[SystemSafety] Qualification of libraries

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Mon Oct 26 15:41:34 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dr. Slotosch works with Validas AG, which is a spin-off from work of the Group of Manfred Broy at
TUM. As far as I know, they do validation of tools, but not validation of existing libraries for
use in safety-critical SW. Esterel has also had TüV Süd inspect their tool suite for use in
applications up to SIL 3, but as far as I know TüV Süd has not explicitly inspected and validated
libraries for general use in safety-critical SW.

- From what I understand, the manufacturers and Tier 1 suppliers have their own, in-house developed
libraries for such things. A decade ago, I had a few meetings with Stefan-Alexander Schneider of
BMW, also a Broy-group alumnus I understand, about this issue of qualifying existing SW. Dr.
Schneider spent a few years evaluating (having evaluated) C compilers according to
company-internal dependability requirements and reported at SAFECOMP 2007 in a panel session that
they hadn't identified any compilers at all which fulfilled their requirements.

So it was a pretty desperate state of affairs. I don't know that much has changed, because the
difficulties of later qualification of existing code are large and I am not aware of any
breakthrough. (Statistical evaluation is sometimes an option if the numbers are there in the right
context, but many consider, as it was recently put to me by a Wise Owl, "numbers are evil". No
they aren't. But the view appears to be widespread.)

One option is to use library functions with a contract specification which is similar to one that
has already been fulfilled in some other use. There are such. But many firms which have such
libraries/contract specs consider them IP, so good luck getting to them!

PBL

On 2015-10-26 15:18 , Stefan Friedrich wrote:
> Perhaps my question was a bit imprecise. I'm rather searching for libraries that are ready to 
> be qualified or are qualified components in the sense of the mentioned standards. (I assume 
> that the qualification has to take into account the context the libs are used in, which means 
> that they have to be qualified by the user after all and that's why the question was I asked 
> for qualification support.)
> 
> I could imagine that qualification of software components requires more effort than tool 
> qualification as they are part of the product.
> 
> Am 26.10.2015 um 14:18 schrieb Rolle, Ingo:
>> at our congress in 2011 we had some talks about this, for instance by somebody called Oskar 
>> Slotosch.
>> 
>> http://www.vde.com/de/Technik/fs/veranstaltungen/Seiten/Details.aspx?eventID=1588
>> 
>> -----Ursprüngliche Nachricht----- Von: systemsafety-bounces at lists.techfak.uni-bielefeld.de 
>> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] Im Auftrag von Stefan Friedrich
>>  Gesendet: Montag, 26. Oktober 2015 14:05 An: systemsafety at lists.techfak.uni-bielefeld.de 
>> Betreff: [SystemSafety] Qualification of libraries
>> 
>> Dear Safety Experts,
>> 
>> I'm wondering if there are tool providers who support ISO26262 or IEC 61508 compliant 
>> qualification of libraries such as the C/C++ standard libraries; this could be for instance 
>> in the form of or as a part of a compiler qualification kit. I'd appreciate any kind of
>> hints and comments.
>> 
>> Many thanks in advance!
>> 
>> Stefan Friedrich _______________________________________________ The System Safety Mailing 
>> List systemsafety at TechFak.Uni-Bielefeld.DE
>> 
> _______________________________________________ The System Safety Mailing List 
> systemsafety at TechFak.Uni-Bielefeld.DE
> 

- -- 
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de




-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJWLjueAAoJEIZIHiXiz9k+zngH/0trRXmtHtVl7cljQMem1L2c
Q7l3gzNGIlvuGfRTv1wQqATEm8wtPI9GPPJ8z5e4wtFtz+nfVgIU7ReXwoq2LMVj
m2ZBd1H2Fcegf9S98XRICByD22uxf4GyH0YcnppyaepFoQTn7XLfQCEiUs9q64nT
F4sfoCswprXqJwtRuamhY4QAinrK1wNvWVNEOGb1DecrA8cn+p/nDdma+Hvm1NG/
RvXpD8xJ9PasnVegYDYIfmII2XlWJKDeMlNRXEjab8AtL7Ow/ipm22iZ9vFN7h/0
o4aNv9QyCfrsUXOG93BSiE82sHwGFyGX/oHjOowrP/PHgYXid/OXwu7VhyrAk9g=
=MRjX
-----END PGP SIGNATURE-----


More information about the systemsafety mailing list