Embed Size (px)
Citation preview
University of Nigeria Virtual Library
Serial No
Author 1
OSUAGWU, Charles Chukwudi
Author 2
Author 3
Title On The Impact Of Environmental Of Safety Of Large Scale Digital Systems
Keywords
Description On The Impact Of Environmental Of Safety Of Large Scale Digital Systems
Category
Engineering
Publisher Large Scale System Research Group
Publication Date July,1989
Signature
.
RESEARCH GROUP c/o Faculty of Ennineering, UNIVERSITY OF BENIN P. M. B. 1154 BENIN CITY, NIGERIA TEL: 052/200250 - 289 (40 LINES) EXT. 2832
. TELEX 41365
Dr C. C. Osuagwu Dept of Electronic Engineering University of Nigeria Nsukka Nigeria.
Dear Dr Osuagwu,
LETTER OF ACCEPTANCE
This is to inform you that your papers here-under listed have been accepted for publication,based on the recommendation of the assessors.
1. ON THE IMPACT OF COMPUTER ENVIRONMENT ON SAFETY OF LARGE SCALE DIGITAL
SYSTEMS (C . C . Osuagwu - author) and 2. ON-LINE PATIENT MONITORING SYSTEMS (J. 0. Agada & C. C. Osuagwu - authors). The papers will appear in the book of Proceedings titled "Large Scale Systems in Developing Countries - Vol. 2". Kindly pass on this information-to your co-author in respect of item 2 above.
I congratulate you on this achievepent-
Yours sincerely,
- DIRECTORS OF RESEARCH
j. 0. ASALOR EXL 2724 , E. A. ONIBERE E x t 2049 , G. C. OVUWORIE Ext. 2602,2438. /
! control and manufacturing, the need to ensure s a f e operation i n
order to avert industrial disasters become paramount. For example,
the. need to avoid an out-of-sequence error in a computer controlled
i t r a f f i c l i g h t t o r a c i t y i s o b v i o u : ~ . S h o u l d a n error (h;rrciw~,irc
o r software) cause t h e o u t p u t l i g h t s e q u e n c e I
, accidents w i l l occur. It is b e c a u s e s o f t w a r e errors c a n d r i v e -
p r o c e s s or m a n u f a c t u r i n g p l a n t s i n t o u n s a f e s t a t e s t h i l t Leveson 2-7
h a s p r o p o s e d t h i t s o f t w a r e f o r s a f e t y - c r f t i c a l s y s t e m s must i n c l u d e
n o t o n l y what t h e s y s t e m w i l l do ( f u n c t i o n a l
r e q u i r e m e n t s ) b u t w h a t i t w i l l n o t do."
L a r g e scale s y s t e m s are g e n e r a l l y r e q u i r e d to p r o d u c e h i g h
. q u a l i t y g o o d s a t c o m p e t i t i v e p r i c e s . I n c r e a s i n g l y , s u c h s y s terns
are c o m p u t e r - c o n t r o l l e d i n o r d e r to c o p e e f f e c t i v e l y w i t h t h e cornple-
x i t ies i n v o l v e d . C o n s i d e r m a n u f a c t u r i n g f o r example . Any manu-
f a c t u r i n g p l a n t ( o p e r a t i n g i n t h e . m a n u a 1 o r e l e c t r o - m e c h a n i c a l
c o n t r o l mode fo r e x a m p l e ) a c c e p t s raw m a t e r i a l i n p u t s and t r a n s f o r m s
t h e s e i & u t s t h r o u g h a f i n i t e s e q u e n c e o f s t a g e s to p r o d u c e a
d e s i r e d s p e c i f i e d p r o d u c t . A t e a c h s t a g e , t h e m a t e r i a l o r sub-
p r o d u c t u n d e r g o e s a s e q u e n c e of s t a t e c h a n g e s t h a t b r i n g s i t n e a r e r
t o i t s f i n a l form. T h e s e s t a t e c h a n g e s embody i n f o r m a t i o n a b o u t
t h e ' p r e s e n t s ta te , t h e d e s i r e d n e x t s t a t e and t h e p r o p e r i n p u t s o r
parameters r e q u i r e d to e f f e c t 1 t h i s change . It i s a l s o embod ie s
s u c h k n o w l e d g e as w h e t h e r t h e t r a n s f o r r n a t i o n ( s t a t e c h a n g e ) h a s been
p r o p e r l y e f f e c t e d or n o t , and what t o d o i n t h e c a s e o f a n u n a c c e p t -
able a t r a n s f o r m ( r e j e c t o r r ework 1.
