"Design of Safety-Critical Systems & Software"
* An Advanced Course for Experienced Real-Time Embedded System Designers and Software Developers
* How to Structure Embedded Systems and Software for Safety-Critical Applications
* 2- Day or 3-Day Intensive Class (lectures, discussions, design examples, exercises)
This course examines the design of embedded systems and software that are to provide services in applications that
could, when they fail, threaten the well-being or life of people. It offers practical guidance on how to address safety
concerns when designing safety critical software in fields such as medical, automotive, avionics, nuclear and
chemical process control.
The course surveys concepts and alternatives for software and system architectures appropriate for safety-critical
systems. Following an examination of hazard and risk analysis techniques, it goes on to list a number of approaches
to software safety that span fault avoidance, fault detection, and fault containment tactics including redundancy,
recovery, masking and barriers. A variety of candidate architectural design patterns are examined, including dual/triple
modular redundancy, dissimilar independent designs, backup parallel patterns and active/monitor parallel patterns.
Many real-world examples are presented. Software design approaches are discussed for run-time Built-In Self Test
("BIST") of processor and peripheral hardware.
This course is far from a general course about system or software design theory, but rather it is tightly focused on the
design of embedded systems and software that are required to provide their intended functions without endangering
the safety or life of users or their environment.
WHO SHOULD ATTEND ?
This course is intended for practicing real-time and embedded systems software system architects, project
managers and technical consultants who have responsibility for designing, structuring and implementing the
software for real-time and embedded computer systems in applications that could, when they fail, threaten the
well-being or life of people.
Course participants are expected to be familiar with general embedded and real-time software design. [This
knowledge can be gained by attending a prerequisite embedded software design course such as "Architectural
Design of Real-Time Software".]
Many (but not all) safety-critical systems must also be high-availability systems -- with severe consequences in
situations where the system fails and remains unavailable for significant periods of time. For those safety-critical
systems that also have high-availability requirements, we recommend that the course "Design of High Availability
Systems and Software" should be taken at the same time as this course. The two courses have little overlap in
content, and offer complimentary approaches and perspectives. It is possible to combine these two courses into a
unified three- or four-day course under the name of "Safety Critical and High Availability Systems" Masterclass.
The primary goal of this course is to give the participant the skills necessary to design software for real-time and
embedded computer systems in which faults and failures could pose a danger to human life. This is a very practical,
results-oriented course that will provide knowledge and skills that can be applied immediately.
Definitions and Background
Hazards and Risks
Safety vs. Fault Tolerance
Design Issues for Safety
Approaches to Dependability
Code-Level Safety: MISRA-C and LINT
Examples: Automotive Drive-by-Wire
Hazard Analysis: FMEA
Fault & Event Tree Analysis
Exercise: Fault Tree Analysis for Railway Safety
Probabilistic Event Tree Analysis
Approaches to Safety: Fault Avoidance, Fault Detection, Fault Tolerance
Exercise: Event Tree and Risk Analysis for Railway Safety
Fundamental Safety Design Patterns
Detection of Sensor Errors
Shutdown Design Patterns
Single Channel Patterns
Multi-Channel Design Patterns
Actuation Monitoring Options
Dual Channel Patterns
Dual Closed-Loop Patterns
Heterogeneous Peer-Channel Pattern
Design Patterns for High Availability and Safety
Extended Example: Medical Respiratory Ventilator
The Safety Executive
Extended Example: Automotive Drive-by-Wire
Extended Example: Airbus A330/340 Fly-by-Wire
Extended Example: Boeing 777 Fly-by-Wire
A Cookbook for Safety-Critical Design
BIST: Built-In Self Test Software Design
Learning from System Failures and Accidents
Sources of System Accidents
Software Factors in Some Famous Accidents
Case Study: Successful Spacecraft
More Ideas for System-Level Safety
Government and International Software Safety Standards
C Language in Critical Systems
Exercise: The Wild Scalar
Software Robustness: MISRA-C, LINT, Static Code Analyzers
Exercise: C-Language Shenanigans
Update on Static Code Analysis
The JPL "Power of 10" Coding Rules
INSTRUCTOR: Dr. David Kalinsky
|© Copyright 2011, D. Kalinsky Associates, All Rights Reserved.
This page Updated March 25, 2011