Safecomp 1998


Sunday 4th October
Leading researches and practitioners will present tutorials on Sunday 4th October between 14.00 and 18.00. Three tutorials are planed: Safety Case Development Safer use of C in Embedded Systems Programming Draft International Standard IEC 61508 Whether a tutorial is run depends on having enough participants. We hope all tutorials will be presented, but this cannot be guaranteed. For this reason, please select first and second choice tutorials on the registration form. Tutorial 1: Safety Case Development - Robin Bloomfield, Adelard, UK A safety case is a requirement in many safety standards. Explicit safety cases are required for military systems, the off shore oil industry, rail transport and the nuclear industry. Furthermore, equivalent requirements can be found in other industry standards, such as IEC 1508, the EN 292 Machinery Directive and DO 178B for avionics. In regulated industries such as the nuclear industry, the need to demonstrate safety to a regulator can be a major commercial risk. For example the computer-based Darlington Reactor Protection System in Canada required around 50 man years of software assessment effort which was probably more than the effort required to develop the software. The Adelard safety case development methodology (SCAD) seeks to minimise safety risks and commercial risks by constructing a demonstrable safety case. The main features of the methodology are: The safety case makes claims about the behaviour of the system (i.e. functional behaviour and system attributes) and methods for structuring the safety arguments which are both understandable and traceable. Safety case development is an integral part of the development process, so that the feasibility and costs of the associated safety case are considered from the outset. The tutorial will describe the basic technical approach together with the associated management and procedural aspects of implementing a safety case. Specific safety case examples will be used to illustrate the technical approach. Tutorial 2: Safer use of C in Embedded Systems Programming - Paul Edwards, Rover Group Ltd, UK The tutorial will be based around the "Guidelines for the use of the C language in vehicle based software", published in April 1998 by the UK's Motor Industry Software Reliability Association (MISRA). It will consider how the use of such programming guidelines (or language 'subset') can make an important contribution to the overall integrity of code, and provide practical guidance in applying the Guidelines. The content of the tutorial will include: The C language and problems associated with it The use of C in embedded systems, with examples from the automotive industry Background to the development of the MISRA C Guidelines The Guidelines within wider system lifecycle issues Content of the Guidelines Practical advice on adopting the Guidelines within a company Associated topics such as: coding style guidelines, deviation procedure, complexity metrics, choosing and validating compilers The use of static checking tools The tutorial will be of interest to anyone using, or thinking of using, C in either safety-related systems or embedded systems (or both). It will also be of interest to anyone concerned with issues of programming languages for safety-related systems. Tutorial 3: Draft International Standard IEC 61508 - Ron Bell, HSE, UK and Rainer Faller, TÜV-Bayern, D The tutorial will provide an overview of the proposed International Electrotechnical Commission (IEC) standard (IEC 61508) on "Functional safety of electrical/ electronic/ programmable electronic safety-related systems". The standards sets out a generic approach for all Safety Lifecycle activities for electrical/ electronic/ programmable electronic systems (E/E/PESs) that are used to perform safety functions. The emergence of this international standard should be a major step towards the adoption of a more rational and consistent technical policy for all electrically based safety-related systems. A major objective is to facilitate the development of application sector standards. In detail the tutorial will cover: Parts structure of IEC 61508 IEC Basic Safety Publication: Applicability to IEC 61508 Strategy to achieve functional safety of E/E/PE safety-related systems Role of the Safety Lifecycle in the Specification & Design process Safety Integrity levels Risk reduction concepts Hardware Safety Integrity Quantitative and Qualitative approaches Goals and messages of Software Requirements Refined life-cycle model: V-model Functional Safety Management - relation to process flow oriented Quality Management Other standards to be considered Software Development - forward path, including Requirements specification - requirements traceability Design and implementation - procedures and techniques Testing - integration sequence and methods Version and configuration management User defined application programs - limited variability programs Software Maintenance and Enhancement - backward path, including Feedback tracking and evaluation Modification procedure and impact analysis Regression testing Functional safety management: Learn for the future Documentation requirements Experience with the co-existance of IEC 61508-3 with other software safety standards like EN 50128, IEC 601-1-4, DIN V VDE 0801 A1, and DO 178B PES complexity & implications for conformity assessment Way ahead and concluding remarks. Key parts of IEC 61508 are expected to be published in 1998; with the other parts in 1999.

