Professional Documents
Culture Documents
Abstract: Programmable electronic systems are being used in almost all application
sectors to perform non-safety and increasingly to perform safety functions as well.
Although software based solutions are usually superior to hardwired ones for reasons
of eciency and
exibility, there is a certain reluctance of the certication authorities
when it comes to licensing computer based systems which are classied as safety
critical. Despite many attempts to overcome problems of software safety (IEC 61508,
IEC 880, VDE 0801, IDS 00-55, RTCA/DO-178), up to now neither precise guidelines
supporting the software development process are available, nor are there serious eorts
being made to develop programming languages dedicated to the implementation of
safety critical functions. To improve this unsatisfactory situation, i.e., to meet both
economic and safety requirements, it is necessary to design appropriate language
concepts with consequent regard to safety aspects. Accordingly, four subsets of a real
time language suitable for the implementation of safety related systems are proposed,
whose denitions full the respective requirements of the four Safety Integrity Levels.
Keywords: Safety related systems, safety requirements, safety integrity levels, real
time programming languages, PEARL, verication.
References
5. CONCLUSION
Dijkstra, E.W. (1989). The next forty years. Per-
Despite the existence of standards like IEC 61508- sonal note EWD 1051.
1 or DIN V VDE 0801, software based systems DIN 66 253-2 (1998). Programmiersprache
are still considered to be less trustworthy than PEARL 90. Beuth Verlag, Berlin.
conventional hardwired components, which is jus- Halang, W.A. A.H. Frigeri, R. Lichtenecker, U.
tied in part by the longer tradition of hardware Steinmann and K. Wendland (1998). Method-
engineering and many years of experience in the enlehre sicherheitsgerichteter Echtzeitprogram-
development of strategies for coping with corre- mierung. Schriftenreihe der Bundesanstalt fur
sponding failures. This situation is due to Arbeitsschutz und Arbeitsmedizin { Forschung
{ Fb 813. Verlag fur neue Wissenschaft, Bre-
the standards being unclear about the char- merhaven.
acteristics of environments for safety critical Interim Defence Standard 00-55 (1991). The Pro-
programming, and curement of Safety Critical Software in Defence
no programming language (and related pro- Equipment. British Ministry of Defence.
gramming environment) based on these guide- IEC 880 (1986). Software for Computers in Safety
lines being available. Systems of Nuclear Power Stations. Interna-
To overcome this situation, a dedicated subset of tional Electrotechnical Commission, Geneva.
PEARL 90 has been proposed for each of the IEC 61131-3 (1992). Programmable Controllers,
4 Safety Integrity Levels dened in IEC 61508- Part 3: Programming Languages. International
1, following the principle of simplicity: the more Electrotechnical Commission, Geneva.
safety critical a system is, the more simple the Draft International Standard IEC 61508-1 (1998).
related control software needs to be. Accordingly, Functional Safety of Electrical/Electronic/ Pro-
on the highest Safety Integrity Level (SIL 4) the grammable Electronic Systems: Generic Aspects
safety/integrity of a \software" system can be | Part 1: General Requirements. International
veried just by looking at a Cause Eect Table, Electrotechnical Commission, Geneva.
i.e., without employing formal proofs. Control Krebs, H., and U. Haspel (1984). Ein Verfahren
software for SIL 3 systems can be graphically zur Software-Verikation. Regelungstechnische
constructed, based on already proven function Praxis rtp 26, 73{78.
blocks. This will simplify the process of software RTCA/DO-178B (1992). Software Considerations
development as compared to textual languages in Airborne Systems and Equipment Certica-
and still keep the task of safety proofs relatively tion. (www.rtca.org)
easy. Programs written in the subset for SIL 2 DIN V VDE 0801 (1995). Grundsatze fur Rech-
have the main advantage of being formally veri- ner in Systemen mit Sicherheitsaufgaben. Beuth
able. Finally, the subset HI-PEARL for the lowest Verlag, Berlin.