Systems design notes: Difference between revisions

From Helpful
Jump to navigation Jump to search
(Created page with " ===Fail-fast=== <!-- Principle of report a failure as soon as possible. This often means checking for this as ''often'' as sensible, e.g. at multiple steps during an opera...")
 
mNo edit summary
Line 9: Line 9:




Makes sense in machine safety, but also a useful principle in software,  
Makes sense in machine safety,  
but also a useful principle in software,  
particularly where state will be communicated or saved,
particularly where state will be communicated or saved,
because being in a weird state and continuing will only mess things up more.
because being in a weird state and continuing will only mess things up more.
Line 25: Line 26:




For example, operation of integer addition isn't fail-stop in most languages as overflow will happen without error,
For example, if you care about integer overflow,
and fixing these languages to act fail-fast basically requires customizing them
then the operation of integer addition isn't fail-stop in most languages,
in that overflow will happen without signaling that you could turn into an error,
and fixing these languages to act fail-fast basically requires customizing them.




Line 36: Line 39:
===Fail-safe===
===Fail-safe===
<!--
<!--
Principle of ensuring that the failed state is one that causes minimal harm.
Principle of ensuring that the state we end up after failed is one that causes minimal harm.


Also often seen as a noun. ''A'' failsafe is something you put in place to ensure the fail-safe principle.
Also often seen as a noun. ''A'' failsafe is something you put in place to ensure the fail-safe principle.
Line 43: Line 46:
Primarily applied to machines, particularly large ones that can hit people.
Primarily applied to machines, particularly large ones that can hit people.


For one example, a door or valve that has to be actively held open,
Also consider fire doors in larger buildings that are continuously take power to hold open,
and on power failure will close due to a mechanical spring.
so that power loss implies they will close.


"normally open" and "normally closed" relays are in part about this.
Similarly, your washing machine will have water inlet [[solenoid valve]]s that
''will'' be of the type you have to ''drive'' them to pass water and idle closed,
because you don't want power loss to mean your house floods.


For an example, solid-state relays act faster than coil-based ones, but are more likely to fail in an engaged state.  
 
You might act a second (probably coil-based) relay in series with it just to be able to disconnect that when you detect failure.
...power loss is far from the only failure, but makes for the simpler examples,
because fancier ones are often more complex [[interlocks]].
 
 
 
"normally open" and "normally closed" relays are in part about this,
in the "if the control board breaks, what will the controller probably do?"
 
 
For an interesting design choice, consider/assume that
[[solid-state relays]] are faster-acting than [[coil relays]],  
but solid state relays are more likely to fail in the engaged state.
 
If you want something that both operates quickly and should be safe,
you may end up with one of each in series,
usually the solid stat relay for all control,
and using the relay one as a safety backup that you use only to disconnect the whole when you detect failure.




https://en.wikipedia.org/wiki/Fail-safe
https://en.wikipedia.org/wiki/Fail-safe
-->
-->

Revision as of 19:04, 27 February 2024


Fail-fast

Fail-stop

Fail-safe

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Systems_design_notes&oldid=93999"