December 15, 2010
Hosted by: Siemens AG Corporate Technology CT T DE IT 1
Otto-Hahn-Ring 6, Building 63, Room no. 409
Munich, Germany

Linux for safety-related systems has been in discussion since nearly a decade, i.e. since 2001 when the Health and Safety Information (HSE) report on SOUP for safety-related systems was published titled "Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications" (HSE, 336/2001, PDF document). While this report did not exclusively focus on GNU/Linux - but it certainly was a main target, HSE published another assessment in 2002 that specifically dealt with GNU/Linux. The latter was titled "Preliminary assessment of Linux for safety related systems" (HSE RESEARCH REPORT 011, PDF document).

Nevertheless, with very few exceptions (FS20, SICAS ECC), there has been hardly any use of Linux in safety-related systems - one reason is that there are fundamental differences in how to approach pre-existing software compared to bespoke software. Making the necessary adaptations of the internal verification and certification procedures to cope with the specific requirements of Free and Open Source Software (FLOSS) and GNU/Linux is not an easy task and considered difficult and time-consuming. Overcoming this inertia is not a matter of a few simple methodologies being adopted but rather an introduction of a wide range of methods and procedures to allow achieving a comparable assurance in the correctness, reliability and robustness of FLOSS in general and GNU/Linux specifically. To this ends, the Safety Critical Linux Working Group is offering seminars on topics related to the utilization of GNU/Linux for safety-related systems.

Using Linux for safety related systems is, in part, questioned due to the uncertainty associated with the development life cycle (DLC) - while this assessment could be called valid for the original HSE report of 2001, this is by no means the case any longer with the current mainline development methodology.

The DLC itself is not a safety argument as such, rather it is a supportive argument to demonstrate that state-of-the-art methods to ensure code quality and bug detection/removal are in place and used. In this seminar, we will introduce the Linux development life-cycle in detail and provide the basic structure of the supportive arguments that could be included. Further, we show how the present practice and tool-chain allows to develop selection criteria for a kernel version, which also constitutes a relevant supportive argument in a safety case. Finally, we believe that it is essential for industrial users to understand how the Linux DLC works and how to integrate it to fully utilize the capabilities of the mainline Linux kernel.

The main topics covered in this one-day seminar are:

• Linux DLC Overview
• Mainline acceptance criteria
• Linux build-system related tools
• DLC assessment based kernel selection
• Supportive facilities of the Linux development
• Introduction of latest-stable
• Selection criteria outline

This seminar does not intend to limit itself to simply providing information, but we also will cover a number of core-tools hands-on. Some of the FLOSS tools that will be present and used are:

• GIT tractability
• Kbuild features
• Sparse / Coccinelle
• some QA monitoring tools and site