Hi At least I now have a framework to explain what's bugging me (Thanks Chris). To Elana's question: Referring to the conceptual model of an architectural description[1] which was linked in Chris' description, safety is a concern to be accounted for in an architecture. In other words, it's an aspect of the architecture. For me, it's a matter of taste if the WG chooses to concentrate on the safety architecture or the architecture in general. If the decision is explicit, I can live with it somehow or other. That being said, I'd focus on all aspects of the architecture in the WG. To Gab's question: I really don't know. But one of the fundamental confusions I see is that both the Development Process WG and the Architecture WG seem to focus on the Kernel on purpose. That is, regardless of their names, they're both the Kernel Architecture WG and the Kernel Development Process WG. As a practical matter, I find that unfortunate. At least in the short term, I think it's more likely that the accreditation route will be over the system. That is, in 26262 terms, we are more likely to be successful certifying over Part 6 in the context of an item or over Part 8 Qualification rather than Part 6 SEooC (terminology from Part 10, Clause 9, Table 4). In that case, the architecture and development processes we should be primarily concerned with are the system integrator's rather than the Kernel's. To the Architecture / Architecture Design question: I think that an architecture, as defined in Chris' reference, is far too abstract for the work the WG is doing. For me, the work is probably being done at the second-last level of abstraction: at the level of an abstract watchdog driver to cover all the possible watchdog drivers for particular watchdog hardware and software implementations. The next level up in abstraction would be at the VFS Level. As I said in the telco, as far I can tell, we're modelling a synchronous call on the driver. As we discussed in the Automotive WG, there's also the possibility of changing the watchdog file in /dev. This probably uses entirely different mechanisms and control flow. The Kernel's decision to implement both a control flow over ioct and /dev was probably a design decision in my terminology. So, for me, the Arch WG is working at the design level at the most. If we want to call that "Architecture Design" I can live with it. Cheers John [1] http://www.iso-architecture.org/ieee-1471/cm/
On 05/05/2021 11:38, Paoloni, Gabriele wrote: Hi Elana
I would like first to clarify the name "architecture" while it is used in the current
discussions that we are having about the hybrid mode.
Then we can see if we need to revisit the WG name
Thanks
Gab
-----Original Message-----
From: Copperman, Elana (Mobileye) <elana.copperman@...>
Sent: Wednesday, May 5, 2021 11:34 AM
To: Paoloni, Gabriele <gabriele.paoloni@...>; John MacGregor
<open.john.macgregor@...>; Christopher Temple
<Christopher.Temple@...>; Gurvitz, Eli (Mobileye)
<eli.gurvitz@...>; Peter.Brink@...; Paul Albertella
<paul.albertella@...>; devel@...; safety-
architecture@...
Subject: RE: [ELISA Technical Community] [ELISA Safety Architecture WG]
What’s in a name?
Gab, now I am confused.
Isn't it safety architecture? This also matches the WG name, as well as the
definitions below.
Regards
Elana
-----Original Message-----
From: safety-architecture@... <safety-
architecture@...> On Behalf Of Paoloni, Gabriele
Sent: Wednesday, May 5, 2021 12:32 PM
To: John MacGregor <open.john.macgregor@...>; Christopher
Temple <Christopher.Temple@...>; Gurvitz, Eli (Mobileye)
<eli.gurvitz@...>; Peter.Brink@...; Paul Albertella
<paul.albertella@...>; devel@...; safety-
architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture WG]
What’s in a name?
Hi guys
WRT the discussions that we are having right now about the hybrid mode I
think that the best nomenclature would be "SW Architecture"
or "SW Architecture Design" and to disambiguate we could clearly refer to:
ISO26262-6.7 - " Software architectural design".
What do you think?
Thanks
Gab
-----Original Message-----
From: safety-architecture@... <safety-
architecture@...> On Behalf Of John MacGregor
Sent: Wednesday, May 5, 2021 10:30 AM
To: Christopher Temple <Christopher.Temple@...>; Gurvitz, Eli
(Mobileye) <eli.gurvitz@...>; Peter.Brink@...; Paul
Albertella <paul.albertella@...>; devel@...;
safety- architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture
WG] What’s in a name?
Hi Chris
The referenced definition is great - in-depth, with a discussion of
the different perceptions of the term "architecture" and then again
not too long. It addresses my concern that the definition must be
more than just nomenclature.
Note the link at the top of the page to the conceptual model. While
it's more or less what I would have expected, I liked the emphasis on
the facts that the model is abstract and that it should focus on
documenting the concerns and decisions driving the architecture.
I hope we can find more such good descriptions for other problematic
terms in the realm of safety and embedded systems.
Cheers
John
On 04/05/2021 23:11, Christopher Temple wrote:
It could be a long discussion.
Couldn't we work with ISO/IEC/IEEE 42010 http://www.iso- architecture.org/ieee-1471/defining-architecture.html ?
It's quite close to the understandings shared below.
Best regards
Chris
-----Original Message-----
From: devel@... <devel@...> On Behalf Of
Gurvitz,
Eli (Mobileye) via lists.elisa.tech
Sent: Dienstag, 4. Mai 2021 23:01
To: Peter.Brink@...; open.john.macgregor@...; Paul
Albertella <paul.albertella@...>; devel@...; safety-
architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture
WG] What’s in a name?
And I'd like to add that the first 3 types of "architecture"s that
Paul lists
below are one and the same, phrased in different forms of technical English.
So I'd like to suggest that we think of "architecture" as a set of
components, their properties and the interfaces between them. Together
they comprise a "system" whose purpose is to implement some specific requirements.
Thanks,
Eli
-----Original Message-----
From: devel@... <devel@...> On Behalf Of
Brink,
Peter via lists.elisa.tech
Sent: Tuesday, May 04, 2021 20:16
To: open.john.macgregor@...; Paul Albertella <paul.albertella@...>; devel@...; safety-
architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture
WG] What’s in a name?
Which is kind of the point of an architecture 😊
-----Original Message-----
From: devel@... <devel@...> On Behalf Of
John
MacGregor via lists.elisa.tech
Sent: Tuesday, May 4, 2021 10:14 AM
To: Brink, Peter <Peter.Brink@...>; Paul Albertella <paul.albertella@...>; devel@...; safety-
architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture
WG] What’s in a name?
Mea Culpa,
I've always been guilty of seeing the forest and forgetting a couple
of
trees...
On 04/05/2021 19:12, Brink, Peter wrote:
Not a botanist indeed, John. You left off the calyx and the
corolla in your
flower description.
-----Original Message-----
From: devel@... <devel@...> On Behalf Of
John MacGregor via lists.elisa.tech
Sent: Tuesday, May 4, 2021 9:54 AM
To: Paul Albertella <paul.albertella@...>;
devel@...; safety-architecture@...
Subject: Re: [ELISA Technical Community] [ELISA Safety Architecture
WG]
What’s in a name?
Hi Paul
Great start. I'd have started with Shakespeare too!
The point for me, as I said in the last Sync Telco, was the issue
is not just
the nomenclature. It's understanding what comprises each of the
concepts and what role in the development process they serve. An
architecture differs from a design which differs from an
implementation at least in the level of abstraction and granularity.
I'll probably have to expand on the idea in the future (and I don't
have
time now). But for now, I'll give a small example:
The architecture of a rose is probably aligned with the attributes
that
make it recognisable:
- a stem with thorns, branches and leaves
- a flower with a certain distinctive petal form
- a distinctive smell that may or may not repel enemies
The design of a rose could
- refine the shape and effects of the thorns, branches, leaves, petals,
to support structural stability, environmental robustness, etc.
- address nourishment and reproduction issues, adding roots,
pistils and stamen
The implementation of a rose might detail the different breeds of
roses.... Hey, even botanists get it :-) [1]
I'm not a botanist, and off the top of my head, I'm not sure
whether the
non-functional aspects (nourishment and reproduction) aren't
architectural concerns, but I'm using the example as a light-hearted
example of the differences in abstraction and granularity.
Cheers
John
BTW, the _Name_ of the Rose is a vaastly different kettle of fish.
[1]
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjour
nals.ashs.org%2Fhortsci%2Fview%2Fjournals%2Fhortsci%2F54%2F2%2Farticl
e
-
p236.xml&data=04%7C01%7CPeter.Brink%40ul.com%7C1343db7da51b4
93608
0208d90f201ff9%7C701159540ccd45f087bd03b2a3587569%7C0%7C0%7C63755
74529
14338884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
V2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=twe4Zl9o6LJSxw5r
MdDA3wv
ionay%2BhN%2Fs7zGnrSK0dc%3D&reserved=0
On 04/05/2021 18:19, Paul Albertella wrote:
Hi,
What’s in a name? that which we call a rose By any other name
would smell as sweet
--- W Shakespeare "Romeo and Juliet"
As John MacGregor commented on today's Safety Architecture call,
our discussions are occasionally marred by misunderstandings
arising from the use of terminology that *seems* to be
unambiguous, but actually means different things to different people,
or in different contexts.
I believe that we can help to address this by compiling a common
'lexicon' of terms and definitions that we can use in ELISA
discussions and publications, relating these to specific domains
or contexts where necessary.
The term 'architecture', which John picked on today, for example,
has at least four distinct meanings in the context of ELISA. Here
are are some definitions that may be helpful:
1) Software architecture
The Software Engineering Body of Knowledge [1] includes
architecture under the general heading of design, noting that
"Architectural design describes how software is organized into
components", while "Detailed design describes the desired behavior
of these components."
It adds that a software architecture can be strictly defined as
"the set of structures needed to reason about the system, which
comprise software elements, relations among them, and properties
of both”, but notes that it can be further subdivided into 'views'
(physical, logical, process, development), focusing on different
aspects of the system (distribution, functionality, concurrency,
implementation).
2) System architecture
This has a very similar meaning to the term in the software
context, but extends the scope to include the hardware components
of a system.
IEC 61508 defines architecture as a "specific configuration of
hardware and software elements in a system". ISO 26262 [3] applies
the term to both hardware/software combinations and pure software
elements, defining it as a "representation of the structure of the
item or element that allows identification of building blocks,
their boundaries and interfaces, and includes the allocation of
requirements to these building blocks".
3) Safety architecture
This is more or less the same as a system architecture, but
focussing only on safety.
ISO 26262 [3] defines it as the "set of elements and their
interaction to fulfil the safety requirements", where an element
may be a system, component (hardware or software), hardware part,
or
software unit.
4) CPU architecture
The term 'architecture' in discussions about the Linux kernel
frequently has a different meaning again, referring to the
underlying architecture of the processor (x86, ARM, MIPs, etc) in
a target system, and the associated 'architecture-specific'
components of the
kernel.
Regards,
Paul
[1]
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
w
.computer.org%2Feducation%2Fbodies-of-knowledge%2Fsoftware-
engineerin
g&data=04%7C01%7CPeter.Brink%40ul.com%7C1343db7da51b49360802
08d90
f201ff9%7C701159540ccd45f087bd03b2a3587569%7C0%7C0%7C637557452914
3488
79%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
zIiLCJBTi
I6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NpmQyjx9wYhQDEzy8z5
s98f4p7i
nt%2Fr5DqGlDlkTWAQ%3D&reserved=0
[2]
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farc
hive.org%2Fdetails%2Fgov.in.is.iec.61508.4.1998&data=04%7C01%7CPe
ter.Brink%40ul.com%7C1343db7da51b4936080208d90f201ff9%7C701159540cc
d4
5f087bd03b2a3587569%7C0%7C0%7C637557452914348879%7CUnknown%7C
TWFpbGZs
b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
0%3
D%7C1000&sdata=3RMrJan1IqiCJ0Wv4kgXQqTAtpThyJjNhUcZckGJ180%
3D&
;reserved=0 [3]
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
w
.iso.org%2Fobp%2Fui%2F%23iso%3Astd%3Aiso%3A26262%3A-
1%3Aed-
2%3Av1%3Ae
n&data=04%7C01%7CPeter.Brink%40ul.com%7C1343db7da51b49360802
08d90
f201ff9%7C701159540ccd45f087bd03b2a3587569%7C0%7C0%7C637557452914
3488
79%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
zIiLCJBTi
I6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4XCPMIOfGI1ZLwmLRU
wVf4fjET7
FtlQZYxGd%2FESASoU%3D&reserved=0
This e-mail may contain privileged or confidential information. If
you are
not the intended recipient: (1) you may not disclose, use, distribute,
copy or rely upon this message or attachment(s); and (2) please notify
the sender by reply e-mail, and then delete this message and its attachment(s).
Underwriters Laboratories Inc. and its affiliates disclaim all
liability for any errors, omissions, corruption or virus in this message or any attachments.
This e-mail may contain privileged or confidential information. If
you are
not the intended recipient: (1) you may not disclose, use, distribute,
copy or rely upon this message or attachment(s); and (2) please notify
the sender by reply e-mail, and then delete this message and its
attachment(s).
Underwriters Laboratories Inc. and its affiliates disclaim all
liability for any errors, omissions, corruption or virus in this message or any attachments.
--------------------------------------------------------------------
-
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material
for the
sole use of the intended recipient(s). Any review or distribution by
others is strictly prohibited. If you are not the intended recipient,
please contact the sender and delete all copies.
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose
the contents to any other person, use it for any purpose, or store or
copy the information in any medium. Thank you.
---------------------------------------------------------------------
INTEL CORPORATION ITALIA S.p.A. con unico socio
Sede: Milanofiori Palazzo E 4
CAP 20094 Assago (MI)
Capitale Sociale Euro 104.000,00 interamente versato Partita I.V.A. e Codice
Fiscale 04236760155 Repertorio Economico Amministrativo n. 997124 Registro
delle Imprese di Milano nr. 183983/5281/33 Soggetta ad attivita' di direzione e
coordinamento di INTEL CORPORATION, USA
This e-mail and any attachments may contain confidential material for the
sole use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
---------------------------------------------------------------------
INTEL CORPORATION ITALIA S.p.A. con unico socio
Sede: Milanofiori Palazzo E 4
CAP 20094 Assago (MI)
Capitale Sociale Euro 104.000,00 interamente versato
Partita I.V.A. e Codice Fiscale 04236760155
Repertorio Economico Amministrativo n. 997124
Registro delle Imprese di Milano nr. 183983/5281/33
Soggetta ad attivita' di direzione e coordinamento di
INTEL CORPORATION, USA
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
|
