Written by Gabriele Paoloni, Chair of the ELISA Project Governing Board and Lead Software Architect at Intel, and Paul Albertella, Contributor and Member of the ELISA Project and Consultant at Codethink
The latest ELISA workshop, hosted virtually on May 18-20, was a great reflection of how fast the community has grown and evolved over the last few months. Participation was almost double the previous workshop in February with 239 participants from 37 different countries. Additionally, we’ve seen more collaboration with other groups such as AUTOSAR and AGL. The existing working groups have been exploring an extensive range of topics and initiatives, and there are plans to add new working groups to help take some of these forward.
A number of presentations focused on the challenges of qualifying or certifying Linux for functional safety, and the limitations of the established routes presented in standards such as IEC62304, IEC61508 and ISO 26262, and innovative approaches to addressing these. One proposed strategy included a more comprehensive look at a Linux Architectural design, and using test and tracing techniques to verify system behaviour against a derived model. Another proposal, focused on top-down hazard analysis to define safety requirements, statistical analysis of tests on historical kernel versions to show where Linux satisfies these, and fault injection techniques to validate the safety mechanisms of the wider system.
There were also talks on how some of these ideas are being applied in the working groups, focussing on collaborative efforts in the Automotive, Safety Architecture and Development Process groups based on the Telltale use case. Other interesting sessions focused on technologies with possible applications for functional safety, including an introduction to real time configurations for Linux, and the use of authorisation hooking in security modules.
Discussions during these sessions made it clear that the community has a lot of new ideas to explore over the coming months and a lot of new participants eager to get involved. Work continues on the ELISA technical strategy, which will provide an important direction to this work, but there’s also a need to consolidate the innovative ideas and methodologies for qualifying Linux into the current working group activities, and evaluate the need for new working groups. As ELISA becomes more mature we need to define and refine the publication strategy for the outputs of working groups. There are also plans to develop ‘onboarding’ material for the project to help enable new participants to start contributing more quickly.
You can view the some of the presentation materials here when you click on each session. Some of the videos will be accessible too in the next few weeks.
Tuesday, May 18
Shuah Khan, the Chair of the ELISA Project Technical Steering Committee, kicked off the workshop with an overview of the project, the working group activities and the recent whitepaper summarizing their interactions and deliverables.
As the different working group updates were presented, it became clear that there is a great deal of collaboration between each group:
The Automotive WG refined the safety concept following feedback from the Safety Architecture WG and is working with the Tools Subgroup to optimize the active Kernel image footprint;
The Safety Architecture WG is working with the Development Process WG on safety analyses and on a new hybrid qualification approach;
The Medical Device WG is coming to a point where they need to hand over the safety requirements to the Safety Architecture WG for deeper Kernel analyses;
The Tools WG released a static code analysis framework that can be used along the qualification activities of the different WGs.
Additionally, Artem Mygaiev and Stefano Stabellini gave an introduction and update about the Functional Safety Special Interest Group (SIG) in the Xen project. This session was engaging as we shared feedback and ideas about functional safety from different perspectives.
Wednesday, May 19
Philipp Ahmann introduced the engagement between the Automotive WG and the Autosar Adaptive consortium. We have many common interests and goals that should easily help us build a solid foundation for future collaboration.
Then Roberto Paccapeli and Vito Magnanimo presented the current limitation of ISO26262 in qualifying a complex pre-existing SW component, like Linux, and the need for overcoming such limitations.
Gabriele Paoloni and Daniel Bristot de Oliveira presented an innovative approach (Hybrid Approach) that could be used as a scalable way to qualify Linux to be used in automotive safety critical applications; hence a proposal to overcome the above mentioned limitations.
Elana Copperman and Gabriele Paoloni presented the out of context analysis of the Linux Watchdog subsystem as a practical example of applying the Hybrid Approach, and how this is beneficial in the context of the Automotive WG’s Telltale use case.
Finally, Thomas Gleixner introduced the Linux Real-Time project, the challenges that they faced to meet timing constraints and all the different solutions they put in place to overcome them. It was a really nice tour of the project with lots of possible intercepts with functional safety systems.
Thursday, May 20
On the last day, Shuah Khan and Elana Copperman presented the work done to analyze Kernel configuration parameters (Kconfig) and their impact on Functional Safety, starting from some similar work done for Security (CWE).
