安全系统软件设计-SW Design

©ABB-Page1CompanyConfidentialPart06SoftwareDesignHeidiFuglumCertifiedFunctionalsafetyengineer1dayintrotraininginFunctionalsafety©ABB-Page206Softwaredesign©ABB-Page3SoftwaredesignInthemoduleSoftwarelifecycleHardware,softwarerelationshipAtypicalsoftwareproblemSafesoftwareThreetypesofsoftwareThreetypesofdevelopmentlanguagesSoftwaretools©ABB-Page4SafetyLifecycle,wherearewe11ExternalRiskReductionFacilitiesRealization1Concept2OverallScopeDefinition3Hazard&RiskAnalysis4OverallSafetyRequirements5SafetyRequirementsAllocation15OverallModification&Retrofit16Decommissioning12OverallInstallation&Commissioning13OverallSafetyValidation14OverallOperation&Maintenance9Safety-relatedsystems:E/E/PESRealization10Safety-relatedsystems:OtherTechnologyRealizationOverallInstallation&CommissioningPlanning678OverallOperation&MaintenancePlanningOverallValidationPlanningOverallPlanningBacktoappropriateOverallSafetyLifecyclephaseSILDeterminationHazardIdentificationSoftwaredesignOverallOperation&MaintenancePlanningOverallOperation&MaintenanceOverallModification&Retrofit©ABB-Page5SafetyLifecycle,wherearewe©ABB-Page6HardwareSoftwareRelationship©ABB-Page7SoftwareexampleAclientorderconstTVp*©ABB-Page8SoftwareexampleInthespecificationReqirement1.2.83CalculatethepressurewiththefollowingformulaTheprogrammerProgramsaccordingto1.283Testsrequirement1.2.83ProgramisdoneaccordingtothespecificationTV*cp©ABB-Page9SoftwareexampleWhatcangowrong?Isthespecificationcorrect?Thisprojectnot…WastheprogramcorrectYes,thetestshowedthattheprogramwascorrectaccordingtothespecWasthetestcorrect?Wasthetestverified?Whoverifiedthetest?Didweactuallydothetest?Whoverifiedtheresult?©ABB-Page10SoftwareexampleSoftwaretestingisNotabouteverysinglelineofcodeAbouthavingtherightprocessandmethodstotestWhatweneedtoachieveissafesoftwareSoftwareissafeifThesafetysystemcanexecutethesafetyfunctionevenunderfaultyconditionsNotonlysoftwarefaultsbutalsohardwarefaults©ABB-Page11FaultFreeSoftwareHowdowedothat?ConsidersoftwareengineeringpracticesandqualityassuranceSelectappropriatemeasurestoavoidfailuresIEE61508,part3,tableAndBPeriodicallyreviewtheeffectivenessofthemethodstoavoidfaultsduringsoftwaredevelopmentStandard,lookattheABBstandardportalorattheLCCdatabaseStandardsforABBinternaluseonly©ABB-Page12ThreeTypesofDevelopmentSoftwareIEC61508dealswithFullvariabilitylanguages(FVL)C,C++,AssemblerIEC61511dealswithLimitedvariabilitylanguages(LVL)Functionblocks,ladderlogicFixedprogramminglanguages(FPL)AsensorwithonlyanupanddownbuttontosetalimitIEC61511DonotdifferentiatebetweenSIL1,2or3software,allrequirementsuitableforSIL3©ABB-Page13Lifecycleconcept–ABBproductdevelopmentImplementationVerificationG3G4G5PlanningG2G0G1ReviewRecordsDesignDescrSystemDesignComponentDesignRequirementsAnalysisImplementationFunctionSpecDesignDescrCode&HardwareProd/ProjReqSpecFunctionSpecPlanningRequirementsAnalysisMarketReqSpecTypeTestPlan&DescriptionsTypeTestPlan&DescrTypeTestRecordsDesignTestTestedmoduleIntegrationIntegratedproductIntegration&IntegrationtestIntegr&testedcomponentComponentTypeTestVerifiedcomponentProductTypeTestValidatedProd.BCRAT©ABB-Page14V-modelSummaryoftheV-modelLeftbranchesrepresentspecification,designandcodingRightbranchesrepresenttestandverificationphasesFeedbackbetweenphasessrequiredDesignandtestarelinkedviaverificationactivities©ABB-Page15MeasurestoControlFailuresExamplesHardwarearchitectureSelfTestmeasuresforsystemsandsubsystemCPUBusandSignalsRAM,EEPROM,ROM,flashSystemwatchdogwithindependenttimebaseProgramflowmonitoringSafetyprotocolsfordatatransmissionpathsRedundantand/orinversedatastorage©ABB-Page16SummaryInthismoduleSafetysoftwareismoreabouttheprocessofsoftwredevelopmentthanthesoftwareitselfSystematicapproachviaV-modelMeasuretocontrolandavoidfailueresneedtobeapplied©ABB-Page17CompanyConfidential