ee551 real-time operating systems safety critical systems analysis course originally developed by...
TRANSCRIPT
EE551 Real-Time Operating Systems
Safety Critical Systems Analysis
Course originally developed by Maj Ron Smith
Safety Critical Software Systems – ilities of Systems
Software safety is one of the “ilities” of that is part of non-functional requirements specifies criteria that can be used to judge the operation of a system, rather than specific behaviors
Safety Critical Software Systems – ilities of Systems
Execution Qualities Usability and Operability Security Reliability Safety Fault Tolerance
Evolution Qualities Maintainbility, Understandability and Modifiability Supportability (Integrated Logistics Support) Testability Portability Scalability and Extensibility
Integrity – often used to encompass other ilities
Safety Critical Software Systems – ilities of Systems
Safety and reliability are often misinterpreted
There is a school of thought that states that safety is a subset of reliability
Apr 19, 2023 Major RW Smith Software Reliability (part1) - 5
Reliability
reliability, R(t) - the probability that, when operating under stated environmental conditions, a system will perform its intended function adequately for a specified interval of time.
a measure of the success with which a system conforms to some authoritative specification of its behavior
most frequent hardware metric - MTBF failure rate is more universal in software
Safeware: System Safety and ComputersNancy G. LevesonISBN-10: 0201119722 | ISBN-13: 978-0201119725
Safety Critical Software Systems – Authoritative text
Safety Critical Software Systems
Potential of the software to lead to hazardous system states
Hazards can lead to accidents and: Death Serious Injuries Damage to environment Significant loss of material Loss of strategic advantage
Safety Critical Systems
Safety Critical Systems
Safety Critical Systems
Safety Critical Systems
Examples of failures: Medical
Therac-25 (1985-87)(extreme case) Bloodbank software released over 1M
“failed” plasma units on the market. Pacemakers reset to unsafe parameters
due to external radiation sources (antitheft devices, microwaves,…)
Infusion pumps delivering the wrong rate of medicine.
Safety Critical Software Systems
Safety Critical Software cannot be verified and validated using “traditional” methods to derive test cases
Must use risk management and hazard analysis techniques Root Cause Analysis
Safety Critical Software Systems
Hazard Analysis techniques Hazard list from similar devices Hazard and Operability (HAZOP) Analysis Fault Tree Analysis (FTA) Event Tree Analysis (ETA) Failure Modes and Effects Analysis (FMEA)
Failure Modes, Effects and Criticality Analysis (FMECA)
Safety Critical Systems - Hazard Analysis – Hazard List
Known hazards lists or reports from previous similar devices Lessons Learned DB (internal to companies) Recall notices (general public – industry wide) Food and Drug Administration Web Site
(MAUDE) http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cf
maude/search.cfm
Federal Aviation Agency http://www.faa.gov/data_research/accident_incident/
Transport Canada (CADORS) http://wwwapps.tc.gc.ca/Saf-Sec-Sur/2/CADORS-SCRE
AQ/m.aspx?lang=eng
Safety Critical Systems - Hazard Analysis – Hazard List
Brainstorming session Generic lists (ISO 14971 Annex D)
Safety Critical Systems - Hazard Analysis – HAZOP
Hazard and Operability Study Process oriented
is a structured and systematic examination of a planned or existing process or operation
to identify and evaluate problems that may represent risks to personnel, equipment or environment
Originates from Chemical Industry
Safety Critical Systems - Hazard Analysis – HAZOP
Analyze the behavior of a system based on operating deviations from original design or intent
Decomposition of system into sub-processes or items (systems, subsystems, components)
Parameters (flow, temperature, pressure,…)
Systematic qualitative analysis with Guide words (less, more, inverse, too high, too low, before…)
Safety Critical Systems - Hazard Analysis - FTA
Safety Critical Systems - Hazard Analysis - ETA
Control measures
Safety Critical Systems - Hazard Analysis – FME(C)A
Item Failure Mode
Causes Effects Criticality
Prob Control measures
Registration
RMS error too large
a. Bad configurationb. Markers too closec. Handling errorsd. Tracking errore. Transformation error
Cannot use IIGS
Critical N/A Operator training Documentation
Safety Critical Software Systems
State Based Analysis methods Markov Chain Models Petri Nets
Software Cost Reduction Methods David Parnas and Constance L. Heitmeyer Formal mathematical approach to
specifications