Safe Composition of Real-Time Software

There is an increasing move towards the use of modular approaches to software design and implementation in the development of critical systems. The reason is the approaches have a number of benefits including providing support for concurrent development and helping to simplify software maintenance. However, there is little guidance on how to perform a modular safety process for the certification of critical systems as most of the standards assume a monolithic design. Of particular concern is performing safety analyses, with the limited context afforded by a modular approach, in order to derive valid safety requirements with appropriate context / assumptions. These requirements are expressed as contracts. An example use of contracts between a Real-Time Operating System (RTOS) and application is given. This example has been chosen as it is particularly relevant as the move to modular designs has meant there are considerable benefits in the adoption of an RTOS, instead of embedding operating system services within the applications. In fact having an RTOS is considered a key enabling technology as it provides a clear interface between the application and platform.