Survey on Safety Evidence Change Impact Analysis in Practice: Detailed Description and Analysis

Critical systems must comply with safety standards in many application domains. This involves gathering safety evidence in the form of artefacts such as safety analyses, system specifications, and testing results. These artefacts can evolve during a system’s lifecycle, and impact analysis might be necessary to guarantee that system safety and compliance are not jeopardised. Although extensive research has been conducted on impact analysis and on safety evidence management, the knowledge about how safety evidence change impact analysis is addressed in practice is limited. This technical report presents a survey targeted at filling this gap by analysing the circumstances under which safety evidence change impact analysis is addressed, the tool support used, and the challenges faced. We obtained 97 valid responses representing 16 application domains, 28 countries, and 47 safety standards. The results suggest that most projects deal with safety evidence change impact analysis during system development and mainly from system specifications, the level of automation in the process is low, and insufficient tool support is the most frequent challenge. Other notable findings are that safety case evolution should probably be better managed, no commercial impact analysis tool has been reported as used for all artefact types, and experience and automation do not seem to greatly help in avoiding challenges. (Less)

[1]  Marc Born,et al.  Application of ISO DIS 26262 in practice , 2010, EDCC-CARS.

[2]  Fredrik Törner,et al.  Automotive Safety Case A Qualitative Case Study of Drivers, Usages, and Issues , 2008, HASE.

[3]  Claes Wohlin,et al.  Experimentation in Software Engineering , 2000, The Kluwer International Series in Software Engineering.

[4]  Leanna Rierson,et al.  Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance , 2013 .

[5]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[6]  Nigel Tracey,et al.  A Safe Change Oriented Process for Safety Critical Systems , 2007 .

[7]  Jose Luis de la Vara,et al.  Safety Evidence Traceability: Problem Analysis and Model , 2014, REFSQ.

[8]  Antje von Knethen,et al.  QuaTrace: a tool environment for (semi-) automatic impact analysis based on traces , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[9]  Mikael Lindvall,et al.  How well do experienced software developers predict software change? , 1998, J. Syst. Softw..

[10]  Robert Goeritzer Using impact analysis in industry , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[11]  Tony Gorschek,et al.  Challenges and practices in aligning requirements with verification and validation: a case study of six companies , 2013, Empirical Software Engineering.

[12]  Aurora Vizcaíno,et al.  Requirements engineering tools: Capabilities, survey and assessment , 2012, Inf. Softw. Technol..

[13]  Muhammad Ali Babar,et al.  Industrial Perspective on the Usefulness of Design Rationale for Software Maintenance: A Survey , 2006, 2006 Sixth International Conference on Quality Software (QSIC'06).

[14]  Hareton K. N. Leung,et al.  A survey of code‐based change impact analysis techniques , 2013, Softw. Test. Verification Reliab..

[15]  Christopher D. Wickens,et al.  A model for types and levels of human interaction with automation , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[16]  Hyun-Jeong Jo,et al.  S/W change impact analysis tool in railway system , 2009, 2009 Transmission & Distribution Conference & Exposition: Asia and Pacific.

[17]  Mohammad Ghafari,et al.  A Framework for Classifying and Comparing Architecture-centric Software Evolution Research , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[18]  Shari Lawrence Pfleeger,et al.  Preliminary Guidelines for Empirical Research in Software Engineering , 2002, IEEE Trans. Software Eng..

[19]  Tom Mens,et al.  Challenges in software evolution , 2005, Eighth International Workshop on Principles of Software Evolution (IWPSE'05).

[20]  Claes Wohlin,et al.  Engineering and Managing Software Requirements , 2005 .

[21]  Shari Lawrence Pfleeger,et al.  Personal Opinion Surveys , 2008, Guide to Advanced Empirical Software Engineering.

[22]  Steffen Lehnert,et al.  A taxonomy for software change impact analysis , 2011, IWPSE-EVOL '11.

[23]  Per Runeson,et al.  Changes, Evolution, and Bugs - Recommendation Systems for Issue Management , 2014, Recommendation Systems in Software Engineering.

[24]  Mehrdad Sabetzadeh,et al.  Management of Evidence for Compliance with Safety Standards : A Survey on the State of Practice , 2013 .

[25]  Mehrdad Sabetzadeh,et al.  Towards a Model-Based Evolutionary Chain of Evidence for Compliance with Safety Standards , 2012, SAFECOMP Workshops.

[26]  John A. McDermid,et al.  Generating and Maintaining a Safety Argument for Integrated Modular Systems , 2000 .

[27]  T P Kelly,et al.  Incremental Safety Assessment: Theory and Practice , 2008 .

[28]  Per Runeson,et al.  A Qualitative Survey of Regression Testing Practices , 2010, PROFES.

[29]  Miroslaw Staron,et al.  Measuring the impact of changes to the complexity and coupling properties of automotive software systems , 2013, J. Syst. Softw..

[30]  Michael G. Hinchey,et al.  Evolving Critical Systems: A Research Agenda for Computer-Based Systems , 2010, 2010 17th IEEE International Conference and Workshops on Engineering of Computer Based Systems.

[31]  Björn Regnell,et al.  Is a Design Rationale Vital when Predicting Change Impact? A Controlled Experiment on Software Architecture Evolution , 2000, PROFES.

[32]  Per Runeson,et al.  Recovering from a decade: a systematic mapping of information retrieval approaches to software traceability , 2013, Empirical Software Engineering.

[33]  David E. Gray,et al.  Doing Research in the Real World , 2004 .

[34]  Robert S. Arnold,et al.  Software Change Impact Analysis , 1996 .

