Embed Size (px)
Citation preview
Software Safety: Examples, Definitions, Standards,
Techniques
Tom Hobson (tdh06u)
Definition
• A systematic approach to identifying, analysing and controlling software hazards to ensure safe operation.
• Optimizes system safety in the software development process and integration with safety critical hardware systems in an operational environment.
Definition
• Software safety techniques are generally thought of as applying to safety-critical systems
• Software safety does not ensure safety from the hardware, users or environment
Examples
• NASA Ares I Rocket
• Honda’s ADAS
• Railway Signalling Systems
• Nuclear Reactor Control Systems
• Life Support Machines
• Air Traffic Control Systems
• etc.
Honda ADAS
• Automated Driver Assistance System
• Senses lane markings on the road and adjusts the steering to keep the driver in lane if the indicator is off
• Also maintains sufficient distance from the vehicle ahead
• If the software for this was faulty, the car could do almost anything
NASA Ares I Rocket
• Currently in development• This rocket is firstly being designed to take
groups of astronauts into Earth orbit• Around 2014, this will be extended to
International Space Station excursions• By 2020, it will be extended to the moon and
beyond• Any inaccuracies in calculations can be drastic.
Standards
• Many standards for software safety
• Major standard is IEC 61508
• NASA software safety standard
Techniques
• Software safety is included in all parts of the software development life cycle
• For serious safety-critical systems it can be a very in depth and time consuming process
• Systems where safety is less crucial sometimes skip some of the less important phases due to little gain for the time investment
Preliminary Hazard Analysis (PHA)
• This is used as early as possible in the SDLC
• Used to identify potential hazards early to avoid having to fix them later
• Gives a good basis to work on later
Software Hazard Analysis
• Expansion on PHA
• Done during requirements phase
• Each state is now analysed to see from which other states it is possible to reach the hazardous state
Hazard Testing
• Requirements to test the system under hazard conditions are developed
• Hazard testing shows the maximum allowed response time to faults before they become a problem
• Can be tested using simulations, although in addition it should be tested on the system itself
• Usually includes bench testing
Criticality Analysis
• Used to categorise modules to show which are most safety critical
• Ranges from C0-C3, C0 being least potentially hazardous, and C3 being most
• Modules are handled differently according to their hazard rating
Fault Tree Analysis
• Logical Analysis
• A diagrammatic approach to displaying the states of a system which can potentially lead to a fault
• Mirror to RBD (Reliability Block Diagram)
• Shows easily what circumstances lead to specific faults
FMEA (Failure Modes and Effects Analysis)
• FMEA is a technique used to check the safety requirements formulated in hazard testing
• It is used to identify structural weaknesses in the design
• A range of identified failure modes are tested against to check whether these failures are possible to reach
• As this stage is completed before implementation, the cost of fixing any design weaknesses or errors is fairly low
Late Design/Coding Phase
• Detailed Fault Tree Analysis– This is, in effect, expanding the fault tree again– Detects additional errors
• Detailed FMEA– Requires a large time investment– This stage is often the one skipped for less safety-
critical systems• Defensive Programming
– Often reduces the time needed for safety techniques
References
• Czerny, D’Ambrosio, Murray and Sundaram, Effective Application of Software Safety Techniques for Automotive Embedded Control Systems, 2005
• C A Ericson, http://www.dcs.gla.ac.uk/~johnson/teaching/safety/reports/Clif_Ericson1.htm
• Fries, Fisher, and Jobes, Programmable Electronic Mining Systems: Best Practice Recommendations, Part 3: 2.2 Software Safety, 2001
• NASA, Software Safety: NASA Technical Standard, 1997
• Jeff Payne, http://www.embedded.com/columns/technicalinsights/19201765?_requestid=471140, 2004
• Goddard, Peter. Software FMEA Techniques, 2000
Questions?
