In May, the ELISA Project hosted its 7th Workshop with 239 participants from 37 different countries. For a complete recap of the workshop, click here. Today, we’ll take a look at one of the sessions led by Artem Mygaiev, Director of Technology Solutions at EPAM Systems, Stefano Stabellini, Principal Engineer at Xilinx, about the Xen Project.
Tailored versions of Xen Hypervisor are used in mission-critical systems for years, but this was never the case for Xen’s mainline. Starting 2019, Special Interest Group in Xen Project works on identifying and eliminating obstacles on the way to safety-certify Xen. In this video, Artem and Stefano will talk about their approach, progress so far and collaboration with other groups within Linux Foundation.
Click here learn more about the ELISA Project, here for the Working Groups and here to join our mailing list.
The ELISA Project has several working groups each dedicated to a focus or use case. In today’s blog, we’ll take a look at the Safety Architecture Working Group, which aim’s to determine critical Linux subsystems and components in supporting safety functions, define associated safety requirements and scalable architectural assumptions, deliver corresponding safety analyses for their individual qualification and their integration into the safety critical system.
Gabriele Paoloni, Governing Board Chair for the ELISA Project, leads the Safety Architecture Working Group and recently gave an update about their mission, achievements and roadmap at the last ELISA Project Workshop. You can watch the presentation below.
ELISA Project Workshop May 2021: Safety Architecture Working Group Update
If you have questions or would like to join the Safety Architecture Working Group, they meet weekly on Tuesdays from 8-9 am ET (2-3 pm CET). Subscribe to the mail list here: https://lists.elisa.tech/g/safety-architecture.
Written by Gabriele Paoloni, Chair of the ELISA Project Governing Board and Lead Software Architect at Intel, and Paul Albertella, Contributor and Member of the ELISA Project and Consultant at Codethink
The latest ELISA workshop, hosted virtually on May 18-20, was a great reflection of how fast the community has grown and evolved over the last few months. Participation was almost double the previous workshop in February with 239 participants from 37 different countries. Additionally, we’ve seen more collaboration with other groups such as AUTOSAR and AGL. The existing working groups have been exploring an extensive range of topics and initiatives, and there are plans to add new working groups to help take some of these forward.
A number of presentations focused on the challenges of qualifying or certifying Linux for functional safety, and the limitations of the established routes presented in standards such as IEC62304, IEC61508 and ISO 26262, and innovative approaches to addressing these. One proposed strategy included a more comprehensive look at a Linux Architectural design, and using test and tracing techniques to verify system behaviour against a derived model. Another proposal, focused on top-down hazard analysis to define safety requirements, statistical analysis of tests on historical kernel versions to show where Linux satisfies these, and fault injection techniques to validate the safety mechanisms of the wider system.
There were also talks on how some of these ideas are being applied in the working groups, focussing on collaborative efforts in the Automotive, Safety Architecture and Development Process groups based on the Telltale use case. Other interesting sessions focused on technologies with possible applications for functional safety, including an introduction to real time configurations for Linux, and the use of authorisation hooking in security modules.
Discussions during these sessions made it clear that the community has a lot of new ideas to explore over the coming months and a lot of new participants eager to get involved. Work continues on the ELISA technical strategy, which will provide an important direction to this work, but there’s also a need to consolidate the innovative ideas and methodologies for qualifying Linux into the current working group activities, and evaluate the need for new working groups. As ELISA becomes more mature we need to define and refine the publication strategy for the outputs of working groups. There are also plans to develop ‘onboarding’ material for the project to help enable new participants to start contributing more quickly.
You can view the some of the presentation materials here when you click on each session. Some of the videos will be accessible too in the next few weeks.
Tuesday, May 18
Shuah Khan, the Chair of the ELISA Project Technical Steering Committee, kicked off the workshop with an overview of the project, the working group activities and the recent whitepaper summarizing their interactions and deliverables.
As the different working group updates were presented, it became clear that there is a great deal of collaboration between each group:
The Automotive WG refined the safety concept following feedback from the Safety Architecture WG and is working with the Tools Subgroup to optimize the active Kernel image footprint;
The Safety Architecture WG is working with the Development Process WG on safety analyses and on a new hybrid qualification approach;
The Medical Device WG is coming to a point where they need to hand over the safety requirements to the Safety Architecture WG for deeper Kernel analyses;
The Tools WG released a static code analysis framework that can be used along the qualification activities of the different WGs.
Additionally, Artem Mygaiev and Stefano Stabellini gave an introduction and update about the Functional Safety Special Interest Group (SIG) in the Xen project. This session was engaging as we shared feedback and ideas about functional safety from different perspectives.
Wednesday, May 19
Philipp Ahmann introduced the engagement between the Automotive WG and the Autosar Adaptive consortium. We have many common interests and goals that should easily help us build a solid foundation for future collaboration.
Then Roberto Paccapeli and Vito Magnanimo presented the current limitation of ISO26262 in qualifying a complex pre-existing SW component, like Linux, and the need for overcoming such limitations.
Gabriele Paoloni and Daniel Bristot de Oliveira presented an innovative approach (Hybrid Approach) that could be used as a scalable way to qualify Linux to be used in automotive safety critical applications; hence a proposal to overcome the above mentioned limitations.
Elana Copperman and Gabriele Paoloni presented the out of context analysis of the Linux Watchdog subsystem as a practical example of applying the Hybrid Approach, and how this is beneficial in the context of the Automotive WG’s Telltale use case.
Finally, Thomas Gleixner introduced the Linux Real-Time project, the challenges that they faced to meet timing constraints and all the different solutions they put in place to overcome them. It was a really nice tour of the project with lots of possible intercepts with functional safety systems.
