Skip to main content
Category

Safety-Critical Software Summit

Xen Project’s Progress Toward Safety Certification – Stefano Stabellini, AMD

By Blog, Industry Conference, Safety-Critical Software Summit

Embedded Open Source Summit (EOSS) is an umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration, discussions and education.  The event is composed of different  micro conferences including Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit.

The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions.

embedded open source summit 2024 - ELISA Project

At the Safety Critical Software Summit, Stefano Stabellini, AMD provided a comprehensive update on the Xen Project’s advancements toward achieving safety certification. The Xen Project is an open source, static partitioning hypervisor designed for embedded and automotive applications. It ensures strict isolation between domains, making it a prime candidate for the highest levels of safety certification, such as ISO 26262 for automotive and IEC 61508 for industrial applications.

Stefano detailed the collaborative efforts between AMD and the Xen Community, initiated in 2023, to make Xen safety-certifiable across AMD x86 and ARM architectures. Over nine months, the team has integrated 80% of the relevant MISRA C rules into Xen’s coding standards and resolved numerous MISRA C violations. The introduction of MISRA C checkers into the upstream Xen CI loop has been a critical step in maintaining code quality by preventing new violations from entering the codebase.

The talk emphasized the Xen Project’s rigorous approach to safety certification, highlighting the adoption of a flexible and adaptable MISRA C compliance strategy. This approach included deviating certain MISRA rules that were too restrictive or not entirely applicable to Xen’s mature codebase, while still leveraging MISRA’s robust guidelines to improve code safety and quality.

Stefano also discussed the development of software safety requirements, a key component of the certification process. These requirements are structured hierarchically into market requirements, product requirements, and detailed software safety requirements, each linking to specific tests and traceable through tools like OpenPASS Trace.

The presentation emphasized the importance of integrating MISRA C scanning into the continuous integration (CI) process to detect and address violations early. Additionally, it highlighted the need for using modern tools and methodologies for writing and managing safety requirements, aligning them with open-source community practices.

Stefano concluded by outlining the next steps, including the ongoing upstreaming of safety requirements and further development of the testing infrastructure. 

You can find the presentation slides here.

 

To see all of the videos from the Summit, visit the ELISA Youtube Channel and click on the Safety-Critical Software Summit Playlist

Learn more about the ELISA Project by:

Aligning Automotive Standards with Open Source Excellence

By Blog, Safety-Critical Software Summit

Dylan Dawson, Head of Partner Management at Elektrobit Automotive GmbH, gave a presentation about “Aligning Automotive Standards with Open Source Excellence,” at The Safety-Critical Software Summit, which took place on April 16-18 in Seattle, Washington. 

Free and open-source software (FOSS), particularly Linux, is gaining traction in automotive embedded solutions and High-Performance Computing Platforms due to its advantages over proprietary alternatives. However, assuming liability for FOSS-based issues presents challenges in software quality assurance and risk control. The automotive industry, relying on the ASPICE maturity model and safety standards for assessment, faces a mismatch with the decentralized nature of FOSS development, driven by community contributions. FOSS’s decentralized quality assurance measures make single-entity regulation impractical, compounded by the extensive Linux code base, rendering low-level ASPICE Process Reference Model processes economically infeasible.

This presentation proposes a tailored approach incorporating ASPICE with compensation measures for FOSS specifics. This aims to achieve quality assurance and risk mitigation goals, enabling assessment through the ASPICE Process Assessment Model and adherence to functional safety standards. The video details these strategies, emphasizing a nuanced approach harmonizing FOSS principles with industry standards for reliability and safety in automotive computing. Watch here: 

 

The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions. To see all of the videos from Summit, visit the ELISA Youtube Channel and click on the Safety-Critical Software Summit Playlist

Learn more about the ELISA Project by:

Safety-Critical Software Summit Schedule Now Live

By Announcement, Blog, Safety-Critical Software Summit

Last week, the Linux Foundation announced the full schedule for Open Source Summit North America, the premier event for open source code and community contributors. The leading gathering for the global open source community offers 200+ sessions presented through 16 microconferences, exploring the most crucial and innovative topics driving open source advancements today.

Embedded Open Source Summit is also being held April 16-18 in Seattle, Washington, alongside Open Source Summit North America. The Safety-Critical Software Summit, sponsored by the ELISA Project, will be under the EOSS umbrella and aims to gather safety experts and open source developers to enable and advance the use of open source in safety-critical applications.

The Safety-Critical Software Summit will take place on Thursday, April 18. Check out the schedule below, which is in PST:

Check out the complete schedule here. Register here by February 24 for an early bird discount. Those who register for Open Source Summit can add on registration for Embedded Open Source Summit for free.

Learn more about the ELISA Project by:

Advancing Open Source Safety-Critical Systems (video)

By Blog, Safety-Critical Software Summit

The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe.

EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Philipp Ahmann, Technical Business Development Manager at Robert Bosch GmbH and Chair of the ELISA Project TSC, presented a session titled, “ELISA Status and Outlook: Advancing Open Source Safety-Critical Systems.”

These days, open source software can be found in almost every reasonably complex product running software. It runs in medical devices, robots, vehicles, and even outer space. In the underlying industry sectors, certification and safety integrity standards play an important role which at first glance seem at odds with the use of pre-existing open source software, not developed strictly in accordance with industry standards.

In this video, recent ELISA project deliverables in the field of elements, processes, and tools are highlighted. These include system theoretic process analysis, workload tracing, call-tree visualization on kernel level, and reproducible example use-cases from the field of medical devices and automotive. Their role in reducing the burden for companies to build and certify open source based safety-critical applications is shown. Additionally, an overview of upcoming ELISA activities in 2023 is provide and how cross project collaboration is established, as the ELISA work streams include interaction with e.g. the Zephyr, Xen, AGL, yocto, and SPDX community. A few statements on the overall challenges of safety-critical use cases using free open-source software will help to pick up those audience which is new to safety-critical or open source development. 

 

 

 

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Coding Guidelines – to Comply or Not Comply – Some Myth Busting (video)

By Blog, Safety-Critical Software Summit

The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe.

EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Nicole Pappler, CTO and Founder of AlektoMetis, and Philipp Ahmann, Technical Business Development Manager at Robert Bosch GmbH and Chair of the ELISA Project TSC, presented a session titled, “Coding Guidelines – to Comply or Not Comply – Some Myth Busting.”

While adhering to certain coding styles is a good practice in software projects, adhering to coding guidelines for safety critical applications is still something rather exotic in open source projects. As open source projects now more and more start to address the needs of functional safety applications, considering coding guidelines preferred by existing functional safety projects seems to become necessary. The most used rules for coding guidelines in the safety critical context are MISRA rules. While applying these can be quite beneficial for most applications, there is a significant number of exceptions where blindly following these rules causes more problems than it solves.

In this video, Nicole and Philipp discuss the most common coding guidelines, best practices and arguments when following the MISRA rules conflicts with the expectations of the project. Acceptance criteria for non-compliance cases along with examples of acceptable deviations will be presented. This is not contra coding guidelines, but illustrates how coding guidelines are beneficial for a project, what to consider when designing a project’s coding guidelines and how the lessons learned by the application of MISRA rule sets can be applied to languages that are not (yet?) covered by widely accepted rule sets.

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

RAFIA – A Roadmap for Certifying Open Source for Use in Safety-Relevant Systems (video)

By Blog, Safety-Critical Software Summit

The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe.

EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Paul Sherwood, Chairman of Codethink, presented a session titled, “RAFIA – A Roadmap for Certifying Open Source for Use in Safety-Relevant Systems.”

 

Many organizations would like to deploy open source software in safety-relevant systems, but face extreme challenges in demonstrating that the results would be safe and compliant with relevant standards such as ISO 61508 and ISO 26262.

