Specification of Safety

Prevailing approaches to ensuring safety in critical systems are based on two complementary strategies: prevention of failures and deployment of defensive techniques against failures. The former addresses safety concerns by eliminating design errors and by adhering to proven rules of operational practice. The latter, on the other hand, consists of various means to contain failures in hazardous processes and to mitigate the consequences of any failures. Formal methods are important in both respects, but are better established in the area of the former, namely in the elimination of design errors. However, there is no reason why formal methods cannot be employed the design of safety mechanisms that deal with failures. This chapter illustrates how this can be achieved in the specification area, giving at the same time some idea as to the nature of safety requirements.