[SystemSafety] Critical systems Linux

[Michael J. Pont]

Paul Sherwood wrote:
> I may be missing something too, but as i understand it there are 
> established examples of software (e.g. microkernels) being 'pre-certified'
for 
> safety (I think the expression used is "safety element out of context") 
> without reference to a specific context and safety requirements.

You are correct.

In the world that I inhabit, many systems are assembled from such 'SEooCs'.

In summary, you buy (say) an 'ASIL D ready' microcontroller for your
automotive project.  This comes with documentation - including a safety
manual - that is intended to explain the assumptions that have been made
when developing the MCU and what is required to use it in an 'ASIL D
system'.

This MCU will typically be used with other 'ASIL D ready' components
(software and hardware).

The development process becomes a systems-engineering activity (we need to
assemble these SEooCs and provide 'glue logic' - mainly software - to link
them together).  

This process is not perfect, but it is the basis of most automotive projects
that I encounter.  

IEC 61508 projects also follow a similar route (in my experience).

There is a related concept that may be worth exploring, this time from the
medical sector (IEC 62304).  Here people talk about 'SOUP' (Software Of
Unknown Provenance).  This is software that is used in a medical system and
which was not developed in accordance with the standard.  The focus here is
using the SOUP components but 'wrapping them up' (to reduce the probability
that undefined SOUP behaviour could harm the patient).

Michael.

Michael J. Pont, PhD
SafeTTy Systems Ltd