awesome-safety-critical

https://travis-ci.org/stanislaw/awesome-safety-critical.svg?branch=master

This is a list of resources about programming practices for writing safety-critical software.

Disclaimer: Resources collected here are not necessarily authoritative or latest documents on the topic.

Tags

Types: Accident Report Article Book Coding guidelines Handbook Interview Lecture List Paper Press Report Resource Standard Video

Keywords: AUTOSAR Accidents Agile Development CAST Certification Compilers Complexity Conformance Embedded FDIR Fault Management Formal Verification Functional Safety MC/DC MISRA RAMS RTOS Requirements Resilience STPA Safety Safety Culture Safety Standards Security Software Software Quality Software Safety Standards Standards System Safety Systems Engineering Technology Readiness Level Verification

Languages: C C++

Industries: All Automotive Aviation Defense Medical Nuclear Railways Safety Space

Standards: DO-178B DO-178C ECSS ISO 26262 ISO 62279 / EN 50128 NASA

Companies: Airbus All DoD ESA FAA INRIA JPL NASA

People: Chris Hobbs Gerard Holzmann Joe Armstrong John Thomas Nancy Leveson Phil Koopman Richard Cook

Friendly resources

awesome-software-quality

List of free software testing and verification resources

awesome-provable

A curated set of links to formal methods involving provable code.

practical-fm

A List of companies that use Formal methods in Software engineering

awesome-static-analysis

A curated list of static analysis tools, linters and code quality checkers for various programming languages

Resources

European Cooperation for Space Standardization

The European Cooperation for Space Standardization is an initiative established to develop a coherent, single set of user-friendly standards for use in all European space activities.

This list has a number of links from this resource.

NASA Langley Formal Methods Research Program

The NASA Langley’s Formal Methods Research Program of the NASA Langley Safety-Critical Avionics Systems Branch develops formal methods technology for the development of mission-critical and safety-critical digital systems of interest to NASA.

Software safety standards

IEC 61508

IEC 61508 is an international standard published by the International Electrotechnical Commission of rules applied in industry. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES).

ISO 26262

The ISO 26262 Standard is prepared by the ISO Committee and is a derivative of the IEC 61508 standard… The committee members include the major vehicle manufacturers and suppliers. It is expressly a safety standard, but includes details about Hazard Analysis and Risk Assessment and system design to detect faults and their potential failures.

IEC 62279/EN 50128

IEC 62279 provides a specific interpretation of IEC 61508 for railway applications. It is intended to cover the development of software for railway control and protection including communications, signaling and processing systems.

IEC 61513

IEC 61513 provides requirements and recommendations for the instrumentation and control for systems important to safety of nuclear power plants. It indicates the general requirements for systems that contain conventional hardwired equipment, computer-based equipment or a combination of both types of equipment.

DO-178C

DO-178C, Software Considerations in Airborne Systems and Equipment Certification is the primary document by which the certification authorities such as FAA, EASA and Transport Canada approve all commercial software-based aerospace systems. The document is published by RTCA, Incorporated, in a joint effort with EUROCAE, and replaces DO-178B.

The FAA approved AC 20-115C on 19 Jul 2013, making DO-178C a recognized acceptable means, but not the only means, for showing compliance with the applicable airworthiness regulations for the software aspects of airborne systems and equipment certification.” (Wikipedia)

DO-278, Software Integrity Assurance Considerations for Communication, Navigation, Surveillance and Air Traffic Management (CNS/ATM) Systems is the equivalent counterpart standard for aviation non-airborne systems.

ARINC standards

The ARINC Standards are prepared by the Airlines Electronic Engineering Committee (AEEC) where Rockwell Collins and other aviation suppliers serve as a contributor in support of their airline customer base. (Wikipedia)

ARINC 653

ARINC 653 is a standard Real Time Operating System (RTOS) interface for partitioning of computer resources in the time and space domains. The standard also specifies Application Program Interfaces (APIs) for abstraction of the application from the underlying hardware and software.

Handbooks

NASA-GB-8719.13 - 2004-03-31 - NASA Software Safety Guidebook

NASA’s Software Safety Guidebook (pdf file). The handbook complement to the Software Safety Standard.

Software System Safety Handbook

From the Joint Services Computer Resources Management Group, US Navy, US Army, And US Air Force (pdf file)

Air Force System Safety Handbook

First chapter has an excellent introduction to system safety with a discussion of the evolution of the DoD Standard 882 (DOD Standard Practice for System Safety).

