Skip to main content

Xen Project’s Progress Toward Safety Certification – Stefano Stabellini, AMD

Embedded Open Source Summit (EOSS) is an umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration, discussions and education.  The event is composed of different  micro conferences including Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit.

The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions.

embedded open source summit 2024 - ELISA Project

At the Safety Critical Software Summit, Stefano Stabellini, AMD provided a comprehensive update on the Xen Project’s advancements toward achieving safety certification. The Xen Project is an open source, static partitioning hypervisor designed for embedded and automotive applications. It ensures strict isolation between domains, making it a prime candidate for the highest levels of safety certification, such as ISO 26262 for automotive and IEC 61508 for industrial applications.

Stefano detailed the collaborative efforts between AMD and the Xen Community, initiated in 2023, to make Xen safety-certifiable across AMD x86 and ARM architectures. Over nine months, the team has integrated 80% of the relevant MISRA C rules into Xen’s coding standards and resolved numerous MISRA C violations. The introduction of MISRA C checkers into the upstream Xen CI loop has been a critical step in maintaining code quality by preventing new violations from entering the codebase.

The talk emphasized the Xen Project’s rigorous approach to safety certification, highlighting the adoption of a flexible and adaptable MISRA C compliance strategy. This approach included deviating certain MISRA rules that were too restrictive or not entirely applicable to Xen’s mature codebase, while still leveraging MISRA’s robust guidelines to improve code safety and quality.

Stefano also discussed the development of software safety requirements, a key component of the certification process. These requirements are structured hierarchically into market requirements, product requirements, and detailed software safety requirements, each linking to specific tests and traceable through tools like OpenPASS Trace.

The presentation emphasized the importance of integrating MISRA C scanning into the continuous integration (CI) process to detect and address violations early. Additionally, it highlighted the need for using modern tools and methodologies for writing and managing safety requirements, aligning them with open-source community practices.

Stefano concluded by outlining the next steps, including the ongoing upstreaming of safety requirements and further development of the testing infrastructure. 

You can find the presentation slides here.


To see all of the videos from the Summit, visit the ELISA Youtube Channel and click on the Safety-Critical Software Summit Playlist

Learn more about the ELISA Project by: