Professional Development: safety critical systems

[MrRadiotron]

Hello everyone,

For the last year I've been working as an electronic engineer in a small company designing hardware and writing embedded software.

It's my first job out of uni and I really like the embedded software part, especially the safety critical systems aspects.

As such I'm hoping to learn more about designing safety critical and automotive software, I've gleaned some information from places like embeddedgurus.com and barrgroup.com, and some more by looking at some standards like MISRA-C.

But I was hoping someone here would be able to point me the direction of some sort of formal training I could do (in Australia).

My Google fu has failed me and I haven't found anything in the near future.

I did find this course http://www.acs.org.au/branches/canberra/events/upcoming-events/event-details?eveID=30281790074643

But it was in April(2014), is my best bet to wait for the next one?

anyway, any links to companies and educational institutions that teach this sort of stuff would be greatly apprenticed!

also any good books!

[DaveW]

For background, I work in safety critical aerospace/defense systems, although I work on the hardware side of embedded systems. I haven't come across formal training, but generally we find that getting most decent coders to follow coding guidelines like MISRA-C and some NASA based ones is fairly straightforward. What we do look for is familiarity with safety critical processes like DO-178B. A good understanding of analysis methods including fault trees, failure mode effects analysis etc. tends to make your designs more likely to pass peer review and review by reliability departments.
Particularly on the coding side, understanding and using static analysis tools is useful. We tend to use Ada frequently and a vast range of errors can be picked up at compile time way before (very) expensive testing has begun.

[ignator]

I just retired from the avionics industry. Safety analysis is industry specific. Methods of design are proprietary to each company, and intellectual property. They use the nuclear regulatory industry fault tree methods for fault analysis. This is where you want to start to learn this trade.

[aroby]

PS. Don't buy the old Athlete's Village flats from the London 2012 Olympics, the fire alarm system isn't safe.

Would you care to explain why?

Anthony

[t3chiman]

... any links to companies and educational institutions that teach this sort of stuff would be greatly apprenticed!

also any good books!

System safety professionals hang out at: http://www.systemsafetylist.org/

Many references to conferences, short courses, specialty web sites, etc.. Of course, the controversies of our time are thoroughly discussed.
HTH

[Alexei.Polkhanov]

I hate term "Safety". Safety is not a parameter in itself it is a _relationship_ between user and system therefore it is a bullshit science or strictly marketing term.. What I think is safe most likely absolutely not safe for you and opposite can be true as well.

Reliability and fault tolerance on other end are both qualities that can be measured objectively, quantified, estimated and designed for. Most of engineering courses teach that. Here are very simple examples - having 3 or more sensors instead of one to detect when one is lying is a fault tolerance technique, N-version programming, voting, data redundancy etc.

Looks like the 5 day course that you linked is 90% that - fault tolerance and reliability math, stats etc. I bet they called it a "safety" course cuz it sounds better or something 

I remember few books I have read on subject of fault tolerance in general.
1. Amazon http://www.amazon.com/Fault-Tolerant-Systems-Israel-Koren/dp/0120885255/ref=sr_1_1?ie=UTF8&qid=1400100135&sr=8-1&keywords=Fault-Tolerant+Systems
2. Amazon: http://www.amazon.com/Software-Tolerance-Techniques-Implementation-Computing/dp/1580531377/ref=sr_1_1?ie=UTF8&qid=1400100177&sr=8-1&keywords=Software+Fault+Tolerance

[retrolefty]

I hate term "Safety". Safety is not a parameter in itself it is a _relationship_ between user and system therefore it is a bullshit science or strictly marketing term..

 While I agree with you in spirit the fact is that in many countries it has now been codified into our laws, regulations, 'best practices', building permits, insurance ratings, and on and on, so it can't be ignored any longer in many industries. The days are long gone for many countries where a single EE can design and have built and installed any system by himself if there is any chance it could cause injury, death, or large release of hazardous material. So get use to attending lots of working meetings where everyone has input and opinion on if a given design earns an approval to proceed. I'm just glad I finally made it to retirement as the last 5 years at the refinery was getting to be a real grind working with all the not fun stuff one finds in industry today. 

[MrRadiotron]

Great stuff guys!

