This is a list of resources about programming practices for writingsafety-critical software.

1. Safety Critical Systems Handbook Pdf
2. Safety Critical Systems Handbook A Straightforward Guide To Functional Safety Pdf
3. Workplace Safety Handbook

1. The Safety Critical Systems Handbook: A Straightforward Guide to Functional Safety: IEC 61508 (2010 Edition), IEC 61511 (2016 Edition) & Related Guidance, Fourth Edition, presents the latest on the electrical, electronic, and programmable electronic systems that provide safety functions that guard workers and the public against injury or death.
2. From the Joint Services Computer Resources Management Group, US Navy, US Army, And US Air Force (pdf file). Joint Software Systems Safety Engineering Handbook Air Force System Safety Handbook. First chapter has an excellent introduction to system safety with a discussion of the evolution of the DoD Standard.

The starting point for me to create this resource was my interest in a solidsoftware:

What kind of special training do engineers working on mission-critical software receive? [closed] and its followup on Reddit.

Disclaimer: Resources presented here are not necessarily authoritative orlatest documents on the topic.

Contents

[20] Leveson NG. Safeware: system safety and computers. Upper Saddle River. June 30, 2007, p. [27] Freedman DP, Weinberg G. Handbook of walkthroughs. Available at: www. Department of Health.

Table of Contentsgenerated with DocToc

• Topics

Friendly lists

List of free software testing and verification resources

A curated set of links to formal methods involving provable code.

A List of companies that use Formal methods in Software engineering

A curated list of static analysis tools, linters and code quality checkersfor various programming languages

Resources

The European Cooperation for Space Standardization is an initiative established to develop a coherent, single set of user-friendly standards for use in all European space activities.

This list has a number of links from this resource.

The International System Safety Society is a non-profit organization dedicated to supporting the Safety Professional in the application of Systems Engineering and Systems Management to the process of hazard, safety and risk analysis. The Society is international in scope and draws members throughout the world. It is affiliated with major corporations, educational institutions and other agencies in the United States and abroad.

This list has a number of links from this resource.

The NASA Langley's Formal Methods Research Program of the NASA Langley Safety-Critical Avionics Systems Branch develops formal methods technology for the development of mission-critical and safety-critical digital systems of interest to NASA.

Software safety standards

• IEC 61508 is an international standard published by the InternationalElectrotechnical Commission of rules applied in industry. It is titledFunctional Safety of Electrical/Electronic/Programmable ElectronicSafety-related Systems (E/E/PE, or E/E/PES).

  The ISO 26262 Standard is prepared by the ISO Committee and is a derivative of the IEC 61508 standard listed above. The committee members include the major vehicle manufacturers and suppliers. It is expressly a safety standard, but includes details about Hazard Analysis and Risk Assessment and system design to detect faults and their potential failures.

  • IEC 62279

  IEC 62279 provides a specific interpretation of IEC 61508 for railway applications. It is intended to cover the development of software for railway control and protection including communications, signaling and processing systems.

  • IEC 61513

  IEC 61513 provides requirements and recommendations for the instrumentationand control for systems important to safety of nuclear power plants. Itindicates the general requirements for systems that contain conventionalhardwired equipment, computer-based equipment or a combination of both types ofequipment.

• DO-178C, Software Considerations in Airborne Systems andEquipment Certification is the primary document by which the certificationauthorities such as FAA, EASA and Transport Canada approve all commercialsoftware-based aerospace systems. The document is published byRTCA, Incorporated, in a joint effort with EUROCAE, and replaces DO-178B.The new document is called DO-178C/ED-12C and was completed in November 2011and approved by the RTCA in December 2011. It became available for sale anduse in January 2012.

  The FAA approved AC 20-115C on 19 Jul 2013, making DO-178C a recognized'acceptable means, but not the only means, for showing compliance with theapplicable airworthiness regulations for the software aspects ofairborne systems and equipment certification.' (Wikipedia)

• The ARINC Standards are prepared by the Airlines Electronic Engineering Committee (AEEC) where Rockwell Collins and other aviation suppliers serve as a contributor in support of their airline customer base. (Wikipedia)

  ARINC 653 is a standard Real Time Operating System (RTOS) interface for partitioning of computer resources in the time and space domains. The standard also specifies Application Program Interfaces (APIs) for abstraction of the application from the underlying hardware and software.

Safety guidebooks

NASA's Software Safety Guidebook (pdf file). The handbook complement to theSoftware Safety Standard.

From the Joint Services Computer Resources Management Group, US Navy, US Army,And US Air Force (pdf file)

First chapter has an excellent introduction to system safety with a discussionof the evolution of the DoD Standard 882 (DOD Standard Practice forSystem Safety).

Coding guidelines

• • (MISRA C:2012) Guidelines for the Use of the C Language in Critical Systems,ISBN 978-1-906400-10-1 (paperback), ISBN 978-1-906400-11-8 (PDF), March 2013.
  • (MISRA C++:2008) Guidelines for the Use of the C++ Language in Critical Systems, ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.
  • See more papers there.

This document is based on the 'C Style Guide' (SEL-94-003). It contains recommendations for C++ implementations that build on, or in some cases replace, the style described in the C style guide.