Chris Temple then presented an overview of the possible SW qualification routes in
Functional Safety ranging from ISO26262 to IEC61508 reinforcing the current limitations of safety standards with respect to the qualification of complex SW components already discussed in the previous day.
Following this, Paul Sherwood and Paul Albertella presented yet another approach to overcome such limitations: an in-context approach based on a mix of safety analysis, testing of historical kernel versions and fault injection. This approach sparked a lot of interest and a need to further consider and discuss it across the different ELISA WGs was widely agreed.
STPA diagram from New Approach presentation
The final day closed with some wrap-up sessions discussing future activities to advertise ELISA and encourage new members to join, ELISA goals for the next quarter and a few stats about the current workshop.
It was wonderful to get together virtually as a community. With more than 200 participants, we hope that attendees were engaged in our work and welcome their thoughts and participating in any of our technical meetings and working groups. Click here learn more about the ELISA Project, here for the Working Groups and here to join our mailing list.
Shuah Khan, Kernel Maintainer, Linux Fellow and Chair of the ELISA Project Technical Steering Committee
Jason Perlow, Director of Project Insights and Editorial Content at the Linux Foundation, had an opportunity to speak with Shuah Khan about her experiences as a woman in the technology industry. She discusses how mentorship can improve the overall diversity and makeup of open source projects, why software maintainers are important for the health of open source projects such as the Linux kernel, and how language inclusivity and codes of conduct can improve relationships and communication between software maintainers and individual contributors. This blog originally ran on the Linux Foundation website. For more content like this, click here.
JP: So, Shuah, I know you wear many different hats at the Linux Foundation. What do you call yourself around here these days?
SK: <laughs> Well, I primarily call myself a Kernel Maintainer & Linux Fellow. In addition to that, I focus on two areas that are important to the continued health and sustainability of the open source projects in the Linux ecosystem. The first one is bringing more women into the Kernel community, and additionally, I am leading the mentorship program efforts overall at the Linux Foundation. And in that role, in addition to the Linux Kernel Mentorship, we are looking at how the Linux Foundation mentorship program is working overall, how it is scaling. I make sure the LFX Mentorship platform scales and serves diverse mentees and mentors’ needs in this role.
The LF mentorships program includes several projects in the Linux kernel, LFN, HyperLedger, Open MainFrame, OpenHPC, and other technologies. The Linux Foundation’s Mentorship Programs are designed to help developers with the necessary skills–many of whom are first-time open source contributors–experiment, learn, and contribute effectively to open source communities.
The mentorship program has been successful in its mission to train new developers and make these talented pools of prospective employees trained by experts to employers. Several graduated mentees have found jobs. New developers have improved the quality and security of various open source projects, including the Linux kernel. Several Linux kernel bugs were fixed, a new subsystem mentor was added, and a new driver maintainer is now part of the Linux kernel community. My sincere thanks to all our mentors for volunteering to share their expertise.
SK: It’s a small niche driver used in cloud computing. Docker and other containers use that driver heavily. That’s how they provide remote access to USB devices on the server to export devices to be imported by other systems for use.
JP: I initially used it for IoT kinds of stuff in the embedded systems space. Were you the original lead developer on it, or was it one of those things you fell into because nobody else was maintaining it?
SK: Well, twofold. I was looking at USB over IP because I like that technology. it just so happened the driver was brought from the staging tree into the Mainline kernel, I volunteered at the time to maintain it. Over the last few years, we discovered some security issues with it, because it handles a lot of userspace data, so I had a lot of fun fixing all of those. <laugh>.
JP: What drew you into the Linux operating system, and what drew you into the kernel development community in the first place?
SK: Well, I have been doing kernel development for a very long time. I worked on the LynxOS RTOS, a while back, and then HP/UX, when I was working at HP, after which I transitioned into doing open source development — the OpenHPI project, to support HP’s rack server hardware, and that allowed me to work much more closely with Linux on the back end. And at some point, I decided I wanted to work with the kernel and become part of the Linux kernel community. I started as an independent contributor.
JP: Maybe it just displays my own ignorance, but you are the first female, hardcore Linux kernel developer I have ever met. I mean, I had met female core OS developers before — such as when I was at Microsoft and IBM — but not for Linux. Why do you suppose we lack women and diversity in general when participating in open source and the technology industry overall?