FAA System Safety Handbook

Includes chapters (each is a PDF): “System Software Safety”, “j. Software Safety”.

Coding guidelines

MISRA guidelines

(MISRA C:2012) Guidelines for the Use of the C Language in Critical Systems,

ISBN 978-1-906400-10-1 (paperback), ISBN 978-1-906400-11-8 (PDF), March 2013.

(MISRA C++:2008) Guidelines for the Use of the C++ Language in Critical Systems, ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

See more papers there.

C++ Coding Standards and Style Guide

This document is based on the “C Style Guide” (SEL-94-003). It contains recommendations for C++ implementations that build on, or in some cases replace, the style described in the C style guide.

SEI CERT C Coding Standard

SEI CERT C and C++ Coding Standards are now freely available in pdf format: C Coding Standard

SEI CERT C++ Coding Standard

SEI CERT C and C++ Coding Standards are now freely available in pdf format: C++ Coding Standard

Topic: Certification

Technology Readiness Level, ESA, Technology Readiness Level, NASA

Technology Readiness Levels (TRL) are a type of measurement system used to assess the maturity level of a particular technology. Each technology project is evaluated against the parameters for each technology level and is then assigned a TRL rating based on the projects progress. There are nine technology readiness levels. TRL 1 is the lowest and TRL 9 is the highest.

Topic: MC/DC

A practical approach to Modified Condition/Decision Coverage

This paper provides a practical 5-step approach for assessing MC/DC for aviation software products, and an analysis of some types of errors expected to be caught when MC/DC is achieved.

A Practical Tutorial on Modified Condition/Decision Coverage

This tutorial provides a practical approach to assessing modified condition/decision coverage (MC/DC) for aviation software products that must comply with regulatory guidance for DO-178B level A software.

An Empirical Evaluation of the MC/DC Coverage Criterion on the HETE-2 Satellite Software

…In this paper, we present the results of an empirical study that compared functional testing and functional testing augmented with test cases to satisfy MC/DC coverage. The evaluation was performed during the testing of the attitude control software for the HETE-2 (High Energy Transient Explorer) scientific satellite…

Books

Safeware: System Safety and Computers

Contents: This book examines past accidents and what is currently known about building safe electromechanical systems to see what lessons can be applied to new computer-controlled systems. One lesson is that most accidents are not the result of unknown scientific principles but rather of a failure to apply well-known, standard engineering practices. A second lesson is that accidents will not be prevented by technological fixes alone, but will require control of all aspects of the development and operation of the system. The features of a methodology for building safety-critical systems are outlined.

Embedded Software Development for Safety-Critical Systems by Chris Hobbs

Available on Amazon and many other book shops.

Videos

The Need for a Paradigm Shift in Safety and Cyber Security

CREDC Seminar Series. Presented on November 7, 2016 by Nancy Leveson, Professor of Aeronautics and Astronautics and Engineering Systems, MIT. Cyber Resilient Energy Delivery Consortium (CREDC), http://cred-c.org

Velocity 2012: Richard Cook, “How Complex Systems Fail”

Dr. Richard Cook is the Professor of Healthcare Systems Safety and Chairman of the Department of Patient Safety at the Kungliga Techniska Hogskolan (the Royal Institute of Technology) in Stockholm, Sweden. He is a practicing physician, researcher and educator.

See also paper “How Complex Systems Fail”.

Formal Method for Avionics Software Verification

This talk will give examples of Airbus use of Formal Methods to verify avionics software, and summarises the integration of Formal Methods in the upcoming ED-12/DO-178 issue C. Firstly, examples of verification based on theorem proving or abstract interpretation will show how Airbus has already taken advantage of the use of Formal Methods to verify avionics software. Secondly, we will show how Formal Method for verification has been introduced in the upcoming issue C of ED-12/DO-178.

Press

They Write the Right Stuff

This software is the work of 260 women and men based in an anonymous office building across the street from the Johnson Space Center in Clear Lake, Texas, southeast of Houston. They work for the “on-board shuttle group,” a branch of Lockheed Martin Corps space mission systems division, and their prowess is world renowned: the shuttle software group is one of just four outfits in the world to win the coveted Level 5 ranking of the federal governments Software Engineering Institute (SEI) a measure of the sophistication and reliability of the way they do their work. In fact, the SEI based it standards in part from watching the on-board shuttle group do its work.