In this video, Paul explains RAFIA (Risk Analysis, Automated Testing, Fault Injection, Mitigation and Compliance), a methodology devised by Codethink and shared in public via the ELISA Project, which helps us to establish confidence in the use of open source software to support specific safety goals and demonstrate compliance with applicable standards. The component steps of RAFIA will be covered in detail with examples, as well as lessons learned by Codethink in developing and applying the process for an embedded Linux-based operating system supporting a safety-relevant in-vehicle workload.

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

 

Real Time Linux in Safety-Critical Systems: The Potential and the Challenges (video)

By Blog, Safety-Critical Software Summit

The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe. 

Shuah Khan

EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Elana Copperman, ELISA Ambassador, Linux Features for Safety-Critical Systems WG Chair and Systems Safety Architect at Mobileye, and Shuah Khan, ELISA Ambassador, member of the ELISA TSC and Linux Fellow at The Linux Foundation, gave a presentation titled, “RTL in Safety-Critical Systems: The Potential and the Challenges.

The Real Time Linux (RTL) collaborative project was established to help coordinate the efforts around mainlining Preempt RT and ensuring that the maintainers have the ability to continue development work, long-term support and future research of RT. The RTL project has been active in adding Preempt RT features in to the mainline kernel. It is time for a closer look on how these features can be used in Safety-Critical Systems.

In this video, we provide a brief overview of Real Time Linux and potential usage in Safety-Critical systems. In addition, we discuss how these features may be relevant to support system safety. We go over the following areas that are most relevant:

1. Tools for analysis of system workload resource usage and performance impact.

2. Kernel configs, guidelines on usage.

3. Relevant system parameters, generic and architecture specific.

4. Test frameworks and how they may be used to investigate and demonstrate safety features.

The PPT presentation can be found here or watch the video below.

https://youtu.be/ShcEarZTcRY?si=5CYTxWOkiOvoHzQ1

 

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Safety Certifying an Open Source Project: The Example of Xen

By Blog, Safety-Critical Software Summit

The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe. 

EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Stefano Stabellini, Fellow at AMD, and Bertrand Marquis, Principal Software Engineer at ARM, gave a presentation titled,Safety Certifying an Open Source Project: The Example of Xen.

Safety is important to software everywhere human lives are at risk. In these environments, safety standards must be followed to minimize the risk to humans and to follow regulations. Safety standards such as ISO 26262 come with a series of requirements and processes that sometimes clash with well-established Open Source software development practices. How do we reconcile safety certifications and Open Source?

This presentation will provide some insights to answer that question, using the Xen hypervisor as an example. Xen has a micro-kernel design and provides a virtualization solution for embedded and automotive while having a code base small enough to make certifications possible. This presentation will go through the changes to upstream processes that the Xen community adopted during the last 12 months to align community activities with safety-certification requirements. It will discuss any additional changes planned for the near future. The talk will also cover the latest updates from the Xen FuSa working group on MISRA C, traceability, testing, etc. Watch the video below:

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Linux in Aerospace: Objections and Paths Forward

By Blog, Safety-Critical Software Summit, Working Group

The Linux Foundation hosted the Embedded Open Source Summit, a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe. 

The event hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Peter Brink, Functional Safety Engineering Leader at Underwriter Laboratories (UL) and Steven H. VanderLeest, Chief Technologist for Boeing Linux at Boeing, gave a presentation titled, “Debating Linux in Aerospace: Objections and Paths Forward.”

Traditionally, safety-critical flight software used in aerospace is closed, proprietary code from a handful of commercial vendors. Although open-source software could provide several benefits, there are significant hurdles that prevent widespread adoption. First, we list some of the potential benefits of open source for safety-critical aerospace applications. Second, we present an overview of the key concepts and standards for flight software. Third, we identify the objections and concerns for using Linux as the avionics real-time operating system, which is software that generally needs the highest levels of assurance. For each objection, we suggest a possible path forward to address the concern.

Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.

Learn more about linux and aerospace by joining the ELISA Aerospace Working Group. For all upcoming ELISA Working Group meetings and public seminars, please go to https://lists.elisa.tech/calendar.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.