System Safety Requirements as Control Structures

Along with the popularity of software-intensive systems, the interactions between system components and between humans and software applications are becoming more and more complex. This results in system accidents related to system safety issues. System accidents are different to failures related to component reliability. System safety is not well addressed, because functional requirements and safety requirements are separately handled in practice. In this paper, we consider safety requirements as control structures that restrict system behaviors at meta-model level. We propose the formalism of interface C-Systems, short for "interface control systems''. In this framework, functional requirements and safety requirements are separately formalized as interface automata and controlling automata respectively, as what we are doing in practice. The controlling automaton may guarantee safety requirements at design-time or runtime. Then the global system is a safe specification. The underlying mechanism differs from that of model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a new top-down methodology for designing and modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. In practice, this methodology may be also used for safety checking, incident reporting and service restoration.

[1]  Friedemann Bitsch,et al.  Safety Patterns - The Key to Formal Specification of Safety Requirements , 2001, SAFECOMP.

[2]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[3]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[4]  Stephan Merz,et al.  Model Checking , 2000 .

[5]  J. E. Groves,et al.  Made in America: Science, Technology and American Modernist Poets , 1989 .

[6]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[7]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[8]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[9]  Donald Firesmith,et al.  Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements , 2004, J. Object Technol..

[10]  M. W. Shields An Introduction to Automata Theory , 1988 .

[11]  Zhe Chen,et al.  Modeling System Safety Requirements Using Input/Output Constraint Meta-automata , 2009, 2009 Fourth International Conference on Systems.

[12]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[13]  Zhe Chen,et al.  Formalizing Safety Requirements Using Controlling Automata , 2009, 2009 Second International Conference on Dependability.

[14]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[15]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[16]  Nancy G. Leveson,et al.  Evaluating Accident Models Using Recent Aerospace Accidents, Part 1: Event-Based Models , 2001 .

[17]  Jean-Claude Geffroy,et al.  Design of Dependable Computing Systems , 2002, Springer Netherlands.

[18]  Gilles Motet,et al.  Risks of faults intrinsic to software languages: Trade-off between design performance and application safety , 2009 .

[19]  Trevor Kletz,et al.  Human problems with computer control , 1982 .

[20]  T. Kohda,et al.  Accident cause analysis of complex systems based on safety control functions , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[21]  Nancy G. Leveson,et al.  Applying systems thinking to analyze and learn from events , 2010 .

[22]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .