SAFETY CRITICAL SYSTEM Jeremiah Lin Jennifer Li Vidisha Raj ChiaChuan Wu Sahil Kumar

FSE - 2014 Fall Team SA5 - Jevi’s

1

AGENDA

I. Introduction

II. An Example

III.Domain Characteristics

1. Constrains

2. Distribution & Users

3. Complexity

4. Quality Attributes

5. Volatility

6. Norms and Legacy

IV. Impacts

1. Methods

2. Disciplines

3. Automation

V. Summary

2

INTROWhat is Safety Critical System?

✦ death or serious injury to people

✦ loss or severe damage to equipment

✦ environmental harm

Aviation industry:

✦ Air traffic control systems

✦ Avionics, particularly Fly-by-wire systems

✦ Radio navigation systems

✦ Engine control systems

✦ Aircrew life support systems

✦ Flight planning to determine fuel requirements for a flight

3

< 1 lifeper billion hours of operation

AIR-TRAFFIC CONTROL SYSTEM

4

FLY-BY-WIRE

5

DOMAIN CHARACTERISTICS

6

✦ Specific Purpose

✦ Proprietary Machines

DISTRIBUTION & USERS

7

✦ Specific Purpose

✦ Proprietary Machines

DISTRIBUTION & USERS

8

✦ Specific Purpose

✦ Proprietary Machines

DISTRIBUTION & USERS

9

✦ Specific Purpose

✦ Proprietary Machines

✦ Unique Power

DISTRIBUTION & USERS

10

✦ Specific Purpose

✦ Proprietary Machines

✦ Unique Power

✦ Well Trained Users

DISTRIBUTION & USERS

11

COMPLEXITY & CONSTRAINTS✦ Multidimensional Domains

✦ Unexpected Scenarios

✦ False Alarm

✦ Human Factors

✦ Software Defects

12

Formalization of safety-

critical requirements

Static analysis of functional & non-functional

system properties

QUALITY ATTRIBUTES

Architecture-centric model-

based engineering

System and software assurance

13

✦ Tightly-coupled software components distributed across so many nodes may introduce problems

✦ Errors introduced during the software design phase are propagated in the implementation and may not be caught by testing efforts

✦ 70% of software defects are introduced during the requirements and architecture design phases

- The UNKNOWNS of Safety Critical

14

VOLATILITIES

NORMS & LEGACY

V-lifecycle model

Verification

Validation

Parallel with development process

Coding language:

High Reliability

• ADA

• Spark

• Haskell

15

IMPACTS

16

DO178BSoftware Considerations in Airborne Systems and Equipment Certification

17

For Customer

For Supplier

✦ Expensive and time consuming

✦ Requirements come late to projects

✦ In big batches

✦ Does not reduce complexity

✦ Does not provide early feedback

✦ Compromises the reliability and the efficiency

CHALLENGES

18

• Loss of confidence in the reliability

• Delay of final delivery

• Big batches are not efficient

• Safety-related activities performed late

• Late feedback implies more rework

V-ModelXP/Scrum

+ Lean

Big Batches

Small Batches

Late Engagement

Frequent Delivery

Integration Test Failure

TDD

“Agile & Lean software development for avionic software”

http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf 19

Hazardous MajorCatastrophic

Catastrophic – Failure may cause a crash. Error or loss of critical function required to safely fly and land aircraft.

Hazardous – Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft.

Major – Failure is significant, but has a lesser impact than a Hazardous failure or significantly increases crew workload

Minor – Failure is noticeable, but has a lesser impact than a Major failure

No Effect – Failure has no impact on safety, aircraft operation, or crew workload.

Minor No Effect

DESIGN ASSURANCE

20

QUALITY ASSURANCEIdentify hazards as early as possible!

• White box testing

• Black box testing

• Reviews

• Static analysis

• Dynamic analysis and coverage

21

Performance Analysis

Coverage Analysis

AUTOMATION

22

QUESTION?

23

Agile & Lean software development for avionic software

http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf

http://staff.washington.edu/jon/pubs/safety-critical.html

http://www.erts2012.org/Site/0P2RUC89/7A-4.pdf

REFERENCES

24