博客首页
注册
建议与交流
排行榜
加入友情链接
推荐
投诉
搜索:
帮助
好好学习
bilbo.cublog.cn
管理博客
发表文章
留言
收藏夹
· Compiler
· Unix_Linux
博客圈
音乐
相册
文章
· AutoHotKey
· C/C++
· Caml
· Perl
· Tcl & Expect
· 其他编程语言
· Visual Language
· Compiler Engineering
· Embedded System
· Formal methods
· FieldBus
· Networking
· Hardware Desing
· Safety System
· Unix_Linux
· Software Engineering
· GSM/GSM-R
· 技术幽默
· 读书时间
· Good Resource
· 关注社会
· 胡言乱语
首页
关于作者
姓名:你知道 职业:IT 年龄:每年大一岁 位置:地球 个性介绍:挺笨 Email: bilbo0214@163.com
||
<<
>>
||
我的分类
文章列表 - Safety System
闲话安全关键系统系统(五)
闲话安全关键系统系统(五)<br><br>任何理论的发展最终到实际中都要以某种形式固定下来,这些形式的东西,术语称之为“过程”。比如软件开发过程、项目管理过程等等。<br>安全系统也不例外,它也有一个过程,我们称为“安全过程”,更时髦一点,叫“安全生命周期”。<br><br>如果你对软件开发很熟悉,那么这些概念并不陌生,常见的软件生命周期模型有瀑布模式,螺旋模型,V模型。一般来说,从V&V的角度看,V模型更合适。我们也可以对照V模型,把安全生命周期套用一下。如下图所示。<br><div align="center"><img src="http://blogimg.chinaunix.net/blog/upfile2/081005192736.jpg" onload="javascript:if(this.width>500)this.width=500;" border="0"></div><br><div style="text-align: center;">图1. 安全生命周期与系统开发生命周期示意图<br></div><br>对于开发安全系统来说,这两个过程是相互关联和相互影响的,不过现实中,往往只是重视了开发过程的生命周期,而把安全生命周期忽略了,或者认为在开发过程中嵌入一些安全生命周期的内容就可以了,这些都是不正确的方法。严格来说,安全生命周期要有一个独立的团队来完成,通常意义上的软件工程师或硬件工程师是不……
查看全文
发表于:2008-10-05 ┆
阅读(31)
┆
评论(0)
(转)Tools for Reliability Engineering
<h1> <b>Reliability Modeling Programs</b></h1> <hr> <h4> ACARA (Availability, Cost and Resource Allocation) (COSMIC)</h4> Analyzes availability, life cycle cost, and resource scheduling using a statistical Monte Carlo method to simulate a system's capacity states as well as component failure and repair. Component failures are modelled using a combination of exponential and Weibull probability distributions. ACARA schedules component replacement to achieve optimum system performance. An integrated approach characterizes system performance in terms of both state availability and equivalent availability. It can determine the probability of exceeding a capacity state to assess reliability and loss of load probability and evaluate the effect of resource constraints on system availability and life cycle cost. <hr> <h4> ANNE (Rex Thompson & Partners)</h4> Analytical program to assess reliability of repairable and non-repairable programs in the steady- state.&nbs……
查看全文
发表于:2008-09-23 ┆
阅读(68)
┆
评论(0)
(转)安全系统设计12原则
