11_Software safety in embedded computer systems

11_Software safety in embedded computer systems - A ~ 1 i F...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
FEBRUARY 1991 COMMUNICATIONS OF THE ACM In recent years, advances in com- puter technology have gone hand-in- hand with the introduction of com- puters into new application areas. The problem of safety has gained importance as these applications have increasingly included computer control of systems where the con- sequences of failure may involve danger to human life, property, and the environment. An accident or mishap is tradi- tionally defined by engineers as an unplanned event or series of events that leads to an unacceptable loss such as death, injury, illness, damage to or loss of equipment or property, or environmental harm. Accidents usually involve unwanted and unex- pected releases of energy or danger- ous substances. By this definition, computers are relatively safe devices: They rarely explode, catch on fire, or cause physical harm. However, com- puters can contribute substantially to accidents when they operate as a sub- system within a potentially danger- ous system) Examples include com- puters that monitor and control nuclear power plants, aircraft and other means of transportation, med- ical devices, manufacturing pro- cesses, and aerospace and defense systems. Because computers are not unsafe when con, and ony indirectl, dents, any soluti software safety p: from and be ev~ within the contez System-safety safety in terms o A hazard is a set, (i.e., a state) that to an accident gi' tain environmenl ditions. The foll are examples of ards: guard gate lowering when t] approach tra crossings, press increasing ab( 1Safety issues may a arise when software used to design contr systems, but thes issues are outside the scope of this article. some threshold in a boiler, or brakes failing in a motor vehicle. Because most accidents are caused by multi- ple factors, safety is defined in terms of hazards instead of accidents in order to focus on the factors that are within the design space of the system being built. For example, an air traffic control system attempts to provide mini- mum separation between aircraft. If the minimum separation standards are violated, a hazardous state exists and an accident is possible, though not inevitable. The consequences may depend upon pilot alertness and skill, visibility, mechanical failures in the aircraft, luck, etc.--factors not under the control of the engineer de- signing the air traffic control system. The best that can be done is to mini- mize the probability of the hazardous states (i.e., to attempt to keep the air- craft separated by a safe distance). If safety is defined in terms of accidents or catastrophic failures of the system or its components (instead of hazards), very few systems could be considered unsafe. Because com- puters are not inherently unsafe and software cannot directly cause accidents, defining software safety in terms of accidents or catastrophic software failures instead of haz- can cause accidents; the ATG soft- ware can only contribute to hazards. However, because software can con- tribute to system hazards, eliminat- ing or controlling hazardous software
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 13

11_Software safety in embedded computer systems - A ~ 1 i F...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online