[SystemSafety] Language issues, control systems

Mon Apr 27 15:12:04 CEST 2015

That's an interesting issue.

In IEC 61508-type system conceptions, it is safety functions that are assigned SILs. The HW
associated with executing that safety function gets a reliability condition for "random" failures,
and the SW gets a list of "recommended techniques" for its development, and who knows whether the
unit as a whole fulfils its given reliability condition thereby. Any human reliability condition,
that, say, an HMI is read correctly, is not addressed as far as I see in any part.

There is a working group, IEC SC65A WG17, that convenes to discuss and develop human-factors
conditions associated with functional safety, and I think this would be one. I don't know whether
they are addressing it yet, but at least one of the members, Karsten Loer, is on this list, so I
imagine he could raise it.

> ..... My question is if there are any potential hazards associated with an incorrect
> translation, what would be the best way to go about mitigating them?

It depends on how the translations are generated. If they are fixed phrases (ASCII in memory, say)
and any are incorrect, that would be a systematic error. Best mitigation would be to check that
all the phrases are right after implementation and before deployment. If the phrases are
dynamically generated, given particular sensor input, then the translator itself is a piece of SW
and surely the best mitigation would be to ensure that it is correct by construction during
implementation.

> Would it be valid, for example, to use two translators and then cross-check the resulting
> translations, analyzing inconsistencies?

You could do that, but it wouldn't help where there were ambiguities in either the source phrases
or the output phrases.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de