morris.chudleigh(at)cambridgeconsultants.com
Date: Fri 10 Jan 2003 - 17:13:01 GMT
I second the recommendation for Neil Storey's book.
Below is the review I wrote for the UK Safety-Critical Systems Club
Newsletter at the end of 1996. It might be of use to Per-Tore in deciding
whether the book is relevant to his needs. (Note that I do not want to
enter into a debate on the merit's of Neil's book - or any faults in my
review of it - it was over 6 years ago!).
Morris
BOOK REVIEW: SAFETY CRITICAL COMPUTER SYSTEMS BY NEIL STOREY
published by Addison-Wesley Longman 1996. ISBN 0-201-4287-7
review by Morris Chudleigh
The preface to this book states that it is intended for engineering and
computer science students and for practising engineers within computer
related industries who have had little or no training in safety.
I cannot comment on its suitablility as as academic text, but have no
hesitation in recommending the book to industrial readers. It provides a
clearly written overview of a large and complex field and will be useful
not only to those with no experience of safety-critical computer systems,
but also to those who wish to get an introduction to areas outside their
particular specialisation.
After introducing the subject, the book gives a sound description of
different techniques for hazard analysis and risk analysis but perhaps
could say a little more about how the different techniques complement each
other. There is, however, an assumption made in the book that all safety
critical systems can be divided into control or protection systems: this
is not true, for example, medical diagnostic systems fall into neither
category. Chapter 5 outlines the process of developing safety-critical
systems and includes useful comments about the need to control complexity.
In the reviewer's experience, the ability to do this is one of the biggest
differentiators between system designs. Chapter 6 describes techniques of
fault tolerance. The discussion of software diversity is somewhat
simplistic and there is little discussion of the possibililty of design
mistakes in the hardware. The chapter on system reliability gives a good
description of hardware reliability modelling but the section on software
reliability modelling is rather weaker - in particular, it does not
describe the problems of estimating software reliability in systems where
there should be few, if any, failures. The work of Littlewood and others
could usefully have been summarised here (although one of the references
does point to a Littlewood paper on the subject).
Chapter 8 covers safety-critical hardware and has a good introduction to
microprocessor design faults and EMC. It does, however have one important
omission: the technique of coding is now widely used in France and ensures
that hardware errors are identified with an extremely high probability (the
technique also protects against compiler errors).
Chapter 10 introduces programmable logic controllers and is the only
chapter that describes different approaches that are appropriate for the
different levels of safety integrity. Throughout almost all the rest of
the book, there appears to be an assumption that the aim is to achieve the
highest levels of safety integrity and this is, I think, the major weakness
of the book.
Chapter 9 concentrates on safety-critical software with Chapter 11 on
formal methods and Chapter 12 of Verification, Validation and Testing. The
software chapter spends a lot of time discussing languages and while the
discussion, and conclusion, that 'C' is not a suitable language for safety
critical systems may be true for an integrity level 4 system, it is
certainly not true for systems of integrity levels 1 and 2. The work of
Hatton in comparing the (careful) use of 'C' with other languages could
have been summarised and referenced. In general, there ought to be more
material on methods to support the development process, with less on
coding. Although testing is of great importance, giving it a whole chapter
and an annex does show something of an imbalance (remembering that testing
cannot find all the mistakes and so the best approach is not to introduce
mistakes in the first place). Some minor comments on the testing chapter
are that the technique of statistical testing could have had more
discussion, demonstration of achievement of failure rates may be achievable
for the lower levels of safety integrity and that a number of companies
find Fagan inspections cost effective for all software (not just that at
the highest levels of safety integrity).
Chapter 13 is on quality management and gives a brief description of
current standards. Chapter 14 covers certification and gives a reasonable
overview of the area. The section on the safety case is taken from the
CONTESSE project and gives an approach to safety case preparation that is
not univerally accepted. Safety cases do not have to be large and complex
(and in fact they should not be - they should be concise and
understandable). The sections on standards give a reasonable overview of
what is available but could perhaps have described some of the main
differences in approach between them (and some of their weaknesses) to
guide the reader interested in exploring further.
Overall, this is a fine book. The criticisms given above are minor and
probably reflect the reviewer's prejudices more than any genuine
shortcomings of the book. This is probably the best single volume on the
subject and is highly recommended.
----------------------------------------------------------------------------------------------
Morris Chudleigh, Associate Director
Cambridge Consultants Limited, Science Park, Milton Road,
Cambridge, England, CB4 0DW
Telephone: +44 (0) 1223 420024
Fax: +44 (0) 1223 423373
Direct Dial: +44 (0) 1223 392365
www.CambridgeConsultants.com
Steve Crook-Dawkins
<steven.crook-dawkins(at)cs.yo To: safety-critical(at)cs.york.ac.uk
rk.ac.uk> cc:
Sent by: Subject: Re: [sc] Recommended reading for beginners...
safety-critical-request(at)cs.
york.ac.uk
01/10/03 15:27
Please respond to
safety-critical
I've always found this quite a useful introductory book:
Neil Storey "Safety Critical Computer Systems", 1996, Addison Wesley
ISBN 0-201-42787-7
Steve
At 12:02 PM 1/10/03 +0100, you wrote:
>Hello,
>
>I am looking for some introductory material regarding design and
>construction of safety critical software systems in general. Are there any
>books or reports that is recommended as a starter? Any good software
>packages available that can help?
>
>I found this book - anyone who can recommend it?
>
>"Functional Safety A Straightforward Guide to IEC61508 and Related
Standards"
>Authors : David J Smith, Kenneth G L Simpson
>Price : US$57.00
>ISBN : 0750652705
>Format : Hardcover - Pages: 208
>Published: June 04, 2001
>
>Kind regards,
>
>Per-Tore
>
>
>
>+-----------------------+------------------------------+
>| Per-Tore Aasestrand | E-mail : ptaa(at)ieee.org |
>| P.O. Box 1708 Nordnes | Voice : + 47 - 55 32 32 35 |
>| N-5816 Bergen, Norway | Mobile : + 47 - 92 04 44 76 |
>+-----------------------+------------------------------+
>