University of Nigeria - unn.edu.ng · University of Nigeria Nsukka Nigeria. Dear Dr Osuagwu, LETTER...

University of Nigeria Virtual Library

Serial No

Author 1

OSUAGWU, Charles Chukwudi

Author 2

Author 3

Title On The Impact Of Environmental Of Safety Of Large Scale Digital Systems

Keywords

Description On The Impact Of Environmental Of Safety Of Large Scale Digital Systems

Category

Engineering

Publisher Large Scale System Research Group

Publication Date July,1989

Signature

.

RESEARCH GROUP c/o Faculty of Ennineering, UNIVERSITY OF BENIN P. M. B. 1154 BENIN CITY, NIGERIA TEL: 052/200250 - 289 (40 LINES) EXT. 2832

. TELEX 41365

Dr C. C. Osuagwu Dept of Electronic Engineering University of Nigeria Nsukka Nigeria.

Dear Dr Osuagwu,

LETTER OF ACCEPTANCE

This is to inform you that your papers here-under listed have been accepted for publication,based on the recommendation of the assessors.

1. ON THE IMPACT OF COMPUTER ENVIRONMENT ON SAFETY OF LARGE SCALE DIGITAL

SYSTEMS (C . C . Osuagwu - author) and 2. ON-LINE PATIENT MONITORING SYSTEMS (J. 0. Agada & C. C. Osuagwu - authors). The papers will appear in the book of Proceedings titled "Large Scale Systems in Developing Countries - Vol. 2". Kindly pass on this information-to your co-author in respect of item 2 above.

I congratulate you on this achievepent-

Yours sincerely,

- DIRECTORS OF RESEARCH

j. 0. ASALOR EXL 2724 , E. A. ONIBERE E x t 2049 , G. C. OVUWORIE Ext. 2602,2438. /

! control and manufacturing, the need to ensure s a f e operation i n

order to avert industrial disasters become paramount. For example,

the. need to avoid an out-of-sequence error in a computer controlled

i t r a f f i c l i g h t t o r a c i t y i s o b v i o u : ~ . S h o u l d a n error (h;rrciw~,irc

o r software) cause t h e o u t p u t l i g h t s e q u e n c e I

, accidents w i l l occur. It is b e c a u s e s o f t w a r e errors c a n d r i v e -

p r o c e s s or m a n u f a c t u r i n g p l a n t s i n t o u n s a f e s t a t e s t h i l t Leveson 2-7

h a s p r o p o s e d t h i t s o f t w a r e f o r s a f e t y - c r f t i c a l s y s t e m s must i n c l u d e

n o t o n l y what t h e s y s t e m w i l l do ( f u n c t i o n a l

r e q u i r e m e n t s ) b u t w h a t i t w i l l n o t do."

L a r g e scale s y s t e m s are g e n e r a l l y r e q u i r e d to p r o d u c e h i g h

. q u a l i t y g o o d s a t c o m p e t i t i v e p r i c e s . I n c r e a s i n g l y , s u c h s y s terns

are c o m p u t e r - c o n t r o l l e d i n o r d e r to c o p e e f f e c t i v e l y w i t h t h e cornple-

x i t ies i n v o l v e d . C o n s i d e r m a n u f a c t u r i n g f o r example . Any manu-

f a c t u r i n g p l a n t ( o p e r a t i n g i n t h e . m a n u a 1 o r e l e c t r o - m e c h a n i c a l

c o n t r o l mode fo r e x a m p l e ) a c c e p t s raw m a t e r i a l i n p u t s and t r a n s f o r m s

t h e s e i & u t s t h r o u g h a f i n i t e s e q u e n c e o f s t a g e s to p r o d u c e a

d e s i r e d s p e c i f i e d p r o d u c t . A t e a c h s t a g e , t h e m a t e r i a l o r sub-

p r o d u c t u n d e r g o e s a s e q u e n c e of s t a t e c h a n g e s t h a t b r i n g s i t n e a r e r

t o i t s f i n a l form. T h e s e s t a t e c h a n g e s embody i n f o r m a t i o n a b o u t

t h e ' p r e s e n t s ta te , t h e d e s i r e d n e x t s t a t e and t h e p r o p e r i n p u t s o r

parameters r e q u i r e d to e f f e c t 1 t h i s change . It i s a l s o embod ie s

s u c h k n o w l e d g e as w h e t h e r t h e t r a n s f o r r n a t i o n ( s t a t e c h a n g e ) h a s been

p r o p e r l y e f f e c t e d or n o t , and what t o d o i n t h e c a s e o f a n u n a c c e p t -

able a t r a n s f o r m ( r e j e c t o r r ework 1.

