Safe composition of real time software

There is an increasing move towards the use of modular approaches to software design and implementation in the development of critical systems. The reason is the approaches have a number of benefits including providing support for concurrent development and helping to simplify software maintenance. However, there is little guidance on how to perform a modular safety process for the certification of critical systems as most of the standards assume a monolithic design. Of particular concern is performing safety analyses, with the limited context afforded by a modular approach, in order to derive valid safety requirements with appropriate context/assumptions. Expressing requirements using contracts is one way to help support change. An example use of contracts between a real-time operating system (RTOS) and application is given. This example has been chosen as the use of an RTOS is an increasingly prevalent form of modularisation, instead of embedding operating system services within the applications. In fact having an RTOS is considered a key enabling technology as it provides a clear interface between the application and platform.