Information Technology Reference
In-Depth Information
TABLE 16.2
(Continued)
Year
Reference
Contribution
Ristord, L. & Esmenjaud, C.,
FMEA Per-oredon the
SPINLINE3 Operational
System Software as Part of
the TIHANGE 1 NIS
Refurbishment Safety Case.
CNRA/CNSI Workshop
2001-Licens-ing and
Operating Experience of
Computer Based I&C
Systems. Ceske
Budejovice-September
25-27, 2001.
Ristord & Esmenjaud
Stated that the software FMEA is practicable
only at the (application) function level. They
consider the SPINLINE 3 application software
to consist of units called blocks of instructions
(BIs) executed sequentially. The BIs are
defined by having the following properties:
BIs are either “intermediate”—they are a
sequence of smaller BIs—or
“terminal”—they cannot be decomposed
in smaller BIs.
They have only one “exit” point. They
produce output results from inputs and
possibly memorized values. Some BIs
have direct access to hardware registers.
They have a bounded execution time
(i.e., the execution time is always smaller
than a fixed value).
They exchange data through memory
variables. A memory variable most often
is written by only one BI and may be
read by one or several BIs.
List of five general purpose failure modes at
processing unit level:
The operating system stops
The program stops with a clear message
The program stops without clear
message
The program runs, producing obviously
wrong results
The program runs, producing apparently
correct but in fact wrong results.
16.3
SFMEA FUNDAMENTALS
The failure mode and effects analysis procedures originally were developed in the
post-World War II era for mechanical and electrical systems and their production
processes, before the emergence of software-based systems in the market. Com-
mon standards and guidelines, even today, only briefly consider the handling of the
malfunctions caused by software faults and their effects in FMEA and often state
that this is possible only to a limited extent (IEC 60812). The standards procedures
Search WWH ::
Custom Search