Comments about Kernel Qualification


Biasci Alessandro
 

Hi Gabriele,
These are our comments about the presentation (ww14_Linux_Qualification.pptx) you shared with us:

- Slide 2: minor comment, wording
ISO26262 defines only one method to "qualify" pre-existing SW that is described in Part 8.12 as stated in 12.1 Objectives:
The objective of the qualification of software components is to provide evidence for their suitability for re-use in items developed in compliance with the ISO 26262 series of standards.
On the other hand, Part 6 shall be used for SW development in accordance with ISO26262 following the described V-cycle.

- Slide 3 - Minor comment
"A SW unit is commonly considered as a single function" --> can be considered also as a C file (with its header(s) defining the public interface) According to the ISO26262-1 definitions:
a. software component --> one or more software units
b. software unit --> atomic level software component of the software architecture that can be subjected to stand-alone testing.
So we'd suggest to modify : "a single functionality/feature" decoupling the design (functionality) from the implementation level (C function).

- Slide 8 - Major comment:
In a "standard" process, between the phases :
a. Assumed safety requirements and CoUs of each unit are used to derive architecture models (e.g.
UML diagrams or equivalent) describing the interactions between the different units and
b. Tests can be written to verify the correctness of the architectural model. This provides a high level of
confidence on the code as well in the model itself (a test failing means that either the code is broken
or the model is broken)
you should perform a safety analysis in order to analyze failure modes that could be not addressed by testing of such complex software system.

In our opinion the approach described could create a dangerous shortcut to the application of ISO26262. Thus, each time a company should develop a complex system it can decide to qualify the single pieces (SW units, component whatever is the name) according to 8.12 and then perform testing without doing a complete safety analysis.

If the purpose is to tailor Unit Testing and Unit Design, according to ISO26262 Part 6.8 and 6.9, this approach could work but we think that safety analysis at software architectural level is recommended.

B.R.
Alessandro & Fabrizio

__________________________________________________________________________________
Alessandro Biasci - Project Manager
Tel: +39 050 991 1122 – Mobile: +39 392 931 9451
__________________________________________________________________________________
EVIDENCE S.r.l.
Address: Via Francesco Squartini, 42, 56121 – Pisa (PI), Italy
__________________________________________________________________________________
EVIDENCE S.r.l. is a company registered in Italy at the Company Registration Office of Pisa, with registered number 01638690501 and equity capital € 27,200 fully paid up, whose registered office is in Via Francesco Squartini 42, 56121 Pisa, Italy. EVIDENCE S.r.l. is 100% owned by Huawei Technologies Cooperatief U.A.
________________________________________________________________________________________________________________________
This e-mail and its attachments contain confidential information from EVIDENCE, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! Thank you.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PRIVACY NOTICE: Pursuant to Art. 13 of the General Data Protection Regulation 2016/679 (GDPR), EVIDENCE S.r.l. informs you that the personal data contained in this email will be collected and treated for the acquisition of information preliminary to the conclusion of contracts, for the definition of the contractual relationship, as well as for the fulfillment of legal requirements related to civil, tax and accounting law or any other legal obligation to which EVIDENCE may be subject. Personal data will not be subject to disclosure and spread unless otherwise required by law. Huawei will take appropriate security measures to protect personal data against loss, misuse disclosure or destruction of the information. Personal Data held may be transferred to countries outside the European Union, however EVIDENCE has put in place appropriate safeguards for the transfer of personal data to third countries by adopting the standard data protection clauses of the EU Commission. Personal Data are kept for a period necessary for the fulfillment of contract obligations unless otherwise required by law. You can exercise your rights under Art. 15 and following of the GDPR (i.e. right of access, rectification, erasure, restriction, portability, objection) by contacting EVIDENCE at this email address: privacy.evidence@... or through the following channel: www.huawei.com/en/personal-data-request. You have also the right to lodge a complaint with the competent supervisory authorities. If you need any further information or have any queries on how EVIDENCE process your personal data, please send an email to our Data Protection Officer at dpo@... Data Controller is EVIDENCE S.r.l. with registered office in Pisa, Via Francesco Squartini 42, 56121.


Paoloni, Gabriele <gabriele.paoloni@...>
 

Hi Alessandro

(CC-ing the devel process wg mailing list given that we discussed about the same topic yesterday)

Many thanks for the feedbacks (this is exactly what I need to refine and improve), pls see inline

-----Original Message-----
From: safety-architecture@... <safety-
architecture@...> On Behalf Of Biasci Alessandro via
lists.elisa.tech
Sent: Friday, April 16, 2021 10:36 AM
To: safety-architecture@...
Subject: [ELISA Safety Architecture WG] Comments about Kernel
Qualification

Hi Gabriele,
These are our comments about the presentation
(ww14_Linux_Qualification.pptx) you shared with us:

- Slide 2: minor comment, wording
ISO26262 defines only one method to "qualify" pre-existing SW that is
described in Part 8.12 as stated in 12.1 Objectives:
The objective of the qualification of software components is to provide
evidence for their suitability for re-use in items developed in compliance with
the ISO 26262 series of standards.
On the other hand, Part 6 shall be used for SW development in accordance
with ISO26262 following the described V-cycle.
WRT slide2 I can introduce the problem saying that a pre-exisitng SW can be
either qualified according to 8.12 or assessed according to part6. I guess this would
provide a better wording for the current status.


- Slide 3 - Minor comment
"A SW unit is commonly considered as a single function" --> can be
considered also as a C file (with its header(s) defining the public interface)
According to the ISO26262-1 definitions:
a. software component --> one or more software units
b. software unit --> atomic level software component of the software
architecture that can be subjected to stand-alone testing.
So we'd suggest to modify : "a single functionality/feature" decoupling the
design (functionality) from the implementation level (C function).
In general for me it is difficult to picture a C file and its headers as << atomic level
software component of the software architecture that can be subjected to stand-alone
testing >>; commonly a C file provides multiple functionalities.
BTW I propose to clarify rewording as follows:
" A SW unit is considered as a single functionality/feature that usually results in a single
function"


- Slide 8 - Major comment:
In a "standard" process, between the phases :
a. Assumed safety requirements and CoUs of each unit are used to derive
architecture models (e.g.
UML diagrams or equivalent) describing the interactions between the
different units and
b. Tests can be written to verify the correctness of the architectural model.
This provides a high level of
confidence on the code as well in the model itself (a test failing means
that either the code is broken
or the model is broken)
you should perform a safety analysis in order to analyze failure modes that
could be not addressed by testing of such complex software system.
The approach also includes a safety analysis (you can see for instance
what we did for ioctl()); however it is not explained in the slides.
Actually to a bigger extent yesterday in the devel process wg it came out
that I should better explain the hybrid qualification process in more detail
and I took the A.I. to do it for next week.
So bear this with me and I will come up with a better explanation


In our opinion the approach described could create a dangerous shortcut to
the application of ISO26262. Thus, each time a company should develop a
complex system it can decide to qualify the single pieces (SW units,
component whatever is the name) according to 8.12 and then perform
testing without doing a complete safety analysis.
Let's revisit this comment once I have described in detail the full qualification
process.

Thanks again
Gab


If the purpose is to tailor Unit Testing and Unit Design, according to ISO26262
Part 6.8 and 6.9, this approach could work but we think that safety analysis at
software architectural level is recommended.

B.R.
Alessandro & Fabrizio

__________________________________________________________
________________________
Alessandro Biasci - Project Manager
Tel: +39 050 991 1122 – Mobile: +39 392 931 9451
__________________________________________________________
________________________
EVIDENCE S.r.l.
Address: Via Francesco Squartini, 42, 56121 – Pisa (PI), Italy
__________________________________________________________
________________________
EVIDENCE S.r.l. is a company registered in Italy at the Company Registration
Office of Pisa, with registered number 01638690501 and equity capital €
27,200 fully paid up, whose registered office is in Via Francesco Squartini 42,
56121 Pisa, Italy. EVIDENCE S.r.l. is 100% owned by Huawei Technologies
Cooperatief U.A.
__________________________________________________________
__________________________________________________________
____
This e-mail and its attachments contain confidential information from
EVIDENCE, which is intended only for the person or entity whose address is
listed above. Any use of the information contained herein in any way
(including, but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient(s) is prohibited.
If you receive this e-mail in error, please notify the sender by phone or email
immediately and delete it! Thank you.
----------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
PRIVACY NOTICE: Pursuant to Art. 13 of the General Data Protection
Regulation 2016/679 (GDPR), EVIDENCE S.r.l. informs you that the personal
data contained in this email will be collected and treated for the acquisition of
information preliminary to the conclusion of contracts, for the definition of
the contractual relationship, as well as for the fulfillment of legal
requirements related to civil, tax and accounting law or any other legal
obligation to which EVIDENCE may be subject. Personal data will not be
subject to disclosure and spread unless otherwise required by law. Huawei
will take appropriate security measures to protect personal data against loss,
misuse disclosure or destruction of the information. Personal Data held may
be transferred to countries outside the European Union, however EVIDENCE
has put in place appropriate safeguards for the transfer of personal data to
third countries by adopting the standard data protection clauses of the EU
Commission. Personal Data are kept for a period necessary for the fulfillment
of contract obligations unless otherwise required by law. You can exercise
your rights under Art. 15 and following of the GDPR (i.e. right of access,
rectification, erasure, restriction, portability, objection) by contacting
EVIDENCE at this email address: privacy.evidence@... or through
the following channel: www.huawei.com/en/personal-data-request. You
have also the right to lodge a complaint with the competent supervisory
authorities. If you need any further information or have any queries on how
EVIDENCE process your personal data, please send an email to our Data
Protection Officer at dpo@... Data Controller is EVIDENCE S.r.l.
with registered office in Pisa, Via Francesco Squartini 42, 56121.





---------------------------------------------------------------------
INTEL CORPORATION ITALIA S.p.A. con unico socio
Sede: Milanofiori Palazzo E 4
CAP 20094 Assago (MI)
Capitale Sociale Euro 104.000,00 interamente versato
Partita I.V.A. e Codice Fiscale 04236760155
Repertorio Economico Amministrativo n. 997124
Registro delle Imprese di Milano nr. 183983/5281/33
Soggetta ad attivita' di direzione e coordinamento di
INTEL CORPORATION, USA

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.