comp.lang.ada
 help / color / mirror / Atom feed
* Re: Ravenscar Profile and SIL
       [not found] <3a6ec2e0$1@pull.gecm.com>
@ 2001-01-26 21:51 ` ian.kerr2
       [not found] ` <3a6f0c44$1@pull.gecm.com>
  1 sibling, 0 replies; 2+ messages in thread
From: ian.kerr2 @ 2001-01-26 21:51 UTC (permalink / raw)


Martin,
    are you contracted to DEF STAN [UK] 00-55 and 00-56 version 1 (easy) or
version 2 ( not easy)?
We are doing projects with both and the consequences are quite different.

In my view Ravenscar only reduces the risk of rogue tasks. Take as an
example 00-55 version 2, SIL 4; then one must provide an audit trail of the
software production process. As you are using a COTS OS I should point out
our experiences with Wind Rivers Systems. You will hit a dead end or go down
the NON COTS path, and even then I am not sure you will succeed. We had to
switch to another OS. I suggest you look at the alternatives; which do exist
if you were to use Ada95 and PowerPCs.

If you want the full background of my investigations, I suggest you
privately e-mail me on ian.kerr@baesystems.com as you are covered by some
NDAs.

That applies to anyone else who would be interested, minus details of OS
divulged by WRS and Enea OSE. Candidate 3 did not require an NDA. You can
come to your own conclusions.

Ian

Martin Dowie <martin.dowie@gecm.com> wrote in message
news:3a6ec2e0$1@pull.gecm.com...
> I'm probably asking too simple a question but here goes anyway...
>
> Is the Ravenscar Profile 'SIL3' compliant?
>
>
>





^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Ravenscar Profile and SIL
       [not found]   ` <3a702206$1@pull.gecm.com>
@ 2001-01-31 15:34     ` Dewi Daniels
  0 siblings, 0 replies; 2+ messages in thread
From: Dewi Daniels @ 2001-01-31 15:34 UTC (permalink / raw)


In article <3a702206$1@pull.gecm.com>,
  "Brian Jepson" <Brian.Jepson@baesystems.com> wrote:
> In Def. Stan. 00-56 it is the safety functions that are allocated
SILs, so whilst some of the
> functions implemented using the Ravenscar Profile might have a SIL3
requirement it is bad
> terminology to call the comonents of the implementation SIL3.

To be pedantic, DEF STAN 00-56 does require both abstract functions and
components to be allocated safety integrity levels (see 7.4.2). I agree
that allocating SILs to the safety functions is the fundamental part of
the whole process, since the component SILs are derived from the
function SILs (albeit in a slightly complicated way, see 7.4.8).

I also agree that it makes no sense in a DEF STAN 00-56 context to
refer to a S3 operating system or run-time per se, since in DEF STAN 00-
56, a safety integrity level only makes sense when applied to a
specific set of safety functions and safety properties.


Sent via Deja.com
http://www.deja.com/



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-01-31 15:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <3a6ec2e0$1@pull.gecm.com>
2001-01-26 21:51 ` Ravenscar Profile and SIL ian.kerr2
     [not found] ` <3a6f0c44$1@pull.gecm.com>
     [not found]   ` <3a702206$1@pull.gecm.com>
2001-01-31 15:34     ` Dewi Daniels

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox