Full Text

Due to the rapid increase in computer-related technologies, governments and industry are placing greater demands on software-controlled systems. These demands may place software in total or partial control of critical system functions--for example, nuclear reactor shutdown, plane navigation, radiation dosage determination, military target identification, and manufacturing and chemical processes. Faults in such a system can result in catastrophic consequences such as death, injury or environmental harm.

To ensure that safety-critical software systems do not cause accidents, researchers and practitioners are developing techniques to improve various sages of the developmental process. Strategies for conducting preliminary software hazard analysis (PSHA), which includes hazard identification, documentation and review, are the focus of this article. These strategies are designed to improve a system's overall safety by enhancing the completeness, accuracy and precision of the hazard list. Also presented is a framework for applying these strategies to safety-critical software development. The framework and its associated techniques are part of an ongoing joint effort by academia and industry to create a methodology for developing safety-critical software systems.

SOFTWARE SAFETY: A BACKGROUND

For the past decade, researchers and practitioners have focused more intently on software-safety issues due to 1) consequences of software failures; 2) legal issues associated with these consequences; and 3) the increase in software-controlled safety-critical systems. A system is safe from the requirements viewpoint if it meets the requirements risk level for not causing an accident. The U.S. Dept. of Defense (DoD) defines the term accident as "an unplanned event or series of events that results in death or major injury to personnel or damage to the launch vehicle, experiments, spacecraft, associated support equipment or facilities" (MIL-STD-1574A). DoD further defines a major injury as "any injury that results in admission to a hospital, such as bone fracture, second-or third-degree burns, severe lacerations, internal injury, severe radiation exposure, chemical or physical agent toxic exposure, or unconsciousness" (MIL-STD-1574A).

SAFETY VIEWPOINTS

Developers normally view safety from three perspectives: system, hardware and software. System safety encompasses both hardware-and software-safety issues (the overall system's safety). Hardware safety concentrates on ensuring that hardware components are safe. Software safety focuses on software systems. In addition to impacts on system safety, hardware and software affect factors such as environmental conditions and human interactions. Therefore, software-and hardware-safety engineers must...