Workshop

Written by Gabriele Paoloni, Chair of the ELISA Project Governing Board and Lead Software Architect at Intel, and Paul Albertella, Contributor and Member of the ELISA Project and Consultant at Codethink

The latest ELISA workshop, hosted virtually on May 18-20, was a great reflection of how fast the community has grown and evolved over the last few months. Participation was almost double the previous workshop in February with 239 participants from 37 different countries. Additionally, we’ve seen more collaboration with other groups such as AUTOSAR and AGL. The existing working groups have been exploring an extensive range of topics and initiatives, and there are plans to add new working groups to help take some of these forward.

A number of presentations focused on the challenges of qualifying or certifying Linux for functional safety, and the limitations of the established routes presented in standards such as IEC62304, IEC61508 and ISO 26262, and innovative approaches to addressing these. One proposed strategy included a more comprehensive look at a Linux Architectural design, and using test and tracing techniques to verify system behaviour against a derived model. Another proposal, focused on top-down hazard analysis to define safety requirements, statistical analysis of tests on historical kernel versions to show where Linux satisfies these, and fault injection techniques to validate the safety mechanisms of the wider system.

There were also talks on how some of these ideas are being applied in the working groups, focussing on collaborative efforts in the Automotive, Safety Architecture and Development Process groups based on the Telltale use case. Other interesting sessions focused on technologies with possible applications for functional safety, including an introduction to real time configurations for Linux, and the use of authorisation hooking in security modules. 

Discussions during these sessions made it clear that the community has a lot of new ideas to explore over the coming months and a lot of new participants eager to get involved. Work continues on the ELISA technical strategy, which will provide an important direction to this work, but there’s also a need to consolidate the innovative ideas and methodologies for qualifying Linux into the current working group activities, and evaluate the need for new working groups. As ELISA becomes more mature we need to define and refine the publication strategy for the outputs of working groups. There are also plans to develop ‘onboarding’ material for the project to help enable new participants to start contributing more quickly.

You can view the some of the presentation materials here when you click on each session. Some of the videos will be accessible too in the next few weeks.  

Tuesday, May 18

Shuah Khan, the Chair of the ELISA Project Technical Steering Committee, kicked off the workshop with an overview of the project, the working group activities and the recent whitepaper summarizing their interactions and deliverables.

As the different working group updates were presented, it became clear that there is a great deal of collaboration between each group:

• The Automotive WG refined the safety concept following feedback from the Safety Architecture WG and is working with the Tools Subgroup to optimize the active Kernel image footprint;
• The Safety Architecture WG is working with the Development Process WG on safety analyses and on a new hybrid qualification approach;
• The Medical Device WG is coming to a point where they need to hand over the safety requirements to the Safety Architecture WG for deeper Kernel analyses; 
• The Tools WG released a static code analysis framework that can be used along the qualification activities of the different WGs.

Additionally, Artem Mygaiev and Stefano Stabellini gave an introduction and update about the Functional Safety Special Interest Group (SIG) in the Xen project. This session was engaging as we shared feedback and ideas about functional safety from different perspectives. 

Wednesday, May 19

Philipp Ahmann introduced the engagement between the Automotive WG and the Autosar Adaptive consortium. We have many common interests and goals that should easily help us build a solid foundation for future collaboration. 

Then Roberto Paccapeli and Vito Magnanimo presented the current limitation of ISO26262 in qualifying a complex pre-existing SW component, like Linux, and the need for overcoming such limitations.

Gabriele Paoloni and Daniel Bristot de Oliveira presented an innovative approach (Hybrid Approach) that could be used as a scalable way to qualify Linux to be used in automotive safety critical applications; hence a proposal to overcome the above mentioned limitations.

Elana Copperman and Gabriele Paoloni presented the out of context analysis of the Linux Watchdog subsystem as a practical example of applying the Hybrid Approach, and how this is beneficial in the context of the Automotive WG’s Telltale use case.

Finally, Thomas Gleixner introduced the Linux Real-Time project, the challenges that they faced to meet timing constraints and all the different solutions they put in place to overcome them. It was a really nice tour of the project with lots of possible intercepts with functional safety systems.

