Embedded Software Development for Safety-Critical Systems

Embedded Software Development for Safety-Critical Systems

by Chris Hobbs

Hardcover

$70.12 $75.95 Save 8% Current price is $70.12, Original price is $75.95. You Save 8%.
View All Available Formats & Editions
Choose Expedited Shipping at checkout for guaranteed delivery by Friday, July 26

Overview

"I highly recommend Mr. Hobbs' book." - Stephen Thomas, PE, Founder and Editor of FunctionalSafetyEngineer.com

Safety-critical devices, whether medical, automotive, or industrial, are increasingly dependent on the correct operation of sophisticated software. Many standards have appeared in the last decade on how such systems should be designed and built. Developers, who previously only had to know how to program devices for their industry, must now understand remarkably esoteric development practices and be prepared to justify their work to external auditors.

Embedded Software Development for Safety-Critical Systems discusses the development of safety-critical systems under the following'standards: IEC 61508; ISO 26262; EN 50128; and IEC 62304. It details the advantages and disadvantages of many architectural and design practices recommended in the standards, ranging from replication and diversification, through anomaly detection to the so-called "safety bag" systems.

Reviewing the use of open-source components in safety-critical systems, this book has evolved from a course text used by QNX Software Systems for a training module on building embedded software for safety-critical devices, including medical devices, railway systems, industrial systems, and driver assistance devices in cars.

Although the book describes open-source tools for the most part, it also provides enough information for you to seek out commercial vendors if that’s the route you decide to pursue. All of the techniques described in this book may be further explored through hundreds of learned articles. In order to provide you with a way in, the author supplies references he has found helpful as a working software developer. Most of these references are available to download for free.

Product Details

ISBN-13: 9781498726702
Publisher: Taylor & Francis
Publication date: 09/24/2015
Pages: 364
Product dimensions: 6.40(w) x 9.20(h) x 1.10(d)

About the Author

Chris is a programmer at QNX Software Systems with some 40 years of software development experience. His specialty is "Sufficiently Dependable Software," which is software that meets its dependability requirements with the minimum development effort and risk. In particular, he works with software for safety-critical systems that must meet the requirements of international safety standards such as IEC61508, ISO26262, EN50128 and IEC62304. Outside his professional work as a software developer, Chris is the author of several books including "Flying Beyond: The Canadian Commercial Pilot Textbook" and "Embedded Software Development for Safety-Critical Systems."

Table of Contents

SECTION I: BACKGROUND

Introduction
Dependable, embedded software
The safety culture
Our path
Choosing the techniques to describe
The development approach
Today's challenges
References

The Terminology of Safety
General Safety Terminology
Software-Specific Terminology
References

Safety Standards and Certification
The standards bodies
Accreditation and certification
Why do we need these standards?
Goal- and prescription-based standards
Functional safety standards
IEC 62304 and ISO 14971
Process and the standards
Summary
References

Representative Companies
Alpha Device Corp
Beta Component Inc
Using a Certified Component

SECTION II: THE PROJECT

The Foundational Analyses
The Analyses
The inter-relationships
The hazard and risk analysis
The safety case
The failure analysis
Analyses by the representative companies
Summary
References

Certified and Uncertified Components
SOUP by any other name
Certified or uncertified SOUP
Using non-certified components
Using a certified component
Aligning release cycles
The example companies

SECTION III: ARCHITECTURAL PATTERNS

Architectural Balancing
The availability/reliability balance
The usefulness/safety balance
The security/performance/safety balance
The performance/reliability balance
The implementation balance
Summary
References

Error Detection and Handling
Why detect errors?
Error detection and the standards
Anomaly detection
Rejuvenation
Recovery blocks
A note on the diverse monitor
Summary
References

Expecting the Unexpected
The design safe state
Recovery
The crash-only model
Anticipation of the unexpected by the example companies
Summary
References

Replication and Diversification
History of replication and diversification
Replication in the standards
Component or system replication?
Replication
Diversification
Virtual synchrony
Locked-step processors
Diverse monitor
Summary
References

SECTION IV: DESIGN VALIDATION

Markov Models
Markov models
Markov models and the standards
The Markovian assumptions
An example calculation
Markovian advantages and disadvantages
References

The Fault Tree
FTA and FMECA
Fault tree analysis in the standards
Types of fault tree
Example 1: The Boolean fault tree
Example 2: The extended Boolean fault tree
Example 3: The Bayesian fault tree
Combining FTAs
FTA Tools
The use of FTA
References

Software Failure Rates
The underlying heresy
Assessing failure rates
Modelling the failures
References

Semi-Formal Design Verification
Verification of a reconstructed design
Discrete event simulation
Timed Petri nets
Simulation and our sample companies
References

Formal Design Verification
What are formal methods?
History of formal methods
Formal methods and the standards
Do formal methods work?
Types of formal methods
Automatic code generation
The Spin modelling system
The Rodin modelling tool
Our companies' use of Rodin and Spin
Formal methods
References

SECTION V: CODING

Coding Guidelines
Programming language selection
Programming languages and the standards
Language features
Use of language subsets
So what is the best programming language?
References

Code Coverage Metrics
Code coverage testing
Types of code coverage
Coverage and the standards
The effectiveness of coverage testing
Achieving coverage
Combinatorial Testing
Summary
References

Static Analysis
What'static analysis is asked to do
Static code analysis and the standards
Static code analysis
Symbolic execution
Summary
References

SECTION VI: VERIFICATION

Integration Testing
Fault injection testing
Back-to-back comparison test between model and code
Requirements-based testing
References

The Tool Chain
Validation of the tool chain
Tool classification
BCI's tools classification
Using third-party tools
Verifying the compiler
ADC's and BCI's compiler verification
References

Conclusion

Appendix A: Goal Structuring Notation
Background
Example
GSN or BBN?
References

Appendix B: Bayesian Belief Networks
Frequentists and Bayesians
Prior probabilities
Bayes' theorem
A Bayesian example
What do the arrows mean in a BBN?
BBNs in safety case arguments
BBNs in fault trees
BBN or GSN for a safety case?
References

Appendix C: Notations
General symbols
Pi and Ip
The structure function
Components in parallel and series
Temporal logic
Vector bases

References

Index

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews