安全系统软件设计SWDesign

© ABB - Page 10
Fault Free Software
How do we do that ?
Consider software engineering practices and quality assurance
Select appropriate measures to avoid failures
& Maintenance
16 Decommissioning
Back to appropriate
Overall Safety Lifecycle
phase
Overall Modification
15 Overall Modification & Retrofit
& Retrofit
© ABB - Page 4
© ABB - Page 16
© ABB - Page 17
Company Confidential
IEE 61508, part 3, table And B Periodically review the effectiveness of the methods to avoid
faults during software development
Standard, look at the ABB standard portal or at the LCC database
Yes, the test showed that the program was correct according to the spec
Was the test correct?
Was the test verified? Who verified the test?
Did we actually do the test?
© ABB - Page 3
Safety Lifecycle, where are we
Overall Operation &Maintenance Planning
SIL Determination
1
Concept
2
Overall Scope Definition
3
Hazard & Risk Analysis
Overall 8
Validation
Planning
Overall Installation & Commissioning Planning
Safety-related systems: E/E/PES
Realization
10
11 Safety-related
systems: Other
External Risk Reduction
Who verified the result?
© ABB - Page 9
Software example
Software testing is
Not about every single line of code About having the right process and methods to test
Heidi Fuglum
Certified Functional safety engineer
Part 06 Software Design
© ABB - Page 1
1 day intro training in Functional safety
Company Confidential
06 Software design
© ABB - Page 8
Software example
In the specification
Reqirement 1.2.83 Calculate the pressure with
the following formula
The programmer
Programs according to 1.2 83 Tests requirement 1.2.83
© ABB - Page 2
Software design
In the module
Software lifecycle Hardware, software relationship A typical software problem Safe software Three types of software Three types of development languages Software tools
IEC61511 deals with
Limited variability languages (LVL)
Function blocks, ladder logic
Fixed programming languages (FPL)
A sensor with only an up and down button to set a limit
System watchdog with independent time base Program flow monitoring Safety protocols for data transmission paths Redundant and/or inverse data storage
Market Req Spec Planning
Prod/Proj Req Spec
Requirements Analysis
Function Spec System Design Design Descr
Requirements Analysis
Function Spec
Component Design
Technology
Facilities
Realization
Realization
Overall Operation & Maintenance
12 Overall Installation & Commissioning
13
Overall Safety Validation
14
Overall Operation
IEC61511
Do not differentiate between SIL 1, 2 or 3 software, all requirement suitable for SIL3
© ABB - Page 12
Lifecycle concept – ABB product development
Type Test Plan & Descr
Verified component Component Type Test
Integr & tested component Integration & Integration test
Tested module Design Test
Type Test Records
What we need to achieve is safe software
Software is safe if
The safety system can execute the safety function even under faulty conditions
Not only software faults but also hardware faults
© ABB - Page 14
Measures to Control Failures
Examples
Hardware architecture Self Test measures for systems and subsystem
CPU Bus and Signals RAM, EEPROM, ROM, flash
Program is done according to the specification
p c*V T
Software example
What can go wrong?
Is the specification correct?
This project not…
Was the program correct
© ABB - Page 15
Summary
In this module
Safety software is more about the process of softwre development than the software itself
Systematic approach via V-model Measure to control and avoid failueres need to be applied
4
Overall Safety Requirements
5 Safety Requirements Allocation
Hazard Identification
Software d
9
6 Overall 7 Operation & Maintenance Planning
Planning G0 G1 G2
Implementation G3
Verification
G4
G5
© ABB - Page 13
V-model
Summary of the V-model
Left branches represent specification, design and coding Right branches represent test and verification phases Feedback between phases s required Design and test are linked via verification activities
Safety Lifecycle, where are we
© ABB - Page 5
Hardware Software Relationship
© ABB - Page 6
Software example
A client order
p*V const T
© ABB - Page 7
Design Descr
Implementation
Review Records
Code & Hardware
Type Test Plan & Descriptions
Validated Prod. BCRAT Product Type Test Integrated product
Integration
Standards for ABB internal use only
© ABB - Page 11
Three Types of Development Software
IEC 61508 deals with
Full variability languages (FVL)
C, C++, Assembler