210 likes | 423 Views
Safety-Critical Systems. T 79.232 Ilkka Herttua. Safety Context Diagram. HUMAN. PROCESS. - Operating Rules. SYSTEM. - Hardware - Software. Critical Applications. Computer based systems used in avionics, chemical process and nuclear power plants.
E N D
Safety-Critical Systems T 79.232 Ilkka Herttua
Safety Context Diagram HUMAN PROCESS - Operating Rules SYSTEM - Hardware - Software
Critical Applications • Computer based systems used in avionics, chemical process and nuclear power plants. • A failure in the system endangers human lives directly or through environment pollution. Large scale economic influence.
Safety Definition • Safety: Safety is a property of a system that it will not endanger human life or the environment. • Safety-Critical System: A system that is intended to achieve, on its own, the necessary level of safety integrity for the implementation of the required safety functions.
Safety Definition • Safety integrity: The likelihood of a safety-related system achieving its required safety features under all the stated conditions within a stated operational environment and within a stated period of time. • SIL levels 0 to 4. SIL 4 is the highest safety integrity level.
Developing safety-related systems • To achieve safety: - safety requirements - quality management - design / system architecture - defined design/manufacture processes - certification and approval processes - known behaviour of the system in all conditions
Requirements Model Requirements Analysis Test Scenarios Test Scenarios System Acceptance Requirements Document Functional / Architechural - Model System Integration & Test Systems Analysis & Design Specification Document Knowledge Base * Software Design Module Integration & Test Software Implementation & Unit Test * Configuration controlled Knowledge that is increasing in Understanding until Completion of the System: • Requirements Documentation • Requirements Traceability • Model Data/Parameters • Test Definition/Vectors V - Lifecycle model
Safety Requirements • Requirements are the stakeholders (customer) demands – what they want the system to do. Not defining how !!! • Safety requirements are defining what the system must do and must not do in order to ensure safety. Positive and negative functionality.
Where do we go wrong? • Many system failures are not failures to understand R ; they are mistakes inD • A NYC subway train crashed into the rear end of another train on 5th June 1995. The motorman ran through a red light. The safety system did apply the emergency brakes. However the ...signal spacing was set in 1918, when trains were shorter, lighter and slower, and the emergency brake system could not stop the train in time. • Or maybe Dis deliberately subverted • “If you present a valid card and type the right PIN, you are entitled to withdraw £200” • Are you sure?
Specification • Supplier instructions how to build the system. Derived from the required functionality – requirements.
Verification and validation • Verification is the process of determining that a system or module meets its specification. • Validation is the process of determining that a system is appropriate for its purpose.
Fault, error and failure • A fault is defect within the system. Random faults – hardware components, systematic faults – software/hardware design and manufacture processes. • An error is a deviation from the required operation of the system or subsystem. • A system failure occurs when the system fails to perform its required function. (Significant, major and minor)
Fault management Fault management techniques: • Fault avoidance – in entire system design phase • Fault removal - before system enters service • Fault detection – during service to minimising effects • Fault tolerance – operate correctly in the presence of faults
RAM • Reliability is the probability of a component or system functioning correctly over a given period of time under a given set of operating conditions. (MTBF mean time between failure.) • The availability of a system is the probability that the system will be functioning correctly at any given time. • Maintainability: Maintenance is the action taken to retain a system in or return a system to its designed operating condition. (MTTR mean time to repair.)
Hazard Analysis • A Hazard is situation in which there is actual or potential danger to people or to environment. • Analytical techniques: - Failure modes and effects analysis (FMEA) - Failure modes, effects and criticality analysis (FMECA) - Hazard and operability studies (HAZOP) - Event tree analysis (ETA) - Fault tree analysis (FTA)
Home assignments • 1.12 (primary, functional and indirect safety) • 2.4 (unavailability) Email before 28. January to herttua@eurolock.org