SK: So I’ll answer this question from my perspective, from what I have seen and experienced, over the years. You are right; you probably don’t come across that many hardcore women Kernel developers. I’ve been working professionally in this industry since the early 1990s, and on every project I have been involved with, I am usually the only woman sitting at the table. Some of it, I think, is culture and society. There are some roles that we are told are acceptable to women — even me, when I was thinking about going into engineering as a profession. Some of it has to do with where we are guided, as a natural path.
There’s a natural resistance to choosing certain professions that you have to overcome first within yourself and externally. This process is different for everybody based on their personality and their origin story. And once you go through the hurdle of getting your engineering degree and figuring out which industry you want to work in, there is a level of establishing credibility in those work environments you have to endure and persevere. Sometimes when I would walk into a room, I felt like people were looking at me and thinking, “why is she here?” You aren’t accepted right away, and you have to overcome that as well. You have to go in there and say, “I am here because I want to be here, and therefore, I belong here.” You have to have that mindset. Society sends you signals that “this profession is not for me” — and you have to be aware of that and resist it. I consider myself an engineer that happens to be a woman as opposed to a woman engineer.
SK: <laughs> Yes I enjoyed the series, and A Suitable Girl documentary film that follows three women as they navigate making decisions about their careers and family obligations.
JP: For many Americans, this is our first introduction to what home life is like for Indian people. But many of the women featured on this show are professionals, such as doctors, lawyers, and engineers. And they are very ambitious, but of course, the family tries to set them up in a marriage to find a husband for them that is compatible. As a result, you get to learn about the traditional values and roles they still want women to play there — while at the same time, many women are coming out of higher learning institutions in that country that are seeking technical careers.
SK: India is a very fascinatingly complex place. But generally speaking, in a global sense, having an environment at home where your parents tell you that you may choose any profession you want to choose is very encouraging. I was extremely fortunate to have parents like that. They never said to me that there was a role or a mold that I needed to fit into. They have always told me, “do what you want to do.” Which is different; I don’t find that even here, in the US. Having that support system, beginning in the home to tell you, “you are open to whatever profession you want to choose,” is essential. That’s where a lot of the change has to come from.
JP: Women in technical and STEM professions are becoming much more prominent in other countries, such as China, Japan, and Korea. For some reason, in the US, I tend to see more women enter the medical profession than hard technology — and it might be a level of effort and perceived reward thing. You can spend eight years becoming a medical doctor or eight years becoming a scientist or an engineer, and it can be equally difficult, but the compensation at the end may not be the same. It’s expensive to get an education, and it takes a long time and hard work, regardless of the professional discipline.
SK: I have also heard that women also like to enter professions where they can make a difference in the world — a human touch, if you will. So that may translate to them choosing careers where they can make a larger impact on people — and they may view careers in technology as not having those same attributes. Maybe when we think about attracting women to technology fields, we might have to promote technology aspects that make a difference. That may be changing now, such as the LF Public Health (LFPH) project we kicked off last year. And with LF AI & Data Foundation, we are also making a difference in people’s lives, such as detecting earthquakes or analyzing climate change. If we were to promote projects such as these, we might draw more women in.
JP: So clearly, one of the areas of technology where you can make a difference is in open source, as the LF is hosting some very high-concept and existential types of projects such as LF Energy, for example — I had no idea what was involved in it and what its goals were until I spoke to Shuli Goodman in-depth about it. With the mentorship program, I assume we need this to attract fresh talent — because as folks like us get older and retire, and they exit the field, we need new people to replace them. So I assume mentorship, for the Linux Foundation, is an investment in our own technologies, correct?
SK: Correct. Bringing in new developers into the fold is the primary purpose, of course — and at the same time, I view the LF as taking on mentorship provides that neutral, level playing field across the industry for all open source projects. Secondly, we offer a self-service platform, LFX Mentorship, where anyone can come in and start their project. So when the COVID-19 pandemic began, we expanded this program to help displaced people — students, et cetera, and less visible projects. Not all projects typically get as much funding or attention as others do — such as a Kubernetes or Linux kernel — among the COVID mentorship program projects we are funding. I am particularly proud of supporting a climate change-related project, Using Machine Learning to Predict Deforestation.
The self-service approach allows us to fund and add new developers to projects where they are needed. The LF mentorships are remote work opportunities that are accessible to developers around the globe. We see people sign up for mentorship projects from places we haven’t seen before, such as Africa, and so on, thus creating a level playing field.
