Safety and Reliability Engineering Part 2: Terminology

Safety and Reliability Engineering
Part 2: Terminology
Prof. Dr.-Ing. Stefan Kowalewski
Chair Informatik XI, Embedded Software Laboratory
RWTH Aachen University
Summer term 2006
Terminology 1: Reliability
Reliability is the property which describes how much we
can expect the system to fulfill its specified function under
certain conditions (time period, environment conditions)
Part 2: Terminology, Slide 2
Stefan Kowalewski, 28 April 2005
A failure is an event at which the system stops to fulfill its
specified function.
A failure is an event at which the system stops to fulfill its
specified function.
- Does this always happen immediately?
- Difference to defect, fault, error?
Reliability: Cause-Effect-Model
Development/Maintenance Operation/Runtime
Graphics: Marko Auerswald, Bosch
introduction
of defect
unremoved
defect
introduction
of defect
unremoved
defect
fault 1
introduction
of defect
unremoved
defect
fault 1
component
failure 1
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
Defect
(deutsch: Defekt)
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
Fault/Error
(deutsch: Fehler)
Defect
(deutsch: Defekt)
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
Fault/Error
(deutsch: Fehler)
Defect
(deutsch: Defekt)
Failure
(deutsch: Ausfall, Versagen)
introduction
of defect
Cause-Effect model: example
fault 2
unremoved
defect
system
failure 1
fault 1
component
failure 1
component
failure 2
system
failure 2
Fault/Error
(deutsch: Fehler)
Defect
(deutsch: Defekt)
Failure
(deutsch: Ausfall, Versagen)
introduction
of defect
wrong expr.
for calcul.
array bound
wrong expr.
for calcul.
array bound
writing
beyong
array bound
incorrect
return
value
wrong
measurem.
result
memory
corruption
component
crash
system
crash
Access points to improve reliability
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
defect
avoidance
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
defect
avoidance
defect
removal
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
defect
avoidance
defect
removal
side effect
avoidance
unremoved
defect
system
failure 1
fault 1
component
failure 1
fault 2
component
failure 2
system
failure 2
introduction
of defect
defect
avoidance
defect
removal
side effect
avoidance
fault tolerance
Defect, fault, error
Defect: Cause of an error/fault
Error/fault: State of the system in which defect is existing and failure
is possible to occur.
Beware: Many different definitions are used.
Sometimes: defect = fault error
Failure vs. fault/error
Failure: system view (black box)
Error/fault: subsystem structure view (white box)
Fault tolerance?
Systematic vs. random failures
Systematic failure
Deterministic relation between stimulus and failure
If a certain stimulus/usage of the system leads to a failure, it will
always do so.
Systematic failures are repeatable.
Systematic failure
Deterministic relation between stimulus and failure
If a certain stimulus/usage of the system leads to a failure, it will
always do so.
Systematic failures are repeatable.
Examples?
Random failure
also accidental failure
Nondeterministic relation between stimulus and failure
The same stimulus/usage of the system may either lead to correct
response or to a failure.
Random failures are not repeatable.
Random failure
also accidental failure
Nondeterministic relation between stimulus and failure
The same stimulus/usage of the system may either lead to correct
response or to a failure.
Random failures are not repeatable.
Examples?
Typical causes for systematic failures?
specification errors
constructive faults
constructive faults
Typical causes for random failures?
constructive faults
aging, wear-out
destruction
constructive faults
aging, wear-out
destruction
Which class:
Hardware failures?
Software failures?
Failure rate
Reliability of a system is often specified by the failure rate .
= failures per time unit (in a collection of systems)
Failure rate
Reliability of a system is often specified by the failure rate .
= failures per time unit (in a collection of systems)
For most technical products (incl. embedded systems),
(t) is a bath-tub curve:
Bath-tub curve (ctd.)
Does the bath-tub also apply to software-failures?
Bath-tub curve (ctd.)
Consequences of bath-tub curve for manufacturers who want to
increase the reliability of their product?
Reliability vs. costs
Manufacturers dont want to increase reliability but minimize costs.
They have to find the optimal trade-off between pre- and post-
shipment costs:
Safety vs. costs
Trade-off considerations are ethically doubtful when safety is involved!
Safety vs. costs
Example: Ford Pinto Desaster (http://www.fordpinto.com/blowup.htm)
- Pinto was Fords answer to VW and Japanese small size cars in
the 60s.
- Soon defect became apparent: weak gas tank, burning casualties
in rear end collisions.
Safety vs. costs
the 60s.
- Cost/benefit analysis by Ford for correcting the flaw:
Costs: $11 per car $137 million
Benefit: 180 avoided deaths ($200.000 each), 180 avoided burn
injuries ($67.000 each), 2100 burned cars ($700 each) $49.5 million
Safety vs. costs
the 60s.
- Cost/benefit analysis by Ford for correcting the flaw:
Costs: $11 per car $137 million
Benefit: 180 avoided deaths ($200.000 each), 180 avoided burn
injuries ($67.000 each), 2100 burned cars ($700 each) $49.5 million
- They left it as it was. (Lee Iacocca: Safety doesnt sell)
- In 1978 Ford was forced by the Dept of Transportation to recall 1.5
million Pintos.
Safety
Safety?
Safety
Safety:
The property of a situation, in which the risk of
operating/using a system does not exceed the limit risk.
Safety
Safety:
Risk?
Safety
Safety:
Risk:
A measure comprising
- the probability of an event leading to damage
- the expected amount of damage, if the event occurs
Safety
Safety:
Risk:
A measure comprising
- the probability of an event leading to damage
- the expected amount of damage, if the event occurs
If quantification is possible:
R = P
damage
A
damage
Safety
R = P
damage
A
damage

Safety and Reliability Engineering Part 2: Terminology

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Safety and Reliability Engineering Part 2: Terminology

Caricato da

Copyright:

Formati disponibili

Safety and Reliability Engineering

Potrebbero piacerti anche