[35]  Markus Borg,et al.  Enabling traceability reuse for impact analyses: A feasibility study in a safety context , 2013, 2013 7th International Workshop on Traceability in Emerging Forms of Software Engineering (TEFSE).

[36]  Kristina Lundqvist,et al.  A Method to Formally Evaluate Safety Case Evidences against a System Architecture Model , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops.

[37]  D. Richard Kuhn,et al.  FAILURE MODES IN MEDICAL DEVICE SOFTWARE: AN ANALYSIS OF 15 YEARS OF RECALL DATA , 2001 .

[38]  Hans Toetenel,et al.  Embedded Software Engineering: The State of the Practice , 2003, IEEE Softw..

[39]  Liming Zhu,et al.  Investigating dependencies in software requirements for change propagation analysis , 2014, Inf. Softw. Technol..

[40]  M H Lloyd,et al.  IEC 61508 and IEC 61511 assessments - some lessons learned , 2009, ICONS 2009.

[41]  P. I. Okwu,et al.  Software Evolution: Past, Present and Future , 2014 .

[42]  Guilherme Horta Travassos,et al.  Would Sociable Software Engineers Observe Better? , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[43]  Tom Mens,et al.  Towards a taxonomy of software change , 2005, J. Softw. Maintenance Res. Pract..

[44]  Steffen Lehnert,et al.  A review of software change impact analysis , 2011 .

[45]  Per Runeson,et al.  Challenges in Flexible Safety-Critical Software Development - An Industrial Qualitative Survey , 2013, PROFES.

[46]  Mitesh Mistry,et al.  Implementation of Change Management in Safety Cases , 2008 .

[47]  Björn Regnell,et al.  Architecting and Coordinating Thousands of Requirements - An Industrial Case Study , 2009, REFSQ.

[48]  Jose Luis de la Vara,et al.  A review of traceability research at the requirements engineering conferencere@21 , 2013, 2013 21st IEEE International Requirements Engineering Conference (RE).

[49]  C. W. Johnson,et al.  - 1-Using Software Development Standards to Analyse Accidents Involving Electrical , Electronic or Programmable , Electronic Systems : The Blade Mill PLC Case Study , 2022 .

[50]  James S. Ketchel,et al.  Impact analysis , 1974, ACM '74.

[51]  John C. Grundy,et al.  Lessons learned from conducting industry surveys in software testing , 2013, 2013 1st International Workshop on Conducting Empirical Studies in Industry (CESI).

[52]  Mikael Lindvall Evaluating Impact Analysis – A Case Study , 2004, Empirical Software Engineering.

[53]  Kai Petersen,et al.  Analyzing an automotive testing process with evidence-based software engineering , 2013, Inf. Softw. Technol..

[54]  Alessandro F. Garcia,et al.  On the Impact of Evolving Requirements-Architecture Dependencies: An Exploratory Study , 2008, CAiSE.

[55]  Dongmei Zhang,et al.  How do software engineers understand code changes?: an exploratory study in industry , 2012, SIGSOFT FSE.

[56]  Mehrdad Sabetzadeh,et al.  Evidence management for compliance of critical systems with safety standards: A survey on the state of practice , 2015, Inf. Softw. Technol..

[57]  Keith H. Bennett,et al.  Software evolution: past, present and future , 1996, Inf. Softw. Technol..

[58]  Arbi Ghazarian A Research Agenda for Software Reliability , 2009 .

[59]  Gerald T. Mackulak,et al.  Reducing the risk of requirements volatility: findings from an empirical survey , 2011, J. Softw. Maintenance Res. Pract..

[60]  Yi Zhang,et al.  Strategic Traceability for Safety-Critical Projects , 2013, IEEE Software.

[61]  Tim Kelly A Systematic Approach to Safety Case Management , 2004 .

[62]  Leon Moonen,et al.  Fine-grained change impact analysis for component-based product families , 2012, 2012 28th IEEE International Conference on Software Maintenance (ICSM).

[63]  Amiram Yehudai,et al.  Using social media to study the diversity of example usage among professional developers , 2011, ESEC/FSE '11.

[64]  Johannes Stammel,et al.  ABB DARWIN Software Evolution for Industrial Automation Systems: Literature Overview , 2011 .

[65]  Yujia Ge,et al.  Notice of RetractionProbability-based safety related requirements change impact analysis , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[66]  Craig W. Johnson,et al.  An investigation into the loss of the Brazilian space programme’s launch vehicle VLS-1 V03 , 2008 .

[67]  Andrew J. Kornecki,et al.  Certification of software for real-time safety-critical systems: state of the art , 2009, Innovations in Systems and Software Engineering.

[68]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[69]  Rogério de Lemos,et al.  Safety analysis of an evolving software architecture , 2000, Proceedings. Fifth IEEE International Symposium on High Assurance Systems Engineering (HASE 2000).

[70]  Mehrdad Sabetzadeh,et al.  An extended systematic literature review on provision of evidence for safety certification , 2014, Inf. Softw. Technol..

[71]  Jose Luis de la Vara,et al.  SafetyMet: A Metamodel for Safety Standards , 2013, MoDELS.

[72]  P. N. van der Spek,et al.  Managing software evolution in embedded systems , 2010 .

[73]  W. Eric Wong,et al.  Recent Catastrophic Accidents: Investigating How Software was Responsible , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement.

[74]  M. R. Strens,et al.  Strategies, tactics and methods for handling change , 1996, Proceedings IEEE Symposium and Workshop on Engineering of Computer-Based Systems.

[75]  Lefteris Angelis,et al.  An Empirical Study on Views of Importance of Change Impact Analysis Issues , 2008, IEEE Transactions on Software Engineering.