started on intro
This commit is contained in:
Robin Clark
parent
f553e20864
commit
ce5543b206
@ -72,11 +72,18 @@ ISSN={Doi:10.1145/2330667.2330683},}
|
||||
|
||||
@BOOK{scsh,
|
||||
AUTHOR = "D. Smith",
|
||||
TITLE = "Safety Critical Stystems Handbook, 3rd Ed. ISBN 978-0-08-096781-3",
|
||||
TITLE = "Safety Critical Systems Handbook, 3rd Ed. ISBN 978-0-08-096781-3",
|
||||
PUBLISHER = "Butterworth HeinemannH",
|
||||
YEAR = "2011"
|
||||
}
|
||||
|
||||
@BOOK{fpodsadsp,
|
||||
AUTHOR = "Robert D Strum and Donald E. Kirk",
|
||||
TITLE = "First Principles of discrete Systems and Digital Signal Processing ISBN 0-201-09518-1",
|
||||
PUBLISHER = "Addison-Wesley",
|
||||
YEAR = "1988"
|
||||
}
|
||||
|
||||
@ARTICLE{embedsfmea,
|
||||
AUTHOR = "Peter L. Goddard",
|
||||
TITLE = "Validating The Safety of Embedded Real-Time Control Systems using FMEA",
|
||||
|
||||
@ -30,9 +30,47 @@ firstly looking at electronic circuits and then at electronic/software hybrid sy
|
||||
}
|
||||
|
||||
\section{Introduction}
|
||||
The motivation for this study came form two sources, one academic and the other
|
||||
practical. I had recently completed an
|
||||
Msc and my project was to create an Euler/Spider Diagram editor in Java.
|
||||
This editor allowed the user to draw Euler/Spider diagrams, and could then
|
||||
represent these as abstract---or mathematical---definitions.
|
||||
At work, writing embedded `C' and assembly language code for safety critical
|
||||
industrial burners, we were faced with a new and daunting requirement.
|
||||
Conformance to the latest European standard, EN298. It appeared to ask for the impossible,
|
||||
not only did it require the usual safety measures (self checking of ROM and RAM, watchdog processors with separate clock sources, EMC
|
||||
triple fail safe control of valves), it had one new clause in it, that had far reaching consequences.
|
||||
It stated that in the event of a failure, where the controller had gone into a `lockout~state'--- a state where the controller
|
||||
applies all possible safety measures to stop fuel entering the burner---it could not become dangerous should another fault occur.
|
||||
In short this meant we had to be able to deal with double failures.
|
||||
Any of the components that could, in failing create a dangerous state, were already
|
||||
documented and approved using failure mode effects analysis (FMEA). This new requirement
|
||||
effectively meant that any all combinations of component failures were
|
||||
now required to be analysed. This, from a state explosion problem alone,
|
||||
meant that it was going to be virtually impossible to perform.
|
||||
%
|
||||
Following the concept of de-composing a problem, and thus simplifying the state explosion---using the thinking behind
|
||||
the fast Fourier transform (FFT)~\cite{fpodsadsp}[Ch.8], which takes a complex intermeshed series of real and imaginary number calculations
|
||||
and by de-composing them simplifies the problem.
|
||||
My reasoning was that were I to analyse the problem in small modules, from the bottom-up following the FFT example, I could apply
|
||||
checking for all double failure scenarios.
|
||||
Once these first modules were analysed, I now call them {\fgs}, I could determine the symptoms of failure for them
|
||||
Using the symptoms of failure, I could now treat these modules as components, now called {\dcs}, and use them to build higher level
|
||||
modules. I could apply double simultaneous failure mode checking, because the number of components
|
||||
in each module/{\fg} was quite small---thus avoiding state explosion problems, but I could apply
|
||||
double checking all the way up the hierarchy. In fact this meant, as a by-product that many multiple as well as double
|
||||
failures would be analysed.
|
||||
|
||||
Msc project Euler/Spider Diagram editor --- Euler/Spider Diagrams
|
||||
|
||||
Euler/Spider Diagrams
|
||||
could be used to model failure modes in components.
|
||||
Contours could represent failure modes, and the spider diagram
|
||||
`existential~points' instances of failure modes.
|
||||
By drawing a spider collecting existential points, a common failure symptom could
|
||||
be determined and from this a new diagram generated automatically, to represent the {\dc}.
|
||||
Each spider represented a derived failure mode.
|
||||
These concepts were presented at the ``Euler~2004''~\cite{Clark200519} conference at Brighton University.
|
||||
|
||||
--- 2005 paper --- need for static analysis because of
|
||||
high reliability of modern safety critical systems.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user