Thursday, May 20

On the last day, Shuah Khan and Elana Copperman presented the work done to analyze Kernel configuration parameters (Kconfig) and their impact on Functional Safety, starting from some similar work done for Security (CWE).

Chris Temple then presented an overview of the possible SW qualification routes in

Functional Safety ranging from ISO26262 to IEC61508 reinforcing the current limitations of safety standards with respect to the qualification of complex SW components already discussed in the previous day.

Following this, Paul Sherwood and Paul Albertella presented yet another approach to overcome such limitations: an in-context approach based on a mix of safety analysis, testing of historical kernel versions and fault injection. This approach sparked a lot of interest and a need to further consider and discuss it across the different ELISA WGs was widely agreed.

STPA diagram from New Approach presentation

The final day closed with some wrap-up sessions discussing future activities to advertise ELISA and encourage new members to join, ELISA goals for the next quarter and a few stats about the current workshop. 

It was wonderful to get together virtually as a community. With more than 200 participants, we hope that attendees were engaged in our work and welcome their thoughts and participating in any of our technical meetings and working groups. Click here learn more about the ELISA Project, here for the Working Groups and here to join our mailing list. 

Written by George Dunlap, Xen Project Advisory Board Chair

Tailored versions of Xen Hypervisor have been used in mission-critical systems for years, but this was never the case for Xen’s mainline. Starting 2019, a Xen Project Functional Safety Special Interest Group was formed to identify and eliminate obstacles to safety-certify Xen.

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 61508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.

At the upcoming ELISA Workshop on May 18-20, Artem Mygaiev, Director, Technology Solutions, EPAM Systems and Stefano Stabellini, Principal Engineer, Xilinx, will lay out some challenges of making safety certification achievable in open source.  The talk, scheduled for May 18 at 7:30 am PDT, will primarily focus on the necessary processes, tooling changes, and community challenges that can prevent progress. Additionally, the talk will offer an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.

This talk will provide real-life perspectives from open source community members on achieving safety certification. Audiences will have a clear understanding of what obstacles the group faced and how they are overcoming challenges, as well as how to set realistic expectations when embarking on this task. Add this talk to your schedule here: https://sched.co/j3SO.

The ELISA Workshop is free and open to the public. Check out the schedule and register today: https://events.linuxfoundation.org/elisa-workshop/.

The ELISA Workshop #6 will be held over 3 days, February 2-4, 2021.

Once again the ELISA technical community will gather virtually to continue advancing on topics and work relevant to functional safety and safe linux applications. The ELISA Workshop series are focused on education and outreach for new community members, exchanges of ideas and feedback from the linux kernel and safety communities, as well as productive collaboration to make tangible progress toward achieving the mission and goals of the ELISA Project.

Registration

Workshop registration is now closed.

All workshop attendees must register in order to receive session joining details.

Please contact workshop@elisa.tech for late registration requests or any other workshop related questions.

Session Schedule (UTC)

Day 1: Tuesday, February 2, 2021

12:00 – 12:30 Welcome and ELISA Strategy (Shuah Khan, Kate Stewart)

12:30 – 13:00 Summary of Safety Architecture WG Activities (Gab Paoloni)

13:00 – 13:30 Summary of Automotive WG Activities (Jochen Kall)

13:30 – 14:00 Summary of Development WG Activities (Elana Copperman)

14:00 – 14:30 Introduction of Tool Investigation and Code Improvement Subgroup (Lukas Bulwahn)

14:30 – 15:00 Summary of Medical Devices WG (Kate Stewart)

15:00 – 16:00 Effective Use of MISRA Checkers (Gabriele Paoloni, Eli Gurvitz, Roberto Paccapeli, Maurizio Iacaruso)

16:00 – 17:00 Testing Strategy for Safety Qualification and FFI Evidences (Gabriele Paoloni, Eli Gurvitz)

Day 2: Wednesday, February 3, 2021

10:30 – 11:30 Cybersecurity Expectations in the Automotive World (Andreas Gasch)

11:30 – 12:30 Code Coverage Analysis for GLibC (Eli Gurvitz, Ashutosh Pandey)

12:30 – 13:30 Intel’s Linux Test Robot (Eli Gurvitz, Oliver Sang, Philip Li)

13:30 – 14:00 Linux in Basic Safety Application White Paper Update (Jason Smith)

14:00 – 15:00 Manage ELISA Documenation in GitHub (Paul Albertella, Pete Brink, Jochen Kall, John MacGregor, Jason Smith)

15:00 – 15:30 Updates on Measuring Code Review in Linux Kernel (Basak Erdamar, Lukas Bulwahn)

15:30 – 16:00 Lightening Talks (Lukas Bulwahn)

16:00 – 18:00 Kernel Configuration for Safety Critical Applications (Shuah Khan, Elana Copperman)

Day 3: Thursday, February 4, 2021

12:00 – 12:30 To Whom It May Concern, Please Integrate My Patch (Pia Eichinger, Lukas Bulwahn, Ralf Ramsauer, Wolfgang Mauerer)

12:30 – 13:30 Networking / Social Mixer (those who express interest will be sent a separate meeting invite)

13:30 – 14: 30 Goal Setting for Next Quarter (Shuah Khan)

14:30 – 15:00 Workshop Wrap-up (Shuah Khan, Kate Stewart)

15:00 – 17:00 Kernel Testing Reference Process and Follow-ups for ELISA (Elana Copperman, Kate Stewart, Paul Albertella, Pete Brink)

Questions?

Have questions about the ELISA Workshop? Please contact workshop@elisa.tech.

The ELISA community will collaborate virtually September 29 to October 1.

Over twenty sessions with topics ranging from Working Group updates to deep dives into linux technologies, follow-ups from Linux Plumber Conference, and extended collaborative working sessions are being planned over the course of the 3 days.

Registration

Registration closed at 5pm EDT, Thursday, September 24th.

Attending Workshop Sessions

Please go to Workshop Session Calendar for session virtual meeting details.

Note: Only registered participants are sent session calendar invites/notifications and access the session calendar.

Session Schedule (UTC)

Day 1: Tuesday, September 29

12:00 – 12:30 Welcome to Workshop (Shuah Khan and Kate Stewart)

12:30 – 13:30 Summary of Safety Architecture WG Activities (Gab Paoloni)

13:30 – 14:00 Linux in Basic Safety White Paper Update (Jason Smith)

14:00 – 15:00 stress-ng Update (Colin King and Eli Gurvitz)

15:00 – 16:00 Software Engineering Competency Model (Peter Brink)

Day 2: Wednesday, September 30

11:00 – 12:00 Introduction to Smatch (Dan Carpenter)

12:00 – 12:30 Summary of Automotive WG Activities (Jochen Kall)

12:30 – 13:00 Summary of Medical Devices WG Activities (Kate Stewart)

13:00 – 14:00 EDAC Support in Linux and Implications for Use in FuSa system (Gab Paoloni, Chris Temple, Corey Minyard)

14:00 – 15:00 Kernel Documentation (Jon Corbet)

15:00 – 15:30 An Introduction to MISRA C:2012 (Roberto Bagnara)

15:30 – 16:00 Preliminary Analysis of a Linux Configuration WRT Some MISRA C:2012 Mandatory Guidelines (Roberto Bagnara)

16:00 – 16:30 Continuing Discussion from Linux Plumbers Dependability Session (Shuah Khan, Kate Stewart, Lukas Bulwahn)

17:00 – 18:00 Mining Kernel Development Data (Başak Erdamar)

Day 3: Thursday, October 1

11:00 – 12:00 Safety Analysis of Linux Powered Open Source Medical Device (Shaun Mooney)

12:00 – 13:00 Summary of Kernel Development WG Activities (Elana Copperman)

13:00 – 14:00 Qualification of Linux for Autonomous Driving Applications Targeting ASILB (Gab Paoloni)

14:00 – 15:00 Goal Setting for Next Quarter (Shuah Khan)

15:00 – 15:30 Workshop Wrap-up (Shuah Khan and Kate Stewart)

15:30 – 18:00 Extended Working Session on Mapping Safety Standards to Kernel Evidence (Elana Copperman)

The ELISA community had a successful first virtual workshop May 18-20.

Missed any sessions? Or wanted to dive deeper into the topics?

Listen back to the recordings and review workshop materials at your convenience.