| 1. |
- Ekman, M., et al.
(författare)
-
Tool qualification for safety related systems
- 2014
-
Ingår i: Ada User Journal. - 1381-6551. ; 35, s. 47-54
-
Tidskriftsartikel (refereegranskat)abstract
- Tools used in the development of safety related software applications need to be qualified as safe. That is, the tools cannot be allowed to introduce hazardous faults into the application, e.g., a compiler shall not generate dangerous code due to failure of the compiler. In many cases laws and regulations require the product development of safety related applications to comply with industry sector specific safety standards. Examples of such standards include EN50129/50128 for railway applications, ISO/EN13849 for machines with moving parts, DO-178B/C for avionics, or IS026262 for cars. These standards require the use of a rigorous development and maintenance process. The standards are also mainly intended to be used when developing systems from scratch. However, most development and test tools are not developed from scratch according to the rigorous processes of these standards. In order to address this issue, some of the standards provide means for qualifying existing tools as a more lightweight and pragmatic alternative to a regular certification process. In this paper we analyze the concept of these qualification approaches. The result of the analysis in our contribution includes a set of approaches that can be applied individually or as a combination in order to reduce the effort needed for qualifying tools. As a running example we use one of the most flexible but at the same time dangerous, even prohibited, maintenance techniques available: dynamic instrumentation of executing code. With this example, we describe how exceptions in these standards can be utilized in order to qualify a dynamic instrumentation tool with a minimal effort, without following the process of tool certification as defined by the standards.
|
|
| 2. |
- Lindgren, Per, et al.
(författare)
-
RTFM-lang static semantics for systems with mixed criticality
- 2014
-
Ingår i: Ada User Journal. - 1381-6551. ; 35:2, s. 128-132
-
Tidskriftsartikel (refereegranskat)abstract
- In an embedded system, functions often operate under different requirements. In the extreme, a failing safety critical function may cause collateral damage (and hence consider to be a system failure) while non critical functions affect only the quality of service. Approaches by partitioning the system's functions into sandboxes require virtualization mechanisms by the underlying platform and thus prohibit deployment to the bulk of microcontroller based systems. In this paper we discuss an alternative approach based on static semantic analysis performed directly on the system specification expressed in the form of an object oriented (00) model in the experimental language RTFM-lang. This would allow to (at compile time) to discriminate in between critical and non-critical functions, and assign these (by means of statically checkable typing rules) appropriate access rights. In particular, one can imagine dynamic memory allocations to be allowed only in non-critical functions, while on the other hand, direct interaction with the environment may be restricted to the critical parts. With respect to scheduling, a static task and resource configuration allows e.g. Stack Resource Policy (SRP) based approaches to be deployed. In this paper we discuss how this can be achieved in a mixed critical setting.
|
|
