building reliable and safe systems lessons learned
play

Building Reliable and Safe Systems - Lessons Learned Scott Torborg - PowerPoint PPT Presentation

Mar 29, 2023 •206 likes •686 views

Building Reliable and Safe Systems - Lessons Learned Scott Torborg storborg@mit.edu April 2009 The Right Way Failure Modes and Effects Analysis (FMEA) Root Cause Analysis (RCA) MTBF, FIT, etc. ...yeah, yeah Learn that at

  1. Building Reliable and Safe Systems - Lessons Learned Scott Torborg storborg@mit.edu April 2009

  2. The “Right” Way • Failure Modes and Effects Analysis (FMEA) • Root Cause Analysis (RCA) • MTBF, FIT, etc. ...yeah, yeah Learn that at engineering school.

  3. Design

  4. Standards • Might matter • EN 61508 = 10 9 hours MTBF for safety critical systems http://www.flickr.com/photos/lickyoats/2290383219/

  5. Redundancy http://www.flickr.com/photos/lickyoats/2290383219/

  6. Failure Isolation http://www.flickr.com/photos/metrix_feet/357018809/ Redundancy is no good if failures a fg ect everything at once.

  7. Heterogeneous Redundancy (this is just adding redundancy in design) ...this is impractical, because design is expensive Architecture of the space shuttle primary avionics software system - http://portal.acm.org/citation.cfm?id=358258 Space shuttle has 5x redundant computers, with di fg erent configurations. Akamai championed the “keep the systems heterogeneous” mentality, but that’s easier with open source/other platforms.

  8. Graceful Degradation

  9. Failures aren’t uniform or random ...don’t treat them like they are http://en.wikipedia.org/wiki/Bathtub_curve Don’t apply MTBF without considering product lifetime.

  10. Manufacturers Mislead You • “Typical”? Yeah, right. • Sometimes they just lie, or don’t know

  11. Humans • Least reliable part of most systems • Political challenges v. Technical challenges • Interfaces and feedback • ...get stupid when in immediate danger

  12. Look at the whole picture • Reliability doesn’t stop at the product • Training • Maintenance “Despite these efforts, the F-22A continues to operate below its expected reliability rates. A key reliability requirement for the F-22A is a 3-hour mean time • Support between maintenance intervals... Currently, the mean time between maintenance is less than 1 hour.” March 2008 GAO Congressional Report

  13. Testing

  14. Test it! • Do it yourself : putting your life on the line makes you very focused • Seeing field failures yourself helps • Have an answer for every “what if?” There’s a limit to this, because testing is often destructive... focus on common use scenarios and the most risky situations.

  15. Know what happens • Reliable == Deterministic • Test everything • Talk to users as much as possible • If there’s an incident (death or injury) everyone stop everything

  16. Some environments to test • Temp / humidity extremes • Rapid changes in temp / humidity • High vibration • EMI / ESD • Oxidation risk (high-O2 or corrosive env.)

  17. Build Awesome Fixtures (3000 feet!)

  18. Burn-in Automated burn-in testing reduces infant mortality

  19. Maintenance • Record everything • Infrastructure helps make it easy, identify trends - You wouldn’t try to write software without a bug tracker. - The better the tools you have for this, the more data you’ll get. - Keep the feedback loop between maintenance and design engineers tight.

  20. Tricks

  21. Generally • Use simpler, more reliable devices to supplement more complex devices • Voltage supervisors • Watchdog timers • Diagnostic sensors

  22. Logic is your friend Check Faults FAULT A FAULT FAULT B Logic gates are small and very reliable, e.g. TI “Little Logic”

  23. Logic is your friend Check Status OK A OK OK B

  24. Logic is your friend Share Outputs A CTL CTL CTL B Each independent system can override the other. Needs careful control algorithms!

  25. Do it with power too A POWER B Great chips for this, e.g. Linear PowerPath controllers - Can also be done with FETs, so don’t fret about power consumption.

  26. Voting Logic Flaky Sensor A OUTPUT Controller Flaky Sensor B Flaky Sensor C 3, 5, 7... inputs - Don’t use just voting logic, because it can make a bad problem really bad.

  27. Detect Failures with Internal Models • Sensor value can’t change faster than 10mV/sec • Limit switch A can’t be tripped at the same time as limit switch B Pick the simplest constraints (least amount of state required) and go up from there.

  28. I/O is like sex Use protection! resistors isolate short conditions / component ferrite beads failures, reduce max currents damp HF noise OUTSIDE (bad ESD, EMI) microcontroller small low-ESR caps (ceramic) ESD/TVS diodes clamp absorb power spikes, ESD over/under voltage Don’t use all of these! Just some. - Be mindful of slew rates, extra capacitance, etc. - Excess capacitance or resistance can increase power consumption, exacerbate loads, and make things worse. - Ceramic caps work best for absorbing pulses, and can be a cheap substitute for an ESD diode. - Especially protect things like reset, fault, shutdown lines.

  29. Mechanical • Don’t overconstrain or stress the board • Vibration is bad • Potting helps • Piezoceramic effects - Beware of pressure e fg ects with soft potting compounds at altitude and pressure

  30. Board Mounting Loosen up, it’s not going anywhere

  31. Components Large components are more vulnerable

  32. Piezoceramics (e.g. ceramic capacitor) = power supply noise

  33. Piezoceramics sometimes intentional

  34. Some things that suck

  35. Most capacitors • Tantalum especially • Electrolytic bad long-term because of leaking

  36. Electromechanical Devices • Mechanical Relays ➔ Solid-state Relays • Tilt Switches ➔ Accelerometers • Mechanical Switches ➔ Piezo, FETs • Connectors The least bad connectors are optical, or process control/instrumentation connectors (e.g. M8, M12).

  37. Tin Whiskers Until they’re dealt with, get an RoHS exemption http://nepp.nasa.gov/WHISKER/index.html Can also occur with other metals, e.g. zinc. The solution is to use leaded solder.

  38. Flux Residue Clean boards after assembly! http://glacier.lbl.gov/%7Egtp/DOM/MB/V5.0/206_ps4.JPG Often overlooked reliability issue, particularly for low-voltage analog circuits.

  39. ESD • Take it seriously! • Especially while potting and testing

  40. Some things that don’t suck Notice a trend? These things that don’t suck apply the same principles discussed earlier.

  41. PPTCs • Polymer Positive Temp Coefficient • Like a fuse, but resets

  42. TDK Capacitors - A fg ects MLCC (multilayer ceramic caps) - “Open Mode” - Fail open instead of fail short - Much more conservative ratings

  43. Hi-Rel • Only part of solution • Flight-grade, mil-spec, etc. • $$$ Expensive • Don’t go overboard

  44. Envirogel • Makes potting practical • Watch out for rapid pressure changes, behaves like lipid tissue http://www.kellerstudio.de/repairfaq/sam/ya234p1.jpg

  45. CAN Bus • Deterministic • Robust • Fault Tolerant

  46. Process Control Connectors • E.g. M8, M12 • Affordable and easy • Turck, Phoenix, Woodhead, Binder, Tyco

  47. In short... • Be paranoid • Test thoroughly • Analyze everything ...thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for

Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for

Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for Today Evolution of various systems at Google computing hardware core search systems infrastructure software Techniques for building

1.25k views • 103 slides
Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the

Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the

Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the LHC (CMS) DAQ building the LHC (CMS) DAQ systems. systems. S. Cittolin PH-CMD. CERN Openlab meeting. 3-4 March 2009 DAQ at LHC overview CMS

352 views • 33 slides
You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons

You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons

You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons learned building a build system Cdric Beust cedric@beust.com VP of Engineering at Samsung SmartThings Table of contents 1. Why? WHY? 2. Whaaaaaat?

591 views • 45 slides
Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons

Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons

Tandy Assembly Springfield, OH 11/10/18 Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons Learned from the Lessons Learned from the RetroStoreCard RetroStoreCard Arno Puder & Sascha

328 views • 30 slides
1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6.

1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6.

917 Dundas Street W, Whitby 2016 OMFPOA Symposium Fire Chief Dave Speed CFPO Nicholas Webb 1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6. Moving Forward 1) Building Description and Background

468 views • 15 slides
Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth

Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth

Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth Network from the Ground Up www. telehealthresourcecenters. org Your Presenter Brian Coltharp, MA Director of Innovation Health Resources of

522 views • 28 slides
Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of

Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of

Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of Requirements Engineering for a Synagogue Kitchen with Use Cases and Scenarios Daniel M. Berry Cheriton School of Computer Science University of

742 views • 56 slides
LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of

LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of

LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of the nations largest water utilities, Denver Water Presented by James David Saul Intro/About Civic Research Drupal 8: Modules The Way and Why

678 views • 47 slides
The Rural Opportunity Lessons learned in building strong financial services for rural and agri

The Rural Opportunity Lessons learned in building strong financial services for rural and agri

The Rural Opportunity Lessons learned in building strong financial services for rural and agri markets Congreso de acceso a servicios financieros y medios de pago Cali Colombia, 2019 Tom Gruintjes Gerente Planificacin Estratgica y

611 views • 39 slides
Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul

Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul

Data Council '19 Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul Cothenet Co-founder & CTO MadKudu MadKudu is a Lead & Account Scoring platform that enables B2B companies to build relevant

543 views • 36 slides
Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were

Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were

UNCLASSIFIED Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were lots John W. Diem Test Technology Director, US Army Operational Test Command ITEA Systems of Systems Engineering Workshop January

442 views • 15 slides
Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned

Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned

Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned David E. Jacobs, PhD, CIH Chief Scientist, National Center for Healthy Housing, USA Wellington, New Zealand November 4 2019 WHO Collaborating

625 views • 45 slides
Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes -

Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes -

Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes - Timo Mechler & Charles Adetiloye About MavenCode MavenCode is a Data Analytics software company offering training, product development, and

426 views • 18 slides
Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella

Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella

Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella Power Photo credit: mumsabroad.com A bit about me Drupal hobbyist Founder of Annertech Backend developer

509 views • 38 slides
Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across industries (Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Weapon Systems, etc.)

245 views • 11 slides
My Project Matter? 2 2 1 1 1 Ying Wang , Ming Wen, Zhenwei Liu, Rongxin Wu, Rui Wang, 1 1*

My Project Matter? 2 2 1 1 1 Ying Wang , Ming Wen, Zhenwei Liu, Rongxin Wu, Rui Wang, 1 1*

Do the Dependency Conflicts in My Project Matter? 2 2 1 1 1 Ying Wang , Ming Wen, Zhenwei Liu, Rongxin Wu, Rui Wang, 1 1* 2* 1 Bo Yang, Hai Yu, Zhiliang Zhu and Shing-Chi Cheung 1. Northeastern University 2. The Hong Kong University

390 views • 28 slides
Safe-by-Design Integrating safety into your innovations Korienke Smit Msc., RIVM Contents

Safe-by-Design Integrating safety into your innovations Korienke Smit Msc., RIVM Contents

Safe-by-Design Integrating safety into your innovations Korienke Smit Msc., RIVM Contents The relationship between RRI and Safe-by-Design The importance of Safe-by-Design for innovation Integrating Safe-by-Design into your

380 views • 17 slides
Di r e c t Di r e c t c c i i Pr Pr W ( p) Ol d Ec onom y Ol d Ec

Di r e c t Di r e c t c c i i Pr Pr W ( p) Ol d Ec onom y Ol d Ec

I T a nd Publ i c Pol i c y Oc t . 21, 2004 I nt r oduc t i on M ot i va t i ng Exa m pl e s : TCP/ I P & Be r ke l ey Uni x GSM The W e b The Br ows e r W a r s e t c . , e t c

261 views • 5 slides
Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck http://jstarck.cosmostat.org Collaborators: Morgan Schmitz Fred Nole Fadi Nammour Weak Gravitational Lensing & Blind Deconvolution - Part I: Introduction to

723 views • 58 slides
Automatic discovery of the characteristics and capacities of a distributed computational platform

Automatic discovery of the characteristics and capacities of a distributed computational platform

Martin Q UINSON cole Normale Suprieure de Lyon, Laboratoire de lInformatique du Paralllisme Automatic discovery of the characteristics and capacities of a distributed computational platform December 11 th 2003 Introduction to the Grid

1.35k views • 121 slides
ICS 101: Tools for the Information World Web development - The Semantic web Nov. 29, 2016

ICS 101: Tools for the Information World Web development - The Semantic web Nov. 29, 2016

1 ICS 101: Tools for the Information World Web development - The Semantic web Nov. 29, 2016 Instructor: Luz M. Quiroga University of Hawaii. Affiliated to: ICS LIS - CIS 2 Agenda: n Part 1:The WWW some concepts, history n Part 2: The

273 views • 25 slides
1 J E A N C L A U D E K I E F F E R On behalf of the Conseil Rgional dAquitaine Mission sur

1 J E A N C L A U D E K I E F F E R On behalf of the Conseil Rgional dAquitaine Mission sur

INNOVATION: THE LONG TERM STRATEGY: THE EXAMPLE OF THE AQUITAINE REGION 1 J E A N C L A U D E K I E F F E R On behalf of the Conseil Rgional dAquitaine Mission sur linnovation en Aquitaine I am Sharing my time between Quebec and

582 views • 22 slides
P

P

P P p

446 views • 17 slides

More recommend