Developing Safety-oriented Systems

Standards, design and test

The session will cover IEC61508 Safety standard for Industrial applications and
DO178B standard for Avionics. From standard development to practical applications.

Presentations will be made by:

Dugald Campbell Freescale

“ Making Industrial Embedded Systems Safer”

“Complying with IEC 61508 SIL2 ,SIL3, or IEC 60730 class B, class C, what do I need  to have to ensure compliance ?” is a fundamental question for today’s industrial embedded system designers. This paper discusses  requirements of an embedded system to comply with standards IEC 61508, IEC 60730 to provide reliable software  and hardware safety and system integrity checks.  Introduction to  IEC 61508 and IEC 60730 are discussed.  Focusing on the needs of a microcontroller, components such as program memory, data memory, CPU operation, interrupts, program flow are examined and suggested hardware and periodic software test routines are described. Essential components for embedded microcontrollers are highlighted for the various safety classifications.

Working for Freescale Semiconductor Limited, Scotland.  Worked in embedded microcontroller market for  more than  20 years  focusing on designing new microcontrollers in the industrial and consumer.  Responsible for identifying future technical needs both hardware and software for embedded microcontrollers 8-bit to 32bit.  Experienced in EMC design considerations and software integrity and safety.

Rickard Johansson Saab AB

“Safe software and RTCA/DO-178B  Software Considerations in Airborne Systems and Equipment”

Software has for last 20 years been relied upon within the civil aircraft domain to control safety critical functions.  RTCA/DO-178 has been used by airworthiness authorities worldwide since the 1982 to ensure that the industry implements software in a way that does not compromise aircraft safety. RTCA/DO-178B is increasingly being used within the military domain and have even been used outside the airspace industry – for instance in development of safety critical software for nuclear submarines.

The presentation will cover both system and software aspects of using RTCA/DO-178B as well as what changes we can expect in the new revision C which is expected to be released next year.

Rikard Johansson has worked as a software and systems engineer at Saab Aerosystems in Linköping since 1989. Starting out as a team member developing software for the Gripen flight control system he has since worked with development planning, software and safety related issues and software quality assurance on various safety critical systems on the Gripen aircraft. UAVs and systems intended for the civilian market.

From 2004 to 2008, Rikard was responsible for all software development at Saab Aerosystems. In this capacity he led the software aspects of certification of the Gripen.

In 2008 Rikard was appointed Technical Fellow within Safety Critical Software Engineering. He is also a member of SC-205/WG-71 which is the international working group developing RTCA/DO-178C/ED-12C.

Rikard is currently technical manager for the avionics system in Gripen NG, the latest version of the Gripen fighter aircraft.

Kai Hansen ABB

"ABB IEC 61508 compliant safety system"

Abstract:  This talk will describe a safety product that is used for protecting against industrial accidents at oil-platforms, refineries, chemical industry and other plants where explosive and poisonous material is used.  Examples of these type of accidents are shown.  We will show how a safety system is integrated into a modern electronic control system controlling the whole plant and how this is planned and engineered.  The more detailed embedded design is then described showing e.g. how CPUs from Freescale and operating systems from WindRiver is used together in order to obtain SIL 2 and SIL 3 certification from TÜV on the AC800M HI control system.  Some examples on what it takes to fulfill the requirements on methodology and software development is given.

Kai Hansen has a Ph.D. in physics and has been working with embedded systems in ABB Corporate Research the last 12 years where he has the role of Senior Principal Scientist and Group Leader.  He has been and is involved in several of ABB’s safety development projects in various European countries, both on system level, on defining methodology and with software development.  In addition to safety, he has been working on other real-time applications, Ethernet communication for industrial applications, security issues and wireless.  He is also actively working in IEEE and other organizations.

Guido Sandmann MathWorks

"Verification and Validation of Generated Code in the Context of IEC 61508"

Production code generation with Model-Based Design has successfully replaced manual coding across various industries and application domains. Furthermore, code generated from executable graphical models is increasingly being deployed in high-integrity embedded applications.
To validate the model-to-code translation process, generated software components and its precursory stages (i.e. models) should be subjected to an appropriate combination of verification and validation techniques. For safety-related applications, compliance with safety standards such as IEC 61508 needs to be demonstrated as well.
On principle, verification and validation of generated code could be carried out in the same manner as for hand code. However, this would not leverage the advantages of Model-Based Design and with respect to process efficiency this would leave something to be desired. Therefore, engineering methods and tools for effective and efficient verification and validation of models and generated code are highly desirable.
As a step towards this goal, we will discuss a workflow for verification and validation of models and the generated code and map it onto the objectives of IEC 61508-3. Cornerstones of the workflow are:
• Design verification: Functional tests and static analyses at the model level
• Code verification: Numerical equivalence tests between models and generated code to demonstrate that the execution semantics of the model is being preserved during code generation, compilation and linking

We will use a Model-Based Design tool chain including Simulink and Real-Time Workshop Embedded Coder to illustrate the workflow.
The workflow has been assessed by TÜV SÜD and was one the foundations for the certificate of the Real-Time Workshop Embedded Coder code generator to IEC 61508 that has been issued by this certification authority. The workflow and the corresponding certificate for Real-Time Workshop Embedded Coder as well as similar artifacts for the PolySpace Code Verification tool for C are made available as part of the ‘IEC Certification Kit’ product from The MathWorks.

Guido Sandmann, Automotive Marketing Manager, EMEA
Since January 2007, Guido Sandmann holds the position of the Automotive Marketing Manager at The MathWorks, responsible for the European region. Within this technical marketing position he works on message creation with respect to the MathWorks products and solutions dedicated to the automotive industry. In addition, he works closely with customers in order to discuss their requirements for improvements and enhancements of the MathWorks’ product portfolio – especially in areas like AUTOSAR or safety-related application development.
Before joining the MathWorks, Guido worked for companies like dSPACE and OSC – Embedded Systems, companies with a strong focus on the automotive industry and expertise in topics like testing and verification, OSC – Embedded Systems with a strong focus on formal methods.
Guido has a Diploma from the University of Oldenburg as Computer Scientist.

Christian Strzyz  CC-System:

“Safety critical embedded systems development”

The Safety critical embedded systems development presentation gives a general system safety introduction, the framework CC Systems is applying to build safety into its products, examples of safety product development projects, and further directions for the future of safety for CC Systems. The safety introduction covers legal as well as management and technical issues with stress on the technical means and measures during design and construction of electronically programmable devices.