safety

avatar
Created by
DisagreeableHippopotamus43605

Cards (154)

  • System safety analysis techniques are well established and are used extensively during the design of safety-critical systems
  • Most of the techniques are highly subjective and dependent on the skill of the practitioner
  • Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free
  • Model-Based Safety Analysis

    An approach in which the system and safety engineers share a common system model created using a model-based development process
  • Model-Based Safety Analysis

    • By extending the system model with a fault model as well as relevant portions of the physical system to be controlled, automated support can be provided for much of the safety analysis
    • Reduces the cost and improves the quality of the safety analysis
  • Model-Based Safety Analysis Process

    1. Nominal System Modeling
    2. Formalizing Derived Safety Requirements
    3. Fault Modeling
    4. Model Extension
    5. Safety Analysis
  • Faults, Errors, and Failures
    • Faults are the adjudged or hypothesized cause of an error
    • Errors are that part of the system state which is liable to lead to failure
    • Failures are the transition from correct service to incorrect service
  • Traditional Safety Analysis Process

    • Functional Hazard Analysis
    • Preliminary System Safety Analysis
    • System Safety Assessment
  • The lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to gathering architectural details about the system behavior from several sources and embedding this information in the safety artifacts such as the fault trees
  • In the related areas of reliability and safety, there is no firm consensus on the terminology for even some of the basic terms used
  • Dependability
    A generic concept that includes reliability, maintainability, availability, safety, with the view that all of the above are distinct perceptions of the same attribute of a system: its dependability
  • There was an effort to come up with a consistent set of concepts and terminology with the formation of IEEE-CS Technical Committee on Fault-Tolerant Computing in 1970 and of IFIP WG 10.4 Dependable Computing and Fault Tolerance in 1980
  • A recent paper by Avizienis, Laprie, Randell, and Landwehr consolidates the basic concepts and taxonomy in dependability
  • Service delivered by a system

    Its behavior as it is perceived by its users
  • Correct service

    The service implements the system function
  • Service interface

    The part of the provider's boundary, where service delivery takes place
  • External state

    The part of the provider's total state that is perceivable at the service interface
  • Internal state

    The remaining part of the provider's total state
  • Delivered service

    A sequence of the provider's external state
  • Failure
    An event that occurs when the delivered service deviates from correct service
  • Service failure mode
    The different forms that a deviation from correct service may assume
  • Error
    The deviation from correct service
  • Fault
    The adjudged or hypothesized cause of an error
  • Active fault

    A fault that causes an error
  • Dormant fault

    A fault that is not causing an error
  • Fault activation
    The application of an input (the activation pattern) to a component that causes a dormant fault to become active
  • Error propagation

    1. Internal propagation: An error is successively transformed into other errors
    2. External propagation: An error reaches the service interface of a component and propagates the error into another component via its use interface
  • Service failure

    Occurs when an error is propagated to the service interface and causes the service delivered by the system to deviate from correct service
  • The failure of a component causes a permanent or transient fault in the system that contains the component
  • Service failure of a system causes a permanent or transient external fault for the other system(s) that receive service from the given system
  • Propagated fault

    Activation of the external fault due to error propagation from another component
  • Dependent fault

    A fault that is dependent on other faults (e.g. a power failure causing the failure of a number of components it supplies power to)
  • The safety assessment process is an inherent part of the system development process
  • The safety assessment process includes safety requirements identification (on the left side of the "V" diagram) and verification (on the right side of the "V" diagram) supporting the aircraft development activities
  • Functional Hazard Analysis (FHA)

    1. Identifies and classifies the failure conditions associated with aircraft functions (and combinations of aircraft functions) at the appropriate level, considering both loss of function and malfunctions
    2. Establishes derived safety requirements needed to limit function failure effects, such as design constraints, annunciation of failure conditions, etc.
  • Preliminary System Safety Analysis (PSSA)

    1. Completes the failure conditions list and the corresponding safety requirements
    2. Demonstrates how the system will meet the qualitative and quantitative requirements for the various hazards identified
    3. Identifies protective strategies, taking into account fail-safe concepts and architectural attributes which may be needed to meet the safety objectives
    4. Is iterative and continuous throughout the design process and identifies and captures all the derived system safety requirements
  • System Safety Assessment (SSA)
    1. A systematic, comprehensive evaluation of the implemented system, along with its architecture and installation, to show that the relevant safety requirements are met
    2. Verifies that the design safety requirements and objectives have been met through upward hierarchical verification levels
    3. Performs an item-level Failure Modes and Effects Analysis (FMEA) and summarizes it into the Failure Modes and Effects Summary (FMES) to support the failure rates of the failure modes considered in the item FTA
    4. Reviews the system via FTA to identify the failure modes and probabilities used in the aircraft FTA
    5. Compares the failure effects as items are integrated into systems and systems into aircraft with the failure conditions identified in the FHA (integration cross-check)
  • In model-based development, the development effort is centered on a formal specification (model) of the digital control system
  • Model-based development tools often include automatic code generators that can derive implementations directly from models
  • To perform system-level safety analysis, we must consider the environment in which the system runs, which usually involves mechanical components