Building Large, Complex, Distributed Safety-Critical Operating Systems

. Safety-critical systems typically operate in unpredictable environments. Requirements for safety and reliability are in conflict with those for real-time responsiveness. Due to unpredictable environmental needs there is no static trade-off between measures to accommodate the conflicting objectives. Instead every feature or operating system service has to be adaptive. Finally, for any design problem, there cannot be any closed-form (formal) approach taking care at the same time of (external) time constraints or deadlines, and synchronization requirements in distributed design. The reason is that these two aspects are causally independent. - In this situation we worked out a heuristic experimental, performance-driven and performance-based methodology that allows in an educated way to start with a coarse system model, with accurate logical expectations regarding its behavior. Through experiments these expectations are validated. If they are found to successfully stand the tests extended..