1. SAFETY CRITICAL SYSTEM
Jeremiah Lin
Jennifer Li
Vidisha Raj
ChiaChuan Wu
Sahil Kumar
FSE - 2014 Fall Team SA5 - Jevi’s
1
2. AGENDA
I. Introduction
II. An Example
III.Domain Characteristics
1. Constrains
2. Distribution & Users
3. Complexity
4. Quality Attributes
5. Volatility
6. Norms and Legacy
IV. Impacts
1. Methods
2. Disciplines
3. Automation
V. Summary
2
3. INTRO
What is Safety Critical System?
✦ death or serious injury to people
✦ loss or severe damage to equipment
✦ environmental harm
Aviation industry:
✦ Air traffic control systems
✦ Avionics, particularly Fly-by-wire systems
✦ Radio navigation systems
✦ Engine control systems
✦ Aircrew life support systems
✦ Flight planning to determine fuel
requirements for a flight
< 1 life per billion
3
hours of
operation
13. Formalization
of safety-critical
requirements
Static analysis
of functional &
non-functional
system
properties
Architecture-centric
model-based
engineering
QUALITY ATTRIBUTES
System and
software
assurance
13
14. VOLATILITIES
✦ Tightly-coupled software
components distributed
across so many nodes may
introduce problems
✦ Errors introduced during the
software design phase are
propagated in the
implementation and may not
be caught by testing efforts
✦ 70% of software defects are
introduced during the
requirements and architecture
design phases
- The UNKNOWNS of Safety Critical
14
15. NORMS & LEGACY
V-lifecycle model
Verification
Validation
Parallel with development process
Coding language:
High Reliability
• ADA
• Spark
• Haskell
15
18. For Customer
For Supplier
CHALLENGES
✦ Expensive and time consuming
✦ Requirements come late to projects
✦ In big batches
✦ Does not reduce complexity
✦ Does not provide early feedback
✦ Compromises the reliability and the efficiency
18
• Loss of confidence in the reliability
• Delay of final delivery
• Big batches are not efficient
• Safety-related activities performed late
• Late feedback implies more rework
19. V-Model
XP/Scrum
+ Lean
Big
Batches
Small
Batches
Late
Engagement Frequent
Integration
Test Failure TDD
Delivery
“Agile & Lean software development for avionic software”
http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf
19
20. Catastrophic Hazardous Major
Minor No Effect
Catastrophic – Failure may cause a crash. Error or loss of critical function required to safely
fly and land aircraft.
Hazardous – Failure has a large negative impact on safety or performance, or reduces the
ability of the crew to operate the aircraft.
Major – Failure is significant, but has a lesser impact than a Hazardous failure or
significantly increases crew workload
Minor – Failure is noticeable, but has a lesser impact than a Major failure
No Effect – Failure has no impact on safety, aircraft operation, or crew workload.
DESIGN ASSURANCE
20
21. QUALITY ASSURANCE
Identify hazards as early as possible!
• White box testing
• Black box testing
• Reviews
• Static analysis
• Dynamic analysis and coverage
21