[SystemSafety] Critical Design Checklist
Sean M. Beatty
smbeatty at highimpactservices.com
Tue Aug 27 23:12:25 CEST 2013
Kevin,
Here is a list of a dozen potential problems in real-time embedded systems
software, many of which aren't caught by traditional testing methods.
Perhaps this will be useful to you, even though it's a very specific domain.
Of course, these problems are only safety-critical if they could result in
triggering a hazard ..
1. Mathematical operations, especially fixed point (scaled integers)
2. How are expected errors handled?
3. Does the Risk Analysis or FMEA identify other potential errors, which
aren't handled?
4. Hardware Interfaces
. Initialization
. Noise on sensor (and other) inputs
. Power up and power down behavior
. Power usage (sleep) modes
. Watchdog timer
. ADC and DAC turn-on delays
. EEPROM interface
5. Resource Usage (RAM, ROM, and EEPROM must also be adequately sized)
. Adequate stack for worst case
. Intermediate data
. Data shared between Interrupt Service Routines and application
. Data shared between tasks of different priorities
6. Any possibility of deadlock
7. Schedulability of all tasks
8. Maximum task response times
9. Other task timing constraints (jitter, end-to-end requirements)
10. Non-deterministic structures
11. Task precedence constraints
12. Uncontrolled priority inversion
Hope this helps!
Sean
Sean M. Beatty
Principal
High Impact Services, Inc. 317-774-9895
23 S. 8th Street, Suite 100 Fax: 317-219-0437
Noblesville, IN 46060 www.highimpactservices.com
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Driscoll, Kevin R
Sent: Monday, August 26, 2013 4:38 PM
To: systemsafety at techfak.uni-bielefeld.de
Subject: [SystemSafety] Critical Design Checklist
For NASA, we are creating a Critical Design Checklist:
. Objective
- A checklist for designers to help them determine if a safety-critical
design has met its safety requirements
- Not a "Have you done ..." checklist
w Too easy to just check "yes" without doing sufficient work
w Instead, "What have you done ..."
w Prove what you have done is sufficient
. We are looking for inputs to include in this checklist
. Do you have any inputs that should be included?
- Meta-question: "If you were asked to participate in a design review
of a safety-critical design, what questions would you ask?" (Particularly,
general questions you would have before seeing the details of a design.)
- Inverse meta-question: "If you were presenting a design, what
questions would you dread being asked?" :-}
w Where are the bodies buried?
We are finishing the Checklist by next week and would like to include any
good questions you may have that we have overlooked. Realizing this is an
imposition on your time, I am hoping some of you would be so kind as to
spend just a few minutes to send questions or even question fragments.
--
P.S.
I am also looking for unusual failure scenarios to add to my collection,
like those I've described in my series of "Murphy was an Optimist"
presentations (e.g.
http://www.rvs.uni-bielefeld.de/publications/DriscollMurphyv19.pdf).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130827/ebed28e6/attachment-0001.html>
More information about the systemsafety
mailing list