14.1. 4¶

1. The Certification scope specifies and justifies the SIL.

2. The core library certification excludes the requirement of having an architecture.

   The core library has a very simple design. It is a library of independent functions with no internal state management. Each module provides functions and data structures around a single well-defined topic. All modules have a doc-comment describing the design and contents of the module.

14.2. 5¶

Covered by 5.2.1 to 5.2.11 of IEC 61508-1.

14.3. 6.2.1¶

Covered by 6.2 of IEC 61508-1.

14.4. 6.2.2¶

Covered by the Safety Plan.

14.5. 6.2.3¶

Covered by

• Development Process

• Change Tracking

• Infrastructure

14.6. 7.1.2.1-3¶

Covered by Safety Plan - Lifecycle Phases Overview.

14.7. 7.1.2.4-6¶

Covered by V-Model.

14.8. 7.1.2.7¶

Covered by IEC 61508-3 Annex A.

14.9. 7.1.2.8-9¶

The following relevant artefacts are included in the deliverables:

• Code coverage report

• Test results

• Quality of the doc-comments

• Certified core library API docs

14.10. 7.2.2.1-3¶

Covered by Requirements Management.

14.11. 7.2.2.4¶

N/A

The core library has a very simple design. It is a library of independent functions with no internal state management. Each module provides functions and data structures around a single well-defined topic. All modules have a doc-comment describing the design and contents of the module.

All functions included in the subset are certified SIL2.

14.12. 7.2.2.5¶

Ferrous Systems certifies core as a library, to be used in other systems whose requirements are unknown. Users of the certified core library should consider their specific system safety requirements when developing safety related software with the certified core library.

14.13. 7.2.2.6-9¶

N/A; the core library is a pure software library. Hardware constraints should be taken into consideration when integrating the certified core library into a hardware environment.

14.14. 7.2.2.11¶

N/A; There is no way to configure the core library binary after it is compiled.

14.15. 7.2.2.12-13¶

N/A; the core library does not use, and therefore does not configure, any pre-existing software.

14.16. 7.3.2.1-5¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.17. 7.4.2.1¶

Covered by Responsibility split.

14.18. 7.4.2.2-6¶

Covered by Doc-comments in the core library.

14.19. 7.4.2.7¶

N/A, because core is a library and does not build on top of a pre-existing component.

14.20. 7.4.2.8-11¶

All functions in the certified core library are deemed to be of the same SIL.

14.21. 7.4.2.12-14¶

N/A, because core is a library and does not build on top of a pre-existing component.

14.22. 7.4.3¶

N/A, therefore no architecture is needed

The core library has a very simple design. It is a library of independent functions with no internal state management. Each module provides functions and data structures around a single well-defined topic. All modules have a doc-comment describing the design and contents of the module.

14.23. 7.4.4.1-9¶

Covered by Tool safety assessments.

14.24. 7.4.4.10-11¶

Covered by Programming language.

14.25. 7.4.4.12-13¶

The Rust project has extensive measures (lints and tests) in place to assure quality and consistency of the codebase. The certified core library uses the same implicit standards as are ensured in the upstream codebase, to minimize divergence. Increased divergence from upstream leads to a higher maintenance burden and is a source of potential bugs.

14.26. 7.4.4.14¶

N/A; Rust macros are not automatic code generation, since they are written in source code.

14.27. 7.4.4.15-18¶

Covered by Configuration.

14.28. 7.4.4.19¶

Covered by Roles and responsibilities.

14.29. 7.4.5.1-2¶

Covered by Responsibility split.

14.30. 7.4.5.3-5¶

The core library has a very simple design. It is a library of independent functions with no internal state management. Each module provides functions and data structures around a single well-defined topic. All modules have a doc-comment describing the design and contents of the module.

14.31. 7.4.6¶

Covered by Responsibility split.

14.32. 7.4.7-8¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.33. 7.5¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.34. 7.6¶

See 7.8.

14.35. 7.7.1¶

Objective met.

14.36. 7.7.2.1-4¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.37. 7.7.2.5-6¶

Covered by Coretests.

14.38. 7.7.2.7-9¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.39. 7.8¶

Covered by

• Development Process

• Upstream Pulls

14.40. 7.9.1¶

Objective met.

14.41. 7.9.2.1-7¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.42. 7.9.2.8¶

N/A; There is no system, only software requirements.

14.43. 7.9.2.9¶

N/A; There is no architecture design.

14.44. 7.9.2.10-13¶

The core library is tested as laid out in the Testing Plan, and those test results, for all qualified targets, are available in the Test results overview.

14.45. 7.9.2.14¶

N/A; Timing performance depends on the system requirements, which are unknown during the certification phase.

14.46. 8.1-3¶

Covered by Safety Assessment.