Notes on:

Safety-Critical Computer Systems

Storey

     

Safety-Critical Computer Systems, Neil Storey, Addison-Wesley, Harlow England, 1996. (453+ pages).

This is a broad and practical book about designing safety-critical computer systems. It gives equal treatment to both safety and dependability; hardware and software; and design and test. It is written in an introductory textbook style, and is an excellent starting point for an engineer trying to understand the multi-disciplinary technical issues involved with safety-critical systems. It is arguably the most comprehensive book available in the area of robust embedded system design.

The book is highly recommended, but is not quite all-encompassing. It focusses on equipment itself rather than addressing the larger system that includes human operators (the author recognizes the importance of humans, but declares it outside the scope of the text). Other than that, the only criticisms that can be easily made are that it does not go beyond dependability+safety, nor much beyond the design phase of the lifecyle. But, these limitations are representative of a general lack in the state of knowledge about tieing together all these different areas, rather than a specific flaw in the book.

In contrast with Leveson's Safeware, this book spends less time talking about high level issues and safety history, and more time talking about how to do design. For example, the appendix presents expositions of safety-critical designs, rather than Leveson's approach of discussing accidents in safety-critical systems. But, much of that is a result of Leveson's extensive discussion of the human element, compared to Storey's concentration on the equipment within the system. Both references are useful, but in different ways.


Topic coverage: (*** = emphasized; ** = discussed with some detail; * = mentioned)

*** Dependability *** Electronic Hardware ** Requirements
*** Safety *** Software *** Design
Security Electro-Mechanical Hardware * Manufacturing
Scalability * Control Algorithms Deployment
Latency * Humans Logistics
Affordability Society/Institutions Retirement

Other topics: formal methods, verification/validation, quality assurance


Publisher Comments:

Increasingly, microcomputers are being used in applications where their correct operation is vital to ensure the safety of the public and the environment: from anti-lock braking systems in automobiles, to fly-by-wire aircraft, to shut-down systems at nuclear power plants. It is, therefore, vital that engineers are aware of the safety implications of the systems they develop. This book is an introduction to the field of safety-critical computer systems, and is written for any engineer who uses microcomputers within real-time embedded systems. It assumes no prior knowledge of safety, or of any specific computer hardware or programming language. This book:

Audience: This text is intended for both engineering and computer science students, and for practising engineers within computer-related industries. The approach taken is equally suited to engineers who consider computers from a hardware, software or systems viewpoint.


Contents:

1 Introduction                                         1
1.1 Computers in critical applications                 1
1.2 Safety                                             2
1.2 Developing safety-related systems                  8
1.4 Costs and benefits                                 14

2 Safety Criteria                                      19
2.1 Introduction                                       19
2.2 System requirements                                20
2.3 Safety requirements                                25
2.4 The safety case                                    29

3 Hazard Analysis                                      33
3.1 Introduction                                       33
3.2 Analytical techniques                              34
3.3 Failure modes and effects analysis (FMEA)          38
3.4 Hazard and operability studies (HAZOP)             39
3.5 Fault tree analysis (FTA)                          43
3.6 Hazard analysis within the development lifecycle   50

4 Risk Analysis                                        59
4.1 Introduction                                       59
4.2 Consequences of malfunction - severity             61
4.3 Probability of malfunction - frequency             63
4.4 Risk classification                                65
4.5 The acceptability of risk                           67
4.6 Levels of integrity                                70
4.7 The view of society and ethical considerations     75

5 Developing Safety-Critical Systems                   81
5.1 Introduction                                       81
5.2 Lifecycle models                                   82
5.3 The safety lifecycle                               85
5.4 Development methods                                88
5.5 Designing for safety                               97
5.6 Maintainability                                    101
5.7 Human factors in safety                            103
5.8 Safety analysis                                    106
5.9 Safety management                                  107

6 Fault Tolerance                                      113
6.1 Introduction                                       113
6.2 Types of faults                                    114
6.3 Redundancy                                         124
6.4 Fault detection techniques                         127
6.5 Hardware fault tolerance                           131
6.6 Software fault tolerance                           144
6.7 Selecting fault-tolerant architectures             148
6.8 Examples of fault-tolerant systems                 152

7 System Reliability                                   161
7.1 Introduction                                       161
7.2 Reliability modelling                              167
7.3 Reliability prediction                             187
7.4 Reliability assessment                             193

8 Safety-Critical Hardware                             199
8.1 Introduction                                       199
8.2 Microprocessor design faults                       200
8.3 Choice of microprocessors                          205
8.4 Electromagnetic compatibility (EMC)                208

9 Safety-Critical Software                             215
9.1 Introduction                                       215
9.2 Choice of programming languages                    218
9.3 Software design                                    227
9.4 Software implementation                            243
9.5 Software tools                                     245
9.6 Safety-critical software -- and overview           247

10 Programmable Logic Controllers                      253
10.1 Introduction                                      253
10.2 PLC hardware                                      255
10.3 PLC programming techniques                        257
10.4 PLCs versus relays                                260
10.5 PLCs in safety-critical systems                   261

11 Formal Methods                                      271
11.1 Introduction                                      271
11.2 Formal methods within the development lifecycle   285
11.3 Formal specification languages                    288
11.4 Formal methods of design and implementation       294
11.5 Formal methods and verification                   296
11.6 Industrial applications of formal methods         300
11.7 Formal methods - the current situation            303

12 Verification, Validation and Testing                309
12.1 Introduction                                      309
12.2 Planning for verification and validation          313
12.3 Dynamic testing                                   315
12.4 Static analysis                                   319
12.5 Modelling                                         321
12.6 Testing for safety                                323
12.7 Test strategies                                   324
12.8 Designing for testability                         332
12.9 Development tools                                 333
12.10 Environmental simulation                         336
12.11 Independent verification and validation          342
12.12 The roles of testing                             343
12.13 Additional information                           344

13 Quality Management                                  347
13.1 Introduction                                      347
13.2 Quality assurance                                 348
13.3 Quality control                                   351
13.4 Quality standards                                 352
13.5 Quality - an overview                             355

14 Certification                                       359
14.1 Introduction                                      359
14.2 Forms of certification                            360
14.3 The process of system certification               362
14.4 The safety case                                   364
14.5 Guidelines and standards                          365
14.6 Certification - an overview                       371

15 Commercial High-integrity Systems                   375
15.1 Introduction                                      375
15.2 An explosive chemical plant                       376
15.3 The airbus A330/A340 primary flight control
           system                                      387
15.4 Darlington nuclear generating station             397
15.5 Conclusions                                       411

Appendix A Acronyms                                    415
Appendix B Test case generation                        419
Appendix C Answers to numerical problems               427

Go to: other books | resource page

Philip Koopman: koopman@cmu.edu