Date
1 - 2 of 2
Comments about Kernel Qualification
|
Biasci Alessandro
Hi Gabriele,
These are our comments about the presentation (ww14_Linux_Qualification.pptx) you shared with us: - Slide 2: minor comment, wording ISO26262 defines only one method to "qualify" pre-existing SW that is described in Part 8.12 as stated in 12.1 Objectives: The objective of the qualification of software components is to provide evidence for their suitability for re-use in items developed in compliance with the ISO 26262 series of standards. On the other hand, Part 6 shall be used for SW development in accordance with ISO26262 following the described V-cycle. - Slide 3 - Minor comment "A SW unit is commonly considered as a single function" --> can be considered also as a C file (with its header(s) defining the public interface) According to the ISO26262-1 definitions: a. software component --> one or more software units b. software unit --> atomic level software component of the software architecture that can be subjected to stand-alone testing. So we'd suggest to modify : "a single functionality/feature" decoupling the design (functionality) from the implementation level (C function). - Slide 8 - Major comment: In a "standard" process, between the phases : a. Assumed safety requirements and CoUs of each unit are used to derive architecture models (e.g. UML diagrams or equivalent) describing the interactions between the different units and b. Tests can be written to verify the correctness of the architectural model. This provides a high level of confidence on the code as well in the model itself (a test failing means that either the code is broken or the model is broken) you should perform a safety analysis in order to analyze failure modes that could be not addressed by testing of such complex software system. In our opinion the approach described could create a dangerous shortcut to the application of ISO26262. Thus, each time a company should develop a complex system it can decide to qualify the single pieces (SW units, component whatever is the name) according to 8.12 and then perform testing without doing a complete safety analysis. If the purpose is to tailor Unit Testing and Unit Design, according to ISO26262 Part 6.8 and 6.9, this approach could work but we think that safety analysis at software architectural level is recommended. B.R. Alessandro & Fabrizio __________________________________________________________________________________ Alessandro Biasci - Project Manager Tel: +39 050 991 1122 – Mobile: +39 392 931 9451 __________________________________________________________________________________ EVIDENCE S.r.l. Address: Via Francesco Squartini, 42, 56121 – Pisa (PI), Italy __________________________________________________________________________________ EVIDENCE S.r.l. is a company registered in Italy at the Company Registration Office of Pisa, with registered number 01638690501 and equity capital € 27,200 fully paid up, whose registered office is in Via Francesco Squartini 42, 56121 Pisa, Italy. EVIDENCE S.r.l. is 100% owned by Huawei Technologies Cooperatief U.A. ________________________________________________________________________________________________________________________ This e-mail and its attachments contain confidential information from EVIDENCE, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! Thank you. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ PRIVACY NOTICE: Pursuant to Art. 13 of the General Data Protection Regulation 2016/679 (GDPR), EVIDENCE S.r.l. informs you that the personal data contained in this email will be collected and treated for the acquisition of information preliminary to the conclusion of contracts, for the definition of the contractual relationship, as well as for the fulfillment of legal requirements related to civil, tax and accounting law or any other legal obligation to which EVIDENCE may be subject. Personal data will not be subject to disclosure and spread unless otherwise required by law. Huawei will take appropriate security measures to protect personal data against loss, misuse disclosure or destruction of the information. Personal Data held may be transferred to countries outside the European Union, however EVIDENCE has put in place appropriate safeguards for the transfer of personal data to third countries by adopting the standard data protection clauses of the EU Commission. Personal Data are kept for a period necessary for the fulfillment of contract obligations unless otherwise required by law. You can exercise your rights under Art. 15 and following of the GDPR (i.e. right of access, rectification, erasure, restriction, portability, objection) by contacting EVIDENCE at this email address: privacy.evidence@... or through the following channel: www.huawei.com/en/personal-data-request. You have also the right to lodge a complaint with the competent supervisory authorities. If you need any further information or have any queries on how EVIDENCE process your personal data, please send an email to our Data Protection Officer at dpo@... Data Controller is EVIDENCE S.r.l. with registered office in Pisa, Via Francesco Squartini 42, 56121.
|
|
|
|
Paoloni, Gabriele <gabriele.paoloni@...>
Hi Alessandro
toggle quoted messageShow quoted text
(CC-ing the devel process wg mailing list given that we discussed about the same topic yesterday) Many thanks for the feedbacks (this is exactly what I need to refine and improve), pls see inline
-----Original Message-----WRT slide2 I can introduce the problem saying that a pre-exisitng SW can be either qualified according to 8.12 or assessed according to part6. I guess this would provide a better wording for the current status. In general for me it is difficult to picture a C file and its headers as << atomic level software component of the software architecture that can be subjected to stand-alone testing >>; commonly a C file provides multiple functionalities. BTW I propose to clarify rewording as follows: " A SW unit is considered as a single functionality/feature that usually results in a single function" The approach also includes a safety analysis (you can see for instance what we did for ioctl()); however it is not explained in the slides. Actually to a bigger extent yesterday in the devel process wg it came out that I should better explain the hybrid qualification process in more detail and I took the A.I. to do it for next week. So bear this with me and I will come up with a better explanation Let's revisit this comment once I have described in detail the full qualification process. Thanks again Gab --------------------------------------------------------------------- INTEL CORPORATION ITALIA S.p.A. con unico socio Sede: Milanofiori Palazzo E 4 CAP 20094 Assago (MI) Capitale Sociale Euro 104.000,00 interamente versato Partita I.V.A. e Codice Fiscale 04236760155 Repertorio Economico Amministrativo n. 997124 Registro delle Imprese di Milano nr. 183983/5281/33 Soggetta ad attivita' di direzione e coordinamento di INTEL CORPORATION, USA This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
|
|
|