I'll definitely try and apply things like

fault trees, failure mode effects analysis etc.

on my current project, nothing like doing for learning.

I've been pestering my employer for a good static code analysis package, any recommendations for a good one?
I've been looking at redlizards.com, their products come from NICTA, anyone used them?
then there is gimpel.com.

System safety professionals hang out at: http://www.systemsafetylist.org/

looks great! thanks!

[Alexei.Polkhanov]

I don't think you understand what safety is, in an engineering context. It generally means that failure modes are safe. If something goes wrong, bad things don't happen. You can do that by making failure safe, or better still by removing the possibility for something to fail. In my example by not doing HVAC with the god damn fire alarm system you eliminate the possibility for a whole load of bugs and reduce the chance of critical components like smoke extract vents failing due to wear from constant use as ventilation.

Well in that case all safety system designers completely don't understand what safety means for customers/users. For example, being woken up 3 times in single night due to false fire alarm is not safe for me because I need my sleep, but not having any fire alarm system in a building is safe by my standards. That is what I mean - "safety" is a _relationship_ between me (a customer) and you as a designer in this case, as oppose to to reliability and fault tolerance which are not dependent on my subjective view.

So "safety" is just a marketing term designed to assign a perceivable value to something that may have absolutely no real value to certain people and may have some value to others.  Here are examples of failures to understand the that safety is a relationship:

1. Buckle up seat belt behind ones back while in a city because car maker added annoying warning if you don't. No control provided to disable the warning.
2. Disable speaker attached to fire alarm system in a building where false alarms go off so often it is impossible to sleep. Again - no button to disable.
3. Disables ABS on you VW (no button to do that) so I that we can do some drifting on parking lot.
4. Remove bars from window assembly so that it can be opened wide enough. Bars were added to prevent kids from jumping out of the window? If they want to jump out - there is entire balcony to do that 
5 etc. etc. etc.

[electr_peter]

[,,,]
So "safety" is just a marketing term designed to assign a perceivable value to something that may have absolutely no real value to certain people and may have some value to others.  Here are examples of failures to understand the that safety is a relationship:
[...]

You have, in my opinion, very dangerous view on safety. My view is this: if there is some possibility (with some %) of a crash/failure/fire, then it is bound to happen one day and possibly to you or your family. So you should be prepared in some way (fire alarm, other precautions).
Your view seems to be that if you do not see fire/crash/disaster happening right away, then it won't happen at all and all precautions are meaningless. I strongly object to this.

1. Buckle up seat belt behind ones back while in a city because car maker added annoying warning if you don't. No control provided to disable the warning.

Have you ever had even a slight crash/accident or even braked really hard on dry asphalt? Good bang from braking/crash to your (or your family member/friend) face/head can be very insightful. Seatbelt does not really bother anyone to wear them. At the same time seatbelt helps to stay in the seat (don't even think what can happen when car doors open unexpectedly in the corner and kid slips out. Seatbelt prevents that) during cornering and braking - your as a driver and passenger are much better off, no question.

I have met some "smart" people with similar view to yours on seatbelt in the city - all of them are either inexperienced drivers or do not drive at all.

2. Disable speaker attached to fire alarm system in a building where false alarms go off so often it is impossible to sleep. Again - no button to disable.

Seriously?

3. Disables ABS on you VW (no button to do that) so I that we can do some drifting on parking lot.

In my opinion, disabling ABS has no fun aspect to it (locking wheels is no fun, really - you will just trash tires and look like a non smart person). Also, disabled ABS reduces your ability to stop AND steer.

There are some myths that ABS increases braking distance and that "real" driver can stop quicker - this is 100% BS and nonsense, you have no chance in comparison to ABS.
ESP (electronic stability control) is partly based on ABS sensors - if ABS doesn't work, ESP won't work either (IIRC). Disabling ESP in controlled environment can have entertainment value.

[Kohanbash]

Hi
While not a formal course if you want to work with safety/critical embedded systems you can get a dev kit for a safety type micro.

For example the TI Hercules http://www.ti.com/lsds/ti/microcontroller/safety_mcu/applications.page is a good place to start. They have inexpensive launchpad development kits. You can play around with the ECC and stuff.