Failure Mode and Effect Analysis. Software Development is Different



Similar documents
Quality Management. Lecture 12 Software quality management

JOURNAL OF MEDICAL INFORMATICS & TECHNOLOGIES Vol. 21/2012, ISSN

How To Write Software

ISO Introduction

Software-based medical devices from defibrillators

Design of automatic testing tool for railway signalling systems software safety assessment

Software quality engineering. Quality assurance. Testing

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

Software in safety critical systems

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

ASSESSMENT OF THE ISO STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY

Darshan Institute of Engineering & Technology Unit : 7

Mission Assurance Manager (MAM) Life Cycle Risk Management Best Practices David Pinkley Ball Aerospace MA Chief Engineer September 23, 2014

ISO Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview

Wireless Sensor Network Performance Monitoring

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Risk Assessment for Medical Devices. Linda Braddon, Ph.D. Bring your medical device to market faster 1

SOFTWARE ENGINEERING

What is a life cycle model?

Peer Review Process Description

Unit LT01 Carry Out Routine Lift Truck Maintenance

Edwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) elindsay@blueyonder.co.

Hazard Analysis and Critical Control Points (HACCP) 1 Overview

CSTE Mock Test - Part I - Questions Along with Answers

Peer Review Process Description

Building Metrics for a Process

1.1 The Nature of Software... Object-Oriented Software Engineering Practical Software Development using UML and Java. The Nature of Software...

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

Introduction of ISO/DIS (ISO 26262) Parts of ISO ASIL Levels Part 6 : Product Development Software Level

Fundamental Principles of Software Safety Assurance

Software Quality. Software Quality Assurance and Software Reuse. Three Important Points. Quality Factors

The FDA recently announced a significant

Embedded Systems Lecture 9: Reliability & Fault Tolerance. Björn Franke University of Edinburgh

Software Engineering Introduction & Background. Complaints. General Problems. Department of Computer Science Kent State University

FMEA of CO 2 Air Conditioning Systems

Issue 1.0 Jan A Short Guide to Quality and Reliability Issues In Semiconductors For High Rel. Applications

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk

FSW QA Testing Levels Definitions

Hardware in the Loop (HIL) Testing VU 2.0, , WS 2008/09

Document issued on: May 11, 2005

Risk Assessment and Management. Allen L. Burgenson Manager, Regulatory Affairs Lonza Walkersville Inc.

FSI Machine Vision Training Programs

Software Process Training

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

The Role of Information Technology Studies in Software Product Quality Improvement

How To Validate Software

Estimating Software Reliability In the Absence of Data

Software Quality Assurance Software Inspections and Reviews

Software Quality Management

Chap 1. Software Quality Management

Version: 1.0 Latest Edition: Guideline

Requirements-driven Verification Methodology for Standards Compliance

Noorul Islam College of Engineering M. Sc. Software Engineering (5 yrs) IX Semester XCS592- Software Project Management

DATA QUALITY MATURITY

Certification Authorities Software Team (CAST) Position Paper CAST-13

RAMS Software Techniques in European Space Projects

Project Risks. Risk Management. Characteristics of Risks. Why Software Development has Risks? Uncertainty Loss

National Heavy Vehicle Accreditation Scheme: Standards and Business Rules - Maintenance Management standards

SoMA. Automated testing system of camera algorithms. Sofica Ltd

Design Controls: Are They Worth the Effort?

Mission Operation Ground. ESA. Mario Merri GSAW, Los Angeles, USA 2 Mar 2011 ESA UNCLASSIFIED

AP1000 European 18. Human Factors Engineering Design Control Document

Software Project Models

CSTE Mock Test - Part III Questions Along with Answers

SECTION 16 TRAFFIC/SAFETY SECTIONS 16.1, 16.2 AND 16.3 ARE UNDER DEVELOPMENT

Overview of the System Engineering Process. Prepared by

Continuous Integration of service applications

How to Use the Design Process to Manage Risk: Elements of Design Controls and Why It Matters

Design Failure Modes and Effects Analysis DFMEA with Suppliers

ESTABLISHING A MEASUREMENT PROGRAM

Risk Mitigation, Monitoring and Management Plan

Service Manual Trucks

INTERIM ADVICE NOTE 179/14

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

Opportunities for HALT/HASS in designing robust electronics

E/ECE/324/Rev.1/Add.12/Rev.7/Amend.4 E/ECE/TRANS/505/Rev.1/Add.12/Rev.7/Amend.4

Created by: Austin Davis Neel Iyer Darcie Jones Sascha Schwarz

Failure Analysis Methods What, Why and How. MEEG 466 Special Topics in Design Jim Glancey Spring, 2006

Process Improvement. Objectives

Software Engineering. How does software fail? Terminology CS / COE 1530

The V-model. Validation and Verification. Inspections [24.3] Testing overview [8, 15.2] - system testing. How much V&V is enough?

