Have you subscribed The Embedded Bridge Newsletter Yet?

No?

Then you are missing out on something!

Go here and subscribe immediately.

I have and Ithink the newsletter will add to your knowledge in ways you have not thought possible. 

Information Flow From Software Life Cycle Processes to System Life Cycle Processes

No one pays attention to the obvious!

Take for example, Figure 2-1 in the DO-178B. The figure lists the system safety-related information flow between system and software life cycle processes.

In this post I will focus on only one information that flows from Software to System: "Fault Containment Boundaries". I have been a little uneasy about this for some time now. It seems to be similar to 'partitioning', but then why not just say the word? Why such a long winded phrase?

DO-178B does not offer any more clues. There is just one paragraph 2.1.2 that merely repeats the same phrase. A literature search throws more light. Take for instance the book The Avionics Handbook by Cary R. Spitzer. It contains a complete chapter on Fault-Tolerant Avionics. The phrase "fault containment boundary" is contained in there. The initial hunch that this is related to partitioning is correct.

The idea is basically to prevent fault from propagating.

I quote from the book: "A fault containment boundary requires hardware components be provided with independent power and clock sources. Interfaces between FCRs [Fault Containment Regions] must be electrically isolated. ... Fault effects manifested as erroneous data can propagate across FCR boundaries; therefore, the system must also provide error containment by using voters at various points in the processing, including voting on redundant inputs, voting the result of control law computations, and voting at the input to the actuator.     

Another book, Computer Safety, Reliability and Security  By Stuart Anderson, Massimo Felici and Beverley Littlewood defines "A fault containment zone" as "a set of components within a boundary designed to stop fault effect propagation."

Things become clearer in Fifth Annual Symposium on Frontiers of Engineering by National Academy of Engineering, National Academy of Engineering: "At one extreme, the goal of fault tolerance is to completely hide the occurrence of failures by using redundancy. An alternative is to confine or isolate the effect of the fault to a small portion of the system. ... Therefore, while failures will be visible, they will be limited to the tasks that used the failing resources."

Aaahh! So that's what DO-178B is talking about. Software needs to demonstrate to the system safety assessment team that

a) If there is a failure, it will be visible.
b) The failure needs to be limited. Thus, for example, to take an extreme example, in a display system, a bad Angle of Attack parameter should not cause the whole display to go blank. (Now that is extreme!)

Thoughts On Hype Over Leadership ... Continues

I have posted on this iconoclastic book Hard Facts, Dangerous Half-Truths & Total Non-Sense in my other blog before. Readers who are familiar with Hard Facts ... therefore shouldn't be surprised that the most objective criticism of leadership comes from here.

I have also posted my views on leadership here & here. So naturally I was quite pleased to get supporting material from two professors from Stanford.

Hard Facts ... has a complete chapter (Are Great Leaders In Control Of Their Companies?) dedicated to leadership where it explores (explodes?) the myths of leadership.  I reproduce a few relevant text.

History is filled with leaders who make a big difference in the world: Gandhi ... Martin Luther King Jr. ... Queen Elizabeth I ... Winston Churchill ... and Lyndon Johnson[.] ... Leaders make a difference on a smaller organizational scale, as well. [S]ystematic quantitative research demonstrates that leadership can influence organizational performance. ... Leaders not only influence indicators of performance such as sales, profits, productivity, or budget allocations, they also affect their organization's interpersonal climate and the satisfaction and mental well-being of those they lead. ...

Nonetheless, leaders and managers often have far less influence over the performance than most people think. ... One study of the performance of 167 companies over a 20-year period sought to allocate variation in performance to the effects of industry, year (time period, which presumably measures general economic conditions), company-specific effects, and the change in leadership. Not surprisingly, the conclusion was that company and industry had much larger effects on variation in sales, profits, and profit margins than did changes in leadership. [M]ost [scholars] agree that the effects of leadership on performance are modest under most conditions, strong under a few conditions, and absent in others. 

I could go on and on quoting this book to prove my point that leadership is a function of followers and circumstances.
By the way, Hard Facts ... goes on to list fundamental guidelines for what leaders should do. It is a good read.