The other thing that we are trying to increase focus on is how do you get maintainers? Getting new developers is a starting point, but how do we get them to continue working on the projects they are mentored on? As you said, someday, you and I and others working on these things are going to retire, maybe five or ten years from now. This is a harder problem to solve than training and adding new developers to the project itself.
JP: And that is core to our software supply chain security mission. It’s one thing to have this new, flashy project, and then all these developers say, “oh wow, this is cool, I want to join that,” but then, you have to have a certain number of people maintaining it for it to have long-term viability. As we learned in our FOSS study with Harvard, there are components in the Linux operating system that are like this. Perhaps even modules within the kernel itself, I assume that maybe you might have only one or two people actively maintaining it for many years. And what happens if that person dies or can no longer work? What happens to that code? And if someone isn’t familiar with that code, it might become abandoned. That’s a serious problem in open source right now, isn’t it?
SK: Right. We have seen that with SSH and other security-critical areas. What if you don’t have the bandwidth to fix it? Or the money to fix it? I ended up volunteering to maintain a tool for a similar reason when the maintainer could no longer contribute regularly. It is true; we have many drivers where maintainer bandwidth is an issue in the kernel. So the question is, how do we grow that talent pool?
JP: Do we need a job board or something? We need X number of maintainers. So should we say, “Hey, we know you want to join the kernel project as a contributor, and we have other people working on this thing, but we really need your help working on something else, and if you do a good job, we know tons of companies willing to hire developers just like you?”
SK: With the kernel, we are talking about organic growth; it is just like any other open source project. It’s not a traditional hire and talent placement scenario. Organically they have to have credibility, and they have to acquire it through experience and relationships with people on those projects. We just talked about it at the previous Linux Plumbers Conference, we do have areas where we really need maintainers, and the MAINTAINERS file does show areas where they need help.
To answer your question, it’s not one of those things where we can seek people to fill that role, like LinkedIn or one of the other job sites. It has to be an organic fulfillment of that role, so the mentorship program is essential in creating those relationships. It is the double-edged sword of open source; it is both the strength and weakness. People need to have an interest in becoming a maintainer and also a commitment to being one, long term.
JP: So, what do you see as the future of your mentorship and diversity efforts at the Linux Foundation? What are you particularly excited about that is forthcoming that you are working on?
SK: I view the Linux Foundation mentoring as a three-pronged approach to provide unstructured webinars, training courses, and structured mentoring programs. All of these efforts combine to advance a diverse, healthy, and vibrant open source community. So over the past several months, we have been morphing our speed mentorship style format into an expanded webinar format — the LF Live Mentorship series. This will have the function of growing our next level of expertise. As a complement to our traditional mentorship programs, these are webinars and courses that are an hour and a half long that we hold a few times a month that tackle specific technical areas in software development. So it might cover how to write great commit logs, for example, for your patches to be accepted, or how to find bugs in C code. Commit logs are one of those things that are important to code maintenance, so promoting good documentation is a beneficial thing. Webinars provide a way for experts short on time to share their knowledge with a few hours of time commitment and offer a self-paced learning opportunity to new developers.
Additionally, I have started the Linux Kernel Mentorship forum for developers and their mentors to connect and interact with others participating in the Linux Kernel Mentorship program and graduated mentees to mentor new developers. We kicked off Linux Kernel mentorship Spring 2021 and are planning for Summer and Fall.
A big challenge is we are short on mentors to be able to scale the structured program. Solving the problem requires help from LF member companies and others to encourage their employees to mentor, “it takes a village,” they say.
JP: So this webinar series and the expanded mentorship program will help developers cultivate both hard and soft skills, then.
SK: Correct. The thing about doing webinars is that if we are talking about this from a diversity perspective, they might not have time for a full-length mentorship, typically like a three-month or six-month commitment. This might help them expand their resources for self-study. When we ask for developers’ feedback about what else they need to learn new skill sets, we hear that they don’t have resources, don’t have time to do self-study, and learn to become open source developers and software maintainers. This webinar series covers general open source software topics such as the Linux kernel and legal issues. It could also cover topics specific to other LF projects such as CNCF, Hyperledger, LF Networking, etc.
JP: Anything else we should know about the mentorship program in 2021?
