Practical Design of Safety-Critical Computer Systems [Paperback]

William R. Dunn (Author)

Book Description

Publication Date: July 2002

The computer has become the design component of choice in realizing control and monitoring systems for applications in aerospace, ground transportation, oil and chemical processing, medical electronics, and many other industrial sectors where the safety of life, property, and the environment are at risk.

This is a practical, "how to" technical book that will show the reader how computer systems work and how they must be designed to make them safe. The text explains workings of all the principal components in the system including computer hardware (microprocessors, microcontrollers, PLCs, industrial controllers, etc.), software (from machine language through high level functional diagrams and ladder logic), field instruments (sensors for pressure, temperature, switch contacts, etc.), control elements (actuators, valves, motors, etc.), digital and analog and data communication interfaces, power sources (electrical, hydraulic, pneumatic, etc.), and human operator including man-machine interface. Addressing the safety-critical application, the book shows how these hardware, software, and human components and their interfaces fail and how and where protective safety devices are designed into the system to protect against the effects of the failures. The full range of system! safety devices is discussed including hardwired interlocks, computer hardware safety devices (self-tests, watchdogs, end-arounds, etc.), software-implemented safety routines (sensor checks, analytical redundancy, actuator wraparounds, safety assertions and permissives, etc.), as well as high-level protective measures (overpressure devices, limit switches, check valves, etc.). The book shows the reader how hardware redundancy and software redundancy are built into a system to make it fault tolerant and how one defines (or selects from a vendor) the correct redundant architecture (e.g. backup, dual, or triplex, structure) for the application at hand. Emphasis is placed on the often ignored, but crucial, workings and limitations of the redundancy management algorithms resident in user or vendor fault tolerant architectures. Once hardware and software safety devices and redundancy have been incorporated in a design, the burden falls on the designer and safety analyst to show that these collective measures will produce a system that meets required levels of safety as defined in the applicable safety standard (such as IEC 61508, ISA 84 series, MIL-STD-882D, etc.) The book shows the reader how to systematically verify (using failure mode analysis, fault tree analysis, and risk estimation) that the designed-in safety measures will cover all causes that can lead to catastrophic failure and that overall safety requirements (stated in the standards in terms of acceptable risk and availability) can be satisfied. To assist the reader, the book provides a checklist which can be applied to any real life safety-critical computer system design to verify that all necessary safety measures have been taken. The book is illustrated throughout with examples and figures and includes numerous engineering tables that can used in designing and analyzing real-life systems.

Editorial Reviews

From the Publisher

There are many technical books (and many more technical articles and papers) that address the subject of safety-critical systems. Most, however, are confined to a single specialty area. For example, books have been published on software, on computer hardware, on instrumentation and control, on reliability, on system safety but none - until now - that cohesively tie all these topics together under one cover. This system-oriented book, which is based on the author's years of engineering experience, is the first to show a reader in practical terms how all the components of safety-critical system work and how they are systematically integrated to realize a working system that will be reliable and safe. It is a book that can be read and understood by computer hardware engineers, software developers, programmers, instrumentation and control engineers, reliability engineers, and all others - including technical managers - who are involved in the development and! use of these modern day systems.

About the Author

Since the early 1970s WILLIAM R. DUNN has been actively engaged as a designer and design consultant in the hardware and software development of microprocessor-based systems in the areas of industrial automation and control and avionics navigation and control systems. He holds a Ph.D. in electrical engineering and has authored numerous papers in the areas of digital systems design and reliability and safety engineering.

Product Details

• Paperback: 360 pages
• Publisher: William Dunn (July 2002)
• Language: English
• ISBN-10: 0971752702
• ISBN-13: 978-0971752702
• Product Dimensions: 9.9 x 6.9 x 0.9 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #1,121,831 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

9 of 9 people found the following review helpful:

4.0 out of 5 stars Great introduction to system safety of computer controlled systems, February 6, 2006

By 

Griffongate - See all my reviews

This review is from: Practical Design of Safety-Critical Computer Systems (Paperback)

This text provides a high-level introduction to the concept of system safety for the engineer involved in embedded control/computer controlled systems.

The first 100 or so pages of the text are simplistic and of little value to anyone already involved in designing a safety-related system but do serve to introduce the example systems to be used throughout the remaining text and the concepts of how such systems typically fail.

Things get complicated quickly after those first hundred or so pages - Dunn basically introduces every failure mode evaluated and every mitigation technique employed by me in my latest project within about 30 pages. It is because of this rapid introduction of conepts at a high level that I suggest this text as introductory rather than as a reference.

The inclusion of 882 in an annex almost appears to be filler. If anything I would suggest removal of the 882 annex and inclusion of a discussion of how to pull a safety case together for a regulatory authority/ISA that complies with 882 or 61508.

This is not "light" reading. If you skim you will miss important concepts - Dunn's writing style is efficient and seemingly minor statements are, in fact, fundamental concepts of safety-related design that the developer needs to conduct further research in to.

1 of 1 people found the following review helpful:

5.0 out of 5 stars A Good Introductory Book for Mission- and Safety-Critical Systems, June 20, 2010

By 

Kim R. Fowler (Windsor Mill, MD United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Practical Design of Safety-Critical Computer Systems (Paperback)

I would largely agree with Griffongate and largely disagree with R. Wall in their respective reviews. Both appear to be heavily involved in developing safety-critical systems and, as such, seem to want more theoretical detail and basis. Each of their concerns can fit a portion of the potential audience of readers. This book, however, is a more basic read; it is an introductory textbook for safety-critical design.

As an author and lecturer about the development of real-time embedded systems, I am always looking for books that have good explanations and are well-written. Dunn's book accomplishes both.

I agree that the first 100 pages have material that may be too elementary - for example, pp. 33 to 74 on basic computer architecture and operation. Usually students or readers, who are using this book seriously, already have covered that material in basic computer courses. On the other hand, some introduction is necessary and I liked seeing the general blocks and the introduction of sensors and effectors.

For me, the most useful parts of this book are Chapters 4, 5, and 6. I particularly like Dunn's descriptions of failure modes and effects analysis, fault tree analysis, event tree analysis, risk analysis, and hazard analysis. These have proved quite useful to me in several projects, as well as the development and calculations for reliability and availability. I also like, and stress to my students and audiences, that "analysis yields only nominal probability values . . . for several design candidates. In doing this, one is concerned not only with absolute values but also relative values, which will allow the ranking of architectural candidates in terms of their reis-related probability." - p. 232

As to including MIL-STD-882D, I think that Dunn could have just referenced the standards (and others like it: MIL-HDBK-781, 1530, 1793, 2164, 87244, 470, 791, 336, 2069). Either way, I am not too fussed about it. You may find MIL-STD-882 a reasonable read after completing Dunn's book.

This is a good, basic textbook. If you are starting into the field of mission-critical systems (e.g. building military equipment or spacecraft instruments), I recommend this book as a good place to start. More detail and in-depth development can be found in other books.

3 of 7 people found the following review helpful:

2.0 out of 5 stars Practical Design of Safety-Critical Computer Systems, January 28, 2007

By 

R. Wall "rww" (West cost) - See all my reviews
(REAL NAME)   

This review is from: Practical Design of Safety-Critical Computer Systems (Paperback)

Much of the content of this book is devoted to fault tree analysis and common sense applications of redundancy. The book equates safety critical with low failure rates. Failures of any frequency are intolerable. I was expecting to see fault coverage techniques using inference instrumentation and safe-fail methodologies. Contrary to other reviews, I found this book to be very light.