T h e s e s e q u e n c i n g c o n t r o l a c t i ' o n s a r e i n f o r m a t i o n p r o c e s s i n g

. o p e r a t i o n s and t h e r e f ore c a n be a u t o m a t e d . I n a computer -con t ro l l e d

~ i r n ~ - ~ h a s rightly s u g g e s t e d t h a t s u c h d a t a ' d r i v e n l a r g e s c a l e

m a n u f a c t u r i n g plants ( o r process p l a n t s ) c a n be modelled as

automatons w i t h t h e s i m p l i f i e d formal s t r u c t u r e shown i n f i g . 1.

pig 1. ~ o r m a l S t r u c t u r e of M a n u f a c t u r i n g P l a n t as I n f o r m a t i o n Processor.

The a d v a n t a g e s of such c o m p u t e r - c o n t r o l l e d large scale

1

Oufpul Output function

3

j ' I

Input

Rules b

Plans and operations

systems are immense. F o r example, the CAESAR project i n B r i t a i n f i 7 .- -

t

Knowledge

.

enables the C e n t r a l E l e c t r i c i t y G e n e r a t i n g Board (CEGBI among

other things:

4

~chccl u l e d ark1 unx l i cd u l e d main kcr~arlco nrd

t even t h e t c l e v i s l o n proyrnmrr!!"

I t i s t h i s irnmcns,e power and flexlblllty t h a t makes cu~sputerz

c o n t r o l l e d l a r g e s c a l e systems so a t t r a c t i v e . ,By p r e s e n t i n g an .

o p e r a t o r with a c c u r a t e and timely i n f o r m a t i o n a b o u t the status of

a p r o c e s s , p r o d u c t o r p l a n t , t h e c o m p u t e r e n a b l e s an o ~ e r a t o r

t h e

resL

; y s terns p a r t i c u l a r l y t h e b e l i e f t h a t t h e

jters are a l w a y s correct qnd t h a t a l l software

packages a r e relzable. ~ q u a l l y d i s t u r b i n g is t h e l a c k o f s t r a t e g i c

p l a n n i n g by g o v e r n m e n t s and i n d u s t r i e s aimed a t p r o v i d i n g e f f e c t i v e 4

knowledge and t e c h n i c a l s k i l l s f o r w o r k e r s engaged i n knowiedge

i n t e n s i v e work i n l arge scale d i g i t a l s y s t e m s . Knowledge i n t e n s i v e

work requires w o r k e r f l e x i b i l i t y ( a c q u i s i t i o n a f a p o r t f o l i o of

.' skills) and a commitment t o life l o n g l e a r n i n g as a resul t Of t h e

r a p i d F There seems to be the mls-

concept lping' c o u n t r i e s t h a t h i g h l e v e l

l i q h t c

the saf

for

i o n s

-ganised s e t of.

F i g

The process or plant v a r i a b l e s of i n t e r e s t are monitored u s i n g

, a v e r i e t y of transducers and s e n s o r s . These analogue s e n s o r

signals are conditioned ( a m p l i f i e d and f i l t e r e d ) and c o n v e r t e d to

digital form before t h e y are i n p u t t o t h e d i g i t a l c o n t r o l l e r . The

d i g i t a l c o n t r o l l e r irnplernen ts a p r e - d e f i n e d c o n t r o l pollcy and

depend ing on t h e values of t h e inpu t s i g n a l s , selects and I n i t i a t e s

,qnnrhnr 1 24.0 r n n C r n 1 ~ ~ C I f i n r

of the system ( s t a t u s

&s m o n i t o r and judge t h e

In t h i s way, t h e d e s i r e d

- - ,----... -" -.---... ,---..-, -.. - YU-L._I.'a~tory manner. The d i a i t a l controller mav be i r n ~ l e m e n t e d i n a varietv of

We s h a l l restrict our t rea tment i n t h i s paper to t h e class of

The computer environment of l a r g e scale d i g i t a l s y s t e m s

c o n s i s t s of t h e hardware , s o f t w a r e and i n p u t - o u t p u t r e s o u r c e s t h a t

era3bles a computer relate f u n c t i o n a l l y t o t h e c o n t r o l l e d s u b s y s t e m .

