Software Safety and Hazard Analysis
The Leveson [LEV86] is discusses the impact of software in safety critical system when she writes:
Previously software was used in security critical systems; they were often controlled through conventional nonprogrammable electronic devices and mechanical. System security methods are designed to cope with Random failure in these nonprogrammable systems. Human design bugs are not considered yet it is consider in which all faults caused through human errors can be avoided completely or removed prior to operation and delivery.
When software is used as category of the control system complexity can rise through an order of more or magnitude. Subtle design faults induced through human error something which can be uncovered and eliminated in hardware-based conventional control- become much harder to uncover when software is used.
Hazard analysis and Software safety are software quality assurance activities which focus on the assessment and identification of potential hazards which may impact software negatively and cause an entire system to fail. If hazards can be identified previously in the software engineering procedure software design features can be specified which will either control or eliminate potential hazards.
An analysis process and modelling is conducted as category of software safety. Originally hazards are recognized and categorized through risk and criticality. Example for some of the hazards related with a computer- based cruise control for an automobile might be:
- Cause uncontrolled acceleration which cannot be stopped
- When the brake pedal is depressed does not disengage
- When switch is activated does not engage
- Gains speed or slowly loses
Once these system-level hazards are recognized analysis methods are used to assign probability and severity of occurrence. To be effectual software must be analyzed in the context of the entire system. Example for a subtle user input error people are system parts may be magnified through a software fault to produce control data that improperly positions a mechanical device. If a group of external environmental conditions are met and only if they are met the improper condition of the mechanical device will cause a disastrous failure. By analysis method like as fault tree analysis [VES81] can be used to predict the chain of events which can cause hazards and the possibility that every of the events will occur to build the chain.
Fault tree analysis develops a graphical model of the concurrent and sequential combinations of events which can lead to a hazardous event or system state. By using a well-developed fault tree it is possible to observe the consequences of a sequence of interrelated failures which occur in various system components. Real- time logic develops a system model through specifying events and corresponding actions. By the event action model can be analyzed using logic operations to test safety assertions about system parts and their timing. The Petrinet models can be used to determine the faults which are most hazardous.
This approach is analogous to the risk analysis approach define for software project management. The primary dissimilarity is the emphasis on technology matter as opposed to project related topics.
Once hazards are recognized and analyzed his safety related needs can be specified for the software. Which is the specification can contain a list of undesirable events and the desired system responses to these events. The task of software in managing undesirable events is then indicated.
Although software reliability and software safety both are closely associated to one another it is important to understand the subtle dissimilarity among them Software reliability uses statistical analysis to determine the likelihood through a software failure will generated. However the occurrence of a failure does not necessarily result in a hazard or mishap. The Software safety examines the ways in which failures result in conditions which can lead to a mishap. That the failures are not considered in a vacuum but it is evaluated in the context of an entire computer-based system.
A comprehensive discussion of hazard and software safety analysis is beyond the range of this book. Those readers with further interest should provide to Leveson's [LEV95] book on the subject.