[SystemSafety] State of the art for "safe Linux"

Prof. Dr. Peter Bernard Ladkin ladkin at causalis.com
Mon Aug 5 17:42:00 CEST 2024 

Paul,

there seems to be a largish disconnect between the work you cite, and any applications I know of of 
safety-related software from my contacts in the 61508 standards community. I don't know specifically 
about the civil-aerospace applications as much as Dewi does.

If you (and colleagues) wish to use a given piece of software in a safety-critical application, I 
don't think you have any other option but to try to conform with applicable software functional 
safety standards, whether you like them or not. Any possible client must know that they will not be 
driven into bankruptcy if some system using this software fails and causes harm (which is always a 
possibility). That means you need some kind of assessment from recognised assessors such as TÜV 
Rheinland or TÜV Süd. Those assessors will write you a certificate concerning standards they are 
familiar with. A client can then use the software according to the conditions expressed in the 
certificate, and will be deemed by most courts (which is where claims of damages from harm end up) 
to have exercised what the Brits call due diligence by so doing.

If you want to change standards to accommodate another "vision", there is one and only one way of 
doing so. That is by joining a standards committee and influencing them to change the standard. That 
is harder than you may anticipate.

This business about "Linux kernel for safety-related systems" has been going on for so long. Other 
companies have written kernel-function OSs for safety-critical systems, and have assessment 
certificates for them from recognised assessors, all within that time. What's wrong with trying that 
route?

Imagining you can use statistical assessment to validate the use of complex software on complex 
hardware in critical applications, is, I would suggest, a pipe dream. The maths on the amount of 
evidence you need, let alone the constraints on the quality of that evidence, is sufficient to 
pretty much rule it out.

PBL

Prof. Dr. Peter Bernard Ladkin
Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
Tel: +49 (0)521 3 29 31 00

More information about the systemsafety mailing list