Towards Normal Design for Safety-Critical Systems

  • Derek Mannering
  • Jon G. Hall
  • Lucia Rapanotti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4422)


Normal design is, essentially, when an engineer knows that the design they are working on will work. Routine ‘traditional’ engineering works through normal design. Software engineering has more often been assessed as being closer to radical design, i.e., repeated innovation. One of the aims of the Problem Oriented Software Engineering framework (POSE) is to provide a foundation for software engineering to be considered an application of normal design. To achieve this software engineering must mesh with traditional, normal forms of engineering, such as aeronautical engineering. The POSE approach for normalising software development, from early requirements through to code (and beyond), is to provide a structure within which the results of different development activities can be recorded, combined and reconciled. The approach elaborates, transforms and analyses the project requirements, reasons about the effect of (partially detailed) candidate architectures, and audits design rationale through iterative development, to produce a justified (where warranted) fit-for-purpose solution. In this paper we show how POSE supports the development task of a safety-critical system. A normal ‘pattern of development’ for software safety under POSE is proposed and validated through its application to an industrial case study.


Software Engineering Requirement Engineering Problem Frame Fault Tree Analysis Fault Tree Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Vincenti, W.G.: What Engineers Know and How They Know It: Analytical Studies from Aeronautical History. The Johns Hopkins University Press, Baltimore (1990)Google Scholar
  2. 2.
    Maibaum, T.: Mathematical foundations of software engineering: a roadmap. In: ICSE 2000, King’s College, London (2000)Google Scholar
  3. 3.
    Jackson, M.: Problem frames and software engineering. Information and Software Technology 47(14), 903–912 (2005)CrossRefGoogle Scholar
  4. 4.
    Mannering, D., Hall, J.G., Rapanotti, L.: Relating safety requirements and system design through problem oriented software engineering. Technical Report 2006/11, Open University, Dept. of Computing (2006)Google Scholar
  5. 5.
    Hall, J.G., Rapanotti, L., Jackson, M.A.: Problem oriented software engineering. Technical Report 2006/10, Open University, Dept. of Computing (2006)Google Scholar
  6. 6.
    Jackson, M.A.: Problem Frames: Analyzing and Structuring Software Development Problem, 1st edn. Addison-Wesley, Reading (2001)Google Scholar
  7. 7.
    Cox, K., Hall, J.G., Rapanotti, L. (eds.): Proceedings of ICSE 1st International Workshop on Applications and Advances of Problem Frames. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  8. 8.
    Cox, K., Hall, J.G., Rapanotti, L. (eds.): Journal of Information and Software Technology (Special issue on Problem Frames) 47 (November 2005)Google Scholar
  9. 9.
    Hall, J.G., Rapanotti, L., Cox, K., Jin, Z.: Proceedings of the 2nd International Workshop on Advances and Applications of Problem Frames, ACM SIGSOFT (2006)Google Scholar
  10. 10.
    SAE: ARP4761: Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment. Technical report (December 1996)Google Scholar
  11. 11.
    Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology 6(1), 1–30 (1997)CrossRefGoogle Scholar
  12. 12.
    Courtois, P.J., Parnas, D.L.: Documentation for safety critical software. In: 15th International Conference on Software Engineering, Baltimore, USA, pp. 315–323 (1997)Google Scholar
  13. 13.
    van Lamsweerde, A.: Requirements engineering in the year 00: A research perspective. In: ICSE’00, 22nd International Conference on Software Engineering, Limerick (2000)Google Scholar
  14. 14.
    Bharadwaj, R., Heitmeyer, C.: Developing high assurance avionics systems with the SCR requirements method. In: Proceedings of the 19th DASC, vol. 1, pp. 1D1/1 –1D1/8 (2000)Google Scholar
  15. 15.
    Leveson, N.G.: Completeness in formal specification language design for process-control systems. In: Proceedings of the third workshop on Formal methods in software practice, Portland, Oregon, ACM Press, New York (2000)Google Scholar
  16. 16.
    Leveson, N.G.: Intent specifications: An approach to building human-centered specifications. IEEE Transactions on Software Engineering 26(1), 15–35 (2000)CrossRefGoogle Scholar
  17. 17.
    de Lemos, R., Saeed, A., Anderson, T.: On the integration of requirements analysis and safety analysis for safety-critical systems. Technical Report University of Newcastle upon Tyne (1998),
  18. 18.
    UK-MoD: Safety management requirements for defence systems part 1 requirements. Interim Defence Standard 00-56 Issue 3, MoD (17 December 2004)Google Scholar
  19. 19.
    RTCA/DO-178B: Software considerations in airborne systems and equipment certification. Technical report (December 1, 1992)Google Scholar
  20. 20.
    Zave, P., Jackson, M.A.: Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology 6(1), 1–30 (1997)CrossRefGoogle Scholar
  21. 21.
    Gunter, C.A., Gunter, E.L., Jackson, M., Zave, P.: A reference model for requirements and specifications. IEEE Software 17(3), 37–43 (2000)CrossRefGoogle Scholar
  22. 22.
    Coad, P.: Object oriented patterns. Communications of the ACM 35(9), 152–160 (1992)CrossRefGoogle Scholar
  23. 23.
    Rapanotti, L., Hall, J.G., Jackson, M.: Problem-oriented software engineering: solving the package router control problem. Technical report 2006/07, Open University, Dept. of Computing (2006)Google Scholar
  24. 24.
    Rapanotti, L., Hall, J.G., Li, Z.: Deriving specifications from requirements through problem reduction. IEE Proceedings, Software 153(5), 183–210 (2006)CrossRefGoogle Scholar
  25. 25.
    Mannering, D., Hall, J.G., Rapanotti, L.: A problem-oriented approach to normal design for safety-critical systems. Technical Report 2006/14, Centre for Research in Computing (2006)Google Scholar
  26. 26.
    Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault Tree Handbook. Volume NUREG-0492. U.S. Nuclear Regulatory Commission (1981)Google Scholar
  27. 27.
    Hilton, A.J., Townson, G., Hall, J.G.: FPGAs in critical hardware/software systems. In: FPGA 2003, Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, p. 244 (2003)Google Scholar
  28. 28.
    Hilton, A., Hall, J.G.: Developing critical systems with PLD components. In: Margaria, T., Massink, M. (eds.) FMICS ’05: Proceedings of the 10th international workshop on Formal methods for industrial critical systems, pp. 72–79. ACM Press, New York (2005)CrossRefGoogle Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Derek Mannering
    • 1
  • Jon G. Hall
    • 2
  • Lucia Rapanotti
    • 2
  1. 1.General Dynamics UK Limited 
  2. 2.Centre for Research in Computing, The Open University 

Personalised recommendations