Safety and Software Intensive Systems: Challenges Old and New

There is an increased use of software in safety-critical systems; a trend that is likely to continue in the future. Although traditional system safety techniques are applicable to software intensive systems, there are new challenges emerging. In this report we will address four issues we believe will pose challenges in the future. First, the nature of safety is continuing to be widely misunderstood and known system safety techniques are not applied. Second, our ability to demonstrate (certify) that safety requirements have been met is inadequate. Third, modeling and automated tools, for example, code generation and automated testing, are introduced in a hope to increase productivity; this reliance on tools rather than people, however, introduces new and poorly understood problems. Finally, safety-critical systems are increasingly relying on data (configuration data or databases), incorrect data could have catastrophic and widespread consequences.

[1]  Sanjai Rayadurgam,et al.  Coverage based test-case generation using model checkers , 2001, Proceedings. Eighth Annual IEEE International Conference and Workshop On the Engineering of Computer-Based Systems-ECBS 2001.

[2]  Orna Kupferman,et al.  Vacuity Detection in Temporal Model Checking , 1999, CHARME.

[3]  Robyn R. Lutz Targeting safety-related errors during software requirements analysis , 1993, SIGSOFT '93.

[4]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[5]  J. McDermid,et al.  Software Safety: Why is there no Consensus? , 2002 .

[6]  Ajitha Rajan,et al.  Coverage metrics for requirements-based testing , 2006, ISSTA '06.

[7]  Kathryn L. Heninger Specifying Software Requirements for Complex Systems: New Techniques and Their Application , 2001, IEEE Transactions on Software Engineering.

[8]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[9]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[10]  Antonia Bertolino,et al.  Software Testing Research: Achievements, Challenges, Dreams , 2007, Future of Software Engineering (FOSE '07).

[11]  Ilan Beer,et al.  Efficient Detection of Vacuity in Temporal Model Checking , 2001, Formal Methods Syst. Des..

[12]  Robyn R. Lutz,et al.  Engineering for Safety : A Roadmap , 2001 .

[13]  C. Eisner,et al.  Efficient Detection of Vacuity in ACTL Formulaas , 1997, CAV.

[14]  Insup Lee,et al.  A Temporal Logic Based Theory of Test Coverage and Generation , 2002, TACAS.

[15]  John C. Knight Focusing Software Education on Engineering , 2004, CSEE&T.

[16]  Mark Blackburn,et al.  Automatic generation of test vectors for SCR-style specifications , 1997, Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance.

[17]  Nancy G. Leveson,et al.  SpecTRM: a CAD system for digital automation , 1998, 17th DASC. AIAA/IEEE/SAE. Digital Avionics Systems Conference. Proceedings (Cat. No.98CH36267).

[18]  John Rushby,et al.  User guide for the pvs specification and verification system (beta release) , 1991 .

[19]  Orna Kupferman,et al.  Coverage metrics for temporal logic model checking* , 2001, Formal Methods Syst. Des..

[20]  Marsha Chechik,et al.  Finding Environment Guarantees , 2007, FASE.

[21]  A. Faulkner,et al.  The Characteristics of Data in Data-Intensive Safety-Related Systems , 2003, SAFECOMP.

[22]  Eric Van Wyk,et al.  Flexibility in modeling languages and tools: a call to arms , 2009, International Journal on Software Tools for Technology Transfer.

[23]  Steven P. Miller,et al.  Flight Guidance System Requirements Specification , 2003 .

[24]  J. C. Knight Specification and Analysis of Data for Safety-Critical Systems , 2001 .

[25]  Nancy G. Leveson,et al.  Investigating the readability of state-based formal requirements specification languages , 2002, ICSE '02.

[26]  J. J. Storey From memory to monitor-pixel display architectures , 1992 .

[27]  Ramalingam Shanmugam Assurance Technologies: Principles and Practices , 1992 .

[28]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[29]  Peter G. Bishop,et al.  A Methodology for Safety Case Development , 2000, SSS.

[30]  Sanjai Rayadurgam,et al.  Auto-generating Test Sequences Using Model Checkers: A Case Study , 2003, FATES.

[31]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[32]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[33]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[34]  Martin L. Shooman Avionics software problem occurrence rates , 1996, Proceedings of ISSRE '96: 7th International Symposium on Software Reliability Engineering.

[35]  Debra S. Herrmann,et al.  Software safety and reliability - techniques, approaches, and standards of key industrial sectors , 2000 .

[36]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[37]  Nancy G. Leveson,et al.  Software Requirements Analysis for Real-Time Process-Control Systems , 1991, IEEE Trans. Software Eng..

[38]  Nancy G Leveson,et al.  Software safety: why, what, and how , 1986, CSUR.

[39]  Fabio Somenzi,et al.  Vacuum Cleaning CTL Formulae , 2002, CAV.

[40]  Bernhard Rumpe,et al.  Model-driven Development of Complex Software : A Research Roadmap , 2007 .

[41]  Mats Per Erik Heimdahl,et al.  Specification test coverage adequacy criteria = specification test generation inadequacy criteria , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[42]  Betty H. C. Cheng,et al.  Research Directions in Requirements Engineering , 2007, Future of Software Engineering (FOSE '07).

[43]  David Lorge Parnas,et al.  Education for computing professionals , 1990, Computer.

[44]  Mats Per Erik Heimdahl,et al.  Test-suite reduction for model based tests: effects on test quality and implications for testing , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[45]  Nancy G. Leveson,et al.  Designing specification languages for process control systems: lessons learned and steps to the future , 1999, ESEC/FSE-7.

[46]  Nancy G. Leveson,et al.  A systems-theoretic approach to safety in software-intensive systems , 2004, IEEE Transactions on Dependable and Secure Computing.

[47]  Jorge L. Díaz-Herrera,et al.  Improving software practice through education: Challenges and future trends , 2007, Future of Software Engineering (FOSE '07).

[48]  Robert P. Kurshan,et al.  A Practical Approach to Coverage in Model Checking , 2001, CAV.

[49]  Richard N. Taylor,et al.  Software Design and Architecture The once and future focus of software engineering , 2007, Future of Software Engineering (FOSE '07).

[50]  Michael W. Whalen,et al.  Proving the Shalls Early Validation of Requirements Through Formal Methods , 2004 .

[51]  Nancy G. Leveson,et al.  The Consistent Comparison Problem in N-Version Software , 1989, IEEE Trans. Software Eng..

[52]  Steven P. Miller,et al.  Applicability of modified condition/decision coverage to software testing , 1994, Softw. Eng. J..

[53]  Nancy G. Leveson,et al.  Should software engineers be licensed? , 2002, CACM.

[54]  Insup Lee,et al.  Data flow testing as model checking , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[55]  Nancy G. Leveson,et al.  Software and higher education , 2006, CACM.

[56]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[57]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.

[58]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .

[59]  Frederick P. Brooks,et al.  No Silver Bullet: Essence and Accidents of Software Engineering , 1987 .

[60]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[61]  Nancy G. Leveson,et al.  Analysis of Faults in an N-Version Software Experiment , 1990, IEEE Trans. Software Eng..

[62]  John C. Knight,et al.  A Taxonomy of Fallacies in System Safety Arguments , 2006 .

[63]  Matthew B. Dwyer,et al.  Formal Software Analysis Emerging Trends in Software Model Checking , 2007, Future of Software Engineering (FOSE '07).

[64]  John A. McDermid,et al.  Software Safety: Where's the Evidence? , 2001, SCS.

[65]  Jr. Frederick P. Brooks,et al.  The mythical man-month (anniversary ed.) , 1995 .

[66]  Stephan Merz,et al.  Model Checking , 2000 .