Safety Critical Computer Systems - Open Questions and Approaches. Andreas Gerstinger Institute for Computer Technology February 16, 2007. Agenda. Safety-Critical Systems Project Partners Three research topics Safety Engineering Diversity Software Metrics Conclusion and Outlook.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Safety Critical Computer Systems - Open Questions and Approaches
Institute for Computer Technology
February 16, 2007
“The avoidance of death, injury or poor health to customers, employees, contractors and the general public; also avoidance of damage to property and the environment”
Safety is also defined as "freedom from unacceptable risk of harm"
A basic concept in System Safety Engineering is the avoidance of "hazards"
Safety is NOT an absolute quantity!
Austrian High Tech company
World leader in air traffic control communication systems
700 employees, company based in Vienna, customers all over the world
Enables communication between aircraft and controller
Communication link must never fail!
High Availability and Reliability
ambulance, police, fire brigade,...
Safety Integrity Level 2
68000 employees worldwide
Mission critical information systems
Nobel Prize in Physics 2007 awarded to Albert Fert, scientific director of Thales research lab
Signalling and Switching
Applications for ETCS
An incorrect output may lead to an incorrect signal causing a major accident!
Safety Integrity Level 4 (highest)
Risk Reduction Measures
"The most certain and effectual check upon errors which arise in the process of computation, is to cause the same computations to be made by separate and independent computers; and this check is rendered still more decisive if they make their computations by different methods."
Dionysius Lardner, 1834
Some faults to be targeted:
programming bugs, specification faults, compiler faults, CPU faults, random hardware faults (e.g. bit flips), security attacks,...
Use of two diverse compilers to compile one common source code
if A=B then if A-B = 0 then
A or B not (not A and not B)
Position P can be calculated based on speedometer and accelerometer readings
Voter can also be implemented diversely
PositionA and PositionB could be transmitted in different formats
Which metrics should safety-critical software fulfill?
Which coding rules are good and useful?
What are the desired ranges for metrics?
Which metrics influence maintainability?
Andreas Gerstinger: [email protected]