Safety-Critical Computer Systems

This book:

• Covers all phases of the life of a safety-critical system from its conception and specification, through to its certification, installation, service and decommissioning
• Provides information on how to assess the safety implications of projects, and determine the measures necessary to develop systems to meet safety needs
• Gives a thorough grounding in the techniques available to investigate the safety aspects of computer-based systems and the methods that may be used to enhance their dependability
• Uses case studies and worked examples from a wide range of industrial sectors including the nuclear, aircraft, automotive and consumer products industries

This text is intended for both engineering and computer science students, and for practising engineers within computer-related industries. The approach taken is equally suited to engineers who consider computers from a hardware, software or systems viewpoint.

Table of contentsPreface vii
1 Introduction 1
1.1 Computers in critical applications 1
1.2 Safety 2
1.2 Developing safety-related systems 8
1.4 Costs and benefits 14
2 Safety Criteria 19
2.1 Introduction 19
2.2 System requirements 20
2.3 Safety requirements 25
2.4 The safety case 29
3 Hazard Analysis 33
3.1 Introduction 33
3.2 Analytical techniques 34
3.3 Failure modes and effects analysis (FMEA) 38
3.4 Hazard and operability studies (HAZOP) 39
3.5 Fault tree analysis (FTA) 43
3.6 Hazard analysis within the development lifecycle 50
4 Risk Analysis 59
4.1 Introduction 59
4.2 Consequences of malfunction - severity 61
4.3 Probability of malfunction - frequency 63
4.4 Risk classification 65
4.5 The acceptablity of risk 67
4.6 Levels of integrity 70
4.7 The view of society and ethical considerations 75
5 Developing Safety-Critical Systems 81
5.1 Introduction 81
5.2 Lifecycle models 82
5.3 The safety lifecycle 85
5.4 Development methods 88
5.5 Designing for safety 97
5.6 Maintainability 101
5.7 Human factors in safety 103
5.8 Safety analysis 106
5.9 Safety management 107
6 Fault Tolerance 113
6.1 Introduction 113
6.2 Types of faults 114
6.3 Redundancy 124
6.4 Fault detection techniques 127
6.5 Hardware fault tolerance 131
6.6 Software fault tolerance 144
6.7 Selecting fault-tolerant architectures 148
6.8 Examples of fault-tolerant systems 152
7 System Reliability 161
7.1 Introduction 161
7.2 Reliability modelling 167
7.3 Reliability prediction 187
7.4 Reliability assessment 193
8 Safety-Critical Hardware 199
8.1 Introduction 199
8.2 Microprocessor design faults 200
8.3 Choice of microprocessors 205
8.4 Electromagnetic compatibility (EMC) 208
9 Safety-Critical Software 215
9.1 Introduction 215
9.2 Choice of programming languages 218
9.3 Software design 227
9.4 Software implementation 243
9.5 Software tools 245
9.6 Safety-critical software - an overview 247
10 Programmable Logic Controllers 253
10.1 Introduction 253
10.2 PLC hardware 255
10.3 PLC programming techniques 257
10.4 PLCs versus relays 260
10.5 PLCs in safety-critical systems 261
11 Formal Methods 271
11.1 Introduction 271
11.2 Formal methods within the development lifecycle 285
11.3 Formal specification languages 288
11.4 Formal methods of design and implementation 294
11.5 Formal methods and verification 296
11.6 Industrial applications of formal methods 300
11.7 Formal methods - the current situation 303
12 Verification, Validation and Testing 309
12.1 Introduction 309
12.2 Planning for verification and validation 313
12.3 Dynamic testing 315
12.4 Static analysis 319
12.5 Modelling 321
12.6 Testing for safety 323
12.7 Test strategies 324
12.8 Designing for testability 332
12.9 Development tools 333
12.10 Environmental simulation 336
12.11 Independent verification and validation 342
12.12 The roles of testing 343
12.13 Additional information 344
13 Quality Management 347
13.1 Introduction 347
13.2 Quality assurance 348
13.3 Quality control 351
13.4 Quality standards 352
13.5 Quality - an overview 355
14 Certification 359
14.1 Introduction 359
14.2 Forms of certification 360
14.3 The process of system certification 362
14.4 The safety case 364
14.5 Guidelines and standards 365
14.6 Certification - an overview 371
15 Commercial High-Integrity Systems 375
15.1 Introduction 375
15.2 An explosive chemical plant 376
15.3 The airbus A330/A340 primary flight control system 387
15.4 Darlington nuclear generating station 397
15.5 Conclusions 411
Appendix A Acronyms 415
Appendix B Test case generation 419
Appendix C Answers to numerical problems 427
Index 429