Safety-critical software in machinery applications

Timo Malm, Matti Vuori, Jari Rauhamäki, Timo Vepsäläinen, Johannes Koskinen, Jari Seppälä, Heikki Virtanen, Marita Hietikko, Mika Katara

Research output: Book/ReportReport

1 Citation (Scopus)

Abstract

This report presents some important factors related to safety-critical software in machinery. The following subjects are considered in the text, bearing in mind the subject: the role of safety-critical software in machinery, statistics of software faults, requirements, safety and security principles, risk and hazard modelling, agile development, safety process patterns, safety-related architectures, verification and validation, phases of development and formal methods. The general observation is that there are many methods for software design and it is difficult to choose the most relevant ones. The report shows some criteria for selecting methods and some aspects related to current topics. There are so many different safety-critical software applications in machinery that the research found the most interesting topics and then focused on them. The statistics show that most defects arise during the requirements specification and architectural design phases of the lifecycle. This is before any coding. The statistics also show that the defect density is higher in large programs, i.e. the number of defects increases exponentially as the program size grows. It may therefore be better to separate safety-critical and standard code in order to keep the first one small. The separation of modules and keeping the connections between modules under control and narrow is recommended in order to have advantages in testing, understanding of the program, limited error spreading, program development etc. There are many kinds of self-diagnostic and monitoring functions that may be complex and increase the number of defects, but they increase safety and are needed in safety-critical code. The standard IEC 61508-3, published in 2010, lays down many functional requirements for safety-critical programmable systems. However, there are also other standards related to functional safety and the safety of control systems. This paper also considers some aspects related to the safety of agile methods. The standards show the requirements related to the phases of the V-model, but agile methods are not considered. The functional safety of software is achieved through systematic (not intuitional) use of adequate methods in all phases of the programmable system lifecycle. Programmable systems contain hardware and software, both of which need to be considered in the validation process.
Original languageEnglish
Place of PublicationEspoo
PublisherVTT Technical Research Centre of Finland
Number of pages127
ISBN (Electronic)978-951-38-7790-3
Publication statusPublished - 2011
MoE publication typeNot Eligible

Publication series

SeriesVTT Tiedotteita - Meddelanden - Research Notes
Number2601
ISSN1235-0605

Fingerprint

Machinery
Codes (standards)
Statistics
Defects
Formal methods
Architectural design
Defect density
Software design
Application programs
Hazards
Specifications
Hardware
Control systems

Keywords

  • software
  • safety
  • safety-related
  • machinery
  • control system

Cite this

Malm, T., Vuori, M., Rauhamäki, J., Vepsäläinen, T., Koskinen, J., Seppälä, J., ... Katara, M. (2011). Safety-critical software in machinery applications. Espoo: VTT Technical Research Centre of Finland. VTT Tiedotteita - Meddelanden - Research Notes, No. 2601
Malm, Timo ; Vuori, Matti ; Rauhamäki, Jari ; Vepsäläinen, Timo ; Koskinen, Johannes ; Seppälä, Jari ; Virtanen, Heikki ; Hietikko, Marita ; Katara, Mika. / Safety-critical software in machinery applications. Espoo : VTT Technical Research Centre of Finland, 2011. 127 p. (VTT Tiedotteita - Meddelanden - Research Notes; No. 2601).
@book{ff40f23883dd44a09833a7ca64f92cbb,
title = "Safety-critical software in machinery applications",
abstract = "This report presents some important factors related to safety-critical software in machinery. The following subjects are considered in the text, bearing in mind the subject: the role of safety-critical software in machinery, statistics of software faults, requirements, safety and security principles, risk and hazard modelling, agile development, safety process patterns, safety-related architectures, verification and validation, phases of development and formal methods. The general observation is that there are many methods for software design and it is difficult to choose the most relevant ones. The report shows some criteria for selecting methods and some aspects related to current topics. There are so many different safety-critical software applications in machinery that the research found the most interesting topics and then focused on them. The statistics show that most defects arise during the requirements specification and architectural design phases of the lifecycle. This is before any coding. The statistics also show that the defect density is higher in large programs, i.e. the number of defects increases exponentially as the program size grows. It may therefore be better to separate safety-critical and standard code in order to keep the first one small. The separation of modules and keeping the connections between modules under control and narrow is recommended in order to have advantages in testing, understanding of the program, limited error spreading, program development etc. There are many kinds of self-diagnostic and monitoring functions that may be complex and increase the number of defects, but they increase safety and are needed in safety-critical code. The standard IEC 61508-3, published in 2010, lays down many functional requirements for safety-critical programmable systems. However, there are also other standards related to functional safety and the safety of control systems. This paper also considers some aspects related to the safety of agile methods. The standards show the requirements related to the phases of the V-model, but agile methods are not considered. The functional safety of software is achieved through systematic (not intuitional) use of adequate methods in all phases of the programmable system lifecycle. Programmable systems contain hardware and software, both of which need to be considered in the validation process.",
keywords = "software, safety, safety-related, machinery, control system",
author = "Timo Malm and Matti Vuori and Jari Rauham{\"a}ki and Timo Veps{\"a}l{\"a}inen and Johannes Koskinen and Jari Sepp{\"a}l{\"a} and Heikki Virtanen and Marita Hietikko and Mika Katara",
year = "2011",
language = "English",
series = "VTT Tiedotteita - Meddelanden - Research Notes",
publisher = "VTT Technical Research Centre of Finland",
number = "2601",
address = "Finland",

}

Malm, T, Vuori, M, Rauhamäki, J, Vepsäläinen, T, Koskinen, J, Seppälä, J, Virtanen, H, Hietikko, M & Katara, M 2011, Safety-critical software in machinery applications. VTT Tiedotteita - Meddelanden - Research Notes, no. 2601, VTT Technical Research Centre of Finland, Espoo.