T h e s e s e q u e n c i n g c o n t r o l a c t i ' o n s a r e i n f o r m a t i o n p r o c e s s i n g
. o p e r a t i o n s and t h e r e f ore c a n be a u t o m a t e d . I n a computer -con t ro l l e d
~ i r n ~ - ~ h a s rightly s u g g e s t e d t h a t s u c h d a t a ' d r i v e n l a r g e s c a l e
m a n u f a c t u r i n g plants ( o r process p l a n t s ) c a n be modelled as
automatons w i t h t h e s i m p l i f i e d formal s t r u c t u r e shown i n f i g . 1.
pig 1. ~ o r m a l S t r u c t u r e of M a n u f a c t u r i n g P l a n t as I n f o r m a t i o n Processor.
The a d v a n t a g e s of such c o m p u t e r - c o n t r o l l e d large scale
1
Oufpul Output function
3
j ' I
Input
Rules b
Plans and operations
systems are immense. F o r example, the CAESAR project i n B r i t a i n f i 7 .- -
t
Knowledge
.
enables the C e n t r a l E l e c t r i c i t y G e n e r a t i n g Board (CEGBI among
other things:
4
~chccl u l e d ark1 unx l i cd u l e d main kcr~arlco nrd
t even t h e t c l e v i s l o n proyrnmrr!!"
I t i s t h i s irnmcns,e power and flexlblllty t h a t makes cu~sputerz
c o n t r o l l e d l a r g e s c a l e systems so a t t r a c t i v e . ,By p r e s e n t i n g an .
o p e r a t o r with a c c u r a t e and timely i n f o r m a t i o n a b o u t the status of
a p r o c e s s , p r o d u c t o r p l a n t , t h e c o m p u t e r e n a b l e s an o ~ e r a t o r
t h e
resL
; y s terns p a r t i c u l a r l y t h e b e l i e f t h a t t h e
jters are a l w a y s correct qnd t h a t a l l software
packages a r e relzable. ~ q u a l l y d i s t u r b i n g is t h e l a c k o f s t r a t e g i c
p l a n n i n g by g o v e r n m e n t s and i n d u s t r i e s aimed a t p r o v i d i n g e f f e c t i v e 4
knowledge and t e c h n i c a l s k i l l s f o r w o r k e r s engaged i n knowiedge
i n t e n s i v e work i n l arge scale d i g i t a l s y s t e m s . Knowledge i n t e n s i v e
work requires w o r k e r f l e x i b i l i t y ( a c q u i s i t i o n a f a p o r t f o l i o of
.' skills) and a commitment t o life l o n g l e a r n i n g as a resul t Of t h e
r a p i d F There seems to be the mls-
concept lping' c o u n t r i e s t h a t h i g h l e v e l
l i q h t c
the saf
for
i o n s
-ganised s e t of.
F i g
The process or plant v a r i a b l e s of i n t e r e s t are monitored u s i n g
, a v e r i e t y of transducers and s e n s o r s . These analogue s e n s o r
signals are conditioned ( a m p l i f i e d and f i l t e r e d ) and c o n v e r t e d to
digital form before t h e y are i n p u t t o t h e d i g i t a l c o n t r o l l e r . The
d i g i t a l c o n t r o l l e r irnplernen ts a p r e - d e f i n e d c o n t r o l pollcy and
depend ing on t h e values of t h e inpu t s i g n a l s , selects and I n i t i a t e s
,qnnrhnr 1 24.0 r n n C r n 1 ~ ~ C I f i n r
of the system ( s t a t u s
&s m o n i t o r and judge t h e
In t h i s way, t h e d e s i r e d
- - ,----... -" -.---... ,---..-, -.. - YU-L._I.'a~tory manner. The d i a i t a l controller mav be i r n ~ l e m e n t e d i n a varietv of
We s h a l l restrict our t rea tment i n t h i s paper to t h e class of
The computer environment of l a r g e scale d i g i t a l s y s t e m s
c o n s i s t s of t h e hardware , s o f t w a r e and i n p u t - o u t p u t r e s o u r c e s t h a t
era3bles a computer relate f u n c t i o n a l l y t o t h e c o n t r o l l e d s u b s y s t e m .
T h i s e n v i r o n m e n t i s quite complex d u e to t h e l a r g e number of hard-
w a r e components and s o f t w a r e modules i n t h e s y s t e m , t h e c o m p l e x i t y
of $he l o g i c a l o r g a n i s a t i o n , t h e hardware-sof tware i n t e r a c t i o n ,
i n e
f e c t e d
x n e cornpucer env l ronmenc nas c n e r e r o r e a a e c l s l v e l rnpac t
r u l u r e s OL- cornpiex r a l l u r e moaes c a n o r i g i n d c e rrorn;
i) t h e h a r d w a r e subsystem
ii) t h e software subsystem
iii) t h e i n p u b o u t p u t i n t e r f a c e J
iv) o p e r a t o r s .
It i s these f a i l u r e s t h a t l e a d to a c c i d e n t s .
I n e x a m i n i n g t h e various sources of e r r o r s i n t h e c o m p u t e r
e n v i r o n m e n t i n t h e f o l l o w f n g s e c t i o n s , t h e o b j e c t i v e w i l l b e t o
shov; -lot o n l y t h e i m p l i c a t i o n s of cornputeG u s e i n i n d u s t r i a l \
practi:e b u t a iso to s h e d light on the r n f s e o n c e p t i a n s d i s c u s s e d
9
i n s c b t i o n 1 as f o l l o w s :
i) t h e r e s u l t s p r o d u c e d by c o m p u t e r s c a n b e i n c o r r e c t .
i i ) t h e q u a l i t y of t h e s o f t w a r e c a n b e p o o r ,
211) c c i ~ s l d c r a . b l e knowledge and s k i l l s a r e r e q u i r e d t o
' o p e r a t e 2nd m a i n t a i n c o m p u t e r c o n t r o l l e d l a r g e
s c a l e d i g i t a l - s y s t e m s .
3.1, HARDYARE ERRORS
Compu te r s h a v e b e e n w i d e l y a d v e r t i s e d a s s y s t e m s t h a t
pzoduce very a c c u r a t e r e s u l t s a t h i g h s p e e d s . P e o p l e , t h e r e f o r e ,
expect t h a t r e s u l t s p r o d u c e d by c o m p u t e r s are always correct and
t h a t d e c i s i o n s t a k e n w i t h t h e a i d o f c o m p u t e r s a r e a l w a y s r i g h t .
T h e s e a s s y r n p t i o n s ' c a n d u l l o p e r a t o r s e n s i t i v i t y t o t h e ser i o u s
i n f o r m a t i o n p r o c e s s i n g errors t h a t can r e s u l t from t r a n s i e n t or
p e r m a n e n t f a u l k s i n t h e c e n t r a l p r o c e s s i n g , meqory or i n p u t - o u t p u t
u n i t s .
Ha rdware f a u l t s c a n e x i s t , i n any of t h e s e s u b s y s t e m s and .may j ' I
be d u e t o
i) d e v i c e f a i l u r e s ( o p e n or s h o r t c l r c u i t f a u l i s )
' i i ) i n t e r c o n n e c t i o n f a i l u r e s
i l l ) bus fa i lures
These f a u l t s may l e a d t o n u m e r i c a l errors t h a t a r e v e r y d i f f i c u l t
t o d e t e c t , The p r o b l e m c a n b e f rom t h e h a r d w a r e a r c h i t e c t u r e , f o r
example, c o m p u t a t i o n a l errors a r i s i n g f rom a series o f , t r u n c a t i o n -
o r r o u n d o f f as a r e s u l t of l i m i t e d word l e n g t h , Hardware errors
may o c c u r a s a r e s u l t of o t h e r i n n u m e r a b l e c a u s e s i n c l u d i n g a d v e r s e
e n v i r o n m e n t a l c o n d i t i o n s l i k e power f a i l u r e s and f a i l u r e s o f a i r
c o n d i t i o n i n g e q u i p m e n t .
