[SystemSafety] Critical systems Linux

Peter Bernard Ladkin ladkin at causalis.com
Wed Nov 21 10:20:48 CET 2018



On 2018-11-21 09:35 , Michael J. Pont wrote:
>>> In the world that I inhabit, many systems are assembled from such 'SEooCs'.
> 
>> So it is in automotive, I take it ISO 26262 allows such processes? 
>> Is it explicit in the document?  If so, where?
>> PBL
> 
> Please start with ISO 26262: 2011, Part 10, Clause 9.
Thanks. That is all about safety cases. Clause 10 is about SEooC.

What I thought I was reading from contributors to this discussion was that there are certain things,
such as microkernels or OS elements, which are "certified" as SEooC. That is, an SEooC is a concrete
thing which comes with a certificate of some sort.

Far from it. An SEooC is not a concrete object at all. When I read Clause 10, an SEooC appears to be
an abstract entity, an element, which is a placeholder in an architecture for an object which must
satisfy certain safety requirements. These requirements are "assumed" when assessing the
architecture for fitness for purpose.

When implementing the system, the SEooC must be replaced by an item (a concrete thing) and it must
be checked ("verified") that the properties of the item allow it to fulfil the safety requirements
of the SWooC it implements.

That all seems to be reasonably in line with what one can expect from a system architectural
development by refinement of requirements.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181121/353eefb1/attachment.sig>


More information about the systemsafety mailing list