SK: In my view, attracting diversity and new people is two-fold. One of the things we are working on is inclusive language. Now, we’re not talking about curbing harsh words, although that is a component of what we are looking at. The English you and I use in North America isn’t the same English used elsewhere. As an example, when we use North American-centric terms in our email communications, such as when a maintainer is communicating on a list with people from South Korea, something like “where the rubber meets the road” may not make sense to them at all. So we have to be aware of that.
JP: I know that you are serving on the Linux kernel Code of Conduct Committee and actively developing the handbook. When I first joined the Linux Foundation, I learned what the Community Managers do and our governance model. I didn’t realize that we even needed to have codes of conduct for open source projects. I have been covering open source for 25 years, but I come out of the corporate world, such as IBM and Microsoft. Codes of Conduct are typically things that the Human Resources officer shows you during your initial onboarding, as part of reviewing your employee manual. You are expected to follow those rules as a condition of employment.
So why do we need Codes of Conduct in an open source project? Is it because these are people who are coming from all sorts of different backgrounds, companies, and ways of life, and may not have interacted in this form of organized and distributed project before? Or is it about personalities, people interacting with each other over long distance, and email, which creates situations that may arise due to that separation?
SK: Yes, I come out of the corporate world as well, and of course, we had to practice those codes of conduct in that setting. But conduct situations arise that you have to deal with in the corporate world. There are always interpersonal scenarios that can be difficult or challenging to work with — the corporate world isn’t better than the open source world in that respect. It is just that all of that happens behind a closed setting.
But there is no accountability in the open source world because everyone participates out of their own free will. So on a small, traditional closed project, inside the corporate world, where you might have 20 people involved, you might get one or two people that could be difficult to work with. The same thing happens and is multiplied many times in the open source community, where you have hundreds of thousands of developers working across many different open source projects.
The biggest problem with these types of projects when you encounter situations such as this is dealing with participation in public forums. In the corporate world, this can be addressed in private. But on a public mailing list, if you are being put down or talked down to, it can be extremely humiliating.
These interactions are not always extreme cases; they could be simple as a maintainer or a lead developer providing negative feedback — so how do you give it? It has to be done constructively. And that is true for all of us.
JP: Anything else?
SK: In addition to bringing our learnings and applying this to the kernel project, I am also doing this on the ELISA project, where I chair the Technical Steering Committee, where I am bridging communication between experts from the kernel and the safety communities. To make sure we can use the kernel the best ways in safety-critical applications, in the automotive and medical industry, and so on. Many lessons can be learned in terms of connecting the dots, defining clearly what is essential to make Linux run effectively in these environments, in terms of dependability. How can we think more proactively instead of being engaged in fire-fighting in terms of security or kernel bugs? As a result of this, I am also working on any necessary kernel changes needed to support these safety-critical usage scenarios.
JP: Before we go, what are you passionate about besides all this software stuff? If you have any free time left, what else do you enjoy doing?
SK: I read a lot. COVID quarantine has given me plenty of opportunities to read. I like to go hiking, snowshoeing, and other outdoor activities. Living in Colorado gives me ample opportunities to be in nature. I also like backpacking — while I wasn’t able to do it last year because of COVID — I like to take backpacking trips with my son. I also love to go to conferences and travel, so I am looking forward to doing that again as soon as we are able.
Talking about backpacking reminded me of the two-day, 22-mile backpacking trip during the summer of 2019 with my son. You can see me in the picture above at the end of the road, carrying a bearbox, sleeping bag, and hammock. It was worth injuring my foot and hurting in places I didn’t even know I had.
JP: Awesome. I enjoyed talking to you today. So happy I finally got to meet you virtually.
Written by George Dunlap, Xen Project Advisory Board Chair
Tailored versions of Xen Hypervisor have been used in mission-critical systems for years, but this was never the case for Xen’s mainline. Starting 2019, a Xen Project Functional Safety Special Interest Group was formed to identify and eliminate obstacles to safety-certify Xen.
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 61508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
At the upcoming ELISA Workshop on May 18-20, Artem Mygaiev, Director, Technology Solutions, EPAM Systems and Stefano Stabellini, Principal Engineer, Xilinx, will lay out some challenges of making safety certification achievable in open source. The talk, scheduled for May 18 at 7:30 am PDT, will primarily focus on the necessary processes, tooling changes, and community challenges that can prevent progress. Additionally, the talk will offer an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
Artem Mygaiev, EPAM Systems
Stefano Stabellini, Xilinx
This talk will provide real-life perspectives from open source community members on achieving safety certification. Audiences will have a clear understanding of what obstacles the group faced and how they are overcoming challenges, as well as how to set realistic expectations when embarking on this task. Add this talk to your schedule here: https://sched.co/j3SO.
