[SystemSafety] UL4600 - another sink hole solution

paul_e.bennett at topmail.co.uk paul_e.bennett at topmail.co.uk
Fri Jul 10 11:14:45 CEST 2020


On 7/9/2020 at 11:57 PM, "Les Chambers" <les at chambers.com.au> wrote:

> [%X--- STory of a South Australian Sink Hole-----X%]

>This is what we are looking at with UL 4600 and the conga line of 
>its ilk. Don't get me wrong I'm a big supporter of all these standards.
>I've seen them drag many a software shop out of the primordial slime.

As they say, you gotta love standards, and there are so many to choose
from :)

>And thanks to Phil Koopman for the excellent overview, I know how
>hard that is to do. 

He does seem to have a knack of conveying the essentials in his videos
and his books.

>But the reality is they're too high level and too easy to game and 
>too often become the subject of games and most tragic of all - when in
>the hands of rampaging capitalists in relentless pursuit of filthy lucre -
>too easy to ignore (Boeing?).

Which is where engineers need to be stronger at being right minded.
Pushing back against ploughing on with ever more complex systems until
the requirements are more understood.

>After 46 years in the business I admit to being slightly depressed 
>about our profession's unwillingness to engage with our ever-growing 
>problems of size and complexity. The battalions of devils in the armies
>of details that describe our ever enlarging code bodies.

I come at it from my training and education in electronics. I would not
think of deploying an electronic component unless I had seen its
datasheet first, examined the test results data and ensured that I met
the environmental expectations in my design that utilises it. The sooner
software developers begin to see software elements as components the
better. Sadly, too many software libraries come with no documentation
apart from teh bare minimum. No assurative test reports about the
robustness, or limitations that may apply. Most developers seem to be
happy to include a library that throws in the kitchen sink with the one
fiunction they need.

>Correct by Construction and inspired reuse of certified architectures
>and code are the only solutions. Together with the mother of all have
>-you-thought-of-this checklists (an endearing UL 4600 feature - to
>small though , it needs to be a petabyte data set). 

I forget who said it, but "You can make it so simple there are obviously
no errors, or you can make it so complex there are no obvious erros."

Me, I am in the simple camp. I also never try to cram all the system
functionality on one processor in the expectation it will meet all timing
constraints. If you ask a processor to do more than seven simple things
at a time rethink why you are getting that complex (that includes your
own brain).

>Unfortunately none of this will ever work without a classification 
>scheme that makes all this information accessible by less-than-senior
>developers.

>The construction industry has Building Information Modelling (BIM)
>that, among other things, classifies every element that goes into a
>building supporting modelling before the fact.

It seems that all hardware engineering has something similar. There
are standardised tests that help to inform through datasheets about
the individual components. There are large and voluminous libraries
about the components I consider using for any project. When it comes
to the software I am grateful I use Forth for my critical systems. It
encourages building on a firm foundation, unit testing from component
by component level to sub-system by sub-system level. What is more,
all the source I produce has also undergone limitations testing. I will
have tracked the logic of every single pathway through the logic at
the component level and putting that component together with others.

My library contains software components that I can use confidently
in new applications if they suit the application. The suitability is gauged
in the early review stages.

>Where is our software/system ontology? Are there any standards 
>nerds willing to take on that challenge? BIM cleaned up multistorey
>building construction, we can do the same.

If there was a body that would become the repository for very
thoroughly inspected and tested software components that would have
the reports of the voracity of such components stored together, we might
stand a chance at pulling together systems that work well. There must,
however, be very strict rules for anything submitted to that repository.

[%X---Stack Overflow----X%]

>There are roughly 23,000,000 software developers in the world, this 
>site gets 50,000,000 hits a month. It must have a massive influence
>on code developed on planet Earth. We need something like this in
>safety critical software, maybe curated but maybe not. And preferably
>based on an ontology that helps you find things sharpish like.

"If you want it done right do it yourself." is a quote from another Forth
practitioner's email by-line. So, now you know where to start with that
effort.

>So I wish we'd just stop throwing farm implements down a sinkhole 
>and engage with our problems at the scale of a stack overflow.
>Measures that actually stand a chance of solving the never-ending
>software crisis.

[%X]
>
>PS: And furthermore when are we going to admit that the greatest 
>threat to safety we have today is nonengineers running engineering
>intensive companies - Boeing. 

I would suggest that it is up to engineers to educate their management
about the realities of bringing a complex system up and how it needs
to be developed according to a strict, very sound, process that ensures
safety is achieved at all levels. Also, that if an engineer stops something
that he sees is wrong, he is only doing his job properly and the situation
needs resolution before more progress can be made. I had the privelidge
of working in a couple of places where there was a no-blame culture. We
were dealing with very complex stuff too.

>Check your safety case. Do you have a strategy for dealing with 
>over emphasis on creating shareholder value at the expense of safety?
>Above your pay grade? No it's not. It just killed 346 people.Solution:
>UL/IEC/EN nnnnnn Standard for Analysis and Rectification of
Organisational Safety Culture. 

That is called behavioural safety. A company needs to pay more than
lip-service to it though for it to be effective. Such things need to be
deeply ingrained in the corporate culture. Useful to remind the CEO's
that your urgings are only trying to keep him from serious prison time.
A Corporate Manslaughter charge can be a very sobering prospect.

Regards

Paul E. Bennett IEng MIET
Systems Engineer
Lunar Mission One Ambassador
-- 
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: Due to relocation - new number TBA. Please use Mobile.
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************



More information about the systemsafety mailing list