T h i s e n v i r o n m e n t i s quite complex d u e to t h e l a r g e number of hard-

w a r e components and s o f t w a r e modules i n t h e s y s t e m , t h e c o m p l e x i t y

of $he l o g i c a l o r g a n i s a t i o n , t h e hardware-sof tware i n t e r a c t i o n ,

i n e

f e c t e d

x n e cornpucer env l ronmenc nas c n e r e r o r e a a e c l s l v e l rnpac t

r u l u r e s OL- cornpiex r a l l u r e moaes c a n o r i g i n d c e rrorn;

i) t h e h a r d w a r e subsystem

ii) t h e software subsystem

iii) t h e i n p u b o u t p u t i n t e r f a c e J

iv) o p e r a t o r s .

It i s these f a i l u r e s t h a t l e a d to a c c i d e n t s .

I n e x a m i n i n g t h e various sources of e r r o r s i n t h e c o m p u t e r

e n v i r o n m e n t i n t h e f o l l o w f n g s e c t i o n s , t h e o b j e c t i v e w i l l b e t o

shov; -lot o n l y t h e i m p l i c a t i o n s of cornputeG u s e i n i n d u s t r i a l \

practi:e b u t a iso to s h e d light on the r n f s e o n c e p t i a n s d i s c u s s e d

9

i n s c b t i o n 1 as f o l l o w s :

i) t h e r e s u l t s p r o d u c e d by c o m p u t e r s c a n b e i n c o r r e c t .

i i ) t h e q u a l i t y of t h e s o f t w a r e c a n b e p o o r ,

211) c c i ~ s l d c r a . b l e knowledge and s k i l l s a r e r e q u i r e d t o

' o p e r a t e 2nd m a i n t a i n c o m p u t e r c o n t r o l l e d l a r g e

s c a l e d i g i t a l - s y s t e m s .

3.1, HARDYARE ERRORS

Compu te r s h a v e b e e n w i d e l y a d v e r t i s e d a s s y s t e m s t h a t

pzoduce very a c c u r a t e r e s u l t s a t h i g h s p e e d s . P e o p l e , t h e r e f o r e ,

expect t h a t r e s u l t s p r o d u c e d by c o m p u t e r s are always correct and

t h a t d e c i s i o n s t a k e n w i t h t h e a i d o f c o m p u t e r s a r e a l w a y s r i g h t .

T h e s e a s s y r n p t i o n s ' c a n d u l l o p e r a t o r s e n s i t i v i t y t o t h e ser i o u s

i n f o r m a t i o n p r o c e s s i n g errors t h a t can r e s u l t from t r a n s i e n t or

p e r m a n e n t f a u l k s i n t h e c e n t r a l p r o c e s s i n g , meqory or i n p u t - o u t p u t

u n i t s .

Ha rdware f a u l t s c a n e x i s t , i n any of t h e s e s u b s y s t e m s and .may j ' I

be d u e t o

i) d e v i c e f a i l u r e s ( o p e n or s h o r t c l r c u i t f a u l i s )

' i i ) i n t e r c o n n e c t i o n f a i l u r e s

i l l ) bus fa i lures

These f a u l t s may l e a d t o n u m e r i c a l errors t h a t a r e v e r y d i f f i c u l t

t o d e t e c t , The p r o b l e m c a n b e f rom t h e h a r d w a r e a r c h i t e c t u r e , f o r

example, c o m p u t a t i o n a l errors a r i s i n g f rom a series o f , t r u n c a t i o n -

o r r o u n d o f f as a r e s u l t of l i m i t e d word l e n g t h , Hardware errors

may o c c u r a s a r e s u l t of o t h e r i n n u m e r a b l e c a u s e s i n c l u d i n g a d v e r s e

e n v i r o n m e n t a l c o n d i t i o n s l i k e power f a i l u r e s and f a i l u r e s o f a i r

c o n d i t i o n i n g e q u i p m e n t .

If t h e s e f a u l t s are n o t c l e a r e > d , t h e y may r e s u l t i n a s y s t e m

c r a s h or to a c c i d e n t s . U n f o r t u n a t e l y i n mos t d e v e l o p i n q c o u n t r i e s ,

The m a i n t e n a n c e p o l i c y is s i m p l y to replace f a u l t y p r i n t e d c i r c u i t

b o a r d s (PCB) w i t h good o n e s and e i t h e r . t h r o w away t h e f a u l t y o n e s

( i t m a y h a v e o n l y a s i n g l e d e v i c e d e f e c t i v e ) o r stock s u c h boards

2nd s h i p them o v e r s e a s f o r d i a g n o s i s up t o component l e v e l and ~ ~ u b - - - - -

s e q u e n t r e p a i r o f t h e pcb's LSJ. Pynn L6J condemns t h e t h r o w

away p o l i c y : I

"since a s s e m b l e d b o a r d s r e p r e s e n t a subs t a n t i a l 1

i n v e s t m e n t i n p a r t s and l a b o r thcy r a r e l y a r e 9 " ,

just thrown away i f t h e y d o n v t w o r k , "

B e n n e t s C 7 7 i n s i s t s t h a t a l l boards s h o u l d be r e p a i r e d u n t i l t h c y - work. The d i s a d v a n t a g e s of e x p o r t i n g o u r c o m p u t e r h a r d w a r e main-

t e n a n c e o v e r s e a s i n c l u d e :

1) huge c o s t s i n l o s t e x p e r t i s e , s k i l l s and j o b s .

2) s u b s t a n t i a l f o r e i g n e x c h a n g e needed t o p u r c h a s e a

' l a r g e i n v e n t o r y of s p a r e PCB.

3 ) cos tS ,o f c o n t i n u e d d e p e n d e n c e on f o r e i g n t e c h n i c a l

e x p e r t i s e .

p l ann

huge

o n l y

opera

that

t h e L z LIIYIIICG~ 3 AII uc V C I V ~ I I I L J LUUIILL ICS LU Ur lpdCKdye dncl

m a i n t a i n s u c h s y s t e m s . I n t h i s way a l s o , t h e p o t e n t i a l for w o r k e r

s k i l l enhancemen t i s i n c r e a s e d .

-ge scale d i g i t a l s y s t e m s a r e them-

selves l a r g e s c a l e systems. Errors can , e x i s t i n t h e v a r i o u s l e v e l s

- o f t h e s o f t w a r e h i e r a r c y - t h e o p e r a t i n g s y s t e m s o f t w a r e (cornpuker

resource manager , compi l e r s , r u n - t i m e l i b r a r i e s , l i n k e r s , l o a d e r s

etc); and t h e a p p l i c a t i o n s o f t w a r e , Errors i n t h e a p p l i c a t i o n

software can' e x i s t i n one or more modules of the . s o f t w a r e and can

be d u e t o %a v a r i e t y of causes: I . .

S p e c i f i c a t i o n errors: i n c o r r e c t , i n c o m p l e t e or, ambiguous specif i-

c a t i o n ; i n c o r r e c t s p e c i f i c a t i o n of how t h e s o f t w a r e wi , l l i n t e r a c t 1

with t h e h a r d w a r e and w i t h u s e r s .

Design errors: use o f incorrect a l g o r i t h m s , p o o r module d e s i g n ,

probl-em wi th . communication between p r o c e s s e s , irnperf e c t i o n i n the

design m e t h o d o l o g i e s o

Coding errors: m i s t a k e s i n t r a n n l a t i n g t h e d e s i g n ul;lr~cj irpl)roprll l tc!

programming l a n g u a g e ; errors d u e t o i n a d e q u a t e proqrnnnnir~y

s t a n d z r d s @kco

'Development errors: e r r o r s t h a t a r i s e as a r e s u l t of t h e u s e of

low q u a l i t y d e v e l o p m e n t too ls , t e a t ha rdware and sol' twi~r-n.