Contributed by Jason R. Smith, Principal Engineer, UL LLC and ELISA Ambassador
In my nearly 16 years as a certification engineer focusing on safety-related software and functional safety, on many occasions I have found myself working with a client with safety-related software who is not only going through the certification process for the first time, but is also incorporating third-party software such as Linux into their application. Even before I have to answer questions like “How long will this take?”, I’ll often have to answer an even more fundamental question: “Is it even possible to certify this application?”
Jason Smith, Certification engineer, expressing doubt
My typical response usually starts with the dubious phrase, “Yes, but…”
After first explaining that functional safety standards require the software to be developed in accordance with a software development life cycle like the V-Model, my attention then focuses on the third-party software: it wasn’t developed by the client, it wasn’t tested by the client, it doesn’t have its own certification, and the client doesn’t know much about its inner workings. It is what some of us certification engineers call SOUP, i.e. Software of Unknown Provenance.
Soup
Also SOUP
So, what is required of SOUP? Much of it depends on the application. Standards intended to be applied to high complexity systems such as IEC 61508 and ISO 26262 require either proof of certification or submittal of evidence that more or less demonstrates an equivalent level of confidence as certification. However, some standards used in the appliance or medical sectors such as UL 1998 or IEC 62304, generally systems of lower complexity, allow a different approach that effectively treats SOUP “as is”.
The SOUP Approach
The SOUP approach employed in standards such as UL 1998 or IEC 62304 focuses on a few topics:
Information about the SOUP such as a detailed description of its purpose, its function, its available interfaces, and its version are available and understood by the client;
The client has conducted a fault analysis that treats the SOUP as a component of the system, has analyzed how failures of the SOUP could impact the safety of the system, and has measures in place to address those failures;
The client has sought out information pertaining to any known issues or bugs related to the SOUP, has analyzed that information, and has shown that those known issues or bugs do not impact the safety of the system; and
The client has conducted and can show evidence of appropriate verification and testing activities, proving that the SOUP and any measures that have been implemented to address failures of the SOUP work correctly in the context of the application.
The ELISA project is currently working on a white paper that explains this approach in further detail and what resources are available to further facilitate this approach for applications that employ LINUX. If you are interested in reading more or contributing to this white paper, it is located on GitHub here.
Date: 2019-09-16 and 2019-09-17 Time: 9:00 to 17:30 BST (breakfast available at 8:00 and lunch provided) Venue (Changed): Crick Room, University Arms (https://universityarms.com/)
Address: University Arms, Regent Street, Cambridge, CB2 1AD
This workshop will be focused on technical topics to further evolve the discussions from the first workshop held in June. Initial suggestions currently include application of AnnexQR, openAPS use case, and bridging multiple safety standards and etc. The workshop will also include working together on first project ideas and setting up groups to continue work with the experts available at this face-to-face meeting. Anyone interested in software quality management around the Linux kernel, software safety management and engineering of pre-existing, tool development for Linux kernel development and investigations of the Linux kernel sources should attend.
The workshop is intended to be considered an open discussion and shall allow groups to start small project work on the topics we identified interesting, based on the different skills and interests of the participants. The exact agenda is open to discussion on the ELISA mailing list and up to the participants to finally decide.
The workshop is open to everyone, but you would need to register for the workshop by 2019-09-10 by sending back a registration email on the ELISA mailing list (devel@lists.elisa.tech).
Recommended hotels are listed below. Please note, we have not contracted rooms at these properties and cannot guarantee rates or availability.
We’re excited to announce Open Source Software in Safety-Critical Systems Summit will be happening on October 31, 2019 in Lyon, France.
Registration is open be sure to add this conference as a co-located event when you register for Open Source Summit Europe. Call for Proposals (CFP) is open now till September 7th if you’re interested in presenting.
This conference is the second summit in the area of open-source software and safety-critical systems, being a further evolution of last year’s Linux in Safety-Critical Systems Summit. In addition to Linux, this year we would like to include presentations from activities and experts around other open-source projects that aim towards use in safety-critical systems.