If t h e s e f a u l t s are n o t c l e a r e > d , t h e y may r e s u l t i n a s y s t e m
c r a s h or to a c c i d e n t s . U n f o r t u n a t e l y i n mos t d e v e l o p i n q c o u n t r i e s ,
The m a i n t e n a n c e p o l i c y is s i m p l y to replace f a u l t y p r i n t e d c i r c u i t
b o a r d s (PCB) w i t h good o n e s and e i t h e r . t h r o w away t h e f a u l t y o n e s
( i t m a y h a v e o n l y a s i n g l e d e v i c e d e f e c t i v e ) o r stock s u c h boards
2nd s h i p them o v e r s e a s f o r d i a g n o s i s up t o component l e v e l and ~ ~ u b - - - - -
s e q u e n t r e p a i r o f t h e pcb's LSJ. Pynn L6J condemns t h e t h r o w
away p o l i c y : I
"since a s s e m b l e d b o a r d s r e p r e s e n t a subs t a n t i a l 1
i n v e s t m e n t i n p a r t s and l a b o r thcy r a r e l y a r e 9 " ,
just thrown away i f t h e y d o n v t w o r k , "
B e n n e t s C 7 7 i n s i s t s t h a t a l l boards s h o u l d be r e p a i r e d u n t i l t h c y - work. The d i s a d v a n t a g e s of e x p o r t i n g o u r c o m p u t e r h a r d w a r e main-
t e n a n c e o v e r s e a s i n c l u d e :
1) huge c o s t s i n l o s t e x p e r t i s e , s k i l l s and j o b s .
2) s u b s t a n t i a l f o r e i g n e x c h a n g e needed t o p u r c h a s e a
' l a r g e i n v e n t o r y of s p a r e PCB.
3 ) cos tS ,o f c o n t i n u e d d e p e n d e n c e on f o r e i g n t e c h n i c a l
e x p e r t i s e .
p l ann
huge
o n l y
opera
that
t h e L z LIIYIIICG~ 3 AII uc V C I V ~ I I I L J LUUIILL ICS LU Ur lpdCKdye dncl
m a i n t a i n s u c h s y s t e m s . I n t h i s way a l s o , t h e p o t e n t i a l for w o r k e r
s k i l l enhancemen t i s i n c r e a s e d .
-ge scale d i g i t a l s y s t e m s a r e them-
selves l a r g e s c a l e systems. Errors can , e x i s t i n t h e v a r i o u s l e v e l s
- o f t h e s o f t w a r e h i e r a r c y - t h e o p e r a t i n g s y s t e m s o f t w a r e (cornpuker
resource manager , compi l e r s , r u n - t i m e l i b r a r i e s , l i n k e r s , l o a d e r s
etc); and t h e a p p l i c a t i o n s o f t w a r e , Errors i n t h e a p p l i c a t i o n
software can' e x i s t i n one or more modules of the . s o f t w a r e and can
be d u e t o %a v a r i e t y of causes: I . .
S p e c i f i c a t i o n errors: i n c o r r e c t , i n c o m p l e t e or, ambiguous specif i-
c a t i o n ; i n c o r r e c t s p e c i f i c a t i o n of how t h e s o f t w a r e wi , l l i n t e r a c t 1
with t h e h a r d w a r e and w i t h u s e r s .
Design errors: use o f incorrect a l g o r i t h m s , p o o r module d e s i g n ,
probl-em wi th . communication between p r o c e s s e s , irnperf e c t i o n i n the
design m e t h o d o l o g i e s o
Coding errors: m i s t a k e s i n t r a n n l a t i n g t h e d e s i g n ul;lr~cj irpl)roprll l tc!
programming l a n g u a g e ; errors d u e t o i n a d e q u a t e proqrnnnnir~y
s t a n d z r d s @kco
'Development errors: e r r o r s t h a t a r i s e as a r e s u l t of t h e u s e of
low q u a l i t y d e v e l o p m e n t too ls , t e a t ha rdware and sol' twi~r-n.
