A methodology for the requirements analysis of critical real-time systems

PhD ThesisThis thesis describes a methodology for the requirements analysis of critical real-time systems. The methodology is based on formal methods, and provides a systematic way in which requirements can be analysed and specifications produced. The proposed methodology consists of a framework with distinct phases of analysis, a set oftechniques appropriate for the issues to be analysed at each phase of the framework, a hierarchical structure of the specifications obtained from the process of analysis, and techniques to perform quality assessment of the specifications. The phases of the framework, which are abstraction levels for the analysis of the requirements, follow directly from a general structure adopted for critical real-time systems. The intention is to define abstraction levels, or domains, in which the analysis of requirements can be performed in terms of specific properties of the system, thus reducing the inherent complexity of the analysis. Depending on the issues to be analysed in each domain, the choice of the appropriate formalism is determined by the set of features, related to that domain, that a formalism should possess. In this work, instead of proposing new formalisms we concentrate on identifying and enumerating those features that a formalism should have. The specifications produced at each phase of the framework are organised by means of a specification hierarchy, which facilitates our assessment of the quality of the requirements specifications, and their traceability. Such an assessment should be performed by qualitative and quantitative means in order to obtain high confidence (assurance) that the level of safety is acceptable. In order to exemplify the proposed methodology for the requirements analysis of critical real-time systems we discuss a case study based on a crossing of two rail tracks (in a model railway), which raises safety issues that are similar to those found at a traditional level crossing (i.e. rail-road)CAPES/Ministry of Education (Brazil

Semi-automatic FMEA supporting complex systems with combinations and sequences of failures

Failure Modes and Effects Analysis (FMEA) is a well established safety analysis technique used for the assessment of safety critical engineering systems in the automotive industry. Although FMEA has been shown to be useful, the analysis is typically restricted to the effects of single component failures; even partial analysis of combinations or sequences of multiple failures is in practice considered too complex, laborious and costly to perform. In this paper, we describe a new technique in which FMEAs are semi-automatically built from the topology of a system and component-level specifications of failure data. The proposed technique allows an extended form of combinatorial & sequential FMEA in which assessment of the effects of combinations and sequences of failures becomes feasible and cost effective. We show how this technique can address difficulties encountered in classical FMEA and, drawing from a simplified brake-by-wire example, we show how it can improve the assessment of safety critical automotive systems

Verification of system-wide safety properties of ROS applications

Robots are currently deployed in safety-critical domains but proper techniques to assess the functional safety of their software are yet to be adopted. This is particularly critical in ROS, where highly configurable robots are built by composing third-party modules. To promote adoption, we advocate the use of lightweight formal methods, automatic techniques with minimal user input and intuitive feedback.This paper proposes a technique to automatically verify system-wide safety properties of ROS-based applications at static time. It is based in the formalization of ROS architectural models and node behaviour in Electrum, over which system-wide specifications are subsequently model checked. To automate the analysis, it is deployed as a plug-in for HAROS, a framework for the assessment of ROS software quality aimed at the ROS community. The technique is evaluated in a real robot, AgRob V16, with positive results.POFC - Programa Operacional Temático Factores de Competitividade (POCI-01-0145-FEDER-016826

Software safety : a definition and some preliminary thoughts

Software safety is the subject of a research project in its initial stages at the University of California Irvine. This research deals with critical real-time software where the cost of an error is high, e.g. human life. In this paper software techniques having a bearing on safety are described and evaluated. Initial definitions of software safety concepts are presented along with some preliminary thoughts and research questions

Software Engineers' Information Seeking Behavior in Change Impact Analysis - An Interview Study

Software engineers working in large projects must navigate complex information landscapes. Change Impact Analysis (CIA) is a task that relies on engineers' successful information seeking in databases storing, e.g., source code, requirements, design descriptions, and test case specifications. Several previous approaches to support information seeking are task-specific, thus understanding engineers' seeking behavior in specific tasks is fundamental. We present an industrial case study on how engineers seek information in CIA, with a particular focus on traceability and development artifacts that are not source code. We show that engineers have different information seeking behavior, and that some do not consider traceability particularly useful when conducting CIA. Furthermore, we observe a tendency for engineers to prefer less rigid types of support rather than formal approaches, i.e., engineers value support that allows flexibility in how to practically conduct CIA. Finally, due to diverse information seeking behavior, we argue that future CIA support should embrace individual preferences to identify change impact by empowering several seeking alternatives, including searching, browsing, and tracing.Comment: Accepted for publication in the proceedings of the 25th International Conference on Program Comprehensio

Development of hazard analysis and critical control points (HACCP) procedures to control organic chemical hazards in the agricultural production of raw food commodities

Hazard Analysis by Critical Control Points (HACCP) is a systematic approach to the identification, assessment and control of hazards in the food chain. Effective HACCP requires the consideration of all possible hazards, i.e., chemical, microbiological and physical. However, current procedures focus primarily upon microbiological and physical hazards, and, to date, chemical aspects of HACCP have received relatively little attention. Consequently, this report discusses the application of HACCP to organic chemical contaminants and the particular problems that are likely to encounter within the agricultural sector. It also presents generic templates for the development of organic chemical contaminant HACCP procedures for selected raw food commodities, i.e., cereal crops, raw meats and milk

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines