projects have some good insights about how they want to approach certifying their open source software. There are possibilities to cooperate and learn from each other.
This talk will present the basic issues facing a project that wants to start a safety-certification initiative and some of the options that they have. It focuses on incremental and evolutionary approaches that minimize the risk that the initiative will fail.
11:30-12:00 Speaker: Naoto YAMAGUCHI
Functional safety and Quality Management issues in AGL Instrument Cluster Expert Group
Abstract: AGL Instrument Cluster Expert Group want to create a base platform for Cluster. There are different system requirements between IVI and Cluster. Instead of a system based on the conventional IVI system, it is necessary to consider a new system suitable for Instrument Cluster.
Functional safety and Quality Management is one of the important issues. Instrument Cluster requires higher quality management than the IVI system.
We want to solve this issue by collaboration with the ELISA project. In this presentation we share to ELISA members “what we aim” and “our architecture”.
13:30-14:15 Speaker: Chris Temple
SW Safety Elements out of Context – Understanding the Not Understandable
Abstract: The safety element out of context (SEooC) is popular amongst SW developers seeking to develop SW for safety critical systems. The ISO 26262 standard defines a SEooC as a “safety-related element which is not developed in the context of a specific item”. A safety-related SW element is a SW component or SW unit “that has the potential to contribute to the violation of or achievement of a top-level safety requirement”.
According to the Oxford dictionary “context” is “the circumstance that forms the setting for a statement in terms of which it can be fully understood”, and “out of context” as “not fully understandable”.
This presentation looks at the role of context, the implications of developing SW out of context and what this implies when SW is put into context later on by means of an example. It concludes by musing on whether something that is “not fully understandable” can be safe.
14:15-15:15 Speaker: Shaun Mooney
STPA: Developing safety and security requirements of complex systems and STPA Documentation Tooling
Abstract: Systems are becoming increasingly complicated, and current safety techniques which focus on failure rates of individual components are ineffective to handle such complexity. With systems like Linux, it is vital to have a proper tool to derive requirements from which we can build safe software. If the requirements are inadequate, then the software can pass every test while still having fatal flaws. STPA (Systems Theoretic Process Analysis) is a top down, systems approach to safety and security, which allows us to analyse complex systems, identify safety and security issues, and develop requirements.The first part of the talk will give an overview of why we need to incorporate safety and security at a system design level, explain the concepts of STPA, show how to manage complexity using an example of an Autonomous Vehicle and show real world examples of how to develop safety and security requirements.
Codethink have released an open-source tool for documenting STPA, which is hosted on flathub: https://flathub.org/apps/details/io.trustable.stpadocumentationtool The tool facilitates the storage of analysis data and automates the production of analysis documentation. It handles all of the analysis data in a tree structure, automatically managing reference numbers for all items, and data items can be linked and cross-referenced in the structure. Having the tool manage all cross referencing and numbering reduces a lot of effort. Everything is saved in plain text, which means the analysis data can be version-controlled easily. The second part of the talk will give a summary of why better tools are needed for STPA, and explain what the tool does with a live demo. The talk will conclude by pointing out improvements that can be made, next steps, and how the community can get involved in the open source project.