Professional Documents
Culture Documents
Download pdf Embedded Software Development For Safety Critical Systems 2Nd Edition Chris Hobbs ebook full chapter
Download pdf Embedded Software Development For Safety Critical Systems 2Nd Edition Chris Hobbs ebook full chapter
https://textbookfull.com/product/embedded-software-development-
for-safety-critical-systems-second-edition-chris-hobbs-author/
https://textbookfull.com/product/making-embedded-systems-design-
patterns-for-great-software-2nd-edition-elecia-white/
https://textbookfull.com/product/making-embedded-systems-design-
patterns-for-great-software-2nd-edition-elecia-white-2/
https://textbookfull.com/product/software-engineering-for-
embedded-systems-robert-oshana/
Embedded Systems Architecture for Agile Development: A
Layers-Based Model Mirtalebi
https://textbookfull.com/product/embedded-systems-architecture-
for-agile-development-a-layers-based-model-mirtalebi/
https://textbookfull.com/product/introduction-to-embedded-
systems-2nd-edition-k-v-shibu/
https://textbookfull.com/product/embedded-software-timing-1st-
edition-peter-gliwa/
https://textbookfull.com/product/dependable-embedded-systems-
jorg-henkel/
https://textbookfull.com/product/stm32-arm-programming-for-
embedded-systems-1st-edition-muhammad-ali-mazidi/
Embedded Software
Development for
Safety-Critical
Systems
Second Edition
Embedded Software
Development for
Safety-Critical
Systems
Second Edition
Chris Hobbs
Cover photo by: Chuck Clark
CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
This book contains information obtained from authentic and highly regarded sources. Rea-
sonable efforts have been made to publish reliable data and information, but the author
and publisher cannot assume responsibility for the validity of all materials or the conse-
quences of their use. The authors and publishers have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to copyright holders if
permission to publish in this form has not been obtained. If any copyright material has not
been acknowledged please write and let us know so we may rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted,
reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other
means, now known or hereafter invented, including photocopying, microfilming, and record-
ing, or in any information storage or retrieval system, without written permission from the
publishers.
For permission to photocopy or use material electronically from this work, please access
www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Cen-
ter, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-
for-profit organization that provides licenses and registration for a variety of users. For
organizations that have been granted a photocopy license by the CCC, a separate system
of payment has been arranged.
For
Alexander, Thomas,
and Edward
' ' , '
v
Contents
SECTION 1: BACKGROUND
1 Introduction ........................................................... 3
Safety Culture 4
Our Path 6
Selecting the Techniques to Describe 7
Development Approach 8
Today’s Challenges 10
References 12
SECTION 5: CODING
SECTION 6: VERIFICATION
19 Integration Testing .............................................. 289
Fault Injection Testing 290
Back-to-Back Comparison Test Between Model and Code 295
Combinatorial Testing 298
Requirements-Based Testing 302
Anomaly Detection During Integration Testing 306
References 307
SECTION 7: APPENDICES
A Goal Structuring Notation .................................... 327
Background 327
Example 328
Eliminative Argumentation 330
xii Contents
xiii
xiv Preface
References
All of the techniques described in this book may be further explored
through hundreds of academic articles. In order to provide you with
a way in, I have provided references at the end of each chapter. With
a few whimsical exceptions (e.g., Lardner’s 1834 paper on diverse pro-
gramming and Babbage’s 1837 paper on the calculating engine), I have
included only references that I have personally found useful as a work-
ing software developer.
Some of the papers and books I reference changed my ideas about
a topic and, in many cases, caused me to start programming to check
whether the concepts were actually useful.
I have to admit that I object to paying money to journals to access
published papers, and I believe that all the articles to which I refer in
the bibliographies at the end of each chapter can be freely (and legally)
downloaded from the Internet. In some cases, e.g., Kálmán’s original
1960 paper to which Chapter 8 refers, one has the option of paying the
original journal $25 to retrieve the article, or going to the website of
the associated educational establishment (in this case, the University
of North Carolina, USA) and downloading the paper for free. I leave
the choice to the reader.
I refer frequently to various international standards. These stan-
dards are continuously being revised and, when I refer to a standard in
this book, I mean the following editions:
Tools
I have used the C programming language in examples because this is
the language most strongly associated with embedded programming.
Some knowledge of C would therefore be useful for the reader, but
the examples are short and should be readable by software engineers
familiar with other languages.
From time to time I mention a particular tool. In general, I refer to
open-source tools, not because these are always superior to commercial
equivalents, but because it would be invidious to mention one com-
mercial vendor rather than another unless I had carried out a careful
comparison of the available products.
Tools are also very personal. We all know that “wars” can arise
from discussions of whether vi or emacs is the better editor. I refuse
to take the bait in these discussions, comfortable in my knowledge that
vi is far better than emacs.
So, my choice of tool may not be your choice of tool. I hope that
whenever I mention a tool, I provide enough information for you to
seek out commercial vendors.
Second Edition
The first edition of this book appeared in 2015 and the world of safety-
critical embedded software has changed substantially in the years since
then:
Acknowledgments
This book has evolved from material used by QNX Software Systems
(QSS) for a training module covering tools and techniques for building
embedded software systems in safety-critical devices deployed in cars,
medical devices, railway systems, industrial automation systems, etc.
