safety critical research
TRANSCRIPT
SAFETY CRITICAL SYSTEM Jeremiah Lin Jennifer Li Vidisha Raj ChiaChuan Wu Sahil Kumar
FSE - 2014 Fall Team SA5 - Jevi’s
1
AGENDA
I. Introduction
II. An Example
III.Domain Characteristics
1. Constrains
2. Distribution & Users
3. Complexity
4. Quality Attributes
5. Volatility
6. Norms and Legacy
IV. Impacts
1. Methods
2. Disciplines
3. Automation
V. Summary
2
INTROWhat is Safety Critical System?
✦ death or serious injury to people
✦ loss or severe damage to equipment
✦ environmental harm
Aviation industry:
✦ Air traffic control systems
✦ Avionics, particularly Fly-by-wire systems
✦ Radio navigation systems
✦ Engine control systems
✦ Aircrew life support systems
✦ Flight planning to determine fuel requirements for a flight
3
< 1 lifeper billion hours of operation
AIR-TRAFFIC CONTROL SYSTEM
4
FLY-BY-WIRE
5
DOMAIN CHARACTERISTICS
6
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
7
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
8
✦ Specific Purpose
✦ Proprietary Machines
DISTRIBUTION & USERS
9
✦ Specific Purpose
✦ Proprietary Machines
✦ Unique Power
DISTRIBUTION & USERS
10
✦ Specific Purpose
✦ Proprietary Machines
✦ Unique Power
✦ Well Trained Users
DISTRIBUTION & USERS
11
COMPLEXITY & CONSTRAINTS✦ Multidimensional Domains
✦ Unexpected Scenarios
✦ False Alarm
✦ Human Factors
✦ Software Defects
12
Formalization of safety-
critical requirements
Static analysis of functional & non-functional
system properties
QUALITY ATTRIBUTES
Architecture-centric model-
based engineering
System and software assurance
13
✦ Tightly-coupled software components distributed across so many nodes may introduce problems
✦ Errors introduced during the software design phase are propagated in the implementation and may not be caught by testing efforts
✦ 70% of software defects are introduced during the requirements and architecture design phases
- The UNKNOWNS of Safety Critical
14
VOLATILITIES
NORMS & LEGACY
V-lifecycle model
Verification
Validation
Parallel with development process
Coding language:
High Reliability
• ADA
• Spark
• Haskell
15
IMPACTS
16
DO178BSoftware Considerations in Airborne Systems and Equipment Certification
17
For Customer
For Supplier
✦ Expensive and time consuming
✦ Requirements come late to projects
✦ In big batches
✦ Does not reduce complexity
✦ Does not provide early feedback
✦ Compromises the reliability and the efficiency
CHALLENGES
18
• Loss of confidence in the reliability
• Delay of final delivery
• Big batches are not efficient
• Safety-related activities performed late
• Late feedback implies more rework
V-ModelXP/Scrum
+ Lean
Big Batches
Small Batches
Late Engagement
Frequent Delivery
Integration Test Failure
TDD
“Agile & Lean software development for avionic software”
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf 19
Hazardous MajorCatastrophic
Catastrophic – Failure may cause a crash. Error or loss of critical function required to safely fly and land aircraft.
Hazardous – Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft.
Major – Failure is significant, but has a lesser impact than a Hazardous failure or significantly increases crew workload
Minor – Failure is noticeable, but has a lesser impact than a Major failure
No Effect – Failure has no impact on safety, aircraft operation, or crew workload.
Minor No Effect
DESIGN ASSURANCE
20
QUALITY ASSURANCEIdentify hazards as early as possible!
• White box testing
• Black box testing
• Reviews
• Static analysis
• Dynamic analysis and coverage
21
Performance Analysis
Coverage Analysis
AUTOMATION
22
QUESTION?
23
Agile & Lean software development for avionic software
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf
http://staff.washington.edu/jon/pubs/safety-critical.html
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf
REFERENCES
24