Twelve Principles for the Design of Safety-Critical Real-Time Systems<br><br>1.Regard the Safety Case as a Design Driver<br>2.Start with a Precise Specification of the Design Hypotheses<br>3.Ensure Error Containment<br>4.Establish a Consistent Notion of Time and State<br>5.Partition the System along well-specified LIFs<br>6.Make Certain that Components Fail Independently<br>7.Follow the Self-Confidence Principle<br>8.Hide the Fault-Tolerance Mechanisms <br>9.Design for Diagnosis<br>10.Create an Intuitive and Forgiving Man-Machine Interface<br>11.Record Every Single Anomaly<br>12.Provide a Never Give-Up Strategy
查看全文
发表于:2008-08-17 ┆
阅读(132)
┆
评论(0)
闲话安全关键系统系统(四)
闲话安全关键系统系统(四)<br><br>这一篇,咱们说说功能安全(Functional Safety)。这个概念是IEC 61508标准最关注的。<br><br>啥是功能安全?简单的说,就是系统中与安全有关的系统功能。<br><br>既然有功能安全,就有非功能安全。这么说还是不好理解,举个例子。城市里有火车,很多火车是要经过城区的,这样会与普通的道路有交叉,在交叉口的地方一般都会设置道口进行管理,那里有护栏,当有火车接近的时候,护栏就回放下,相应的信号灯会变红,禁止车辆和行人通过。当列车通过以后,护栏又会抬起,信号灯变绿,允许车辆和行人通过。有时候也会设有警笛提示。我高中时所在的县城里就有这样的东西,每天上学放学都要经过。不过,我们那里的是人工手动操作的。<br>不过可以设想一下,有这样一套系统它可以完成这些功能,即操作信号灯和护栏。对于这样的系统,功能安全主要关注以下方面:当列车接近道口的时候,护栏有没有可能不能落下?当列车接近道口的时候,信号灯和警笛能否正常工作?当信号灯或护栏发生故障的时候,操作人员如何知道?护栏放下以后,路上的车辆能否注意到它? 等等。<br><br>而非功能安全可能关注:制作护栏的材料是否有毒?护栏的润滑油是否有毒?会不会……
查看全文
发表于:2008-08-17 ┆
阅读(191)
┆
评论(0)
(转)Ada in the French TGV (High-Speed Rail) System
<h1><p class="pagetitleheader">Ada in the French TGV (High-Speed Rail) System</p></h1> <p> </p><p class="nestedheader"><b>On-board with Safety Critical Software: Implementing Safety Critical Software for High-Speed Railway Transportation</b></p> <p class="bodyblack"> By Marc Richard-Foy, Alsys, and Gilles Legoff, CSEE-Transport <br> (source: Alsys World Dialogue, vol. 8, no. 2, Summer 1994) </p><p> </p><p class="nestedheader"><b>Background</b></p> <p class="bodyblack"> As computer control becomes more and more extensive in our everyday lives, safety critical software systems are taking on increasing importance. Hospitals, avionics, and ground transportation systems rely on safety critical practices to supply their clients with safe, reliable products and services that inspire confidence. </p><p class="bodyblack">While software solutions for critical applications are attractive for their flexibility, they also bring the chance of error. Positive measur……
查看全文
发表于:2008-07-27 ┆
阅读(109)
┆
评论(0)
(转)When is risk acceptable?
<center><div style="text-align: left;"> 这是一篇关于可接受的风险的标准的讨论的文章,有关于ALARP、GAME和MEM的讲述。<br></div><h1 style="text-align: left;"><br> </h1><h1><font color="#000080"><font size="+4">When is risk acceptable?</font></font></h1></center> <center><b><font color="#000080"><font size="+1"><a href="mailto:odd.nordland@informatics.sintef.no">Odd Nordland</a></font></font></b> <br><font color="#000080"><a href="http://www.sintef.no/">SINTEF Telecom and Informatics</a></font> <br><font color="#000080"><a href="http://www.informatics.sintef.no/">Systems Engineering and Telematics</a></font> <br><font color="#000080">NO-7465 Trondheim</font> <p><font color="#000080">E-mail: <a href="mailto:Odd.Nordland@informatics.sintef.no">Odd.Nordland@informatics.sintef.no</a></font> <br><font color="#000080">URL: <a href="http://www.informatics.sintef.no/%7Enordland">www.informatics.sintef.no/~nordland</a></font></p></center> <dir><font color="#000080"><b><u>Abstract:</u……
查看全文
发表于:2008-07-27 ┆
阅读(153)
┆
评论(0)
闲话安全关键系统系统(三)
闲话安全关键系统系统(三)<br><br>自从有了网络以后,我觉得自己无法再长时间专注于某一件事情,用我高中老师的话说就是“三分钟热情”。一转眼有半个月没有写safety-critical的文章了。借口总是可以找到的,不过还是该坚持把这件事情做下去。<br><br>1. hazard与risk<br>好了,不废话了,让我们回到上次未讨论完的hazard这个概念上吧。hazard的简单定义参考如下:“A state or set of conditions that, together with other conditions in the environment, will lead to an accident (loss event).”hazard是所有安全问题的起源,因此我们要研究safety,就必须先研究hazard,也就是常说的hazard analysis。<br>我们经常遇到一个词叫风险(risk),在安全领域,它与hazard紧密相关,实际上,它是“The hazard level combined with the likelihood of the hazard leading to an accident plus exposure (or duration) of the hazard.”,与之对应的工作叫risk analysis(风险分析)。<br><br>hazard analysis和risk analysis有什么区别呢?<br>hazard analysis是一系列技术,每种技术都是从不同的角度给人们提供了一个深入了解系统的方法。它是整个安全系统过程的核心。……
查看全文
发表于:2008-07-27 ┆
阅读(180)
┆
评论(2)
闲话安全关键系统系统(二)
闲话安全关键系统系统(二)<br><br>1. safety的概念<br><br>在<a href="http://blog.chinaunix.net/u/29291/showart_1079415.html" target="_blank">闲话安全关键系统系统(一)</a>中,我只是简单说了safety-critical system的概念,初步介绍了它所涉及的安全的含义。这一篇里,我主要想谈一个safety这个概念。<br><br>任何学科都是以概念为基础的,在其之上衍生出规则、方法。safety system中最核心的概念之一就是safety。不过到目前为止,对它的定义也没有一个统一的普遍认可的说法。下面是两个比较常用的定义。<br><br>“安全是系统的一个属性,它不会对人的生命或环境带来损害。”(原文:Safety is a property of a system that it will not endanger human life or the environment. -- Neil Storey)<br><br>“安全就是没有故障或损失。”(原文:Freedom from accidents or losses.-- Nancy G. Leveson)<br><br>(注:在safety system领域里,Nancy G. Leveson和Neil Storey都很有名,因为他们各自写了一本关于这方面的书,其实不只是书,还发表了很多非常有影响的论文。)<br><br> <br><br>说到根上,这两个概念的核心就是“没有伤害(freedom from harm)”……
查看全文
发表于:2008-07-13 ┆
阅读(193)
┆
评论(1)
闲话安全关键系统系统(一)
闲话安全关键系统系统(一)<br><br>1. 什么是安全关键系统(safety-critical system)?<br>“安全关键系统”听起来比较唬人,它实际上是英文“safety-critical system”的直译,比较拗口。<br>简单的说,它是一类系统,这类系统如果失效,则会导致人员或财产损失,或对环境产生严重破坏。<br>举几个例子,比如运载火箭控制系统、飞机的飞行控制系统,铁路的超速防护系统,核反应堆的安全<br>保护系统等等,这些都属于安全关键系统。<br><br>与这个词有关系的词还包括安全相关系统(safety-related system)。一般情况下,这两个术语的同义词,指的内容是相同的,但也有时候有些区别,比如为了区分系统的不同的安全等级,可以认为safety-critical system的安全等级比safety-related system更高。在本文中,这两个词是等价的。<br><br>有时候甚至为了简单,直接就说安全系统(safety system)。说到这儿,你也许该问了,“日常说的安全系统<br>不是这样的呀?”。原因在于汉语中的“安全”一词实际上对应英文有两个词,一个是security,一个是<br>safety。在英文中,security主要指与信息有关的安全,safety主要指与生命财产有关的安全。我们经常<br>听到的安全系统(准确的说是……
查看全文
发表于:2008-07-12 ┆
阅读(209)
┆
评论(1)
(转)Three Mile Island 29 Years Later
<span class="newstitle1">Three Mile Island 29 Years Later: Nuclear Safety Problems Still Unresolved</span><br><span class="newstitle2">Adding New Plants to Aging Fleet Will Increase Risk Without Safety Reform, Science Group Says</span> <div id="linkset-37290251" style="display: inline; float: right; width: 33%;"> <!-- BEGIN: related links --> <div id="navigation-27209092"> <div class="linksetMenu linksetSubMenu-1"> <div class="linksetTitle">Contents</div> <div class="linksetLinkInternal navigationItem"><a href="http://www.ucsusa.org/clean_energy/nuclear_safety/nuclear-reactor-security.html">Nuclear Reactor Security</a></div> <div class="linksetLinkInternal navigationItem"><a href="http://www.ucsusa.org/clean_energy/nuclear_safety/unlearned-lessons-from.html">Walking A Nuclear Tightrope</a></div> </div> </div> <!-- END: related link --> </div> <p>WASHINGTON (March 27, 2008)……
查看全文
发表于:2008-07-10 ┆
阅读(174)
┆
评论(0)
Hazard Identification Process(笔记)
<DIV>写了一篇关于Hazard identification process论文的阅读笔记,算是总结一下吧,免得以后又忘了。</DIV> <DIV> <TABLE style="BORDER-COLLAPSE: collapse" borderColor=#dddddd cellSpacing=0 cellPadding=0 width=360 align=center border=1> <TBODY> <TR height=60> <TD align=middle width=60><IMG alt="" src="http://control.cublog.cn/fileicon/pdf.gif" border=0></TD> <TD> <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 cellPadding=0 width="100%" border=0> <TBODY> <TR height=20> <TD align=middle width=40>文件:</TD> <TD>论文阅读笔记.pdf</TD></TR> <TR height=20> <TD align=middle width=40>大小:</TD> <TD>199KB</TD></TR> <TR height=20> <TD align=middle width=40>下载:</TD> <TD><A href="http://blogimg.chinaunix.net/blog/upfile2/080602171320.pdf">下载</A></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></DIV>
查看全文
发表于:2008-06-02 ┆
阅读(209)
┆
评论(0)
(转)ETBA--PHI阶段的hazard分析技术
<P class=normal>The Energy Trace and Barrier Analysis is a professional-level procedure intended to detect hazards by focusing in detail on the presence of energy in a system and the barriers for controlling that energy. Use the Energy Trace and Barrier Analysis Tool (ETBA) when you need to detect potential energy within a well-known but complex system, such as acquisition of new weapon systems. The types of energy assessed include:</P> <UL> <LI>Electrical Energy <LI>Kinetic Energy (moving mass, such as a vehicle, a machine part, a bullet) <LI>Potential Energy (non-moving mass, such as a heavy object suspended overhead) <LI>Chemical Energy (explosives, corrosive material) <LI>Noise and Vibration <LI>Thermal (heat) <LI>Radiation (Nonionizing, such as microwaves, and ionizing, such as nuclear radiation and X-rays) <LI>Pressure (air, water) </LI></UL> <P class=normal>The five basic steps in the ETBA are:</P> <OL> <LI>Identify the types of energy present in a system. <……
查看全文
发表于:2008-05-29 ┆
阅读(284)
┆
评论(0)
ideas on hazard list
<DIV>Today I read some letures about safety engineering. I think I need to collect some<BR>hazard list as a basis for hazard identification. So I google the word "hazard list", indeed, there are few useful info I get, but I still find some interesting things.</DIV> <DIV> </DIV> <DIV>Different people list different hazards. </DIV> <DIV> </DIV> <DIV>The following two are examples:</DIV> <DIV> </DIV> <DIV>I. MARATHON COUNTY HAZARDS(coming from Marathon County Emergency Management Office)</DIV> <DIV>Natural Hazards<BR>1. Agricultural/hydrologic drought<BR>2. Dam failures<BR>3. Fires (forest and structural)<BR>4. Flooding<BR>5. Thunderstorms (including hail and lightning)<BR>6. Tornadoes<BR>7. Winter Storms</DIV> <DIV>Man-made Hazards<BR>1. Transportation accidents (aircraft, rail, trucking)<BR>2. Hazardous materials accidents/incidents<BR>3. Explosions<BR>4. Civil disturbances<BR>5. Bombs and bomb threats</DIV> <DIV> </DIV> <DIV>II. HAZARD LIST(coming from The……
查看全文
发表于:2008-05-29 ┆
阅读(219)
┆
评论(0)
(转)Calculating SIL Suitability Levels
<span class="TextMaroonBold1417">Calculating SIL Suitability Levels</span><span class="TextBlackReg1216"><br> For General Monitors, calculating the SIL suitability level for individual products is a combined effort between corporate quality, engineering, and a 3rd party for validating calculations. The steps include failure rate prediction, FMEDA, Failure Path Investigation, and a 3rd party validation performed by Technis.<br> <br> </span><span class="TextBlackBold1216">Step 1 Failure Rate Prediction</span><span class="TextBlackReg1216"><br> This initial step is the basis of all product SIL calculations. Within the product all failure rates of individual components contribute to the overall product failure rate. <br> </span><span class="TextBlackBold1216">1.</span><span class="TextBlackReg1216"> ……
查看全文
发表于:2008-05-23 ┆
阅读(247)
┆
评论(0)
(转)Another Safety Checklist
<DIV> <TABLE cellSpacing=4 width=657 border=0> <TBODY> <TR> <TD vAlign=top width=565><FONT face="Century Schoolbook,Times Roman"> <H2><FONT face="Century Schoolbook,Times Roman">Safety Checklist </FONT></H2></FONT> <P><FONT face="Century Schoolbook,Times Roman">How well can your organization answer these questions? </FONT></P> <OL> <LI><FONT face="Century Schoolbook,Times Roman">For each safety-critical project undertaken by your organization, there is a coordinating committee or working group for managing the safety efforts. </FONT> <P><FONT face="Century Schoolbook,Times Roman">0 - never 1 - occasionally 2 - frequently 3 - always</FONT></P> <LI><FONT face="Century Schoolbook,Times Roman">Direct channels of communication exist between those responsible for safety and the rest of the project team. </FONT> <P><FONT face="Century Schoolbook,Times Roman">0 - never 1 - occasionally &n……
查看全文
发表于:2008-05-22 ┆
阅读(246)
┆
评论(0)
(转)Look Beyond the Certification!
