Re: [sc] What is a SIL 3 certified RTOS?

Re: [sc] What is a SIL 3 certified RTOS?

From: Peter B. Ladkin <ladkin_at_xxxxxx>
Date: Sat, 17 Feb 2007 07:23:06 +0100
Message-ID: <45D69F4A.3030908@xxxxxx>
Scott Nowell wrote:
 > I appreciate Peter's concern, but my answer is based on the practical
 > reality that organizations such as TUV are most certainly certifying
 > RTOS's as software components to SIL 3.


I presume we are talking about the meaning of a SIL as embodied in IEC 

Daichi Mizuguchi asked how an RTOS could be "SIL 3 certified". You answered
him. I pointed out that the state of knowledge described in your answer is
unachievable [*]. You point out that the "practical reality" is that 
some companies
are doing it anyway.

I take it that the "practical reality" of which you speak refers to the 
politics and
not to the science of the matter. Yes, the politics of this worries me 

(BTW, there is no such organisation as "TÜV". There are many companies with
such a name. Those most active in the areas which interest us are TÜV 
Süd, TÜV Nord,
and TÜV Rheinland, all distinct, any of which you could have meant.)



[*] Unless the Safety Manual tells you not to use any function of the OS 
as part of
a SIL 3 safety function in a manner in which the OS function could 
constitute a
single point of failure. This constraint would be too extreme for 
practical purposes:
under such a constraint, it would usually be both more efficient and 
more reliable to
implement the needed OS function directly in the safety function.

Peter B. Ladkin, Professor of Computer Networks and Distributed Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319
Received on Sat 17 Feb 2007 - 06:12:52 GMT