FDA CDRH compliance and IEC 62304

Russell Haley russ.haley at gmail.com
Sun Mar 4 18:23:20 UTC 2018

Sorry Joel, I was meaning to send my reply to all users. Different
mailing lists have different reply options and I get confused. Anyway,
this is fantastic news as I just started a new job with a custom
engineering firm.  Comments below...

On Sat, Mar 3, 2018 at 5:45 AM, Joel Sherrill <joel at rtems.org> wrote:
> On Mar 3, 2018 2:42 AM, "Russell Haley" <russ.haley at gmail.com> wrote:
> Hi,
> I'm looking into compliance for operating systems used in medical
> devices and I was wondering if there is information on *any*
> regulatory compliance for RTEMS? FDA compliance would be icing on the
> cake.
> There have been multiple versions of RTEMS which have had subsets qualifed
> by ESA to their standard which looks like DO-178. The last version they did
> this for was 4.8. They sponsored a lot of the SMP effort and are supposed to
> be in the process of what they call pre-qualification. We can't do real
> qualification without a final system. We are hoping the discussions we've
> had will result in the artifacts finding their way back to the open project.
> But we're still figuring the best way to manage these types of artifacts in
> an open project. Especially one with the requirements to use open and free
> tools.
Free tools aver very problematic for code coverage and analysis as the
'good stuff' is saved for paying customers. I have recently learned
LLVM has many analysis tools built into it now and it's on my personal
roadmap to look at such things. I have also learned that some vendors
are eager to provide visible coverage of open source projects such as
PVS by viva64.com. Another one isCoverity, which is owned by Synopsis,
though they wouldn't even talk to me without an NDA from a legal
department. One package that I have a little familiarity with is
Vectorcast. They want to get a trial software into my hands, but I
haven't yet asked them about FOSS contributions from their tools.
Finally, I am eager to get my hands on the new PC-Lint PLUS, which is
built on top of LLVM.

In terms of Quality Management Systems (QMS), I have observed over the
years that many small engineering companies - as well as lawyers and
accountants - often use Sharepoint for QMS documentation and
corrective/preventative actions (i.e the output due to implementation
of said quality control). I had at one point investigated the open
source liferay project as an alternative. I just opened their website
liferay.com and it's become quite commercial. I suppose that's a good
thing. I'll have to look for the open source side...

> Additionally NASA IV and V persons have giving have given us suggestions on
> an outline for an RTEMS software engineering handbook. This could initially
> be populated with information from the wiki. The goal here is to have this
> type of information in a real document which can be placed under Version
> Control. For example, our coding-style would be moved from the wiki to a
> section of this document. Are content hasn't been graded, but at this point
> we believe you can't easily find our homework.
> Scott Zemerick gave a presentation on this at the Flight Software Workshop
> in December. We need volunteers to do the initial population of this per his
> outline.
> Someone more familiar with the European Space Agency efforts can speak to
> what's going on right now.
> As a project, we need help and how to manage requirements, traceability, Etc
> in an open-source environment without dependence on very expensive tools

Access to the documentation and standards is also "expensive", though
not on the same scale as the tools.

> I also know RTEMS has been used in medical devices so those users must have
> done something. Hopefully they will also comment specifically on anything
> they've had to do.

This is fantastic news. I new I had "picked a winning horse" when I
started looking into RTEMS. I don't have any specific project yet that
involves RTEMS, but my personal plan of creating an entire stack based
on permissive licensing and best of breed sure aligns with a potential
development model. This company allows employees to make presentations
on things they know and learn so I am eager to drill in at some point.

> Personally, I think this is an important area for the project but it
> requires specialized expertise along with some investment of real time and
> money. Overall the goal is for the open project to own and maintain the
> artifacts so this is quite possible. Is challenging and we would be the
> first open source project to do this in the open.

A noble goal. As always, I remain burdened with the requirement to
house and feed my family so I shall be a fringe player for now (unless
someone is able to slow the earths rotation by 2 hours, though that
would probably play havoc with satellites). The company that I started
with regards their QMS as a central piece of intellectual property so
I am unsure how much I will be able to provide in terms of actual QMS
content (while under their employ), but may be able to play an
advisory role and help with infrastructure.

> Notice how I snuck in real time there. :)

And just under the clock deadline too. Nice job!

> Alternatively, has anyone ever run static or dynamic analysis on RTEMS
> (with or without libbsd)?
> We have run Coverity as part of the Scan program. I have run CodeSonar from
> Grammatech. Others have made reports from open source tools. Between early
> work by me and recent work by Gaisler, clang is close to usable on the
> master.
> The test suite itself has high coverage but we don't have the infrastructure
> in place to automatically run it periodically and publish results. 4.10 was
> near 100% generated instruction coverage and above 95% branch coverage.
> Branch coverage being defined as for each branch instruction, we saw it
> taken and not taken.
> This is all important and we have done our best to gear various efforts to
> nibbling at it. But it needs help.

As soon as I get qt and my current project under my belt, I'll start
looking into RTEMS vis-a-vis code coverage.

> If you want to talk about this sometime, email me privately and we can
> arrange a phone call or WebEx.

I shall do. I also have some expertise in transit safety systems in
passenger trains as per ISO 1558 that will be useful. I'll qualify
that and say I've never implemented software in highly critical

Thanks again,

> Thanks,
> Russ
> _______________________________________________
> users mailing list
> users at rtems.org
> http://lists.rtems.org/mailman/listinfo/users

More information about the users mailing list