Hardly reassuring from all the recent train crashes really :P ----- Original Message ----- From: "Nelson, Trent ." <[EMAIL PROTECTED]> To: "'Ted Faber'" <[EMAIL PROTECTED]>; "Terry Lambert" <[EMAIL PROTECTED]> Cc: "Nelson, Trent ." <[EMAIL PROTECTED]>; "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>; "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Sent: Thursday, October 10, 2002 11:48 AM Subject: RE: FreeBSD usage in safety-critical environments
> > > > -----Original Message----- > > From: Ted Faber [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, October 09, 2002 10:59 PM > > To: Terry Lambert > > Cc: Nelson, Trent .; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > > Subject: Re: FreeBSD usage in safety-critical environments > > > > On Wed, Oct 09, 2002 at 12:26:14PM -0700, Terry Lambert wrote: > > > Life support systems require formal proofs of correctness for code; > > > since neither Linux nor FreeBSD is formally correct, in total, you > > > would need to be insane to deplaoy either of them as, for example, > > > a part of an air traffic control system. > > > > I suspect that's a bad example, or that you mean an embedded aircraft > > control system. Ron Reisman and James Murphy gave a fine invited talk > > at USENIX 02 (http://www.usenix.org/events/usenix02/tech/#11am) about > > the growing number of UNIX components in the US ATC system. I reject > > the conclusion that the FAA is collectively insane for that reason. > > I'd have to concur. I'm working on a large rail engineering project > in the UK that is implementing a two-phased deployment of a Railway Control > Centre System. The first phase will be using a combination of Tru64 UNIX > and Linux systems, with an investigation being taken place for the second > phase to move completely to Linux. > > There is a huge difference between systems rated at SIL 1 and 2 > (which is what ATC/rail CCS would fall under) and those rated at 3 and 4. I > was not referring to life-support or life-critical systems, as these will > almost certainly be a proprietary hardware/software package that has been > certified and accredited to a high level of safety integrity. What I was > referring to were systems running on UNIX that control and interface to > these safety-critical systems. > > For railway, Control Centres may suggest an erroneous route that > would result in two trains colliding (although such a system will be > commissioned on the basis that it wouldn't allow such a route to be > suggested), but the 'vital', safety-critical interlocking would prevent such > a route being set. The resulting safety-integrity level for the Control > Centre would be SIL 2. The analogy between ATCs & embedded aircraft control > systems isn't as tight as there isn't a physical interface between the two > (well, at least as far as I know). > > The deployment of FreeBSD, or any BSD variant, (or ANYTHING other > than Linux) in environments such as this, is what I was originally getting > at. > > Oh, and Terry, I think you'd be astonished if I informed you of how > many rail control systems in the US and around the world use either Linux or > some of the commercial variants such as Tru64 UNIX or Solaris. > > > Ted Faber [EMAIL PROTECTED] > > USC/ISI Computer Scientist http://www.isi.edu/~faber > > (310) 448-9190 PGP Keys: http://www.isi.edu/~faber/pubkeys.asc > > Regards, > > Trent. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > -- ____________________________________________________ Message scanned for viruses and dangerous content by <http://www.newnet.co.uk/av/> and believed to be clean To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