The summit will take place alongside Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France. It is scheduled the day after the main conference, Thursday, October 31st, 2019, from 8:00 to 17:00 at the conference venue. If you are planning to attend Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France, please extend your travel by one day to be in Lyon on Thursday, 31st to join others in-person to present ideas and discuss how to achieve safety of current and future systems that use open-source software.
Please help us promote/share the conference and the CFP with your networks.
The project proposals of three Google Summer of Code students contributing to Linux kernel verification have been accepted. The three students, Isaac Avram (Izzy) , Mark Balantzyan, and Himanshu Jha have proposed the following topics:
Isaac Avram (Izzy) : Extending Coccinelle with Complex Types
Mark Balantzyan: Analysing Race Conditions in the Linux Kernel
Himanshu Jha: Applying Clang Thread Safety Analyser to Linux Kernel
They will be mentored by Julia Lawall, Alexey Khoroshilov and Lukas Bulwahn, respectively. These three Google Summer of Code projects are governed under the umbrella of the Linux Foundation and the projects are contributing to generally relevant activities for the ELISA Project.
More specifically, one of the building blocks to the safety compliance argumentation in the ELISA Project is the research, investigation, experimentation, use and establishment of verification measures and tools in the Linux kernel development. The ELISA Project embraces the activities in these projects and is looking forward to the projects’ results and the inclusion of new members to the verification activities around the Linux kernel development through the Google Summer of Code student program.
The ELISA Project is looking for interested students to contribute to the activities to enable the use of the Linux kernel in safety-critical systems in the Google Summer of Code student mentorship program. The Google Summer of Code program is similar to a paid-internship, via Google and the Linux Foundation, that provides students funding, mentoring by experts, and resources. The Linux Foundation has participated in this summer program for several years as a mentor organization.
Launched last month, the ELISA Project’s mission is to define and maintain a common set of tools and processes that can help companies demonstrate that a Linux-based system meets the necessary safety requirements for certification.
This overall mission requires some work with profound expertise in functional safety. However, students do not need to have this expertise in functional safety to work the Google Summer of Code project proposals.
The students’ contributions are focused on software development projects related to the Linux kernel and dedicated tools that are used in the processes around the Linux kernel development. Students must have some solid programming experience with one of the programming languages in the various projects, i.e., C, python or OCaml.
The students’ contributions to kernel analysis and tools will generate valuable, diverse and objective insights to the kernel development, which will then serve as a general basis for functional safety software experts to put together the arguments for the intended safety case.
On the one hand, some project proposals are new software development projects that currently only exist as project ideas with first feasibility studies. In this case, the students are deeply involved in the initial project-forming design decisions through the discussions with their mentors and take care of all aspects of a typical software development project, e.g., feature definition, design, implementation, testing and quality assurance.
In other cases, project proposals are additions and extensions to pre-existing open-source software projects around the Linux kernel development and process analysis. In this case, the students need to understand the design of the existing projects and improve the projects’ design and functionality to be suitable for some investigation tasks in the ELISA Project.
Students will have the chance to participate in the newly formed group of collaborators in the technical workgroups of the ELISA Project and are mentored by the main developers of the pre-existing tools.
Selected successful Google Summer of Code students will have the chance to participate in the workshops planned in the ELISA Project and can present their work to an international audience on the satellite events to renowned Linux conferences.
Interested students can reach out to their potential mentors now to use the time to discuss and work out a technical solid and credible project proposal and project plan to implement the tasks at hand. The deadline for providing the final project proposals on the official Google Summer of Code Project page is on April 9, 2019.
Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota join ELISA project to advance open source functional safety across transportation, manufacturing, healthcare, and energy industries
SAN FRANCISCO, February 21, 2019 –The Linux Foundation today launched the Enabling Linux in Safety Applications (ELISA) open source project to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage or environmental damage. Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.
To be trusted, safety-critical systems must meet functional safety objectives for the overall safety of the system, including how it responds to actions such as user errors, hardware failures and environmental changes. Companies must demonstrate that their software meets strict demands for reliability, quality assurance, risk management, development process, and documentation. Because there is no clear method for certifying Linux, it can be difficult for a company to demonstrate that their Linux-based system meets these safety objectives.
“All major industries, including energy, medical and automotive, want to use Linux for safety-critical applications because it can enable them to bring products to market faster and reduce the risk of critical design errors. The challenge has been the lack of the clear documentation and tools needed to demonstrate that a Linux-based system meets the necessary safety requirements for certification,” said Kate Stewart, Senior Director of Strategic Programs at The Linux Foundation. “Past attempts at solving this have lacked the critical mass needed to establish a widely discussed and accepted methodology, but with the formation of ELISA, we will be able to leverage the infrastructure and support of the broader Linux Foundation community that is needed to make this initiative successful.”
ELISA will work with certification authorities and standardization bodies in multiple industries to establish how Linux can be used as a component in safety-critical systems. The project will also define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification.
Additional project goals include:
Develop reference documentation and use cases.
Educate the open source community on safety engineering best practices and educate the safety community on open source concepts.
Enable continuous feedback with the open source community to improve processes, and to automate quality assessment and assurance.
Support members with incident and hazard monitoring of critical components relevant to their systems and establish best practices for member response teams.
For more information about ELISA, visit elisa.tech.
Industry Support for ELISA
“The safe and effective performance of safety-related software is essential as we increasingly rely on programmable devices in our homes, workplaces and communities at-large. UL looks forward to the launch of ELISA and the opportunity it presents to more rapidly assess and validate – with confidence – the Linux component of safety systems.” – Tom Blewitt, VP & CTO, UL
“The Open Source Automation Development Lab (OSADL) was founded more than 13 years ago to advance the use of GNU/Linux in industrial products by addressing the need for real-time capabilities and safety certification. Shortly after, we here at OSADL created the OSADL Safety Critical Linux Working Group for functional safety, which culminated in the SIL2LinuxMP project that laid some groundwork for using GNU/Linux in safety-related systems. We subsequently added legal support and many other services that are needed to successfully use Open Source software in industry to our portfolio. We still continue to foster real-time Linux, among other, as a Gold member of the Linux Foundation’s Real-Time Linux project, and we are proud to see some of the efforts of the SIL2LinuxMP project continued at a larger scale in the ELISA project.” – Dr. Carsten Emde, General Manager, OSADL
“At Automotive Grade Linux, we are working closely with the Real-Time Linux project and the ELISA project in order to achieve functional safety certifications for automotive applications such as our instrument cluster, heads-up-display and ADAS solutions. By working closely with ELISA, this will help us provide automotive manufacturers with all of the testing artifacts and documentation they need to achieve safety certification for their AGL-based systems.” – Dan Cauchy, Executive Director of Automotive Grade Linuxat the Linux Foundation
“Civil Infrastructure Platform (CIP) Project is committed to improving implementation of Linux-based civil infrastructure systems through industrial grade software and a universal operating system that is maintained for more than ten years. We work closely with several open source project such as Real-Time Linux, Linux Kernel LTS and KernelCI to achieve Long Term Support (LTS) and safety and security certifications. We support the ELISA Project and its efforts to build and certify Linux-based safety-critical applications on a broader scale.” – Urs Gleim, Governing Board Chair of the Civil Infrastructure Platform, hosted at the Linux Foundation
ELISA Founding Members Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.
Arm “Safety and trust are the highest priorities for the automotive industry as vehicles become more autonomous and Arm’s Automotive Enhanced technologies are at the heart of systems powering these vehicles. The work the Linux Foundation is undertaking with the ELISA project complements Arm’s functional safety leadership and continued commitment to software enablement.” – Lakshmi Mandyam, VP automotive, Automotive and IoT Line of Business, Arm
KUKA “KUKA is looking forward to working with other Linux experts in order to define a series of methods and processes, with the goal of certifying Linux-based safety-critical systems.” – David Fuller, CTO, KUKA AG
Linutronix “We are happy to see that the SIL2Linux work will continue and advance with the launch of ELISA and provide a clear focus for the use of Linux in safety critical applications. ELISA will help to establish Linux in the industrial control world deeper than ever before.” – Heinz Egger, CEO, Linutronix
Toyota “Open source software has become a significant part of our technology strategy, and we want to help make it easier to use Linux-based applications. Toyota believes the ELISA project will support CASE use cases in an innovative way for the automotive industry.” – Mr. Masato Hashimoto, General Manager of E/E Architecture Development Div., Advanced R&D and Engineering Company,Toyota
About The Linux Foundation The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
# # #
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
