Risk bands-a novel feature of Safecharts

Safecharts (H. Dammeg and N. Nissanke, 1999) are a safety oriented variant of Statecharts (D. Harel, 1987) and have been developed especially for the use in specification and design of safety critical systems. One of the fundamental aspects of Safecharts is the explicit ordering of system states according to their risk levels. Based on this ordering, transitions are classified according to the nature of their risk and are given a priority scheme favouring the execution of safer transitions in the event of any nondeterminism. As a precaution, transitions between states with unknown relative risk levels are not permitted. As a result, many transitions, including those which might be functionally desirable, may be potentially excluded between states which are located in sparsely populated areas of risk graphs. This is an inadequacy which may be attributed to factors such as incomplete hazard analysis, the lack of information about relative risk levels of different states of the system, etc. In order to extend the permitted transition space in such circumstances and to enhance the risk ordering relation, the paper introduces the concept of risk band. Risk bands enable an unambiguous interpretation of the relevant risk level of states, thus allowing a well understood enhancement of risk graphs and an extension of the concept of safe non-determinism introduced by H. Dammeg and N. Nissanke (1999). An example drawn from the nuclear industry demonstrates the application of Safecharts.