From owner-freebsd-questions Thu Oct 10 3:57:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B61EA37B401; Thu, 10 Oct 2002 03:57:45 -0700 (PDT) Received: from newnet.co.uk (newnet.co.uk [212.87.80.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2F5D43E77; Thu, 10 Oct 2002 03:57:43 -0700 (PDT) (envelope-from jamie@jamiesdomain.org.uk) Received: from BONG (perry-gw-nat1-eth1.router.trident-uk.co.uk [81.3.89.49]) by newnet.co.uk (8.12.3/8.12.3) with SMTP id g9AAvDtS002552; Thu, 10 Oct 2002 11:57:13 +0100 (BST) (envelope-from jamie@jamiesdomain.org.uk) Message-ID: <009d01c2704b$ac662a70$3264a8c0@BONG> Reply-To: "Jamie Heckford" From: "Jamie Heckford" To: "Nelson, Trent ." , "'Ted Faber'" , "Terry Lambert" Cc: "'hackers@freebsd.org'" , "'questions@freebsd.org'" References: <8F329FEDF58BD411BE5200508B10DA7607D71A15@exchptc1.switch.com> Subject: Re: FreeBSD usage in safety-critical environments Date: Thu, 10 Oct 2002 11:56:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Newnet-MailScanner: Found to be clean Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hardly reassuring from all the recent train crashes really :P ----- Original Message ----- From: "Nelson, Trent ." To: "'Ted Faber'" ; "Terry Lambert" Cc: "Nelson, Trent ." ; "'hackers@freebsd.org'" ; "'questions@freebsd.org'" Sent: Thursday, October 10, 2002 11:48 AM Subject: RE: FreeBSD usage in safety-critical environments > > > > -----Original Message----- > > From: Ted Faber [mailto:faber@ISI.EDU] > > Sent: Wednesday, October 09, 2002 10:59 PM > > To: Terry Lambert > > Cc: Nelson, Trent .; 'hackers@freebsd.org'; 'questions@freebsd.org' > > Subject: Re: FreeBSD usage in safety-critical environments > > > > On Wed, Oct 09, 2002 at 12:26:14PM -0700, Terry Lambert wrote: > > > Life support systems require formal proofs of correctness for code; > > > since neither Linux nor FreeBSD is formally correct, in total, you > > > would need to be insane to deplaoy either of them as, for example, > > > a part of an air traffic control system. > > > > I suspect that's a bad example, or that you mean an embedded aircraft > > control system. Ron Reisman and James Murphy gave a fine invited talk > > at USENIX 02 (http://www.usenix.org/events/usenix02/tech/#11am) about > > the growing number of UNIX components in the US ATC system. I reject > > the conclusion that the FAA is collectively insane for that reason. > > I'd have to concur. I'm working on a large rail engineering project > in the UK that is implementing a two-phased deployment of a Railway Control > Centre System. The first phase will be using a combination of Tru64 UNIX > and Linux systems, with an investigation being taken place for the second > phase to move completely to Linux. > > There is a huge difference between systems rated at SIL 1 and 2 > (which is what ATC/rail CCS would fall under) and those rated at 3 and 4. I > was not referring to life-support or life-critical systems, as these will > almost certainly be a proprietary hardware/software package that has been > certified and accredited to a high level of safety integrity. What I was > referring to were systems running on UNIX that control and interface to > these safety-critical systems. > > For railway, Control Centres may suggest an erroneous route that > would result in two trains colliding (although such a system will be > commissioned on the basis that it wouldn't allow such a route to be > suggested), but the 'vital', safety-critical interlocking would prevent such > a route being set. The resulting safety-integrity level for the Control > Centre would be SIL 2. The analogy between ATCs & embedded aircraft control > systems isn't as tight as there isn't a physical interface between the two > (well, at least as far as I know). > > The deployment of FreeBSD, or any BSD variant, (or ANYTHING other > than Linux) in environments such as this, is what I was originally getting > at. > > Oh, and Terry, I think you'd be astonished if I informed you of how > many rail control systems in the US and around the world use either Linux or > some of the commercial variants such as Tru64 UNIX or Solaris. > > > Ted Faber faber@isi.edu > > USC/ISI Computer Scientist http://www.isi.edu/~faber > > (310) 448-9190 PGP Keys: http://www.isi.edu/~faber/pubkeys.asc > > Regards, > > Trent. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -- ____________________________________________________ Message scanned for viruses and dangerous content by and believed to be clean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message