Skip to content

What does a complete set of safety processes look like?

Jump to bottom
Paul Albertella edited this page Oct 6, 2022 · 3 revisions

Safety concept

  • Define the safety concept for the system that includes Linux
  • What does achieving safety mean for this system?
    • What are its safety goals?
  • What system-level safety functions are necessary to accomplish this?
  • Safety analysis at this level (e.g. HARA) is focussed on the system as a whole
    • e.g. an Item in 26262

System concept

  • What is the architecture of the system that is responsible for implementing this safety concept?
    • How does Linux fit into this architecture?
  • What other functions (non-safety functions) does the system provide?
    • Which of these is Linux responsible for providing or supporting?
  • What goals apply to these non-safety functions (e.g. availability, performance)
    • We may need to balance these goals against safety goals

Software safety requirements

  • Specifically for the software element(s) of the system that involve Linux
  • What safety-critical functions are we expecting Linux to perform or support?
    • 'Support' meaning e.g. 'support by the executing environment for a userspace application'
  • What responsibilities have we assumed (Assumptions of Use) for other elements of the system in fulfilling these requirements?
    • e.g. What must userspace applications do or not do, what hardware features of the CPU are we relying on?
  • What must Linux not do if the system's safety goals are to be achieved?

Linux element definition

  • What is the scope and configuration of the system element(s) that involve Linux?
  • Which subsystems / features / drivers are actually needed in our element?
  • What kernel configurations are we going to use?
  • Defines (and constrains) the scope of what we mean by 'Linux' for our system context

Software-level safety analysis

  • How can we be confident that our Linux element achieves its safety requirements?
  • Exactly what is required here will be specified by the applicable standard
  • May be number of different aspects to consider:
    • Functional analysis:
      • What functionality are we relying on Linux to provide as part of the system's safety functions?
      • How can we be confident that Linux provides (and will continue to provide) this functionality?
    • Freedom from interference
      • How can we differentiate between safety and non-safety functions of the Linux element?
      • How can we be confident that non-safety functions (or other safety functions) will not interfere with a safety function?
    • Dependent failure analysis
      • If there is a failure in the Linux element, or in an element that it depends on, how can we prevent that failure from cascading to affect other elements?

Process-level safety analysis

  • How do our development and management processes contribute to managing risks, including those related to using Linux?
    • Configuration management, change management, requirements management, etc
    • Building and integrating the Linux element as part of the system
    • Testing the software and systems including it
  • How do you know when you're done?

Verification

  • How do we verify that Linux (and the other parts of the system involved) achieve these safety requirements?
Clone this wiki locally