[SystemSafety] C for OSs
Roderick Chapman
roderick.chapman at googlemail.com
Fri Sep 6 17:42:07 CEST 2019
On 06/09/2019 16:17, Martyn Thomas wrote:
> SFAIK, the iFACTS air traffic control tools were written in SPARK and
> run on the bare hardware.
No... iFACTS runs on the same infrastructure as NERC, which is IBM
hardware running AIX (albeit a _very_ stable and well-controlled release
of AIX). For SPARK, this is something of an oddity, since most SPARK
system do indeed run bare-metal or on some sort of small RTOS.
The Muen hypervisor is an interesting an example - an entire x86_64
hypervisor, that is written in SPARK, and has been subject to proofs of
type-safety and so on. It's open source and here
https://muen.codelabs.ch
- Rod
More information about the systemsafety
mailing list