Customer Reviews

Practical Design of Safety-Critical Computer Systems

5 star:		(1)
4 star:		(1)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

This text provides a high-level introduction to the concept of system safety for the engineer involved in embedded control/computer controlled systems.

The first 100 or so pages of the text are simplistic and of little value to anyone already involved in designing a safety-related system but do serve to introduce the example systems to be used throughout the remaining text and the concepts of how such systems typically fail.

Things get complicated quickly after those first hundred or so pages - Dunn basically introduces every failure mode evaluated and every mitigation technique employed by me in my latest project within about 30 pages. It is because of this rapid introduction of conepts at a high level that I suggest this text as introductory rather than as a reference.

The inclusion of 882 in an annex almost appears to be filler. If anything I would suggest removal of the 882 annex and inclusion of a discussion of how to pull a safety case together for a regulatory authority/ISA that complies with 882 or 61508.

This is not "light" reading. If you skim you will miss important concepts - Dunn's writing style is efficient and seemingly minor statements are, in fact, fundamental concepts of safety-related design that the developer needs to conduct further research in to.

I would largely agree with Griffongate and largely disagree with R. Wall in their respective reviews. Both appear to be heavily involved in developing safety-critical systems and, as such, seem to want more theoretical detail and basis. Each of their concerns can fit a portion of the potential audience of readers. This book, however, is a more basic read; it is an introductory textbook for safety-critical design.

As an author and lecturer about the development of real-time embedded systems, I am always looking for books that have good explanations and are well-written. Dunn's book accomplishes both.

I agree that the first 100 pages have material that may be too elementary - for example, pp. 33 to 74 on basic computer architecture and operation. Usually students or readers, who are using this book seriously, already have covered that material in basic computer courses. On the other hand, some introduction is necessary and I liked seeing the general blocks and the introduction of sensors and effectors.

For me, the most useful parts of this book are Chapters 4, 5, and 6. I particularly like Dunn's descriptions of failure modes and effects analysis, fault tree analysis, event tree analysis, risk analysis, and hazard analysis. These have proved quite useful to me in several projects, as well as the development and calculations for reliability and availability. I also like, and stress to my students and audiences, that "analysis yields only nominal probability values . . . for several design candidates. In doing this, one is concerned not only with absolute values but also relative values, which will allow the ranking of architectural candidates in terms of their reis-related probability." - p. 232

As to including MIL-STD-882D, I think that Dunn could have just referenced the standards (and others like it: MIL-HDBK-781, 1530, 1793, 2164, 87244, 470, 791, 336, 2069). Either way, I am not too fussed about it. You may find MIL-STD-882 a reasonable read after completing Dunn's book.

This is a good, basic textbook. If you are starting into the field of mission-critical systems (e.g. building military equipment or spacecraft instruments), I recommend this book as a good place to start. More detail and in-depth development can be found in other books.

Much of the content of this book is devoted to fault tree analysis and common sense applications of redundancy. The book equates safety critical with low failure rates. Failures of any frequency are intolerable. I was expecting to see fault coverage techniques using inference instrumentation and safe-fail methodologies. Contrary to other reviews, I found this book to be very light.