Sunday 4th October

Leading researches and practitioners will present tutorials on Sunday 4th October between 14.00 and 18.00. Three tutorials are planed:

Safety Case Development
Safer use of C in Embedded Systems Programming
Draft International Standard IEC 61508

Whether a tutorial is run depends on having enough participants. We hope all tutorials will be presented, but this cannot be guaranteed. For this reason, please select first and second choice tutorials on the registration form.

Tutorial 1: Safety Case Development
- Robin Bloomfield, Adelard, UK
A safety case is a requirement in many safety standards. Explicit safety cases are required for military systems, the off shore oil industry, rail transport and the nuclear industry. Furthermore, equivalent requirements can be found in other industry standards, such as IEC 1508, the EN 292 Machinery Directive and DO 178B for avionics. In regulated industries such as the nuclear industry, the need to demonstrate safety to a regulator can be a major commercial risk. For example the computer-based Darlington Reactor Protection System in Canada required around 50 man years of software assessment effort which was probably more than the effort required to develop the software.
The Adelard safety case development methodology (SCAD) seeks to minimise safety risks and commercial risks by constructing a demonstrable safety case. The main features of the methodology are:

The safety case makes claims about the behaviour of the system (i.e. functional behaviour and system attributes) and methods for structuring the safety arguments which are both understandable and traceable.
Safety case development is an integral part of the development process, so that the feasibility and costs of the associated safety case are considered from the outset.

The tutorial will describe the basic technical approach together with the associated management and procedural aspects of implementing a safety case. Specific safety case examples will be used to illustrate the technical approach.

Tutorial 2: Safer use of C in Embedded Systems Programming
- Paul Edwards, Rover Group Ltd, UK
The tutorial will be based around the "Guidelines for the use of the C language in vehicle based software", published in April 1998 by the UK's Motor Industry Software Reliability Association (MISRA). It will consider how the use of such programming guidelines (or language 'subset') can make an important contribution to the overall integrity of code, and provide practical guidance in applying the Guidelines. The content of the tutorial will include:

The C language and problems associated with it
The use of C in embedded systems, with examples from the automotive industry
Background to the development of the MISRA C Guidelines
The Guidelines within wider system lifecycle issues
Content of the Guidelines
Practical advice on adopting the Guidelines within a company
Associated topics such as: coding style guidelines, deviation procedure, complexity metrics, choosing and validating compilers
The use of static checking tools

The tutorial will be of interest to anyone using, or thinking of using, C in either safety-related systems or embedded systems (or both). It will also be of interest to anyone concerned with issues of programming languages for safety-related systems.

Tutorial 3: Draft International Standard IEC 61508
- Ron Bell, HSE, UK and Rainer Faller, TÜV-Bayern, D
The tutorial will provide an overview of the proposed International Electrotechnical Commission (IEC) standard (IEC 61508) on "Functional safety of electrical/ electronic/ programmable electronic safety-related systems". The standards sets out a generic approach for all Safety Lifecycle activities for electrical/ electronic/ programmable electronic systems (E/E/PESs) that are used to perform safety functions. The emergence of this international standard should be a major step towards the adoption of a more rational and consistent technical policy for all electrically based safety-related systems. A major objective is to facilitate the development of application sector standards.
In detail the tutorial will cover:

Parts structure of IEC 61508

IEC Basic Safety Publication: Applicability to IEC 61508

Strategy to achieve functional safety of E/E/PE safety-related systems

Role of the Safety Lifecycle in the Specification & Design process

Safety Integrity levels

Risk reduction concepts

Hardware Safety Integrity

Quantitative and Qualitative approaches

Goals and messages of Software Requirements

Refined life-cycle model: V-model

Functional Safety Management - relation to process flow oriented Quality Management