Safety-Critical Computer Systems
Storey
Notes on:
Safety-Critical Computer SystemsStorey |
|
|
Safety-Critical Computer Systems, Neil Storey, Addison-Wesley, Harlow England, 1996. (453+ pages).
This is a broad and practical book about designing safety-critical computer systems. It gives equal treatment to both safety and dependability; hardware and software; and design and test. It is written in an introductory textbook style, and is an excellent starting point for an engineer trying to understand the multi-disciplinary technical issues involved with safety-critical systems. It is arguably the most comprehensive book available in the area of robust embedded system design.
The book is highly recommended, but is not quite all-encompassing. It focusses on equipment itself rather than addressing the larger system that includes human operators (the author recognizes the importance of humans, but declares it outside the scope of the text). Other than that, the only criticisms that can be easily made are that it does not go beyond dependability+safety, nor much beyond the design phase of the lifecyle. But, these limitations are representative of a general lack in the state of knowledge about tieing together all these different areas, rather than a specific flaw in the book.
In contrast with Leveson's Safeware, this book spends less time talking about high level issues and safety history, and more time talking about how to do design. For example, the appendix presents expositions of safety-critical designs, rather than Leveson's approach of discussing accidents in safety-critical systems. But, much of that is a result of Leveson's extensive discussion of the human element, compared to Storey's concentration on the equipment within the system. Both references are useful, but in different ways.
Topic coverage: (*** = emphasized; ** = discussed with some detail; * = mentioned)
| *** | Dependability | *** | Electronic Hardware | ** | Requirements | ||||
| *** | Safety | *** | Software | *** | Design | ||||
| Security | Electro-Mechanical Hardware | * | Manufacturing | ||||||
| Scalability | * | Control Algorithms | Deployment | ||||||
| Latency | * | Humans | Logistics | ||||||
| Affordability | Society/Institutions | Retirement |
Other topics: formal methods, verification/validation, quality assurance
Publisher Comments:
Increasingly, microcomputers are being used in applications where their correct operation is vital to ensure the safety of the public and the environment: from anti-lock braking systems in automobiles, to fly-by-wire aircraft, to shut-down systems at nuclear power plants. It is, therefore, vital that engineers are aware of the safety implications of the systems they develop. This book is an introduction to the field of safety-critical computer systems, and is written for any engineer who uses microcomputers within real-time embedded systems. It assumes no prior knowledge of safety, or of any specific computer hardware or programming language. This book:
- Covers all phases of the life of a safety-critical system from its conception and specification, through to its certification, installation, service and decommissioning
- Provides information on how to assess the safety implications of projects, and determine the measures necessary to develop systems to meet safety needs
- Gives a thorough grounding in the techniques available to investigate the safety aspects of computer-based systems and the methods that may be used to enhance their dependability
- Uses case studies and worked examples from a wide range of industrial sectors including the nuclear, aircraft, automotive and consumer products industries
Audience: This text is intended for both engineering and computer science students, and for practising engineers within computer-related industries. The approach taken is equally suited to engineers who consider computers from a hardware, software or systems viewpoint.
1 Introduction 1
1.1 Computers in critical applications 1
1.2 Safety 2
1.2 Developing safety-related systems 8
1.4 Costs and benefits 14
2 Safety Criteria 19
2.1 Introduction 19
2.2 System requirements 20
2.3 Safety requirements 25
2.4 The safety case 29
3 Hazard Analysis 33
3.1 Introduction 33
3.2 Analytical techniques 34
3.3 Failure modes and effects analysis (FMEA) 38
3.4 Hazard and operability studies (HAZOP) 39
3.5 Fault tree analysis (FTA) 43
3.6 Hazard analysis within the development lifecycle 50
4 Risk Analysis 59
4.1 Introduction 59
4.2 Consequences of malfunction - severity 61
4.3 Probability of malfunction - frequency 63
4.4 Risk classification 65
4.5 The acceptability of risk 67
4.6 Levels of integrity 70
4.7 The view of society and ethical considerations 75
5 Developing Safety-Critical Systems 81
5.1 Introduction 81
5.2 Lifecycle models 82
5.3 The safety lifecycle 85
5.4 Development methods 88
5.5 Designing for safety 97
5.6 Maintainability 101
5.7 Human factors in safety 103
5.8 Safety analysis 106
5.9 Safety management 107
6 Fault Tolerance 113
6.1 Introduction 113
6.2 Types of faults 114
6.3 Redundancy 124
6.4 Fault detection techniques 127
6.5 Hardware fault tolerance 131
6.6 Software fault tolerance 144
6.7 Selecting fault-tolerant architectures 148
6.8 Examples of fault-tolerant systems 152
7 System Reliability 161
7.1 Introduction 161
7.2 Reliability modelling 167
7.3 Reliability prediction 187
7.4 Reliability assessment 193
8 Safety-Critical Hardware 199
8.1 Introduction 199
8.2 Microprocessor design faults 200
8.3 Choice of microprocessors 205
8.4 Electromagnetic compatibility (EMC) 208
9 Safety-Critical Software 215
9.1 Introduction 215
9.2 Choice of programming languages 218
9.3 Software design 227
9.4 Software implementation 243
9.5 Software tools 245
9.6 Safety-critical software -- and overview 247
10 Programmable Logic Controllers 253
10.1 Introduction 253
10.2 PLC hardware 255
10.3 PLC programming techniques 257
10.4 PLCs versus relays 260
10.5 PLCs in safety-critical systems 261
11 Formal Methods 271
11.1 Introduction 271
11.2 Formal methods within the development lifecycle 285
11.3 Formal specification languages 288
11.4 Formal methods of design and implementation 294
11.5 Formal methods and verification 296
11.6 Industrial applications of formal methods 300
11.7 Formal methods - the current situation 303
12 Verification, Validation and Testing 309
12.1 Introduction 309
12.2 Planning for verification and validation 313
12.3 Dynamic testing 315
12.4 Static analysis 319
12.5 Modelling 321
12.6 Testing for safety 323
12.7 Test strategies 324
12.8 Designing for testability 332
12.9 Development tools 333
12.10 Environmental simulation 336
12.11 Independent verification and validation 342
12.12 The roles of testing 343
12.13 Additional information 344
13 Quality Management 347
13.1 Introduction 347
13.2 Quality assurance 348
13.3 Quality control 351
13.4 Quality standards 352
13.5 Quality - an overview 355
14 Certification 359
14.1 Introduction 359
14.2 Forms of certification 360
14.3 The process of system certification 362
14.4 The safety case 364
14.5 Guidelines and standards 365
14.6 Certification - an overview 371
15 Commercial High-integrity Systems 375
15.1 Introduction 375
15.2 An explosive chemical plant 376
15.3 The airbus A330/A340 primary flight control
system 387
15.4 Darlington nuclear generating station 397
15.5 Conclusions 411
Appendix A Acronyms 415
Appendix B Test case generation 419
Appendix C Answers to numerical problems 427
Go to: other books | resource page
Philip Koopman: koopman@cmu.edu