Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems Donald Firesmith, Software Engineering Institute, USA
Topics ❍ Importance of Safety-Related Requirements ❍ Automatic People Mover Example Overview ❍ Basic Safety Concepts ❍ Safety-Related Requirements: ● Safety Requirements ● Safety-Significant Requirements ● Safety System Requirements ● Safety Constraints ❍ A Process for Producing Safety-Related Requirements Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 2
Importance of Requirements ❍ Poor requirements cause more than half of all project failures: ● Major cost overruns ● Major schedule overruns ● Major functionality not delivered ● Cancelled projects ● Delivered systems that are never used Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 3
Difficulty of Requirements ❍ “The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements, including all the interfaces to people, to machines, and to other software systems. No other part of the work so cripples the resulting system if done wrong. No other part is more difficult to rectify later.” F. Brooks, No Silver Bullet , IEEE Computer, 1987 Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 4
Importance of Accidents ❍ Accidents can have expensive and potentially fatal repercussions: ● Mars Climate Orbiter ($125 million) ● Therac–25 ● Bhopal (3–10K deaths, 500K injured) Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 5
Poor Requirements Cause Accidents ❍ Most accidents are caused by poor requirements: ● “For the 34 (safety) incidents analyzed, 44% had inadequate specification as their primary cause.” Health and Safety Executive (HSE), Out of Control: Why Control Systems Go Wrong and How to Prevent Failure (2nd Edition), 1995 ● “Almost all accidents related to software components in the past 20 years can be traced to flaws in the requirements specifications, such as unhandled cases.” Safeware Engineering, “Safety-Critical Requirements Specification and Analysis using SpecTRM” , 2002 Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 6
Poor Requirements ❍ Ambiguous Requirements: ● Developers misinterpret Subject Matter Experts intentions. ● The system shall be safe.” ● How safe? Safe in what way? ❍ Incomplete Requirements: ● Developers must guess SME intentions. ● The system shall do X.” ● In what state? When triggered by what event? How often? How fast? For whom? ❍ Missing Requirements: ● What shall the system do if it can’t do X? ● Unusual combinations of conditions result in accidents. ● What shall the system do if event X occurs when the system is simultaneously in states Y and Z? Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 7
More Problems and Challenges ❍ Inappropriate architecture and design constraints unnecessarily specified as requirements ● Use ID and password for identification and authentication. ❍ Separation of requirements engineering and safety engineering: ● Different disciplines with different training, books, journals, and conferences. ● Different professions with different job titles. ● Different fundamental underlying concepts and terminologies Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 8
Safety Engineering ❍ Safety engineering is the engineering discipline within systems engineering that lowers the risk of accidental harm to valuable assets to an acceptable level to legitimate stakeholders . Note: ● Engineering Discipline ● Systems Engineering (not just software) ● Risk ● Accidental Harm ● Harm to Valuable Assets ● Acceptable Level of Risk ● Legitimate Stakeholders Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 9
Tutorial Example: Characteristics ❍ Common Ongoing Example throughout Tutorial ❍ Safety-Critical SW-Intensive System ❍ Realistic Example System ❍ No Special Domain Knowledge Needed ❍ Understandable: ● Requirements ● Technology ● Hazards Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 10
Tutorial Example: Overview ❍ Very Large New Zoo ❍ Zoo Automated Taxi System (ZATS) ❍ Typical Habitat ❍ Typical Automated Taxi Station ❍ ZATS Domain Model ❍ Taxi Object Model Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 11
Tutorial Example: Very Large New Zoo Zoo Maintenance Great Tropical Outback Rainforest Great Aquarium Cats Wetlands and Wolves Waterways and Other Dogs Restaurants Aviary and Shops Bears Monkeys Great African Apes Savanna Children’s Petting Area Zoo Entrance Parking Lots Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 12
Zoo Automated Taxi System (ZATS) ZATS Control Zoo Maintenance ZATS Maintenance Station Station Station Tropical Great Rainforest Outback n tio a t S Aquarium Great Cats Wetlands and n io Waterways Wolves ta t S Stn Stn Stn and tn S Other Dogs tn S n Restaurants tio Aviary tn ta S S and Shops tn S Bears S tation n tio ta S n tio a t African Monkeys S Savanna Great n tio Apes ta S n o Children’s ti ta S Petting Area Station Zoo Entrance Station n n tio tio ta ta S Parking Lots S Station Station Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 13
Typical Habitat Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 14
Typical Automated Taxi Station Guideway Direction of Movement T Taxi e ine T in p L t L bita Door o o L a H o o Passenger Z Debit Card Entry V Vending Elevator M Machine T Stairs T V M T T T V Stairs M T T T Exit T Elevator T T Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 15
ZATS Domain Model Daily Schedule keeps when necessary monitors can communicate with and controls Dispatcher Virtual dispatches Person and monitors taxis via request trips and pay Taxi Passengers Drivers drive and ride monitor in Taxis travels along enter Guideways stop and exit at taxis at connect Taxi Stations are in Regions Parking Maintenance Habitats Lots Facility Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 16
Taxi Object Model Taxi Acceleration n o Location t i f i e s > < Speed c o n t r o l s Schedule Speed Profile conforms State h a s is based on to Safety Zoo Policy Map Passenger Power Braking Radio Computer Sensor Compartment System Transmitter (PBS) Receiver Guideway Speed Location Passenger Sensor Control Position Sensor Compartment Panel Display Door Station Accelerometer Identification Sensor Card Selection Panel Speaker Passenger Proximity Reader Button Display Sensor Sensor Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 17
Basic Safety Concepts ❍ Safety as a Quality Factor of a Quality Model ❍ Safety Quality Subfactors ❍ Valuable Assets ❍ Accidental Harm to Valuable Assets ❍ Safety Incidents (Accidents & Near Misses) ❍ Hazards ❍ Safety Risks ❍ Goals, Policies, and Requirements ❍ Safeguards (Safety Mechanisms) ❍ Vulnerabilities (system-internal sources of dangers) Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 18
Quality Model ❍ Quality Model – a hierarchical model (i.e., a collection of related abstractions or simplifications) for formalizing the concept of the quality of a system in terms of its quality factors, quality subfactors, quality criteria, and quality measures. Quality Model is measured using Quality Quality Factor Quality Subfactor Measure provides provides measures evidence for evidence for existence of existence of System-Specific Quality Criterion describes quality of System Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 19
Quality Factors Quality Model Quality Factor Development-Oriented Usage-Oriented Quality Factor Quality Factor Capacity Configurability Dependability Efficiency Interoperability Defensibility Soundness Safety Survivability Correctness Predictability Robustness Operational Security Continuity Reliability Availability Stability Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 20
Safety as a Quality Factor ❍ Safety is the quality factor capturing the degree to which: ● A ccidental harm to valuable assets is prevented, detected, reacted, and adapted ● Accidents (and near misses) are eliminated or their negative consequence mitigated ● Hazards are eliminated or mitigated ● Safety risks are acceptably low Tutorial T3 Engineering Safety-Related Requirements for Software-Intensive Systems 21
Recommend
More recommend