Notes on:
Safety-Critical Computer SystemsStorey |
|
Safety-Critical Computer Systems, Neil Storey, Addison-Wesley, Harlow England, 1996. (453+ pages).
This is a broad and practical book about designing safety-critical computer systems. It gives equal treatment to both safety and dependability; hardware and software; and design and test. It is written in an introductory textbook style, and is an excellent starting point for an engineer trying to understand the multi-disciplinary technical issues involved with safety-critical systems. It is arguably the most comprehensive book available in the area of robust embedded system design.
The book is highly recommended, but is not quite all-encompassing. It focusses on equipment itself rather than addressing the larger system that includes human operators (the author recognizes the importance of humans, but declares it outside the scope of the text). Other than that, the only criticisms that can be easily made are that it does not go beyond dependability+safety, nor much beyond the design phase of the lifecyle. But, these limitations are representative of a general lack in the state of knowledge about tieing together all these different areas, rather than a specific flaw in the book.
In contrast with Leveson's Safeware, this book spends less time talking about high level issues and safety history, and more time talking about how to do design. For example, the appendix presents expositions of safety-critical designs, rather than Leveson's approach of discussing accidents in safety-critical systems. But, much of that is a result of Leveson's extensive discussion of the human element, compared to Storey's concentration on the equipment within the system. Both references are useful, but in different ways.
Topic coverage: (*** = emphasized; ** = discussed with some detail; * = mentioned)
*** | Dependability | *** | Electronic Hardware | ** | Requirements | ||||
*** | Safety | *** | Software | *** | Design | ||||
Security | Electro-Mechanical Hardware | * | Manufacturing | ||||||
Scalability | * | Control Algorithms | Deployment | ||||||
Latency | * | Humans | Logistics | ||||||
Affordability | Society/Institutions | Retirement |
Other topics: formal methods, verification/validation, quality assurance
Publisher Comments:
Increasingly, microcomputers are being used in applications where their correct operation is vital to ensure the safety of the public and the environment: from anti-lock braking systems in automobiles, to fly-by-wire aircraft, to shut-down systems at nuclear power plants. It is, therefore, vital that engineers are aware of the safety implications of the systems they develop. This book is an introduction to the field of safety-critical computer systems, and is written for any engineer who uses microcomputers within real-time embedded systems. It assumes no prior knowledge of safety, or of any specific computer hardware or programming language. This book:
- Covers all phases of the life of a safety-critical system from its conception and specification, through to its certification, installation, service and decommissioning
- Provides information on how to assess the safety implications of projects, and determine the measures necessary to develop systems to meet safety needs
- Gives a thorough grounding in the techniques available to investigate the safety aspects of computer-based systems and the methods that may be used to enhance their dependability
- Uses case studies and worked examples from a wide range of industrial sectors including the nuclear, aircraft, automotive and consumer products industries
Audience: This text is intended for both engineering and computer science students, and for practising engineers within computer-related industries. The approach taken is equally suited to engineers who consider computers from a hardware, software or systems viewpoint.
1 Introduction 1 1.1 Computers in critical applications 1 1.2 Safety 2 1.2 Developing safety-related systems 8 1.4 Costs and benefits 14 2 Safety Criteria 19 2.1 Introduction 19 2.2 System requirements 20 2.3 Safety requirements 25 2.4 The safety case 29 3 Hazard Analysis 33 3.1 Introduction 33 3.2 Analytical techniques 34 3.3 Failure modes and effects analysis (FMEA) 38 3.4 Hazard and operability studies (HAZOP) 39 3.5 Fault tree analysis (FTA) 43 3.6 Hazard analysis within the development lifecycle 50 4 Risk Analysis 59 4.1 Introduction 59 4.2 Consequences of malfunction - severity 61 4.3 Probability of malfunction - frequency 63 4.4 Risk classification 65 4.5 The acceptability of risk 67 4.6 Levels of integrity 70 4.7 The view of society and ethical considerations 75 5 Developing Safety-Critical Systems 81 5.1 Introduction 81 5.2 Lifecycle models 82 5.3 The safety lifecycle 85 5.4 Development methods 88 5.5 Designing for safety 97 5.6 Maintainability 101 5.7 Human factors in safety 103 5.8 Safety analysis 106 5.9 Safety management 107 6 Fault Tolerance 113 6.1 Introduction 113 6.2 Types of faults 114 6.3 Redundancy 124 6.4 Fault detection techniques 127 6.5 Hardware fault tolerance 131 6.6 Software fault tolerance 144 6.7 Selecting fault-tolerant architectures 148 6.8 Examples of fault-tolerant systems 152 7 System Reliability 161 7.1 Introduction 161 7.2 Reliability modelling 167 7.3 Reliability prediction 187 7.4 Reliability assessment 193 8 Safety-Critical Hardware 199 8.1 Introduction 199 8.2 Microprocessor design faults 200 8.3 Choice of microprocessors 205 8.4 Electromagnetic compatibility (EMC) 208 9 Safety-Critical Software 215 9.1 Introduction 215 9.2 Choice of programming languages 218 9.3 Software design 227 9.4 Software implementation 243 9.5 Software tools 245 9.6 Safety-critical software -- and overview 247 10 Programmable Logic Controllers 253 10.1 Introduction 253 10.2 PLC hardware 255 10.3 PLC programming techniques 257 10.4 PLCs versus relays 260 10.5 PLCs in safety-critical systems 261 11 Formal Methods 271 11.1 Introduction 271 11.2 Formal methods within the development lifecycle 285 11.3 Formal specification languages 288 11.4 Formal methods of design and implementation 294 11.5 Formal methods and verification 296 11.6 Industrial applications of formal methods 300 11.7 Formal methods - the current situation 303 12 Verification, Validation and Testing 309 12.1 Introduction 309 12.2 Planning for verification and validation 313 12.3 Dynamic testing 315 12.4 Static analysis 319 12.5 Modelling 321 12.6 Testing for safety 323 12.7 Test strategies 324 12.8 Designing for testability 332 12.9 Development tools 333 12.10 Environmental simulation 336 12.11 Independent verification and validation 342 12.12 The roles of testing 343 12.13 Additional information 344 13 Quality Management 347 13.1 Introduction 347 13.2 Quality assurance 348 13.3 Quality control 351 13.4 Quality standards 352 13.5 Quality - an overview 355 14 Certification 359 14.1 Introduction 359 14.2 Forms of certification 360 14.3 The process of system certification 362 14.4 The safety case 364 14.5 Guidelines and standards 365 14.6 Certification - an overview 371 15 Commercial High-integrity Systems 375 15.1 Introduction 375 15.2 An explosive chemical plant 376 15.3 The airbus A330/A340 primary flight control system 387 15.4 Darlington nuclear generating station 397 15.5 Conclusions 411 Appendix A Acronyms 415 Appendix B Test case generation 419 Appendix C Answers to numerical problems 427
Go to: other books | resource page
Philip Koopman: koopman@cmu.edu