T h e s e sources of cr roro show t h a t t h c sof t w a r c t r ~ l v l r o i ~ ~ s c - ~ r t 1:;
very complex. I n f a c t Nakajo p8J h a s e s t a b l i s h e d t h a t a circular.
r e l a t i o n s h i p . e x i s t s between: 7
i) hudan errors on t h e p a r t o f t h e s o f t w a r e d e v e l o p e r .
i i ) p rog ram f a u l t s c a u s e d by human error.
i i i ) i m p e r f e c t i o n s i n t h e d e s i g n m e t h o d o l o g i e s or d e v e l o p -
m e n t p r o c e d u r e s t h a t c a u s e human errors.
S o f t w a r q errors may c a u s e a s y s t e m to c r a s h , may r e s u l t i n
zccidents and are e x p e n s i v e to debug ( f i n d i n g t h e f a u l t and making
a permanent f i x ) . Table 1 shows t h e - a v e r a g e e n g i n e e r i n g cost
ratio to f i x s o f t w a r e d e f e c t s for f a u l t s d i s c o v e r e d d u r i n g t h e
a p p r o p r i a t e phase w i t h t h e cost i n c u r r e d if t h e f a u l t was found
during . t es t ing ,
Defect o r i g i n / S p e c i f i c a t i o n
C o s t to fix defect if 1 '
discovered i n t h e
appropr ia te phase
Ues i g n Coding
1
i f 5ound d u r i n g
testing I
- i n g C o s t R a t i o to F i x
uer ec LS inucrp~ed from Grady f 9 7 ) -I
-..-- I I
Cost to fi;: dcizct ! 14.25
It can be seen that speci f i c a t f o n errors are t h e costllcst t o f l x
and a s LevesonL2J has p o i n t e d out, a la .rge number of errors
can be traced back to s p e c i f i c a t i o n errors,
ii) that s , a f e t y was s p e c i f i e d as a cr i ter ia i n a l l t h e
phases of software d e s i g n and deve lopment; and t h a t
13 I
I I strict v e r i f i a b l e s a f e t y s t a n d a r d s were
' e n f o r c e d i n the dcvd lopmen t of software f o r I
b l a r g e scale digital s y s t e m s .
Beyond t is minimum r e q u i r e m e n t s , i t 19' t h e d u t y of
d e v e l o p i n g c o u k t r i c s t o e n c o u r a g e r e s e a r c h i n t h e d e s i o n and
d e ~ ~ e l o p m e n t o f , large scale s o f t w a r e ; and to s I
t o detect and kix I .
li t y t o mod i fy / o r I
s o f t w a r e d e f e c t s a s w e l l 1 - e n h a n c e e x i s t i n g software LO. c o p e w l t l n cnangea
o p e r a t i n g objettives. T h i s c a l l s f o r i n v e s t m e n t s i n software
tools and i n t a i n i n g . A p r o p e r cost b e n e f i t a n a l y s i s w i l l s h o w
that s 9 ~ c h inve t m e n t s w i l l r e s u l t i n reduced d e f e c t finding t i m e ,
r e d u c e d defectlf ix times, greater p r o d u c t i v i t y and safer and more
: r e l i ab l e ope raAion of l a r g e scale d i g i t a l s y s t e m s . I
machines t h a n hhrnan beings. T h e s e i n p u t d i a l o g u e , w h e t h e r command
opera tor t r a i n i n g of course
I Operator errors. Clearly, t h e I n C b A I.UAU..ULb --. -..-- \-
I reduces but can not eliminate
C a r F , . r r a h a r A r r a r n and c n F t w a r a
I J .st:.-.l~.:!.d be d z s l
operator. error . I
ive
I aimed a t creat
~ o n m u n i c a t i o n J a u c n numan l n t e r t aces stmula or t er e x p l a n a c ion
facilities as as t u t o r i n g capability. T h i s w i l l enable
operators leadn more about t h e working of large scale d i g i t a l
systems and h n c e i r n l x o v e s a f e !ty consicferabl y.
The cridical q u t t s t i o n i n considering t h e t safety of large I -
scale d i g i t a l !systems in developing countries can be posed as
- Who is l i a b l e in r a s e of a rnainr a c c i d e n t ? Obviouslv forpian
des t:
c om
i n i
cn~s ' and
p lanners
