Software Hazard and Safety Analysis

  • John McDermid
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2469)


Safety is a system property and software, of itself, cannot be safe or unsafe. However software has a major influence on safety in many modern systems, e.g. aircraft and engine controls, railway signalling, and medical equipment.

The paper outlines the principles of system hazard and safety analysis, and briefly describes work on adapting classical hazard and safety analysis techniques to apply to software. It then briefly discusses the role of formal analysis in software hazard and safety assessment, indicating both the state of practice and the aims of some ongoing research projects. Note: this paper is provided to support a tutorial on software hazard and safety analysis, and is not intended to be a definitive treatment of the issues.


Model Check Safety Analysis System Safety Fault Tree Safety Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Leveson, N.G., Safeware: System Safety and Computers, Addison Wesley, 1995.Google Scholar
  2. 2.
    US Department of Defense, Military Standard 882C (Change Notice 1): System Safety Program Requirements, 1996.Google Scholar
  3. 3.
    UK Ministry of Defence, Defence Standard 00-56 Issue 2: Safety Management Requirements for Defence Systems, 1996.Google Scholar
  4. 4.
    Australian Department of Defence, Australian Defence Standard Def(Aust) 5679: Procurement of Computer-based Safety Critical Systems, 1998.Google Scholar
  5. 5.
    Society of Automotive Engineers Inc, Aerospace Recommended Practice (ARP) 4754: Certification Considerations for Highly-Integrated or Complex Aircraft Systems, 1996.Google Scholar
  6. 6.
    Society of Automotive Engineers Inc, Aerospace Recommended Practice (ARP) 4761: Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment, 1996.Google Scholar
  7. 7.
    Hermann, D., Software Safety and Reliability, IEEE Computer Society Press, 1999.Google Scholar
  8. 8.
    RTCA and EUROCAE. Software Considerations in Airborne Systems and Equipment Certification, Radio Technical Commission for Aeronautics RTCA DO-17B/EUROCAE ED-12B, 1993Google Scholar
  9. 9.
    UK Ministry of Defence, Defence Standard 00-55 Requirements of Safety Related Software in Defence Equipment, 1997Google Scholar
  10. 10.
    IEC (International Electrotechnical Commission). IEC-61508: Functional safety of electrical/electronic/ programmable electronic safety-related systems, 1997.Google Scholar
  11. 11.
    Y Papadopoulos, Y., McDermid, J. A., The Potential for a Generic Approach to the Certification of Safety-Critical Systems in the Transportation Sector, Reliability Engineering and System Safety, Vol. 63, Issue 1, 1999.Google Scholar
  12. 12.
    Redmill, F. Safety Integrity Levels-Theory and Problems, in Lessons in System Safety, Proceedings of the Eighth Safety-Critical Systems Symposium, Springer Verlag, 2000.Google Scholar
  13. 13.
    McDermid, J. A., Software Safety: Where’s the Evidence?, in Proc. 6 Australian Workshop on Industrial Experience with Safety systems and Software, Australian Computer Society, 2001.Google Scholar
  14. 14.
    Clarke, E.M., Grumberg, O., Peled, D.A., Model Checking, The MIT Press, 1999Google Scholar
  15. 15.
    Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J., Symbolic Model Checking: 1020 States and Beyond, Information and Computation, Volume 98, Number 2, 1992.Google Scholar
  16. 16.
    Clarke, E., Grumberg, O., Somesh, J., Lu, Y., Veith, H., Progress on the State Explosion Problem in Model Checking, in Informatics: 10 years Back. 10 Years Ahead, Wilhelm, R. (Ed.), LNCS 2000, Springer Verlag, 2001.Google Scholar
  17. 17.
    Hawkins R. D., McDermid, J. A., Performing Hazard and Safety Analysis of Object Oriented Systems, in Proceedngs of ISSC, Denver, August 2002.Google Scholar
  18. 18.
    Leveson, N. G., Safeware Engineering Corporation-SpecTRM,
  19. 19.
    Wirth, N., Program Development by Stepwise Refinement, Communications of the ACM, Volume 14, Number 4, 1971.Google Scholar
  20. 20.
    Morgan, C. C., Programming from Specifications, Prentice Hall, 1994.Google Scholar
  21. 21.
    Neilsen, D. S., From Z to C: Illustration of a Rigorous Proof Method, DPhil Thesis, Oxford 1989.Google Scholar
  22. 22.
    Banach, R., Poppleton, M., Sharp Retrenchment, Modulated Refinement, and Simulation, Formal Aspects of Computing, 11, 498–540, 1999zbMATHCrossRefGoogle Scholar
  23. 23.
    S K Dawkins, S. K., Kelly, T. P., McDermid, J. A., Murdoch, J., Pumfrey, D. J., Issues in the Conduct of PSSA, In Proceedings of ISSC, Orlando, 1999Google Scholar
  24. 24.
    UK Ministry of Defence, Defence Standard 00-58: HAZOP Studies on Systems Containing Programmable Electronics, 1996.Google Scholar
  25. 25.
    McDermid, J. A., Pumfrey, D. J., A Development of Hazard Analysis to aid Software Design, in Proceedings of COMPASS’94, Gaithersburg, 1994.Google Scholar
  26. 26.
    Barnes, J. G., High Integrity Ada: The SPARK Approach, Addison Wesley, 1997.Google Scholar
  27. 27.
  28. 28.
    Leveson, N. G., Harvey, P. R., Software Fault Tree Analysis, Journal of Systems and Software, 1983.Google Scholar
  29. 29.
    Leveson, N. G., Shimeall, T. J., Safety Verification of Ada Programs using Software Fault Trees, IEEE Software, 1991.Google Scholar
  30. 30.
  31. 31.
    Harrison, K. J., Static Code Analysis on the C-130J Hercules Safety Critical Software, Aerosystems International, 1999Google Scholar
  32. 32.
    O’Halloran, C., Smith, A., Verification of Picture-Generated Code, in Proceedings of the 14 IEEE Conference on Automated Software Engineering, 1999Google Scholar
  33. 33.
    Damm W., et al, Formal Verification of an Avionics Application using Abstraction and Model Checking, in Towards System Safety, F Redmill, F., Anderson, T. (Eds), Springer Verlag, 1999Google Scholar
  34. 34.
    Eccles, M. A., STAMP Tool Assessment, BAe-WSC-RP-R&D-0031, BAe Warton, 1995.Google Scholar
  35. 35.
    Bate, I. J., Conmy, P. M., McDermid, J. A., Generating Evidence for Certification of Modern Processors for use in Safety-Critical Systems, in Proceedings of the 5th International High Assurance Systems Engineering Symposium, Albuquerque, 2000.Google Scholar
  36. 36.
    Cullen, the Hon. Lord, The Public Enquiry into the Piper Alpha Disaster, HMSO, ISBN 0-10-113102, 1990.Google Scholar
  37. 37.
    Weaver, R. A., McDermid, J. A., Kelly, T. P., Software Safety Arguments: Towards a Systematic Categorisation of Evidence, in Proceedings of ISSC, Denver, August 2002.Google Scholar
  38. 38.
    Blow, J., Buttle, D., Galloway, A. J., Differential Proof Contexts in SPARK, submitted for publication, 2002.Google Scholar
  39. 39.
    Galloway, A. J., McDermid, J. A., Murdoch, J. M., Pumfrey D. J., Automation of System Safety Analysis: Possibilities and Pitfalls, in Proceedings of ISSC, Denver, August 2002.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • John McDermid
    • 1
  1. 1.University of YorkHeslingtonUK

Personalised recommendations