[SystemSafety] Critical systems Linux

Tom Ferrell tom at faaconsulting.com
Wed Nov 21 15:14:21 CET 2018


As someone who frequently audits specific projects where organizational level approvals have been granted by TÜV Süd, I would suggest their focus tends to be more broad and not to the same depth that I am accustomed to for aviation.  The KCG code generator contained within SCADE has been qualified multiple times for aviation work.  This qualification is based on the fact that KCG is built on a formal language, LUSTRE.  The proofs accomplished to demonstrate the model to code conversion have been looked at repeatedly and found to be complete and correct in all cases that I am aware of.

From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Olwen Morgan
Sent: Wednesday, November 21, 2018 9:00 AM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Critical systems Linux


On 21/11/2018 10:16, Peter Bernard Ladkin wrote:

<snip>

What it means is that TÜV Süd (those last two letters are lower-case) has investigated the system and says that it can be used in certain ways with certain properties which TÜV has claimed to have established to a certain "systematic capability". Since much of the evidence TÜV Süd will have looked at is IP, you as a user don't get all the required evidence for your safety case. TÜV just says "trust us" and many assessors do.

<snip>

Esterel's SCADE tool has been certified for use in safety-critical applications by one TuV but I've worked on a machine safety project in which another TuV appeared to discourage its use because, AFAI recall, they felt uneasy about the fitness-for-purpose of the generator that it used to create C code from system models.

Perhaps TuVs should print the certificates on toilet paper?



Olwen




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181121/e4388aa7/attachment-0001.html>


More information about the systemsafety mailing list