Codethink recently ran the Safety and Open Source devroom at FOSDEM 2021. Unfortunately, due to Covid-19, this was entirely virtual. However, this did make the conference more accessible to those who would otherwise be unable to attend. 2021 was the first year that the safety devroom had been run, and hopefully, it will become a regular occurrence at FOSDEM in future years.
Why we ran the Safety and Open Source room
The advantages of Free and Open Source Software are numerous, and now more than ever, companies are choosing to use FOSS in their projects. Still, the world of safety is behind the curve. Software developed for safety applications typically employs traditional development practices that, although well-used, are increasingly outdated, and the code is often closed source. This is because safety standards are stringent, and safety applications must have rigorous quality assurance practices applied developed to a safety standard from the start, is extremely difficult.
With the increasing industry push to use FOSS for safety, FOSS creators need to get involved and work with the safety experts, providing our software expertise. The devroom was set up to create a community, trying to tackle some of the biggest questions regarding safety and open source, answer how we can advance state-of-the-art safety practices to allow the industry to benefit from the many advantages that FOSS provides and ultimately make the world safer.
An event hosted with a fully open-source infrastructure
The conference was held using an entirely open-source infrastructure. The planning was done through Pentabarf and the typical mailing list, Matrix chats were set up to handle in-room discussion, and an in-Matrix Jitsi widget handled streaming the talks as well as live video Q&A.
As devroom managers, our job was to create and circulate the Call for Proposals (CfP), review the submissions, create the schedule for the day, and work with the presenters to upload their pre-recorded talks, ensuring that everything was ready to run smoothly on the day. Due to the amount of work involved in creating a completely virtual conference, the timeframes were tight, but we received a good number of submissions in the end.
On the day running, the room was relatively low-effort (although we suspect it would have been harder if it hadn’t been virtual). The infrastructure set up by the FOSDEM organisers was brilliant, and they were quick to answer questions and address issues both in the weeks before the conference and during the event. The only real tasks for the day were moderating the chat and making sure our speakers could answer questions from their audience.
The talks
Why we should use FOSS for Safety applications - Shaun Mooney, Codethink
Shaun’s talk provided an overview of the idea behind the devroom. Before discussing the problems that software in safety is currently facing, he detailed how using FOSS practices could benefit not just the wider community but also the leading industry suppliers. He also talked about what we need to do as FOSS creators to convince the industry that this is the way forward and make the software we use safer for all.
The video for Shaun’s talk is up here >>
Adding contracts to the GCC GNAT Ada standard libraries to strengthen analysis provided by formal verification tools - Joffrey Huguet, Adacore
Abstract: The guarantees provided by SPARK, an open-source formal proof tool for Ada, and its analysis are only as strong as the properties that were initially specified. In particular, the use of third-party libraries or the Ada standard libraries may weaken the analysis if the library API's relevant properties are not specified. We progressively added contracts to some of the GCC GNAT Ada standard libraries to enable users to prove additional properties when using them, thus increasing their programs' safety. In this talk, I will present the different insurance levels those contracts can provide, preventing some run-time errors from describing their action entirely.
The video for Joffrey’s talk is up here >>
Document security and digital signatures in PDF - Matthias Valvekens, iText PDF
Abstract: The push for paperless bureaucracy has been going on for quite some time, but the past year's circumstances made the issue even more pressing than it already was.
The PDF specification outlines several security features, including but not limited to encryption, digital signatures and redaction support. This talk aims to give a broad overview of the various security mechanisms provided by the PDF standard and their applications in the real world, focusing on a digital signing.
The video for Matthias’ talk is up here >>
Proving heap-manipulating programs with SPARK - Claire Dross, Adacore
Abstract: SPARK is an open-source tool for formal verification of the Ada. language. Last year, support for pointers, aka access types, was added to SPARK. It works by enforcing an ownership policy somewhat similar to the one used in Rust. It ensures, in particular, that there is only one owner of a given data at all time, which can be used to modify it. One of the most complex parts of verification is the notion of borrowing. It allows the transfer of a part of a data-structure, but only for a limited time. Afterwards, ownership returns to the initial owner. In this talk, I will explain how this can be achieved and, in particular, how we can describe in the specification the relation between the borrower and the borrowed object at all times.
The video for Claire’s talk is up here >>
ELISA - Advancing Open Source Safety-Critical Systems - Shuah Khan, Linux Foundation
Abstract: Assessing whether a system is safe, requires understanding the system sufficiently. If the system depends on Linux, it is crucial to comprehend Linux within that system context and how Linux is used in that system. The challenge is selecting Linux components and features that can be evaluated for safety and identifying gaps where more work is needed to assess safety sufficiently.
The ELISA project has taken on the challenge to make it easier for companies to build and certify Linux-based safety-critical applications. Shuah Khan will give this talk from the Linux Foundation to overview the ELISA project and its technology strategy.
The video for Shuah’s talk is up here>>
Community Discussion: Safety and Open Source
The community discussion was intended as a forum for anyone interested in Safety and Open Source to chat about its issues and their personal experiences in the field. It was an engaging discussion and raised a lot of important points from a diverse range of perspectives.
The video of the community discussion is up here>>
How the day went
The devroom was an interesting day that sparked some engaging and useful discussions. There were some slight infrastructure hiccups early on in the day (mainly to do with Jitsi), which meant we had to improvise some of the Q&A sessions. Still, the FOSDEM organisers were quick to address this, and by the end of the day, everything was running smoothly again. Other than this, the talks came across very well, and the discussions and feedback showed that they were very well received.
See you at FOSDEM 2022!
Overall the devroom was well worth running. The talks were interesting, and it made a great platform to get FOSS creators engaged with safety, which is a field that many have not come across before, introducing them to the biggest technical and cultural problems in the area.
Following on from the devroom, we intend to continue our work in engaging the FOSS communities more to create a more collaborative approach to safety. Hopefully, next year we will be able to run the devroom in person, which will bring different challenges but more opportunities for interesting discussions beyond the talks.
Keep up-to-date about Safety
The conversation about safety-critical software has just started. Complete the form and receive in your inbox our latest updates about Safety and Open Source.
Related blog posts:
- How to approach safety-critical systems: Safety is a system property, not a software property >>
- Which is the future of safety-critical systems in automotive?: Meet the Codethings: Safety-critical systems and the benefits of STPA with Shaun Mooney >>
Other Content
- Codethink/Arm White Paper: Arm STLs at Runtime on Linux
- Speed Up Embedded Software Testing with QEMU
- Open Source Summit Europe (OSSEU) 2024
- Watch: Real-time Scheduling Fault Simulation
- Improving systemd’s integration testing infrastructure (part 2)
- Meet the Team: Laurence Urhegyi
- A new way to develop on Linux - Part II
- Shaping the future of GNOME: GUADEC 2024
- Developing a cryptographically secure bootloader for RISC-V in Rust
- Meet the Team: Philip Martin
- Improving systemd’s integration testing infrastructure (part 1)
- A new way to develop on Linux
- RISC-V Summit Europe 2024
- Safety Frontier: A Retrospective on ELISA
- Codethink sponsors Outreachy
- The Linux kernel is a CNA - so what?
- GNOME OS + systemd-sysupdate
- Codethink has achieved ISO 9001:2015 accreditation
- Outreachy internship: Improving end-to-end testing for GNOME
- Lessons learnt from building a distributed system in Rust
- FOSDEM 2024
- QAnvas and QAD: Streamlining UI Testing for Embedded Systems
- Outreachy: Supporting the open source community through mentorship programmes
- Using Git LFS and fast-import together
- Testing in a Box: Streamlining Embedded Systems Testing
- SDV Europe: What Codethink has planned
- How do Hardware Security Modules impact the automotive sector? The final blog in a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part two of a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part one of a three part discussion
- Automated Kernel Testing on RISC-V Hardware
- Automated end-to-end testing for Android Automotive on Hardware
- GUADEC 2023
- Embedded Open Source Summit 2023
- RISC-V: Exploring a Bug in Stack Unwinding
- Adding RISC-V Vector Cryptography Extension support to QEMU
- Introducing Our New Open-Source Tool: Quality Assurance Daemon
- Achieving Long-Term Maintainability with Open Source
- FOSDEM 2023
- Think before you Pip
- BuildStream 2.0 is here, just in time for the holidays!
- A Valuable & Comprehensive Firmware Code Review by Codethink
- GNOME OS & Atomic Upgrades on the PinePhone
- Flathub-Codethink Collaboration
- Codethink proudly sponsors GUADEC 2022
- Tracking Down an Obscure Reproducibility Bug in glibc
- Web app test automation with `cdt`
- FOSDEM Testing and Automation talk
- Protecting your project from dependency access problems
- Full archive