Mission

The SIL2LinuxMP project aims at a use-case certification of an embedded GNU/Linux RTOS running on a multi-core industrial COTS computer board.

Abstract

Traditionally, safety-critical systems isolate the safety-related functions ideally into a simple node, exclusively covering a minimal and simple functionality. Such safe computing nodes traditionally run on "simple" single-core processors and use a minimum software stack. Contemporary single core CPUs are no longer simple and the growing complexity of systems, e.g. including network security requirements, complex control algorithms and even cognitive functions for autonomy raise the complexity beyond what small and simple single core CPUs can handle. This traditional approach to functional safety is changing as nicely expressed by NASA procedural requirements for safety related software:

"This Standard does not discourage the use of software in safety-critical systems. When designed and implemented correctly, software is often the first, and sometimes the best, hazard detection and prevention mechanism in the system." [NASA NPR 8719.13B 1.2]

The changes noted above coincide with significant developments of the past decade impacting the design of safety-related systems · growing system complexity and safety demands · broad introduction of multi-core CPUs · significant change in the development dynamics · dramatically increasing algorithmic complexity

Staying at "simple" single-core computers would come at the price of de-coupling from the main-stream chip and computer-science development and that, in the long run, would induce more risks than it will mitigate.

Goal

Of the OSADL SIL2LinuxMP project is to bring together a number of international safety experts to define processes, tools and mechanisms to allow for certification at safety integrity level 2 of preexisting software components.