• SEI CERT C and C++ Coding Standards are now freely available in pdfformat:C++ Coding Standard,C Coding Standard

Topics

Certification

• Technology Readiness Level, ESA, Technology Readiness Level, NASA

Technology Readiness Levels (TRL) are a type of measurement system used toassess the maturity level of a particular technology. Each technology project isevaluated against the parameters for each technology level and is then assigneda TRL rating based on the projects progress. There are nine technology readinesslevels. TRL 1 is the lowest and TRL 9 is the highest.

Formal verification

MC/DC

This paper provides a practical 5-step approach for assessing MC/DC foraviation software products, and an analysis of some types of errors expectedto be caught when MC/DC is achieved.

This tutorial provides a practical approach to assessing modifiedcondition/decision coverage (MC/DC) for aviation software products that mustcomply with regulatory guidance for DO-178B level A software.

...In this paper, we present the results of an empirical study that comparedfunctional testing and functional testing augmented with test cases to satisfyMC/DC coverage. The evaluation was performed during the testing of theattitude control software for the HETE-2 (High Energy Transient Explorer)scientific satellite...

Articles

Papers

This white paper lays out some foundational information about differentapproaches to safety: how various industries differ in their approaches tosafety engineering, and a comparison of three general approaches to safety(system safety, industrial safety engineering, and reliability engineering).An attempt is made to lay out the properties of industries and systems thatmake one approach more appropriate than another.

Reports

Common position of international nuclear regulators and authorised technical support organisations

Accidents

• An Investigation of the Therac-25 Accidents (original paper),Medical Devices: The Therac-25 (updated version of the paper),Killed by a Machine: The Therac-25 (article)

• ExoMars 2016 - Schiaparelli Anomaly Inquiry (PDF at the bottom), ESA Schiaparelli Lander Crash

• A Case Study of Toyota Unintended Acceleration and Software Safety and NASA report on the Toyota Unintended Acceleration Issue

Questions and Answers

- Which languages are used for safety-critical software?

See Which languages are used for safety-critical software? [closed].

- What is the difference between mission-critical and safety-critical software?

This article contains interesting section on what is the difference betweenmission-critical and safety-critical software: Military COTS-based systems: Not necessarily right off the shelf

- What kind of special training do engineers working on mission-critical software receive?

See What kind of special training do engineers working on mission-critical software receive? [closed] and its followup on Reddit. In the Reddit thread there are 2 expanded answers. The thread is also archived here.

Safety Critical Systems Handbook Pdf

- What are the software safety standards?

See the Software Safety Standards here in this list.

Also see on StackOverflow: Coding for high reliability/availability/security - what standards do I read?and Software Safety Standards

- Safety-critical software and optimising compilers?

- Does Rust have a chance in mission-critical software?

Books

Videos

CREDC Seminar Series. Presented on November 7, 2016 by Nancy Leveson,Professor of Aeronautics and Astronautics and Engineering Systems, MIT.Cyber Resilient Energy Delivery Consortium (CREDC), http://cred-c.org

Dr. Richard Cook is the Professor of Healthcare Systems Safety and Chairman of the Department of Patient Safety at the Kungliga Techniska Hogskolan (the Royal Institute of Technology) in Stockholm, Sweden. He is a practicing physician, researcher and educator.

See also paper 'How Complex Systems Fail'.

• 2017 EuroLLVM Developers’ Meeting: M. Beemster 'Using LLVM for Safety-Critical Applications' and Using LLVM for Safety-Critical Applications. Interview with Marcel Beemster (Euro LLVM 2017).

Safety Critical Systems Handbook A Straightforward Guide To Functional Safety Pdf

Marcel Beemster, Solid Sands B.V. http://solidsands.nl/, http://www.LLVM.org/devmtg/2017-03/

• Formal Method for Avionics Software Verification

This talk will give examples of Airbus use of Formal Methods to verifyavionics software, and summarises the integration of Formal Methods in theupcoming ED-12/DO-178 issue C. Firstly, examples of verification based ontheorem proving or abstract interpretation will show how Airbus has alreadytaken advantage of the use of Formal Methods to verify avionics software.Secondly, we will show how Formal Method for verification has been introducedin the upcoming issue C of ED-12/DO-178.

Interviews

Workplace Safety Handbook

Press

This software is the work of 260 women and men based in an anonymous officebuilding across the street from the Johnson Space Center in Clear Lake, Texas,southeast of Houston. They work for the “on-board shuttle group,” a branch ofLockheed Martin Corps space mission systems division, and their prowess isworld renowned: the shuttle software group is one of just four outfits inthe world to win the coveted Level 5 ranking of the federal governmentsSoftware Engineering Institute (SEI) a measure of the sophistication andreliability of the way they do their work. In fact, the SEI based it standardsin part from watching the on-board shuttle group do its work.

License

To the extent possible under law,Stanislav Pankevichhas waived all copyright and related or neighboring rights toawesome-safety-critical.

This list's repository contains a backup of all content presented in the list.This is done to ensure availability of these resources in case if their originalsources become unavailable. Every link always points to its original sourceunless it becomes unavailable in which case a resource from a backup is usedor a link to web.archive.org if possible.awesome_bot tool is used to check the dead links.