An Approach to Designing Safe Embedded Software
The complexity of most embedded software limits our ability to assure safety after the fact, e.g., by testing or formal verification of code. Instead, to achieve high confidence in safety requires considering it from the start of system development and designing the software to reduce the potential for hazardous behavior. An approach to building safety into embedded software will be described that integrates system hazard analysis, user task analysis, traceability, and informal specifications combined with executable and analyzable models. The approach has been shown to be feasible and practical by applying it to complex systems experimentally and by its use on real projects.
KeywordsModeling Language Hazard Analysis Fault Tree Design Safe Data Processing System
Unable to display preview. Download preview PDF.
- JLHM91.M.S. Jaffe, N.G. Leveson, M.P.E. Heimdahl, and B. Melhart. Software requirements analysis for real-time process-control systems. IEEE Trans. on Soft. Eng., SE-17(3), Mar 1991.Google Scholar
- HL96.Heimdahl, M.P.E. and Leveson, N.G. Completeness and Consistency in Hierarchical State-Based Requirements. IEEE Trans. on Soft. Eng., SE-22, No. 6, June 1996.Google Scholar
- Joh80.Johnson, W.G. MORT Safety Assurance Systems, Marcel Dekker, Inc., 1980.Google Scholar
- Lev00a.Leveson, N.G. Intent Specifications. IEEE Trans. on Soft. Eng., Jan. 2000.Google Scholar
- Lev00b.Leveson, N.G. Completeness in Formal Specification Language Design for Process-Control Systems. ACM Formal Methods in Software Practice, Aug 2000Google Scholar
- LHH94.Leveson, N.G., Heimdahl, M.P.E., Hildreth, H., and Reese, J.D. Requirements Specification for Process-Control Systems. IEEE Trans. on Soft. Eng., SE-20, No. 9, Sept. 1994.Google Scholar
- LRK97.Leveson, N.G., Reese, J.D., Koga, S., Pinnel, L.D., and Sandys, S.D. Analyzing Requirements Specifications for Mode Confusion Errors. Int. Workshop on Human Error, Safety, and System Development, Glasgow, March 1997.Google Scholar
- Neo01.Neogi, N. Hazard Elimination Using Backward Reachability and Hybrid Modeling Techniques. Ph.D. Dissertation, Aeronautics and Astronautics, MIT, May 2002.Google Scholar
- RL87.Reese, J.D. and Leveson, N.G. Software Deviation Analysis. International Conference on Software Engineering, Boston, May 1997.Google Scholar
- RZK00.Rodriguez, M., Zimmerman, M., Katahira, M., de Villepin, M., Ingram, B., and Leveson, N.G. Identifying Mode Confusion Potential in Software Design. Digital Aviation Systems Conference, Philadelphia, October 2000.Google Scholar
- SW95.Sarter, N.D. and Woods, D. “How in the World did I Ever Get into That Mode?” Human Factors 37, 5–19.Google Scholar
- WCK91.Wiener, E.L., Chidester, T.R., Kanki, B.G., Palmer E.A., Curry, R.E., and Gregorich, S.E. The Impact of Cockpit Automation on Crew Coordination and Communications. NASA Ames Research Center, 1991.Google Scholar