Embedded Software Development for Safety-Critical Systems: 1st Edition (Hardback) book cover

Embedded Software Development for Safety-Critical Systems

1st Edition

By Chris Hobbs

Auerbach Publications

344 pages | 67 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781498726702
pub: 2015-10-06
SAVE ~$15.19
$75.95
$60.76
x
eBook (VitalSource) : 9781315169439
pub: 2017-09-07
from $37.98


FREE Standard Shipping!

Description

"I highly recommend Mr. Hobbs' book." - Stephen Thomas, PE, Founder and Editor of FunctionalSafetyEngineer.com

Safety-critical devices, whether medical, automotive, or industrial, are increasingly dependent on the correct operation of sophisticated software. Many standards have appeared in the last decade on how such systems should be designed and built. Developers, who previously only had to know how to program devices for their industry, must now understand remarkably esoteric development practices and be prepared to justify their work to external auditors.

Embedded Software Development for Safety-Critical Systems discusses the development of safety-critical systems under the following standards: IEC 61508; ISO 26262; EN 50128; and IEC 62304. It details the advantages and disadvantages of many architectural and design practices recommended in the standards, ranging from replication and diversification, through anomaly detection to the so-called "safety bag" systems.

Reviewing the use of open-source components in safety-critical systems, this book has evolved from a course text used by QNX Software Systems for a training module on building embedded software for safety-critical devices, including medical devices, railway systems, industrial systems, and driver assistance devices in cars.

Although the book describes open-source tools for the most part, it also provides enough information for you to seek out commercial vendors if that’s the route you decide to pursue. All of the techniques described in this book may be further explored through hundreds of learned articles. In order to provide you with a way in, the author supplies references he has found helpful as a working software developer. Most of these references are available to download for free.

Reviews

"I highly recommend Mr. Hobbs' book." - Stephen Thomas, PE, Founder and Editor of FunctionalSafetyEngineer.com

Table of Contents

SECTION I: BACKGROUND

Introduction

Dependable, embedded software

The safety culture

Our path

Choosing the techniques to describe

The development approach

Today's challenges

References

The Terminology of Safety

General Safety Terminology

Software-Specific Terminology

References

Safety Standards and Certification

The standards bodies

Accreditation and certification

Why do we need these standards?

Goal- and prescription-based standards

Functional safety standards

IEC 62304 and ISO 14971

Process and the standards

Summary

References

Representative Companies

Alpha Device Corp

Beta Component Inc

Using a Certified Component

SECTION II: THE PROJECT

The Foundational Analyses

The Analyses

The inter-relationships

The hazard and risk analysis

The safety case

The failure analysis

Analyses by the representative companies

Summary

References

Certified and Uncertified Components

SOUP by any other name

Certified or uncertified SOUP

Using non-certified components

Using a certified component

Aligning release cycles

The example companies

SECTION III: ARCHITECTURAL PATTERNS

Architectural Balancing

The availability/reliability balance

The usefulness/safety balance

The security/performance/safety balance

The performance/reliability balance

The implementation balance

Summary

References

Error Detection and Handling

Why detect errors?

Error detection and the standards

Anomaly detection

Rejuvenation

Recovery blocks

A note on the diverse monitor

Summary

References

Expecting the Unexpected

The design safe state

Recovery

The crash-only model

Anticipation of the unexpected by the example companies

Summary

References

Replication and Diversification

History of replication and diversification

Replication in the standards

Component or system replication?

Replication

Diversification

Virtual synchrony

Locked-step processors

Diverse monitor

Summary

References

SECTION IV: DESIGN VALIDATION

Markov Models

Markov models

Markov models and the standards

The Markovian assumptions

An example calculation

Markovian advantages and disadvantages

References

The Fault Tree

FTA and FMECA

Fault tree analysis in the standards

Types of fault tree

Example 1: The Boolean fault tree

Example 2: The extended Boolean fault tree

Example 3: The Bayesian fault tree

Combining FTAs

FTA Tools

The use of FTA

References

Software Failure Rates

The underlying heresy

Assessing failure rates

Modelling the failures

References

Semi-Formal Design Verification

Verification of a reconstructed design

Discrete event simulation

Timed Petri nets

Simulation and our sample companies

References

Formal Design Verification

What are formal methods?

History of formal methods

Formal methods and the standards

Do formal methods work?

Types of formal methods

Automatic code generation

The Spin modelling system

The Rodin modelling tool

Our companies' use of Rodin and Spin

Formal methods

References

SECTION V: CODING

Coding Guidelines

Programming language selection

Programming languages and the standards

Language features

Use of language subsets

So what is the best programming language?

References

Code Coverage Metrics

Code coverage testing

Types of code coverage

Coverage and the standards

The effectiveness of coverage testing

Achieving coverage

Combinatorial Testing

Summary

References

Static Analysis

What static analysis is asked to do

Static code analysis and the standards

Static code analysis

Symbolic execution

Summary

References

SECTION VI: VERIFICATION

Integration Testing

Fault injection testing

Back-to-back comparison test between model and code

Requirements-based testing

References

The Tool Chain

Validation of the tool chain

Tool classification

BCI's tools classification

Using third-party tools

Verifying the compiler

ADC's and BCI's compiler verification

References

Conclusion

Appendix A: Goal Structuring Notation

Background

Example

GSN or BBN?

References

Appendix B: Bayesian Belief Networks

Frequentists and Bayesians

Prior probabilities

Bayes' theorem

A Bayesian example

What do the arrows mean in a BBN?

BBNs in safety case arguments

BBNs in fault trees

BBN or GSN for a safety case?

References

Appendix C: Notations

General symbols

Pi and Ip

The structure function

Components in parallel and series

Temporal logic

Vector bases

References

Index

About the Author

Chris is a programmer at QNX Software Systems with some 40 years of software development experience. His specialty is "Sufficiently Dependable Software," which is software that meets its dependability requirements with the minimum development effort and risk. In particular, he works with software for safety-critical systems that must meet the requirements of international safety standards such as IEC61508, ISO26262, EN50128 and IEC62304. Outside his professional work as a software developer, Chris is the author of several books including "Flying Beyond: The Canadian Commercial Pilot Textbook" and "Embedded Software Development for Safety-Critical Systems."

Subject Categories

BISAC Subject Codes/Headings:
COM011000
COMPUTERS / Systems Architecture / General
COM032000
COMPUTERS / Information Technology
COM051230
COMPUTERS / Software Development & Engineering / General
REF027000
REFERENCE / Yearbooks & Annuals
TEC009000
TECHNOLOGY & ENGINEERING / Engineering (General)