This Article 
 Bibliographic References 
 Add to: 
From Safety Analysis to Software Requirements
July 1998 (vol. 24 no. 7)
pp. 573-584

Abstract—Software for safety critical systems must deal with the hazards identified by safety analysis. This paper investigates, how the results of one safety analysis technique, fault trees, are interpreted as software safety requirements to be used in the program design process. We propose that fault tree analysis and program development use the same system model. This model is formalized in a real-time, interval logic, based on a conventional dynamic systems model with state evolving over time. Fault trees are interpreted as temporal formulas, and it is shown how such formulas can be used for deriving safety requirements for software components.

[1] G. Bruns and S. Anderson, "Validating Safety Models with Fault Trees," J. Górski, ed., SAFECOMP'93, Proc. 12th Int'l Conf. Computer Safety, Reliability and Security, pp. 21-30. Springer-Verlag, 1993.
[2] CENELEC working group SC 9XA Communication, signaling and processing systems of Technical Committee CENELEC TC 9X, European Standard Railway Applications: Software for Railway Control and Protection Systems, prEN 50128:1995 E edition.
[3] S.J. Clarke and J. McDermid, "Software Fault Trees and Weakest Preconditions: A Comparison and Analysis," Software Eng. J., July 1993.
[4] L.K. Dillon, G. Kutty, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna, “A Graphical Interval Logic for Specifying Concurrent Systems,” ACM Trans. Software Eng. Methods, vol. 3, no. 2, pp. 131-165, Apr. 1994.
[5] J. Dugan, S. Bavuso, and M. Boyd, "Fault Trees and Markov Models for Reliability Analysis of Fault Tolerant Digital Systems," Reliability Eng. and System Safety, vol. 39, pp. 291-307, 1993.
[6] B. Dutertre and V. Stavridou, "Formal Requirements Analysis of an Avionics Control System," IEEE Trans. Software Eng., vol. 23, no. 5, pp. 267-278, May 1997.
[7] J. Górski, J. Magott, and A. Wardzinski, "Modelling Fault Trees Using Petri Nets," Technical Report RR-126/95, The Franco-Polish School of New Information and Communication Tech nologies, 1995.
[8] J. Górski and A. Wardziacutenski, "Deriving Real-Time Requirements for Software from Safety Analysis," Proc. Eighth Euromicro Workshop Real-Time Systems, pp. 9-14. IEEE CS Press, 1996.
[9] K.M. Hansen, "Linking Safety Analysis to Safety Requirements. Exemplified by Railway Interlocking Systems," PhD thesis, Dept. of Information Technology, Technical Univ. of Denmark, Build. 344, DK-2800 Lyngby, Denmark, 1996.
[10] M.R. Hansen and Z. Chaochen, "Duration Calculus: Logical Foundations," Formal Aspects of Computing, 48 p. 1997, to appear.
[11] F. Jahanian and A. K.-L. Mok,“Safety analysis of timing properties in real-time systems,”IEEE Trans. Software Eng., vol. SE-12, pp. 890–904, Sept. 1986.
[12] J.C. Laprie, "Dependable Computing: Concepts and Terminology," D.R. Avresky, ed., Hardware and Software Fault Tolerance in Parallel Computing Systems.Chester, U.K.: Ellis Horwood, 1992.
[13] P.A. Lee and T. Anderson, Fault Tolerance: Principles and Practice, second ed. Vienna, Austria: Springer–Verlag, 1990.
[14] N.G. Leveson, "Software Safety in Embedded Computer Systems," Comm. ACM, vol. 34, no. 2, pp. 34-46, 1991.
[15] N.G. Leveson, S.S. Cha, and T.J. Shimeall, "Safety Verification of Ada Programs Using Software Fault Trees," IEEE Software, pp. 48-59, July 1991.
[16] S. Liu and J.A McDermid, "A Model-Oriented Approach to Safety Analysis Using Fault Trees and a Support System," J. Systems Software, vol. 35, pp. 151-164, 1996.
[17] Z. Liu, A.P. Ravn, E.V. Sørensen, and C. Zhou, "A Probabilistic Duration Calculus," H. Kopetz and Y. Kakuda, eds., Responsive Computer Systems, vol. 7 of Dependable Computing and Fault-Tolerant Systems, pp. 29-52. Springer Verlag, 1993.
[18] D.G. Luenberger, Introduction to Dynamic Systems. Theory, Models&Applications. John Wiley&Sons, 1979.
[19] D.A. Mackall, "Development and Flight Test Experiences with a Flight-Crucial Digital Control System," Technical Report Technical Paper 2857, NASA, NASA Ames Research Center, Dryden Flight Research Facility, Edwards, Calif., 1988.
[20] Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, 1991.
[21] B. Moszkowski, "A Temporal Logic for Multi-Level Reasoning about Hardware. Computer, vol. 18, no. 2, pp. 10-19, 1985.
[22] D.S. Nielsen, "The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis. Technical Report Risö-M-1374, Electronics Dept., Risø, 1971.
[23] Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, Washington, D.C., NUREG/CR-2300, PRA Procedures Guide, 1982.
[24] E.-R. Olderog, A.P. Ravn, and J.U. Skakkebæk, "Refining System Requirements to Program Specifications," C. Heitmeyer and D. Mandrioli, eds. Formal Methods in Real-Time Systems, Trends in Software-Engineering, ch. 5, pp. 107-134. John Wiley&Sons, 1996.
[25] A.P. Ravn, "Design of Embedded Real-Time Computing Ssystems," Technical Report ID-TR:1995-170, Dept. of Computer Science, Technical Univ. of Denmark, DK-2800 Lyngby, Denmark, 1995.
[26] A.P. Ravn, H. Rischel, and K.M. Hansen, “Specifying and Verifying Requirements of Real-Time Systems,” IEEE Trans. Software Eng., vol. 19, no. 1, pp. 41–55, Jan. 1993.
[27] Safety Management Requirements for Defence Systems, Defence Standard 00-56. Kentigern House, Glasgow G2 8EX, Dec. 1996.
[28] Procurement of Safety Critical Software in Defence Equipment, Interim Defence Standard 00-55, Kentigern House, Glasgow G2 8EX, Aug. 1997.
[29] S. Subramanian, R.V. Vishnuvajjala, R. Mojdebakhsh, W.T. Tsai, and L. Elliott, "A Framework for Designing Safe Software Systems," Proc. 19th Int'l Computer Software and Applications Conf., COMPSAC'95, pp. 409-414. IEEE CS Press, 1995.
[30] J.R. Taylor, "A Background to Risk Analysis," vol. 2. technical report, Risø, Elektronics Dept., RisøNational Laboratory, Dk-4000 Roskilde, Denmark, 1979.
[31] Trafiksikkerhed, Trafikstyring, DSB. Sikkerhedsreglement af 1975 (SR), 1975, in Danish.
[32] U.S. Nuclear Regulatory Commission, Fault Tree Handbook, NUREG-0492, Washington, D.C., Jan. 1981.
[33] C. Zhou, C.A.R. Hoare, and A.P. Ravn, "A Calculus of Durations," Information Proc. Letters, vol. 40, no. 5, pp. 269-276, Dec. 1991.

Index Terms:
Safety analysis, fault trees, requirements engineering, formal methods, temporal logic, real-time systems.
Kirsten M. Hansen, Anders P. Ravn, Victoria Stavridou, "From Safety Analysis to Software Requirements," IEEE Transactions on Software Engineering, vol. 24, no. 7, pp. 573-584, July 1998, doi:10.1109/32.708570
Usage of this product signifies your acceptance of the Terms of Use.