robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added text to introduction

Browse Source
This commit is contained in:
Robin 2010-01-22 17:43:02 +00:00
parent fd4540a246
commit 8c7a4a40d3
2 changed files with 58 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
introduction/introduction.tex
View File

@ -2,7 +2,7 @@
\section{Introduction} \section{Introduction}
$$ \int_{0\-}^{\infty} f(t).e^{-s.t}.dt \; | \; s \in C$$ %$$ \int_{0\-}^{\infty} f(t).e^{-s.t}.dt \; | \; s \in C$$
This thesis describes the application of, mathematical (formal) techniques to This thesis describes the application of, mathematical (formal) techniques to
the design of safety critical systems. the design of safety critical systems.
@ -13,9 +13,53 @@ both the specific `simultaneous failures'\cite{EN298},\cite{EN230},\cite{EN12067
and the probability to dangerous fault approach\cite{EN61508}. and the probability to dangerous fault approach\cite{EN61508}.
The visual notation developed was initially designed for electronic fault modelling. The visual notation developed was initially designed for electronic fault modelling.
However, it could be appleid to mechanical and software domains as well. However, it was relaised that could be applied to mechanical and software domains as well.
Due to this a common notation/diagram style This changed the target for the study slightly to encompass these domains in a common notation.
can be used to model any integrated safety relevant system.
\section{Background}
I completed an MSc in Software engineering in 2004 at Brighton university while working for
an Engineering firm as a software Engineer.
The firm make industrial burner controllers.
iIndustrial Burners are potentially very dangerous industrail plant.
They are subject to stringent safety regulations and any product controlling them
must conform to specific `EN' standards. This involved not only writing software and designing hardware in compliance,
but also stages of formal certification testing. The certification testing had to be performed by
`competent body' recognised under European law. A significant part
of this process was `static testing'. This involved looking at the design of the products,
from the perspective of components failing, and the effect on safety this would have.
Some of the static testing involved checking that the germane `EN' standards had
been complied with. Failure Mode Effects Analysis (FMEA) was also applied. This involved
looking in detail at critical sections of the product and proposing
component failure scenarios. For each failure scenario proposed either a satisfactory
answer was required, or a counter proposal to change the design to cope with
the comonent failure eventuality. FMEA was time consuming, and being directed by
experts undoubtly ironed out many potential safety faults before the product saw
light of day. However it was quickly apparent that only a small proportion
of copmponent~failure modes was considered. Also there was no formaliswm.
The component~failure~modes investigated were not analysed within
any rigourous framework.
\subsection{Possibility of applying mathematical techniques to FMEA}
My MSc project was a diagram editor for Constraint diagrams.
I wanted to apply constriant diagram techniques to FMEA
and began thinking about how this could be done. One
obvious factor was that a typical safety critical system could
have more than 1000 component parts. Each component
would typically have several failure modes.
Trying to apply a rigourous methodology on an entire product
was going to be impractical. To do this with complete coverage
each component failure mode would have to have been checked against
the other thousand or so components for influence, and then
a determination of the effects on the system would have had to have been
determined. Thus millions of checks would have to have been performed, and
as FMEA is an `expert only' time consuming technique, this idea was
obviously impractical.
\section{Safety Critical Systems} \section{Safety Critical Systems}
@ -23,7 +67,7 @@ can be used to model any integrated safety relevant system.
A safety critical system is one in which lives may depend upon it or A safety critical system is one in which lives may depend upon it or
it has the potential to become dangerous. it has the potential to become dangerous.
(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty (/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty)
An industrial burner is typical of plant that is potentially dangerous. An industrial burner is typical of plant that is potentially dangerous.
An incorrect air/fuel mixture can be explosive. An incorrect air/fuel mixture can be explosive.
@ -32,11 +76,13 @@ life support are examples of systems that lives depend upon.
\subsection{Two approaches : Probablistic, and Compnent fault tolerant} \subsection{Two approaches : Probablistic, and Compnent fault tolerant}
There are two main philosophies applied to safety critical systems. There are two main philosophies applied to safety critical systems certification.
\paragraph{Statistical safety Measures}
One is a general number of acceptable failure per hour of operation. One is a general number of acceptable failure per hour of operation.
This is the probablistic approach and is embodied in the european standard This is the probablistic approach and is embodied in the european standard
EN61508 \cite{EN61508}. EN61508 \cite{EN61508}.
\paragraph{Prescriptive safety Measures}
The second philosophy, applied to application specific standards, is to investigate The second philosophy, applied to application specific standards, is to investigate
components ior sub-systems in the critical safety path and to look at component failure modes components ior sub-systems in the critical safety path and to look at component failure modes
and ensure that they cannot cause dangerous faults. and ensure that they cannot cause dangerous faults.
@ -66,14 +112,15 @@ reference chapter dealing speciifically with this but given a quick overview.
- specific safety standards - specific safety standards
\subsubsection{Overview of current testing and certification} \subsubsection{Overview of current testing and certification}
ref chapter speciiffically on this but give an overview now ref chapter speciifically on this but give an overview now
\section{Background to the Industrial Burner Safety Analysis Problem} \section{Background to the Industrial Burner Safety Analysis Problem}
An industrial burner is a good example of a safety critical system. An industrial burner is a good example of a safety critical system.
It has the potential for devatating explosions due to boiler overpressure, or It has the potential for devistating explosions due to boiler overpressure, or
ignition of an explosive mixture, and, because of the large amounts of fuel used, ignition of an explosive mixture, and, because of the large amounts of fuel used,
is a potential fire hazard. They are often left running unattended 24/7. is also a fire hazard. Also Industrial boilers are often left running unattended
for long periods of time (typically days).
To add to these problems To add to these problems
Operators are often under pressure to keep them running. An boiler supplying Operators are often under pressure to keep them running. An boiler supplying
@ -86,7 +133,7 @@ This places extra responsibility on the burner controller.
These are common place and account for a very large proportion of the enery usage These are common place and account for a very large proportion of the enery usage
in the world today (find and ref stats) in the world today (find and ref stats)
Industrial burners are common enough to have different specific standards Industrial burners are common enough to have different specific standards
written for the fuel types they usei \ref{EN298} \ref{EN230} \ref{EN12067}. written for the fuel types they use \ref{EN298} \ref{EN230} \ref{EN12067}.
A modern industrial burner has mechanical, electronic and software A modern industrial burner has mechanical, electronic and software
elements, that are all safety critical. That is to say elements, that are all safety critical. That is to say
@ -374,7 +421,7 @@ and how it will react when it does.
Some systems and components are guaranteed to work within certain environmental constraints, Some systems and components are guaranteed to work within certain environmental constraints,
temperature being the most typical. Very often what happens to the system outside that range is not defined. temperature being the most typical. Very often what happens to the system outside that range is not defined.
Where this is the case, these are undetectable errors.
\section{Project Goals} \section{Project Goals}

BIN
thesis.pdf Normal file
View File

Binary file not shown.