T h e s e sources of cr roro show t h a t t h c sof t w a r c t r ~ l v l r o i ~ ~ s c - ~ r t 1:;

very complex. I n f a c t Nakajo p8J h a s e s t a b l i s h e d t h a t a circular.

r e l a t i o n s h i p . e x i s t s between: 7

i) hudan errors on t h e p a r t o f t h e s o f t w a r e d e v e l o p e r .

i i ) p rog ram f a u l t s c a u s e d by human error.

i i i ) i m p e r f e c t i o n s i n t h e d e s i g n m e t h o d o l o g i e s or d e v e l o p -

m e n t p r o c e d u r e s t h a t c a u s e human errors.

S o f t w a r q errors may c a u s e a s y s t e m to c r a s h , may r e s u l t i n

zccidents and are e x p e n s i v e to debug ( f i n d i n g t h e f a u l t and making

a permanent f i x ) . Table 1 shows t h e - a v e r a g e e n g i n e e r i n g cost

ratio to f i x s o f t w a r e d e f e c t s for f a u l t s d i s c o v e r e d d u r i n g t h e

a p p r o p r i a t e phase w i t h t h e cost i n c u r r e d if t h e f a u l t was found

during . t es t ing ,

Defect o r i g i n / S p e c i f i c a t i o n

C o s t to fix defect if 1 '

discovered i n t h e

appropr ia te phase

Ues i g n Coding

1

i f 5ound d u r i n g

testing I

- i n g C o s t R a t i o to F i x

uer ec LS inucrp~ed from Grady f 9 7 ) -I

-..-- I I

Cost to fi;: dcizct ! 14.25

It can be seen that speci f i c a t f o n errors are t h e costllcst t o f l x

and a s LevesonL2J has p o i n t e d out, a la .rge number of errors

can be traced back to s p e c i f i c a t i o n errors,

ii) that s , a f e t y was s p e c i f i e d as a cr i ter ia i n a l l t h e

phases of software d e s i g n and deve lopment; and t h a t

13 I

I I strict v e r i f i a b l e s a f e t y s t a n d a r d s were

' e n f o r c e d i n the dcvd lopmen t of software f o r I

b l a r g e scale digital s y s t e m s .

Beyond t is minimum r e q u i r e m e n t s , i t 19' t h e d u t y of

d e v e l o p i n g c o u k t r i c s t o e n c o u r a g e r e s e a r c h i n t h e d e s i o n and

d e ~ ~ e l o p m e n t o f , large scale s o f t w a r e ; and to s I

t o detect and kix I .

li t y t o mod i fy / o r I

s o f t w a r e d e f e c t s a s w e l l 1 - e n h a n c e e x i s t i n g software LO. c o p e w l t l n cnangea

o p e r a t i n g objettives. T h i s c a l l s f o r i n v e s t m e n t s i n software

tools and i n t a i n i n g . A p r o p e r cost b e n e f i t a n a l y s i s w i l l s h o w

that s 9 ~ c h inve t m e n t s w i l l r e s u l t i n reduced d e f e c t finding t i m e ,

r e d u c e d defectlf ix times, greater p r o d u c t i v i t y and safer and more

: r e l i ab l e ope raAion of l a r g e scale d i g i t a l s y s t e m s . I

machines t h a n hhrnan beings. T h e s e i n p u t d i a l o g u e , w h e t h e r command

opera tor t r a i n i n g of course

I Operator errors. Clearly, t h e I n C b A I.UAU..ULb --. -..-- \-

I reduces but can not eliminate

C a r F , . r r a h a r A r r a r n and c n F t w a r a

I J .st:.-.l~.:!.d be d z s l

operator. error . I

ive

I aimed a t creat

~ o n m u n i c a t i o n J a u c n numan l n t e r t aces stmula or t er e x p l a n a c ion

facilities as as t u t o r i n g capability. T h i s w i l l enable

operators leadn more about t h e working of large scale d i g i t a l

systems and h n c e i r n l x o v e s a f e !ty consicferabl y.

The cridical q u t t s t i o n i n considering t h e t safety of large I -

scale d i g i t a l !systems in developing countries can be posed as

- Who is l i a b l e in r a s e of a rnainr a c c i d e n t ? Obviouslv forpian

des t:

c om

i n i

cn~s ' and

p lanners