1 / 12

Interesting Times…

Interesting Times…. Safety Systems are all around us: designed by engineers , to a specification . like any other system must be careful! not acceptable to ‘put it together and see if it works’ we must be vigilant! Things can go wrong… Software Failure Hardware Failure

merritt-ferrell
Download Presentation

Interesting Times…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Interesting Times… Safety Systems are all around us: designed by engineers, to a specification. like any other system must be careful! not acceptable to ‘put it together and see if it works’ we must be vigilant! Things can go wrong… • Software Failure • Hardware Failure • Incomplete Procedures • Human Error Human error is special, since it is us, humans, who build the systems in the first place… LHC Beam Interlock System

  2. Software Safety Difficult to quantify ‘safe software’ … A typical mobile phone can have 2 million lines of code A car can have 100 million lines How on earth can these be tested? Complicated verification tools and mathematical proofs can be done $$$$ & Time & People & Experience … When faults cost $$$$ we hear about them: LHC Beam Interlock System

  3. Software Failures IEEE (reliable source) http://spectrum.ieee.org/sep05/1685/failt1 2001 Software Error - USDOD http://www.defenselink.mil/news/Apr2001/n04092001_200104093.html Software Reset badly written COST 1 Helicopter, 4 marines 1998 - Airbus A320 Crash at Airshow http://www.rapp.org/archives/2004/09/aircraft_crash_videos/ The pilot claims he was misled on the aircraft's true height by a bug in the software COST 3 lives, one aircraft 1996 - Ariane 5 Rocket Failure http://www.youtube.com/watch?v=kYUrqdUyEpI Software error in the inertial reference system COST $500 million LHC Beam Interlock System

  4. Hardware Safety It’s easier to quantify ‘safe hardware’ … Reduce the critical function Use military handbooks Use tried and tested methods Redundancy and testing But still it takes some energy $$ & Time & People & Experience … It takes extra effort to build safe systems… MUCH more effort to correct an existing system to be safe And it can still go wrong … LHC Beam Interlock System

  5. Hardware Failures 1986 - Titan 4 Exploded after Takeoff http://www.youtube.com/watch?v=etCGlSAkdf0 Hardware failure COST $1 Billion 2005 - Bruncefield oil fire http://news.bbc.co.uk/2/hi/uk_news/4520430.stm Two safety interlocks failed http://www.airlinesafety.com/editorials/JetBlueLAX.htm LHC Beam Interlock System

  6. Procedural Safety Using the safety equipment … Needs PROCEDURES! Components degrade Safety must be verified by checking and testing Maintenance has to be carried out to make something as good as new Two good examples of bad procedures causing loss are: Chernobyl – ‘special’ procedure being followed Piper Alpha - safety maintenance was underway LHC Beam Interlock System

  7. Human Error Using the safety equipment … Needs operators! Humans are… ABSOLUTELY… the weakest link. 1999 Human Error - CNN http://www4.cnn.com/TECH/space/9911/10/orbiter.03/ Engineers mis-converted English to Metric COST $125-million 1998 USS York town - GCN http://www.gcn.com/print/17_30/33914-1.html Managed to enter zero for a setting, which crashed the systems 2004 Thunderbird Crash http://www.rapp.org/archives/2004/01/thunderbird_crash/ Pilot miscalculated height above sea-level LHC Beam Interlock System

  8. Why are we the weakest link A couple of fun examples… change blindness from UBC in Canada inattention blindness from University of Illinois LHC Beam Interlock System

  9. And so… no magic bullet to make us ‘safe engineers’ We are after all, just human. This presentation is only intended to illustrate that. -LessSoftware means more provable safety -Hardwarecan be designed to be safe -Procedures must be complete so safety can be verified -we are just human -Everyone is entitled to make a mistake AB/CO/MI has gone considerable way to developing a safety culture We’ve learned from our mistakes and those of others The time is now, to expand this safety culture! LHC Beam Interlock System

  10. Rules for VHDL Design But there ARE rules for the VHDL realisation • Specification has to be complete • Add safety rules and recommendations to specification • Describe how you will check that those rules are met • Use lots of Asserts in VHDL • Use complete Testbenches that PROVE you tested them • Design small blocks of code that can be completely tested • Build a real-life test bench to prove your design • Document anything which is ‘dangerous’ These are the minimum. They all assume you have safe hardware as a basis We accept no compromise here. LHC Beam Interlock System

  11. FIN LHC Beam Interlock System

More Related