OSW TN002 - TMT GUIDELINES FOR SOFTWARE SAFETY TMT.SFT.TEC REL07

Yaffs NAND Flash Failure Mitigation

D6 INFORMATION SYSTEMS DEVELOPMENT. SOLUTIONS & MARKING SCHEME. June 2013

Verification and Validation of Software Components and Component Based Software Systems

ACTION TRACKER - HOS CUSTOMER QUESTIONS

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT

Bringing Sexy Back to Insurance

Failure Modes, Effects and Diagnostic Analysis

SOFTWARE ENGINEERING IT 0301 Semester V B.Nithya,G.Lakshmi Priya Asst Professor SRM University, Kattankulathur

Introduction to Functional Verification. Niels Burkhardt

Rapid Application Development for Machine Vision A New Approach

SUPPLIER QUALITY MANAGEMENT SYSTEM QUESTIONNAIRE

INF-USB2 and SI-USB Quick Start Guide

Transcription:

Failure Mode and Effect Analysis Lecture 4-3 Software Failure Mode and Effects Analysis in Software Software Development, Pries, SAE Technical Paper 982816 Software Development is Different Process variation can never be eliminated or even reduced below a moderate level No two modules are alike so process performance always includes an intrinsic degree of variability There are very large differences in skills and experience from one developer to another Specifications are not based around tolerances Systems don't fail because they are assembled from many loosely toleranced components. A single well-placed defect in a low level component can be catastrophic 2 1

Measurements Software development processes can be fully characterized by three simple measurements Time: the time required to perform a task Size: the size of the work product produced Defects: the number and type of defects, removal time, point of injection and point of removal 3 Hardware vs Software Behavior over the system life cycle Hardware Model Early Life Failure (Infant Mortality) Useful Life (Constant Failure Rate) Wearout (End of Life) Failures Time 4 2

Software Life Cycle Trend Software Model Early Life Failure (Infant Mortality) Useful Life (Constant Failure Rate) Wearout (End of Life) Failures Time 5 Software Life Cycle Trend Software does not wear out in the physical sense, it deteriorates Deterioration is not a function of time It is a function of the side effects of changes made in the maintenance phase to: correct latent defects adjust software to changing requirements improve performance 6 3

Software Life Cycle Trend Hardware deteriorates due to lack of maintenance but software deteriorates because of maintenance Software doesn t wear out. It ceases to be useful and / or cost effective in a changing technical environment. Software failure is a function of usage, not of time 7 Software Applications: Anticipating software problems Prelude to test design Safety and hazard analysis, causes and potential solutions Documentation 8 4

SW SW is not to be a replacement for traditional software reliability methods, rather it is intended to be a systematic thinking tool, a means of anticipating issues and improving validation 9 Begin with Outputs Outputs are observable behavior Observable behavior leads to failure modes that may be detected by a driver, customer test group, or a servide organization One or more inputs will be related to each output At the end of the process, all outputs must capture all inputs 10 5

Form DESIGN PRODUCT: NO PART / SYSTEM: PAGE DRAWING REFERENCE: DATE: BY: SEVERITY OCCURRENCE EFFECTIVENES RPN = S x O x E PART OR SYSTEM NAME FUNCTION(S) POTENTIAL FAILURE MODE EFFECTS OF FAILURE -LOCAL, NEXT LEVEL, END USER S E V POTENTIAL CAUSES OF FAILURE O C C DESIGN VERIFICATION ACTIVITES E F F R P N ACTION PRIORITY RECOMMEN. CORRECTIVE ACTIONS RESPONSIB & D UE DATE ACTIONS TAKEN RESUL S O E C V C FUNCTION POTENTIAL EFFECTS OF SEV POTENTIAL OCC ENGINEERING EFF OUTPUT FAILURE MODE FAILURE CAUSES VERIFICATION RPN Speedometer / correct Gauge dither aperiodic vehicle speed Driver cannot assess speed resulting in safety hazard 10 Poor filter algorithm and oscillating data from sensor output 5 Test 001 - randomly oscillating signal 3 150 10 Input values not properly scaled 7 Test 003 - scaled input 2 140 Guage dither periodic Driver cannot assess speed resulting in safety hazard 10 Poor filter algorithm and oscillating data from sensor output 3 Test 001 - randomly oscillating signal 3 90 11 Example - Speedometer FUNCTION POTENTIAL EFFECTS OF SEV POTENTIAL OCC ENGINEERING EFF OUTPUT FAILURE MODE FAILURE CAUSES VERIFICATION RPN Speedometer / correct Gauge dither aperiodic vehicle speed Driver cannot assess speed resulting in safety hazard 10 Poor filter algorithm and oscillating data from sensor output 5 Test 001 - randomly oscillating signal 3 150 10 Input values not properly scaled 7 Test 003 - scaled input 2 140 Guage dither periodic Driver cannot assess speed resulting in safety hazard 10 Poor filter algorithm and oscillating data from sensor output 3 Test 001 - randomly oscillating signal 3 90 12 6

Severity SEVERITY of Effect None No effect 1 Very Minor Observable software-driven behavior does not conform to spec. 2 Discriminating customer notices Minor Observable software-driven behavior does not conform to spec. 3 Average customer notices Very low Observable software-driven behavior does not conform to spec. 4 Customer notices. Low Software makes item operable but comfort/convenience items 5 have reuced performance. Customer is uncomfortable Moderate Software makes item operable but comfort/convenience items 6 are inoperable. Customer is uncomfortable High Software makes item operable but at reduced levels of 7 performance. Customer dissatisfied Very high Software makes item inoperable with loss of primary function 8 Hazardous - Software failure affects safe operation of item and / or noncompliance 9 warning with government regulation Hazardous - no warning Software failure affects safe operation of item and / or noncompliance with government regulation 10 13 Interface Analyses Software Software units and components interface with each other through sub-routine arguments, through messages, or through a global pool. When possible, the software engineer should generate a complete analysis of interface variables using a software tool. Otherwise, the engineer must examine all assignment and quasi-assignment statements as candidates for software interface variables. 14 7

Interface Analyses Hardware The engineer frequently will have a tendency to allow the software D to drift into becoming a hardware D. To handle this issue, the engineer can define a hardware input failure, for example, and then analyze the failure on the basis of how the software reacts to the hardware failure. A typical case is that of an open circuit. Does the software meet any requirements for handling this error condition? Does the software fulfill design intent with respect to handling errors in the hardware? Does the software provide some kind of visual indication that a negative event has occurred? 15 SW and Software Quality Walkthroughs the software D can be used to enhance the quality of requirements, design, and code walkthroughs by highlighting potential failure modes. As with inspections, the D can be used to keep the walk-through honest and ensure that product flaws are at least considered and heeded during the process. 16 8

SW and Software Quality Inspections Generally, software inspections are a quasi-formal event with a checklist of known software problems supplied to the inspectors. The software D can be used to enhance the typical failures enumerated on the checklist or the checklist can be used to enhance the failure modes enumerated in the D. The difference lies in the emphasis of the two methods: inspection looks for typical software problems, D is a tool for anticipating failure mode effects and eliminating them when possible. 17 SW and Software Quality Testing The software D is a useful first-pass and multipass tool for developing test cases. The test designer can take the software D failure modes, define them as test cases, and develop procedures for stimulating the conditions that can lead to the failure. All versions of the software D should be retained through the life of the project, preferably under automated configuration control; that way, failure modes that have presumably been eliminated will not disappear from the software D document. 18 9

SW and Static Code Analysis The D technique allows the software engineer to anticipate software problems based on defined outputs and inputs. The D method has no code requirement; that is, the engineer can apply this method early in the life cycle of project development a capability generally unavailable when using other techniques of requirements, design, and code analysis. 19 Key Challenges To find effective ways of classifying software failures into appropriate failure modes Estimating the likelihood of each failure mode Significant difference from traditional is that the software design is not assumed to be perfect and will contain systematic faults inadvertently introduced by software developers 20 10

Systems SW SW may be used very early (before design) to indicate whether the technical plan for SW development is sufficiently robust, to prevent, detect and remove, likely kinds of design faults SW may be helpful in the design stage to identify aspects of the design which may need modification (i.e. design techniques) Only a subset of final system failure modes will be detectable at the design stage - other failure modes will be introduced during implementation 21 Systems SW SW may be used before implementation to help guide the selection of appropriate languages, tools and testing techniques SW may be used before operational cut-over to help gauge whether the implemented system falls within specified risk parameters 22 11

Areas of Research Need for major research into causes and effects of failures in softwarebased systems establish appropriate measures and metrics address the causal chain in system development establish an effective classification scheme for failures costs and benefits in the development process 23 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information