[SystemSafety] Critical Design Checklist

Sean M. Beatty smbeatty at highimpactservices.com
Tue Aug 27 23:12:25 CEST 2013 

Kevin,

 

Here is a list of a dozen potential problems in real-time embedded systems
software, many of which aren't caught by traditional testing methods.
Perhaps this will be useful to you, even though it's a very specific domain.
Of course, these problems are only safety-critical if they could result in
triggering a hazard ..

 

1. Mathematical operations, especially fixed point (scaled integers)

2. How are expected errors handled?

3. Does the Risk Analysis or FMEA identify other potential errors, which
aren't handled?

4. Hardware Interfaces

. Initialization

. Noise on sensor (and other) inputs

. Power up and power down behavior

. Power usage (sleep) modes

. Watchdog timer

. ADC and DAC turn-on delays

. EEPROM interface

5. Resource Usage (RAM, ROM, and EEPROM must also be adequately sized)

. Adequate stack for worst case

. Intermediate data

. Data shared between Interrupt Service Routines and application

. Data shared between tasks of different priorities

6. Any possibility of deadlock

7. Schedulability of all tasks

8. Maximum task response times

9. Other task timing constraints (jitter, end-to-end requirements)

10. Non-deterministic structures

11. Task precedence constraints

12. Uncontrolled priority inversion

 

Hope this helps!

 

Sean 

 

 

Sean M. Beatty

Principal

 

High Impact Services, Inc.           317-774-9895

23 S. 8th Street, Suite 100    Fax: 317-219-0437

Noblesville, IN 46060      www.highimpactservices.com

 

 

 

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Driscoll, Kevin R
Sent: Monday, August 26, 2013 4:38 PM
To: systemsafety at techfak.uni-bielefeld.de
Subject: [SystemSafety] Critical Design Checklist

 

For NASA, we are creating a Critical Design Checklist:

.      Objective

-      A checklist for designers to help them determine if a safety-critical
design has met its safety requirements

-      Not a "Have you done ..." checklist

w  Too easy to just check "yes" without doing sufficient work

w  Instead, "What have you done ..."

w  Prove what you have done is sufficient

.      We are looking for inputs to include in this checklist

.      Do you have any inputs that should be included? 

-      Meta-question:  "If you were asked to participate in a design review
of a safety-critical design, what questions would you ask?"  (Particularly,
general questions you would have before seeing the details of a design.)

-      Inverse meta-question:  "If you were presenting a design, what
questions would you dread being asked?"  :-}

w  Where are the bodies buried?

 

We are finishing the Checklist by next week and would like to include any
good questions you may have that we have overlooked.   Realizing this is an
imposition on your time, I am hoping some of you would be so kind as to
spend just a few minutes to send questions or even question fragments.

 

--

P.S.

I am also looking for unusual failure scenarios to add to my collection,
like those I've described in my series of "Murphy was an Optimist"
presentations (e.g.
http://www.rvs.uni-bielefeld.de/publications/DriscollMurphyv19.pdf).

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130827/ebed28e6/attachment-0001.html>

More information about the systemsafety mailing list