Difference between revisions of "FuSa SIG/Charter"

From Xen
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
  +
= Background =
{{InfoLeft|This charter is not yet finalized}}
 
Background
 
==========
 
   
Modern safety critical systems such as autonomous vehicles or industrial robots are constantly and rapidly increasing their complexity with cloud-connected and dynamically deployed functions. Keeping such systems “safe” may require reducing their complexity by separating critical and non-critical parts, or implementing functions migration, which in turn can be achieved with system level virtualization. While Xen hypervisor might be the best tool for system virtualization it still is limited in use since there is currently no simple way to certify Xen-based product for Functional Safety requirements - most of them are simply not addressed by community-driven development model and process.
+
Modern safety critical systems such as autonomous vehicles or industrial robots are constantly and rapidly increasing their complexity with cloud-connected and dynamically deployed functions. Keeping such systems “safe” may require reducing their complexity by separating critical and non-critical parts which can be achieved with Xen.
   
Goal
+
= Goal =
====
 
   
  +
Xen can be safety-certified: it has been certified in the past by individual companies, and experts groups have confirmed its certifiability after careful analysts of the codebase and contribution processes. However, the burden of the certification process falls on the user. The goal of the Xen FuSa SIG is to reduce this burden by moving upstream Xen closer to safety-certifiability. The Xen FuSa SIG oversees activities such as improving the Xen code quality and producing artifacts (documentation, tests, traceability matrices, etc.) necessary for certifications.
Create a framework and all required artifacts (documentation, tests, traceability matrices, etc.) that can be used to build and certify safety-critical systems (e.g compliant to IEC61508 or ISO26262) based on mainline Xen hypervisor codebase.
 
   
Members
+
= Members =
=======
 
   
  +
* ARM (Antonio Priore, Bertrand Marquis, Robin Randhawa)
Implementers
 
  +
* Citrix (George Dunlap)
 
  +
* EPAM (Artem Mygaiev, Alex Agizim)
- ARM (Antonio Priore, Julien Grall, Robin Randhawa)
 
  +
* LF (Kate Stewart)
- Citrix (George Dunlap, Lars Kurth)
 
  +
* Renesas (Hisao Munakata)
- EPAM (Artem Mygaiev, Alex Agizim)
 
  +
* Resiltech (Francesco Rossi)
- LF (Kate Stewart)
 
  +
* Xilinx (Stefano Stabellini)
- Renesas (Hisao Munakata)
 
- Resiltech (Francesco Rossi)
 
- Xilinx (Stefano Stabellini)
 
   
 
Assessors
 
Assessors
   
- Exida (Piotr Serwa)
+
* Exida (Piotr Serwa)
- MIRA (David Ward)
+
* MIRA (David Ward)
- TUV Rheinland (Robert Heinen)
+
* TUV Rheinland (Robert Heinen)
- TUV SUD (Bernhard Nalte, Claudio Gregorio)
+
* TUV SUD (Bernhard Nalte, Claudio Gregorio)
   
Scope
+
= Scope =
=====
 
   
 
SIG activities can be represented in several streams:
 
SIG activities can be represented in several streams:
   
  +
=== Code Quality ===
### Safety Management System
 
   
  +
Improve Xen code quality and safety. Implement features to improve real-time and reduce interference. Improve Xen coding style and align it with MISRA-C.
Definition and implementation for the safety management system that can coexist with generic Xen mainline development.
 
   
*Keywords: hazard analysis, safety manual*
+
''Keywords: MISRA, code quality, static analysis, real-time''
   
### Documentation
+
=== Documentation ===
   
 
Define and implement guidelines, templates and examples related to requirements, architecture, design and API documentation. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.
 
Define and implement guidelines, templates and examples related to requirements, architecture, design and API documentation. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.
   
*Keywords: documentation,* *requirements, architecture, design, APIs,* *traceability*
+
''Keywords: documentation,'' ''requirements, architecture, design, APIs,'' ''traceability''
   
### Verification Tests
+
=== Verification Tests ===
   
 
Define and implement guidelines and examples related to the verification of requirements, architecture, design and APIs as required for safety certification. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.
 
Define and implement guidelines and examples related to the verification of requirements, architecture, design and APIs as required for safety certification. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.
   
*Keywords: traceability, testing, dynamic analysis*
+
''Keywords: traceability, testing, dynamic analysis''
 
### Community Interactions and ProcessesProcess to eliminate gaps of community-driven development
 
 
Define and implement processes to keep documentation artifacts (requirements, architecture, design) and corresponding validation & verification artifacts updated without significant changes in existing development process and tools. This will require backing from all key members of Xen project community (maintainers, committers). Such artifacts can be made public which will benefit the community.
 
 
Define and implement processes to keep a subset of Xen hypervisor codebase MISRA compliant without significant impact on generic mainline development. This may include implementing guidelines and changes to coding standard, probably the most painful change requiring support from all key members of Xen project community (maintainers, committers), as well as retrospective application of defined guidelines to existing codebase.
 
 
*Keywords: MISRA, fusa clang compiler, code maintainability, code coverage, static analysis, process, community, documentation, verification*
 
 
### Process Automation Tools
 
 
Most of the processes above shall be optimized or fully automated with software tools - either existing or new, FOSS or proprietary.
 
 
*Keywords: code minimization tool, impact analysis tool, coverity, qa-verify, osstest*
 
 
Considerations
 
==============
 
   
At the initial stage SIG operate independently from Linux Foundation but this may be changed with time.
 
At the initial stage SIG operate independently from Linux Foundation but this may be changed with time.
 
   
 
[[Category:Safety Certification/FuSa SIG]] [[Category:Safety Certification]]
 
[[Category:Safety Certification/FuSa SIG]] [[Category:Safety Certification]]

Latest revision as of 01:38, 15 March 2022

Background

Modern safety critical systems such as autonomous vehicles or industrial robots are constantly and rapidly increasing their complexity with cloud-connected and dynamically deployed functions. Keeping such systems “safe” may require reducing their complexity by separating critical and non-critical parts which can be achieved with Xen.

Goal

Xen can be safety-certified: it has been certified in the past by individual companies, and experts groups have confirmed its certifiability after careful analysts of the codebase and contribution processes. However, the burden of the certification process falls on the user. The goal of the Xen FuSa SIG is to reduce this burden by moving upstream Xen closer to safety-certifiability. The Xen FuSa SIG oversees activities such as improving the Xen code quality and producing artifacts (documentation, tests, traceability matrices, etc.) necessary for certifications.

Members

  • ARM (Antonio Priore, Bertrand Marquis, Robin Randhawa)
  • Citrix (George Dunlap)
  • EPAM (Artem Mygaiev, Alex Agizim)
  • LF (Kate Stewart)
  • Renesas (Hisao Munakata)
  • Resiltech (Francesco Rossi)
  • Xilinx (Stefano Stabellini)

Assessors

  • Exida (Piotr Serwa)
  • MIRA (David Ward)
  • TUV Rheinland (Robert Heinen)
  • TUV SUD (Bernhard Nalte, Claudio Gregorio)

Scope

SIG activities can be represented in several streams:

Code Quality

Improve Xen code quality and safety. Implement features to improve real-time and reduce interference. Improve Xen coding style and align it with MISRA-C.

Keywords: MISRA, code quality, static analysis, real-time

Documentation

Define and implement guidelines, templates and examples related to requirements, architecture, design and API documentation. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.

Keywords: documentation, requirements, architecture, design, APIs, traceability

Verification Tests

Define and implement guidelines and examples related to the verification of requirements, architecture, design and APIs as required for safety certification. Develop a strategy to produce missing documentation and work with the Community Interactions and Processes stream to ensure documentation stays up-to-date and is generated where needed.

Keywords: traceability, testing, dynamic analysis