SHIP: Motivation for the Project

Hazardous industrial processes are of increasing social concern, and need adequate means for judging their safety. As industrial systems become more complex, this becomes increasingly difficult. Complexity increases the risks of both random component failures and design-related failures. Random plant failures can be mitigated by incorporating redundancy in plant design. Design-related failures cannot be mitigated in the same way (as the design fault would be common to redundant components), so design faults may become the dominant factor affecting the safety of complex plant.

In some industries such as aerospace, railways, and nuclear power, quantified targets are set for plant safety. For random hardware failures there are well-established techniques for quantifying the reliability and safety implications. The assessment of the impact of design faults is more difficult. The main problem with quantification is that we do not know, in advance, the number and nature of the design faults remaining in the plant so it is difficult to quantify the impact on safety.

The overall objective of SHIP was to devise a means of assessing, ideally numerically, the achieved reliability or safety of a system in the presence of design faults and hence improve current industrial practice for safety assessment. This problem was tackled from an unusual viewpoint. In software, all failures arise from design faults. So the SHIP project investigated a range of software engineering techniques for minimising and estimating failures to see if they could be applied to industrial plant. As a secondary objective we were also interested in whether plant-level engineering techniques could improve existing software methods.