ps: 内容来自safety critical maillist, 可以供参考。
Various methods / technique are adopted for ensuring safe communication depending upon the requirement . Few are -
1) High hamming distance of 4 to 5 .
2) Rejecting the data packets on error ( no correction of data).
3) Re-transmission of data in case of faults and taking m out of n data packets for decision making.
4) Speed of data transmission to ensure that system meets functional as well as safety requirements.
5) example of some protocol used to ensure SIL4 are CANBUS etc.
-------------------------------------------
First, let us assume that the communications system is a subsystem of the whole. It participates in certain safety-related functions by transmitting messages.
As others have said, the 61508 theory is that the system hazard analysis will identify those safety-related functions and will assign them a required
dependability.
We may assume that in hte implementation of those functions there will be messages
sent from one agent to another (where "agents" may be people or non-human subsystems).
That's your "communications subsystem".
There is a more or less standard list of message-passing behavior,
for example:
* the message is delivered with the correct contents, in a timely manner, and
those contents are correctly read by the agent
* the contents are corrupted
* the message is delayed
* the message is lost
* the message may be read by agents other than the intended recipient
and so on.
Each one of these besides the first constitutes a failure of (desired) function, and such failure may or may not contribute to creating a hazard condition with a
safety-related function. Those failures leading to hazards will be analysed in the
usual 61508 manner, leading to certain dependability requirements on the
message-passing behavior.
Luckily, there are known mechanisms for reducing most of the failure behavior in
message-passing systems to below a specified level (i.e., achieving reliability of
certain message-passing functions to a specified degree).
On this basis, one can specify a communications system which incorporates the
needed mechanisms and ensure those specifications are met.
Nice theory. However, there is a human (organisatioal) element which often mitigates against applying this theory. Some developers prefer to procure some
quasi-off-the-shelf currently-fashionable technology and claim that because it's the lastest (or because the research and development has been funded by the government or EU, or because has been developed or it is being promoted by a local industrial champion) it is thereby the best for the job (no matter what the job). One should prepare counters to such an argument.
阅读(1168) | 评论(0) | 转发(0) |
