| D. Kalinsky Associates |
| Home | Training Courses | Online Learning | Resources | About Us | Contact | Site Map |
Advanced Course:
"Design of Safety-Critical Systems & Software"
* An Advanced Course for Experienced Real-Time Embedded System Designers and Software Developers
* How to Structure Embedded Systems and Software for Safety-Critical Applications
* 2- Day or 3-Day Intensive Class (lectures, discussions, design examples, exercises)
"Design of Safety-Critical Systems & Software"
* An Advanced Course for Experienced Real-Time Embedded System Designers and Software Developers
* How to Structure Embedded Systems and Software for Safety-Critical Applications
* 2- Day or 3-Day Intensive Class (lectures, discussions, design examples, exercises)
COURSE OVERVIEW
This course examines the design of embedded systems and software that are to provide services in applications that
could, when they fail, threaten the well-being or life of people. It offers practical guidance on how to address safety
concerns when designing safety critical software in fields such as medical, automotive, avionics, nuclear and
chemical process control.
The course surveys concepts and alternatives for software and system architectures appropriate for safety-critical
systems. Following an examination of hazard and risk analysis techniques, it goes on to list a number of approaches
to software safety that span fault avoidance, fault detection, and fault containment tactics including redundancy,
recovery, masking and barriers. A variety of candidate architectural design patterns are examined, including dual/triple
modular redundancy, dissimilar independent designs, backup parallel patterns and active/monitor parallel patterns.
Many real-world examples are presented.
This course is far from a general course about system or software design theory, but rather it is tightly focused on the
design of embedded systems and software that are required to provide their intended functions without endangering
the safety or life of users or their environment.
WHO SHOULD ATTEND ?
This course is intended for practicing real-time and embedded systems software system architects, project
managers and technical consultants who have responsibility for designing, structuring and implementing the
software for real-time and embedded computer systems in applications that could, when they fail, threaten the
well-being or life of people.
Course participants are expected to be familiar with general embedded and real-time software design. [This
knowledge can be gained by attending a prerequisite embedded software design course such as "Architectural
Design of Real-Time Software".]
COURSE CO-REQUISITE
Many (but not all) safety-critical systems must also be high-availability systems -- with severe consequences in
situations where the system fails and remains unavailable for significant periods of time. For those safety-critical
systems that also have high-availability requirements, we recommend that the course "Design of High Availability
Systems and Software" should be taken at the same time as this course. The two courses have little overlap in
content, and offer complimentary approaches and perspectives. It is possible to combine these two courses into a
unified three- or four-day course under the name of "Safety Critical and High Availability Systems" Masterclass.
COURSE OBJECTIVES
The primary goal of this course is to give the participant the skills necessary to design software for real-time and
embedded computer systems in which faults and failures could pose a danger to human life. This is a very practical,
results-oriented course that will provide knowledge and skills that can be applied immediately.
COURSE CONTENTS
Definitions and Background
Hazards and Risks
Safety vs. Fault Tolerance
Design Issues for Safety
Redundancy
Approaches to Dependability
Code-Level Safety: MISRA-C and LINT
Examples: Automotive Brake-by-Wire, Steer-by-Wire
Preparatory Analyses
Hazard Analysis: FMEA
Fault & Event Tree Analysis
Exercise: Fault Tree Analysis
Probabilistic Event Tree Analysis
Risk Analysis
Approaches to Safety: Fault Avoidance, Fault Detection, Fault Tolerance
Fundamental Safety Design Patterns
Detection of Sensor Errors
Failstop
Fault Masking
Shutdown Design Patterns
Single Channel Patterns
Multi-Channel Design Patterns
Actuation Monitoring Options
Dual Channel Patterns
Dual Closed-Loop Patterns
Heterogeneous Peer-Channel Pattern
Example: Flight Control Computer Development
Dual-Dual Pattern
Design Patterns for High Availability and Safety
Monitor-Actuator Pattern
Extended Example: Medical Respiratory Ventilator
The Safety Executive
Extended Example: Automotive Drive-by-Wire
Extended Example: Airbus A330/340 Fly-by-Wire
A Cookbook for Safety-Critical Design
Learning from System Failures and Accidents
Sources of System Accidents
Hazard-Based Risk Analysis Calculations
Exercise: Spacecraft Risk Analysis
Software Factors in Some Famous Accidents
C Language in Critical Systems
Software Robustness: MISRA-C, LINT, Static Code Analyzers
Exercise: C-Language Shenanigans
Update on Static Code Analysis
The JPL "Power of 10" Coding Rules
Final Examination.
INSTRUCTOR: Dr. David Kalinsky
This course examines the design of embedded systems and software that are to provide services in applications that
could, when they fail, threaten the well-being or life of people. It offers practical guidance on how to address safety
concerns when designing safety critical software in fields such as medical, automotive, avionics, nuclear and
chemical process control.
The course surveys concepts and alternatives for software and system architectures appropriate for safety-critical
systems. Following an examination of hazard and risk analysis techniques, it goes on to list a number of approaches
to software safety that span fault avoidance, fault detection, and fault containment tactics including redundancy,
recovery, masking and barriers. A variety of candidate architectural design patterns are examined, including dual/triple
modular redundancy, dissimilar independent designs, backup parallel patterns and active/monitor parallel patterns.
Many real-world examples are presented.
This course is far from a general course about system or software design theory, but rather it is tightly focused on the
design of embedded systems and software that are required to provide their intended functions without endangering
the safety or life of users or their environment.
WHO SHOULD ATTEND ?
This course is intended for practicing real-time and embedded systems software system architects, project
managers and technical consultants who have responsibility for designing, structuring and implementing the
software for real-time and embedded computer systems in applications that could, when they fail, threaten the
well-being or life of people.
Course participants are expected to be familiar with general embedded and real-time software design. [This
knowledge can be gained by attending a prerequisite embedded software design course such as "Architectural
Design of Real-Time Software".]
COURSE CO-REQUISITE
Many (but not all) safety-critical systems must also be high-availability systems -- with severe consequences in
situations where the system fails and remains unavailable for significant periods of time. For those safety-critical
systems that also have high-availability requirements, we recommend that the course "Design of High Availability
Systems and Software" should be taken at the same time as this course. The two courses have little overlap in
content, and offer complimentary approaches and perspectives. It is possible to combine these two courses into a
unified three- or four-day course under the name of "Safety Critical and High Availability Systems" Masterclass.
COURSE OBJECTIVES
The primary goal of this course is to give the participant the skills necessary to design software for real-time and
embedded computer systems in which faults and failures could pose a danger to human life. This is a very practical,
results-oriented course that will provide knowledge and skills that can be applied immediately.
COURSE CONTENTS
Definitions and Background
Hazards and Risks
Safety vs. Fault Tolerance
Design Issues for Safety
Redundancy
Approaches to Dependability
Code-Level Safety: MISRA-C and LINT
Examples: Automotive Brake-by-Wire, Steer-by-Wire
Preparatory Analyses
Hazard Analysis: FMEA
Fault & Event Tree Analysis
Exercise: Fault Tree Analysis
Probabilistic Event Tree Analysis
Risk Analysis
Approaches to Safety: Fault Avoidance, Fault Detection, Fault Tolerance
Fundamental Safety Design Patterns
Detection of Sensor Errors
Failstop
Fault Masking
Shutdown Design Patterns
Single Channel Patterns
Multi-Channel Design Patterns
Actuation Monitoring Options
Dual Channel Patterns
Dual Closed-Loop Patterns
Heterogeneous Peer-Channel Pattern
Example: Flight Control Computer Development
Dual-Dual Pattern
Design Patterns for High Availability and Safety
Monitor-Actuator Pattern
Extended Example: Medical Respiratory Ventilator
The Safety Executive
Extended Example: Automotive Drive-by-Wire
Extended Example: Airbus A330/340 Fly-by-Wire
A Cookbook for Safety-Critical Design
Learning from System Failures and Accidents
Sources of System Accidents
Hazard-Based Risk Analysis Calculations
Exercise: Spacecraft Risk Analysis
Software Factors in Some Famous Accidents
C Language in Critical Systems
Software Robustness: MISRA-C, LINT, Static Code Analyzers
Exercise: C-Language Shenanigans
Update on Static Code Analysis
The JPL "Power of 10" Coding Rules
Final Examination.
INSTRUCTOR: Dr. David Kalinsky
Check it out! Get the "flavor" of this course by perusing
one of the course's reading assignments:
"Architecture of Safety-Critical Systems"
one of the course's reading assignments:
"Architecture of Safety-Critical Systems"
| © Copyright 2010, D. Kalinsky Associates, All Rights Reserved. This page Updated February 18, 2010 |