Safety-critical software in machinery applications. / Malm, Timo; Vuori, Matti; Rauhamäki, Jari; Vepsäläinen, Timo; Koskinen, Johannes; Seppälä, Jari; Virtanen, Heikki; Hietikko, Marita; Katara, Mika.

Espoo : VTT Technical Research Centre of Finland, 2011. 127 p. (VTT Tiedotteita - Meddelanden - Research Notes; No. 2601).

Research output: Book/ReportReport

TY - BOOK

T1 - Safety-critical software in machinery applications

AU - Malm, Timo

AU - Vuori, Matti

AU - Rauhamäki, Jari

AU - Vepsäläinen, Timo

AU - Koskinen, Johannes

AU - Seppälä, Jari

AU - Virtanen, Heikki

AU - Hietikko, Marita

AU - Katara, Mika

PY - 2011

Y1 - 2011

N2 - This report presents some important factors related to safety-critical software in machinery. The following subjects are considered in the text, bearing in mind the subject: the role of safety-critical software in machinery, statistics of software faults, requirements, safety and security principles, risk and hazard modelling, agile development, safety process patterns, safety-related architectures, verification and validation, phases of development and formal methods. The general observation is that there are many methods for software design and it is difficult to choose the most relevant ones. The report shows some criteria for selecting methods and some aspects related to current topics. There are so many different safety-critical software applications in machinery that the research found the most interesting topics and then focused on them. The statistics show that most defects arise during the requirements specification and architectural design phases of the lifecycle. This is before any coding. The statistics also show that the defect density is higher in large programs, i.e. the number of defects increases exponentially as the program size grows. It may therefore be better to separate safety-critical and standard code in order to keep the first one small. The separation of modules and keeping the connections between modules under control and narrow is recommended in order to have advantages in testing, understanding of the program, limited error spreading, program development etc. There are many kinds of self-diagnostic and monitoring functions that may be complex and increase the number of defects, but they increase safety and are needed in safety-critical code. The standard IEC 61508-3, published in 2010, lays down many functional requirements for safety-critical programmable systems. However, there are also other standards related to functional safety and the safety of control systems. This paper also considers some aspects related to the safety of agile methods. The standards show the requirements related to the phases of the V-model, but agile methods are not considered. The functional safety of software is achieved through systematic (not intuitional) use of adequate methods in all phases of the programmable system lifecycle. Programmable systems contain hardware and software, both of which need to be considered in the validation process.

AB - This report presents some important factors related to safety-critical software in machinery. The following subjects are considered in the text, bearing in mind the subject: the role of safety-critical software in machinery, statistics of software faults, requirements, safety and security principles, risk and hazard modelling, agile development, safety process patterns, safety-related architectures, verification and validation, phases of development and formal methods. The general observation is that there are many methods for software design and it is difficult to choose the most relevant ones. The report shows some criteria for selecting methods and some aspects related to current topics. There are so many different safety-critical software applications in machinery that the research found the most interesting topics and then focused on them. The statistics show that most defects arise during the requirements specification and architectural design phases of the lifecycle. This is before any coding. The statistics also show that the defect density is higher in large programs, i.e. the number of defects increases exponentially as the program size grows. It may therefore be better to separate safety-critical and standard code in order to keep the first one small. The separation of modules and keeping the connections between modules under control and narrow is recommended in order to have advantages in testing, understanding of the program, limited error spreading, program development etc. There are many kinds of self-diagnostic and monitoring functions that may be complex and increase the number of defects, but they increase safety and are needed in safety-critical code. The standard IEC 61508-3, published in 2010, lays down many functional requirements for safety-critical programmable systems. However, there are also other standards related to functional safety and the safety of control systems. This paper also considers some aspects related to the safety of agile methods. The standards show the requirements related to the phases of the V-model, but agile methods are not considered. The functional safety of software is achieved through systematic (not intuitional) use of adequate methods in all phases of the programmable system lifecycle. Programmable systems contain hardware and software, both of which need to be considered in the validation process.

KW - software

KW - safety

KW - safety-related

KW - machinery

KW - control system

M3 - Report

T3 - VTT Tiedotteita - Meddelanden - Research Notes

BT - Safety-critical software in machinery applications

PB - VTT Technical Research Centre of Finland

CY - Espoo

ER -

Malm T, Vuori M, Rauhamäki J, Vepsäläinen T, Koskinen J, Seppälä J et al. Safety-critical software in machinery applications. Espoo: VTT Technical Research Centre of Finland, 2011. 127 p. (VTT Tiedotteita - Meddelanden - Research Notes; No. 2601).