safety critical research
TRANSCRIPT
![Page 1: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/1.jpg)
SAFETY CRITICAL SYSTEM Jeremiah Lin Jennifer Li Vidisha Raj ChiaChuan Wu Sahil Kumar
FSE - 2014 Fall Team SA5 - Jevi’s
1
![Page 2: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/2.jpg)
AGENDA
I. Introduction
II. An Example
III.Domain Characteristics
1. Constrains
2. Distribution & Users
3. Complexity
4. Quality Attributes
5. Volatility
6. Norms and Legacy
IV. Impacts
1. Methods
2. Disciplines
3. Automation
V. Summary
2
![Page 3: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/3.jpg)
INTROWhat is Safety Critical System?
✦ death or serious injury to people
✦ loss or severe damage to equipment
✦ environmental harm
Aviation industry:
✦ Air traffic control systems
✦ Avionics, particularly Fly-by-wire systems
✦ Radio navigation systems
✦ Engine control systems
✦ Aircrew life support systems
✦ Flight planning to determine fuel requirements for a flight
3
< 1 lifeper billion hours of operation
![Page 4: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/4.jpg)
AIR-TRAFFIC CONTROL SYSTEM
4
![Page 5: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/5.jpg)
FLY-BY-WIRE
5
![Page 6: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/6.jpg)
DOMAIN CHARACTERISTICS
6
![Page 7: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/7.jpg)
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
7
![Page 8: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/8.jpg)
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
8
![Page 9: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/9.jpg)
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
9
![Page 10: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/10.jpg)
✦ Specific Purpose
✦ Proprietary Machines
✦ Unique Power
DISTRIBUTION & USERS
10
![Page 11: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/11.jpg)
✦ Specific Purpose
✦ Proprietary Machines
✦ Unique Power
✦ Well Trained Users
DISTRIBUTION & USERS
11
![Page 12: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/12.jpg)
COMPLEXITY & CONSTRAINTS✦ Multidimensional Domains
✦ Unexpected Scenarios
✦ False Alarm
✦ Human Factors
✦ Software Defects
12
![Page 13: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/13.jpg)
Formalization of safety-
critical requirements
Static analysis of functional & non-functional
system properties
QUALITY ATTRIBUTES
Architecture-centric model-
based engineering
System and software assurance
13
![Page 14: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/14.jpg)
✦ Tightly-coupled software components distributed across so many nodes may introduce problems
✦ Errors introduced during the software design phase are propagated in the implementation and may not be caught by testing efforts
✦ 70% of software defects are introduced during the requirements and architecture design phases
- The UNKNOWNS of Safety Critical
14
VOLATILITIES
![Page 15: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/15.jpg)
NORMS & LEGACY
V-lifecycle model
Verification
Validation
Parallel with development process
Coding language:
High Reliability
• ADA
• Spark
• Haskell
15
![Page 16: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/16.jpg)
IMPACTS
16
![Page 17: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/17.jpg)
DO178BSoftware Considerations in Airborne Systems and Equipment Certification
17
![Page 18: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/18.jpg)
For Customer
For Supplier
✦ Expensive and time consuming
✦ Requirements come late to projects
✦ In big batches
✦ Does not reduce complexity
✦ Does not provide early feedback
✦ Compromises the reliability and the efficiency
CHALLENGES
18
• Loss of confidence in the reliability
• Delay of final delivery
• Big batches are not efficient
• Safety-related activities performed late
• Late feedback implies more rework
![Page 19: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/19.jpg)
V-ModelXP/Scrum
+ Lean
Big Batches
Small Batches
Late Engagement
Frequent Delivery
Integration Test Failure
TDD
“Agile & Lean software development for avionic software”
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf 19
![Page 20: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/20.jpg)
Hazardous MajorCatastrophic
Catastrophic – Failure may cause a crash. Error or loss of critical function required to safely fly and land aircraft.
Hazardous – Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft.
Major – Failure is significant, but has a lesser impact than a Hazardous failure or significantly increases crew workload
Minor – Failure is noticeable, but has a lesser impact than a Major failure
No Effect – Failure has no impact on safety, aircraft operation, or crew workload.
Minor No Effect
DESIGN ASSURANCE
20
![Page 21: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/21.jpg)
QUALITY ASSURANCEIdentify hazards as early as possible!
• White box testing
• Black box testing
• Reviews
• Static analysis
• Dynamic analysis and coverage
21
![Page 22: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/22.jpg)
Performance Analysis
Coverage Analysis
AUTOMATION
22
![Page 23: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/23.jpg)
QUESTION?
23
![Page 24: Safety Critical Research](https://reader034.vdocument.in/reader034/viewer/2022042701/55a9888b1a28ab81248b47f5/html5/thumbnails/24.jpg)
Agile & Lean software development for avionic software
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf
http://staff.washington.edu/jon/pubs/safety-critical.html
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf
REFERENCES
24