TY - BOOK
T1 - Safety-critical software in machinery applications
AU - Malm, Timo
AU - Vuori, Matti
AU - Rauhamäki, Jari
AU - Vepsäläinen, Timo
AU - Koskinen, Johannes
AU - Seppälä, Jari
AU - Virtanen, Heikki
AU - Hietikko, Marita
AU - Katara, Mika
PY - 2011
Y1 - 2011
N2 - This report presents some important factors related to
safety-critical software in machinery. The following
subjects are considered in the text, bearing in mind the
subject: the role of safety-critical software in
machinery, statistics of software faults, requirements,
safety and security principles, risk and hazard
modelling, agile development, safety process patterns,
safety-related architectures, verification and
validation, phases of development and formal methods.
The general observation is that there are many methods
for software design and it is difficult to choose the
most relevant ones. The report shows some criteria for
selecting methods and some aspects related to current
topics. There are so many different safety-critical
software applications in machinery that the research
found the most interesting topics and then focused on
them.
The statistics show that most defects arise during the
requirements specification and architectural design
phases of the lifecycle. This is before any coding. The
statistics also show that the defect density is higher in
large programs, i.e. the number of defects increases
exponentially as the program size grows. It may therefore
be better to separate safety-critical and standard code
in order to keep the first one small. The separation of
modules and keeping the connections between modules under
control and narrow is recommended in order to have
advantages in testing, understanding of the program,
limited error spreading, program development etc. There
are many kinds of self-diagnostic and monitoring
functions that may be complex and increase the number of
defects, but they increase safety and are needed in
safety-critical code.
The standard IEC 61508-3, published in 2010, lays down
many functional requirements for safety-critical
programmable systems. However, there are also other
standards related to functional safety and the safety of
control systems.
This paper also considers some aspects related to the
safety of agile methods. The standards show the
requirements related to the phases of the V-model, but
agile methods are not considered.
The functional safety of software is achieved through
systematic (not intuitional) use of adequate methods in
all phases of the programmable system lifecycle.
Programmable systems contain hardware and software, both
of which need to be considered in the validation process.
AB - This report presents some important factors related to
safety-critical software in machinery. The following
subjects are considered in the text, bearing in mind the
subject: the role of safety-critical software in
machinery, statistics of software faults, requirements,
safety and security principles, risk and hazard
modelling, agile development, safety process patterns,
safety-related architectures, verification and
validation, phases of development and formal methods.
The general observation is that there are many methods
for software design and it is difficult to choose the
most relevant ones. The report shows some criteria for
selecting methods and some aspects related to current
topics. There are so many different safety-critical
software applications in machinery that the research
found the most interesting topics and then focused on
them.
The statistics show that most defects arise during the
requirements specification and architectural design
phases of the lifecycle. This is before any coding. The
statistics also show that the defect density is higher in
large programs, i.e. the number of defects increases
exponentially as the program size grows. It may therefore
be better to separate safety-critical and standard code
in order to keep the first one small. The separation of
modules and keeping the connections between modules under
control and narrow is recommended in order to have
advantages in testing, understanding of the program,
limited error spreading, program development etc. There
are many kinds of self-diagnostic and monitoring
functions that may be complex and increase the number of
defects, but they increase safety and are needed in
safety-critical code.
The standard IEC 61508-3, published in 2010, lays down
many functional requirements for safety-critical
programmable systems. However, there are also other
standards related to functional safety and the safety of
control systems.
This paper also considers some aspects related to the
safety of agile methods. The standards show the
requirements related to the phases of the V-model, but
agile methods are not considered.
The functional safety of software is achieved through
systematic (not intuitional) use of adequate methods in
all phases of the programmable system lifecycle.
Programmable systems contain hardware and software, both
of which need to be considered in the validation process.
KW - software
KW - safety
KW - safety-related
KW - machinery
KW - control system
M3 - Report
T3 - VTT Tiedotteita - Meddelanden - Research Notes
BT - Safety-critical software in machinery applications
PB - VTT Technical Research Centre of Finland
CY - Espoo
ER -