Thursday, May 20
On the last day, Shuah Khan and Elana Copperman presented the work done to analyze Kernel configuration parameters (Kconfig) and their impact on Functional Safety, starting from some similar work done for Security (CWE).
Chris Temple then presented an overview of the possible SW qualification routes in
Functional Safety ranging from ISO26262 to IEC61508 reinforcing the current limitations of safety standards with respect to the qualification of complex SW components already discussed in the previous day.
Following this, Paul Sherwood and Paul Albertella presented yet another approach to overcome such limitations: an in-context approach based on a mix of safety analysis, testing of historical kernel versions and fault injection. This approach sparked a lot of interest and a need to further consider and discuss it across the different ELISA WGs was widely agreed.
STPA diagram from New Approach presentation
The final day closed with some wrap-up sessions discussing future activities to advertise ELISA and encourage new members to join, ELISA goals for the next quarter and a few stats about the current workshop.
It was wonderful to get together virtually as a community. With more than 200 participants, we hope that attendees were engaged in our work and welcome their thoughts and participating in any of our technical meetings and working groups. Click here learn more about the ELISA Project, here for the Working Groups and here to join our mailing list.
Written by George Dunlap, Xen Project Advisory Board Chair
Tailored versions of Xen Hypervisor have been used in mission-critical systems for years, but this was never the case for Xen’s mainline. Starting 2019, a Xen Project Functional Safety Special Interest Group was formed to identify and eliminate obstacles to safety-certify Xen.
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 61508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
At the upcoming ELISA Workshop on May 18-20, Artem Mygaiev, Director, Technology Solutions, EPAM Systems and Stefano Stabellini, Principal Engineer, Xilinx, will lay out some challenges of making safety certification achievable in open source. The talk, scheduled for May 18 at 7:30 am PDT, will primarily focus on the necessary processes, tooling changes, and community challenges that can prevent progress. Additionally, the talk will offer an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
Artem Mygaiev, EPAM Systems
Stefano Stabellini, Xilinx
This talk will provide real-life perspectives from open source community members on achieving safety certification. Audiences will have a clear understanding of what obstacles the group faced and how they are overcoming challenges, as well as how to set realistic expectations when embarking on this task. Add this talk to your schedule here: https://sched.co/j3SO.
The ELISA Workshop #6 will be held over 3 days, February 2-4, 2021.
Once again the ELISA technical community will gather virtually to continue advancing on topics and work relevant to functional safety and safe linux applications. The ELISA Workshop series are focused on education and outreach for new community members, exchanges of ideas and feedback from the linux kernel and safety communities, as well as productive collaboration to make tangible progress toward achieving the mission and goals of the ELISA Project.
Registration
Workshop registration is now closed.
All workshop attendees must register in order to receive session joining details.
Please contact workshop@elisa.tech for late registration requests or any other workshop related questions.
Session Schedule(UTC)
Day 1: Tuesday, February 2, 2021
12:00 – 12:30 Welcome and ELISA Strategy (Shuah Khan, Kate Stewart)
The ELISA community will collaborate virtually September 29 to October 1.
Over twenty sessions with topics ranging from Working Group updates to deep dives into linux technologies, follow-ups from Linux Plumber Conference, and extended collaborative working sessions are being planned over the course of the 3 days.
Registration
Registration closed at 5pm EDT, Thursday, September 24th.
The ELISA community will be collaborating virtually for the May Workshop on May 18-20. Over twenty sessions with focus ranging from new community member orientation, project strategy, work group update, to Linux kernel, lightning talks, and specific safety topics, are being planned over the course of the 3 days plus an add-on tutorial on your first kernel patch on Thursday.
Please Register by 5pm EDT, Friday May 15 to receive a calendar invite for the sessions on the schedule below. We look forward to your participation!
This workshop will be focused on technical topics to further evolve the discussions from the second workshop held in September. Initial suggestions currently include AnnexQR, IVI and openAPS use cases, and bridging multiple safety standards and etc. Anyone interested in software quality management around the Linux kernel, software safety management and engineering of pre-existing, tool development for Linux kernel development and investigations of the Linux kernel sources should attend.
The workshop is intended to be considered an open discussion and shall allow groups to start small project work on the topics we identified interesting, based on the different skills and interests of the participants. The exact agenda is open to discussion on the ELISA mailing list and up to the participants to finally decide.
Registration: The workshop is open to everyone, but you would need to register for the workshop to help us with event planning.
Recommended Hotels in Brussels centrum (Note – Toyota has no special rates for guests)
Date: 2019-09-16 and 2019-09-17 Time: 9:00 to 17:30 BST (breakfast available at 8:00 and lunch provided) Venue (Changed): Crick Room, University Arms (https://universityarms.com/)
Address: University Arms, Regent Street, Cambridge, CB2 1AD
This workshop will be focused on technical topics to further evolve the discussions from the first workshop held in June. Initial suggestions currently include application of AnnexQR, openAPS use case, and bridging multiple safety standards and etc. The workshop will also include working together on first project ideas and setting up groups to continue work with the experts available at this face-to-face meeting. Anyone interested in software quality management around the Linux kernel, software safety management and engineering of pre-existing, tool development for Linux kernel development and investigations of the Linux kernel sources should attend.
The workshop is intended to be considered an open discussion and shall allow groups to start small project work on the topics we identified interesting, based on the different skills and interests of the participants. The exact agenda is open to discussion on the ELISA mailing list and up to the participants to finally decide.
The workshop is open to everyone, but you would need to register for the workshop by 2019-09-10 by sending back a registration email on the ELISA mailing list (devel@lists.elisa.tech).
Recommended hotels are listed below. Please note, we have not contracted rooms at these properties and cannot guarantee rates or availability.