安全系统软件设计SWDesig,1,Part 06Software Design,Heidi Fuglum Certified Functional safety engineer,1 day intro training in Functional safety,安全系统软件设计SWDesig,2,06 Software design,安全系统软件设计SWDesig,3,Software design,In the module Software lifecycle Hardware, software relationship A typical software problem Safe software Three types of software Three types of development languages Software tools,安全系统软件设计SWDesig,4,Safety Lifecycle, where are we,SIL Determination,Hazard Identification,Software design,Overall Operation & Maintenance,Overall Modification & Retrofit,安全系统软件设计SWDesig,5,Safety Lifecycle, where are we,安全系统软件设计SWDesig,6,Hardware Software Relationship,安全系统软件设计SWDesig,7,Software example,A client order,安全系统软件设计SWDesig,8,Software example,In the specification Reqirement 1.2.83 Calculate the pressure with the following formula The programmer Programs according to 1.2 83 Tests requirement 1.2.83 Program is done according to the specification,安全系统软件设计SWDesig,9,Software example,What can go wrong? Is the specification correct? This project not Was the program correct Yes, the test showed that the program was correct according to the spec Was the test correct? Was the test verified? Who verified the test? Did we actually do the test? Who verified the result?,安全系统软件设计SWDesig,10,Software example,Software testing is Not about every single line of code About having the right process and methods to test What we need to achieve is safe software Software is safe if The safety system can execute the safety function even under faulty conditions Not only software faults but also hardware faults,安全系统软件设计SWDesig,11,Fault Free Software,How do we do that ? Consider software engineering practices and quality assurance Select appropriate measures to avoid failures IEE 61508, part 3, table And B Periodically review the effectiveness of the methods to avoid faults during software development Standard, look at the ABB standard portal or at the LCC database Standards for ABB internal use only,安全系统软件设计SWDesig,12,Three Types of Development Software,IEC 61508 deals with Full variability languages (FVL) C, C+, Assembler IEC61511 deals with Limited variability languages (LVL) Function blocks, ladder logic Fixed programming languages (FPL) A sensor with only an up and down button to set a limit IEC61511 Do not differentiate between SIL 1, 2 or 3 software, all requirement suitable for SIL3,安全系统软件设计SWDesig,13,Lifecycle concept ABB product development,Implementation,Verification,G3,G4,G5,Planning,G2,G0,G1,Design Descr,System Design,Component Design,Requirements Analysis,Implementation,Function Spec,Design Descr,Code & Hardware,Prod/Proj Req Spec,Function Spec,Planning,Requirements Analysis,Market Req Spec,安全系统软件设计SWDesig,14,V-model,Summary of the V-model Left branches represent specification, design and coding Right branches represent test and verification phases Feedback between phases s required Design and test are linked via verification activities,安全系统软件设计SWDesig,15,Measures to Control Failures,Examples Hardware architecture Self Test measures for systems and subsystem CPU Bus and Signals RAM, EEPROM, ROM, flash System watchdog with independent time base Program flow monitoring Safety protocols for data transmission paths Redundant and/or inverse data storage,安全系统软件设计SWDesig,16,Summary,In this module Safety software is more about the process of softwre development than the software itself Systematic approach via V-model Measure to control and avoid failueres need to be applied,安全系统软件设计SWDesig,17,