The material in this book has emerged from my professional work
and, of course, I have not worked alone. I am grateful to QSS man-
agement, and in particular my direct managers, Jeff Baker and Adam
Mallory, for allowing me the space to develop many of my ideas, and
for allowing me to use the training material as a foundation for this
book.
There are many people whom I need to thank for providing me with
ideas and challenges. These particularly include (alphabetically) Dave
Banham, John Bell, John Hudepohl, Patrick Lee, Martin Lloyd, Ernst
Munter, Rob Paterson, Will Snipes and Yi Zheng — a stimulating
group of people with whom I have worked over the years.
Even with the ideas, creating a book is not a trivial task, and I
would like to thank my wife, Alison, who has read every word with a
pencil in her hand. I cannot count how many pencils she has worn out
getting this book into a shape that she finds acceptable. I thank her.
I also thank Chuck Clark, Adam Mallory and the anonymous readers
provided by the publisher for their extremely thorough and detailed
proofreading.
The cover picture was provided by Chuck Clark. Many thanks for
the permission to use this photograph.
Preface xvii
Chris Hobbs
Ottawa
BACKGROUND I
Chapter 1
Introduction
Safety Culture
A safety culture is a culture that allows the boss to hear
bad news.
Sidney Dekker
† http://www.systemsengineeringblog.com/deus_ex_machina/
6 Embedded Software Development for Safety-Critical Systems
Our Path
I have structured this book as follows
Background material.
Chapter 2 introduces some of the terminology to be found later
in the book. This is important because words such as fault, er-
ror, and failure, often used interchangeably in everyday life, have
much sharper meanings when discussing embedded systems.
A device to be used in a safety-critical application will be de-
veloped in accordance with the requirements of an international
standard. Reference [4] by John McDermid and Andrew Rae
points out that there are several hundred standards related to
safety engineering.
From this smörgåsbord, I have chosen a small number for
discussion in Chapter 3, in particular IEC 61508, which relates
to industrial systems and forms the foundation for many other
standards; ISO 26262 which extends and specializes IEC 61508
for systems within cars; and IEC 62304, which covers software
in medical devices.
I also mention other standards, for example, IEC 29119, the
software testing standard, and EN 50128, a railway standard,
to support my arguments here and there in the text.
To make some of the discussion more concrete, in Chapter 4
I introduce two fictitious companies. One of these is producing
a device for sale into a safety-critical market, and the other
Introduction 7
Development Approach
There are many development methodologies ranging from pure water-
fall (to which Bossavit dedicates an entire chapter and appendix in ref-
erence [1]), through modified waterfall, design-to-schedule, theory-W,
joint application development, rapid application development, timebox
development, rapid prototyping, agile development with SCRUM to
eXtreme programming.
I do not wish to take sides in the debate about which of these tech-
niques is the most appropriate for the development of an embedded
system, and so, throughout this book, I make use of the composite
approach outlined in Figure 1.1. During a development, certain tasks
have to be completed (although typically not sequentially):
Implementation
Verification
Implementation Cycle
Selection of
Implementation Implementation
Patterns
Design
Verification
Safety Case
e
y cl
nC
Failure
a ti o
Analysis
r i fi c
le
n Ve
yc
nC
D e si g
si g
De
il e d
D eta
Gross
Dependability
Analysis
Note that I have carefully avoided saying whether these cycles are fol-
lowed only once for the development of a device (a waterfall process),
or are followed for each component, perhaps repeating once every few
weeks (an agile process) or even daily (eXtreme programming).
Given this spectrum of methodologies, I have my personal belief
about the end of the spectrum most likely to result in a successful
project delivered on-time and on-budget and meeting its safety require-
ments, but that opinion is irrelevant to this book — the techniques I
describe are necessary whatever approach is chosen.
However, one point can be noted from the list above: I have placed
a lot more emphasis on design and design verification than on imple-
mentation and implementation verification. That is deliberate, and
in Chapter 15, I try to justify my claim that the skills required for
10 Embedded Software Development for Safety-Critical Systems
Today’s Challenges
Although the last two decades have seen a tremendous growth in tools
and techniques that we can apply to the development of safe, embedded
systems, challenges still remain and new ones are emerging.
Security
In the past, many embedded systems were physically secure, being
locked in the driver’s cab of a train or behind a locked fence on a
shop floor. Today almost every electronic device supports external
communications through Wi-Fi, Bluetooth, USB drives, or from GPS
satellites, and these channels are all security vulnerabilities.
Safety is interlinked with security — the behavior of an insecure
device is effectively unpredictable once a hacker has found a vulnera-
bility. Safety and security are normally antagonistic (increase one at
the cost of the other) and this security/safety balance is described on
page 101. There are moves to combine safety and security cases; see
page 72. However, no general methodology exists yet for combining
security and safety issues.
Errarão se se queyxarem
os olhos con que eu olhey,
porque eu não me queyxarey,
en quanto os seus me
lembraren,
nem poderá auer mudança,
jamas en minha uontade,
ora me mate saudade,
ora me deyxe esperança.
POR
A la ilustrissima y
excelentissima señora mia
luisa de lorena, princesa de
conti.