Validation

Overview

Validation deals with the question “Is this system fit for its purpose?”. Before a safety critical system can be put into operation, convincing evidence must be gathered from independent sources to ensure that the system is trustworthy. Combining this evidence to support the conclusion “yes, this system is safe to deploy” is a subjective process, which must be supported by judicious arguments taking the results of rational analysis and experimental observations into consideration wherever possible.

This chapter starts with a discussion of what constitutes a convincing safety case. It is argued that the properties of the architecture have a decisive influence on the structure of the safety case. Section 12.2 investigates the state of the art of formal methods and their contribution to the validation of ultradependable real-time systems. The use of a semi-formal notation during requirements capture and in the documentation increases the accuracy and helps to avoid the ambiguity of natural language. Fully automatic verification environments that cover the complete system from the high-level specification to the hardware are beyond the current state of the art.

Section 12.3 is devoted to the topic of testing real-time systems. The challenge in testing real-time systems is to find a layout that does not influence the temporal behavior of the system. After presenting some techniques that lead to a testable design, the question of test data selection is raised. Finally, we pose the question: “What do we know about the dependability if the system has been operating correctly during the testing phase?”.

Section 12.4 focuses on dependability analysis. After an explanation of the terms hazard and risk, the techniques of Fault-Tree Analysis and Failure-Mode-And-Effect Analysis are outlined.