<DIV> <H2>What you don't ask about products claiming to meet specified SIL requirements could hurt you.</H2> <H3>Dave Harrold, CONTROL ENGINEERING -- Control Engineering, 10/1/2000</H3> <P><FONT face="Arial, Helvetica, sans-serif" size=2><B><FONT size=3>T</FONT></B>he good news is the emergence and subsequent publicity surrounding the safety standards ANSI/ISA S84.01 issued in 1996 and IEC 61508 issued in 2000 has greatly raised user awareness of the need to address safety system requirements head-on.</FONT></P> <P><FONT face="Arial, Helvetica, sans-serif" size=2>The bad news is there is a lot of misunderstanding associated with the terminology, requirements, and certifications associated with these standards and the products used to meet their compliance.</FONT></P> <P><FONT face="Arial, Helvetica, sans-serif" size=2>IEC 61508, 'Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems,' is an international standard. ANSI/ISA S84.01-1996, 'Applicat……
查看全文
发表于:2008-05-21 ┆
阅读(234)
┆
评论(0)
(转)A Survey of Programming Power Tools
<DIV> <DIV id=loop_single> <DIV class=post id=post_64> <H3 class=title><A href="http://www.my2cents.planetmax.net/2007/10/27/survey-of-programming-power-tools/"><SPAN><FONT color=#800080>A Survey of Programming Power Tools</FONT></SPAN></A></H3> <UL class=metalinks> <LI class="icon author">Posted by <A title="Posts by Max H" href="http://www.my2cents.planetmax.net/author/maxh/"><FONT color=#0000ff>Max H</FONT></A> </LI> <LI class="icon date">October 27, 2007 <A title="" href="http://www.my2cents.planetmax.net/2007/10/27/survey-of-programming-power-tools/print/" rel=nofollow><IMG class=WP-PrintIcon title="" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px" alt="" src="http://www.my2cents.planetmax.net/wp-content/plugins/print/images/print.gif"></A> <A title="" href="http://www.my2cents.planetmax.net/2007/10/27/survey-of-programming-power-tools/print/" rel=nofollow></A> </LI></UL><BR class=clear> <DIV class=content> <P>There are many tool……
查看全文
发表于:2008-05-21 ┆
阅读(232)
┆
评论(0)
通过IEC61508认证的PLC
<DIV> <H2>PLC</H2><IMG height=35 src="http://www.exida.com/images/applications/sael/icons/CERTIFIED.gif" width=378> <BR> <P></P> <TABLE height=19 cellSpacing=0 cellPadding=0 width="100%" bgColor=#cccccc border=0> <TBODY> <TR> <TD> <TABLE cellSpacing=1 cellPadding=3 width="100%" border=0> <TBODY> <TR bgColor=#ffffff> <TD class=newscontent width=87 bgColor=#99ff99> <DIV align=center><B>Company</B></DIV></TD> <TD class=newscontent width=113> <DIV align=center><B>Model</B></DIV></TD> <TD class=newscontent width=152> <DIV align=center><B>Description</B></DIV></TD> <TD class=newscontent width=79 bgColor=#99ff99> <DIV align=center><B>Assessment</B></DIV></TD> <TD class=newscontent width=73 bgColor=#99ff99> <DIV align=center><B>Assessor</B></DIV></TD> <TD class=newscontent width=64 bgColor=#cccccc> <DIV align=center><B>Assessment Report </B></DIV></TD> <TD class=newscontent width=64 bgColor=#ffffcc> <DIV align=center><B>Contact</B></DIV></TD> <TD class=newscontent width……
查看全文
发表于:2008-05-21 ┆
阅读(212)
┆
评论(0)
SINTEF
挪威一家搞Safety Critical System的咨询和评估公司。<br><br>http://www.sintef.no/<br><br>这家公司有几个顾问是很牛的。<br><br><br>
查看全文
发表于:2008-05-20 ┆
阅读(221)
┆
评论(0)
(转)RTOS for safety-critical systems(IEC61508认证)
<h1>RTOS for safety-critical systems has IEC 61508 certification</h1> <h4 style="font-size: 12px;">Documentation package speeds safety certification process for end-equipment</h4> <span class="datestamp" style="font-size: 12px;">EDN Europe, 26 Apr 2007 </span> <h2 style="font-weight: normal;">26th April 2007 – A version of the <a href="http://www.freertos.org/" target="_blank">FreeRTOS</a> operating system is now available certified to comply with IEC 61508. SafeRTOS is a small-footprint real-time kernel that achieves the standard’s safety and integrity level 3 (SIL3). Certification was carried out by TUV SUD. SafeRTOS is a portable, mini, pre-emptive real-time kernel, predominantly written in C, with no restriction on the number of tasks or priorities that you can use. It uses queues and semaphores for communication and synchronisation between tasks, or between tasks and interrupts. SafeRTOS was written, as was the FreeRTOS code, by Richard Ba……
查看全文
发表于:2008-05-20 ┆
阅读(212)
┆
评论(0)
