Secret Scotland

If it's secret, and in Scotland…

Safer, more reliable software

SoftwareI was particularly interested after spotting the following article on the BBC’s web site:

Can we trust the code that increasingly runs our lives?

It’s a subject that I came too close to comfort for about 15 (or more) years ago, after I inherited a safety-critical job. I’d landed the work after the chap that was carrying it out developed cancer, and had to find someone to take it on before he was unable to continue. He was very respected in the work, and the manufacturers who submitted their equipment for test were saying that they would only accept someone he  vetted and declared competent to take on the work.

Enter muggins, who had carried out other work for the same company, and landed the recommendation.

Actually, the work was not too difficult, as it largely involved addressing the requirements of a British Standard, and issuing a certificate stating that those requirements had been met. The main problems was ensuring that the evaluations were 100% reliable when a test sequence was developed for each manufacturer’s product, since they all produced vastly differing designs, and the need for redundancy meant that each one contained two completely different circuits which had to achieve the same result – and not interfere with one another. Since any failure could have killed someone, you had to be sure that a failure of one circuit did not somehow disable both, and allow the machinery it controlled to operate freely in a hazard situation.

This wasn’t TOO hard given there was a standard to work to, but the problem arrived the day the manufacturers arrived with programmable systems, as the standard did not address software or code – it was too old and written before these could have been used.

As a result, it was down to muggins to prepare an acceptable level of testing to prove not only the electronics, but also the code, as there was no point in having circuitry that worked fine, only to find that some silly mistake in the software caused the machinery to remain activated when a hazard existed.

In those days, there was simply no-one offering guidance, or any sort of software checking (as described in the article referenced above), and I ended up having to gain the assistance of the Health and Safety Executive, and then went on to consult with the same authorities that checked the software used to control nuclear power stations.

At that point… I held my hands up and basically said “I’m done. Find somebody else to do this.”

While I did not mind signing certificates that basically said all required tests to prove safety equipment would do its job under a set of given circumstances, I was simply not prepared so sign off the same certification if there was no fiscally acceptable guidance for me to work to.

Had the companies mentioned in the article above been around then, my job would have been a lot easier, and the equipment being tested much safer.

About a month after I pulled out (and was still acting as a consultant to my replacement) a girl operating a machine using similar safety equipment (thankfully for me from another manufacturer who did not use our certification services) had both hands cut off by a machine in the factory where she worked. That story had two good conclusions: surgeons were able to re-attach both hands, and I was able to wave goodbye to all this work, thankful that neither my predecessor or I had such an event in our past.

These days, it’s a lot nicer and more fun just to throw the odd little bit of code together, and not worry about somebody being injured if there’s an error – the biggest casualty is usually my patience as I try to convince it to do what I want, rather than what it thinks I want.

Advertisements

October 7, 2012 - Posted by | Uncategorized | , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: