Abstract
Developing safety-critical, software-intensive embedded systems are characterized by the need to identify hazards and to define hazard-mitigating requirements at the earliest possible stage of development, i.e., during requirements engineering. These hazard-mitigating requirements must be adequate in the sense that they must specify the functionality required by the stakeholders in addition to rendering the system sufficiently safe during operation. The adequacy of hazard-mitigating requirements is determined during requirements validation. Yet, the validation of the adequacy of hazard-mitigating requirements is burdened by the fact that hazards and contextual information about hazards are a work product of safety assessment, and hazard-mitigating requirements are a work product of requirements engineering. These work products are poorly integrated such that during validation, the information needed to determine the adequacy of hazard-mitigating requirements is not available to stakeholders. In consequence, there is the risk that inadequate hazard-mitigating requirements remain covert and the system is falsely considered safe. To alleviate this issue, we have previously proposed (Tenbergen et al., in: Proceedings of the 21st international working conference on requirements engineering: foundation for software quality, pp 17–32, 2015), improved, and evaluated (Tenbergen et al. in Requir Eng J 23(2):291–329, 2018. https://doi.org/10.1007/s00766-017-0267-9) a novel diagram type called “Hazard Relation Diagrams.” In this paper, we present a semiautomated formal approach and tool support for their generation. We make use of a running example to illustrate the concepts.
Similar content being viewed by others
Notes
A more adequate mitigation might consider the use of a redundant source for yaw rate and lateral acceleration, e.g., through an inertial measuring unit.
Here and in the following, we use the operator \( x \in_{t} U \) to denote that some \( x \) is element of some tuple \( U \), regardless of its index within \( U \). Since the tuples in this research are unambiguous due to their membership order and type-specificity, the following holds as a simplification of [4]: \( \in_{t} : = \exists x|U = (u_{1} , u_{2} , \ldots , u_{n} ) \wedge x = u_{t} ,0 < t < n \).
The tool prototype including the implementation of pseudo-code scripts is available at https://bit.ly/34mSGW0.
The diagrams in this manuscript have been created using these tool prototypes. Their implementations along with documentation for installation and usage are available at http://goo.gl/MdxJie.
For researchers interested in replicating our experiments, all experimental materials are available at https://goo.gl/XwJJQu.
The experimental results can be found at https://goo.gl/XwJJQu.
References
Allenby, K., Kelly, T.: Deriving safety requirements using scenarios. In: Proceedings of the 5th IEEE International Symposium on Requirements Engineering, pp. 228–235 (2001)
Ammar, L., Trabelski, A., Mahfoudhi, A.: Incorporating usability requirements into model transformation technologies. Requir. Eng. 20, 465–479 (2015)
Aurum, A., Petersson, H., Wohlin, C.: State-of-the-art: software inspections after 25 years. Softw. Test. Verif. Reliab. 12(3), 133–154 (2002)
Awodey, S.: From sets to types, to categories, to sets. In: Sommaruga, G. (ed.) Foundational Theories of Classical and Constructive Mathematics, pp. 113–125. Springer, Heidelberg (2011)
Basir, N., Denney, E., Fischer, B.: Deriving safety cases for hierarchical structure in model-based development. In: Proceedings of the 29th International Conference on Computer Safety, Reliability, and Security, pp. 68–81 (2010)
Belli, F., Hollmann, A., Nissanke, N.: Modeling, analysis and testing of safety issues—an event-based approach and case study. In: Proceedings of the 26th International Conference Computer Safety, Reliability and Security, pp. 276–282 (2007)
Berry, D.: The safety requirements engineering dilemma. In: Proceedings of the 9th International Workshop on Software Specification and Design, pp. 147–149 (1998)
Bharadwaj, R., Heitmeyer, C.: Model checking complete requirements specifications using abstraction. Autom. Softw. Eng. 6(1), 37–68 (1999)
Bishop, P., Bloomfield, R., Guerra, S.: The future of goal-based assurance cases. In: Proceedings of the Workshop on Assurance Cases. Supplemental Volume of the 2004 International Conference on Dependable Systems and Networks, pp. 390–395 (2004)
Bitsch, F.: Safety patterns—the key to formal specification of safety requirements. In: Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, pp. 176–189 (2001)
Boehm, B.: Verifying and validating software requirements and design specifications. IEEE Softw. 75–88 (1984)
Carver, J., Jaccheri, L., Morasca, S., Shull, F.: Issues in using students in empirical studies in software engineering education. In: Proceedings of the 9th International Software Metrics Symposium, pp. 239–249 (2003)
Carver, J., Nagappan, N., Page, A.: The impact of educational background on the effectiveness of requirements inspections: an empirical study. IEEE Trans. Softw. Eng. 34(6), 800–812 (2008)
Cheung, S., Kramer, J.: Checking Safety properties using compositional reachability analysis. ACM Trans. Softw. Eng. Methodol. 8, 49–78 (1999)
Cleland-Huang, J., Heimdahl, M., Huffman Hayes, J., Lutz, R., Maeder, P.: Trace queries for safety requirements in high assurance systems. In: Proceedings of the 18th International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 179–193 (2012)
Cleland-Huang, J., Settimi, R., BenKhadra, O., Berezhanskaya, E., Christina, S.: Goal-centric traceability for managing non-functional requirements. In: Proceedings of the 27th International Conference on Software Engineering, pp. 362–371 (2005)
Cooper, K., DePrenger, M., Mattern, S., McKinley, A., Pajouhesh, A., Shampine, D.: Joint Software Systems Safety Engineering Handbook. United States Department of Defense, Version 1.0, 2010. http://www.acqnotes.com/Attachments/Joint-SW-Systems-Safety-Engineering-Handbook.pdf. Accessed 9 Apr 2020
Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 3rd edn. Sage Publications, Los Angeles (2008)
Despotou, G., Kelly, T., White, S., Ryan, M.: Introducing safety cases for health IT. In: Proceedings of the 4th International Workshop on Software Engineering in Health Care, pp. 44–50 (2012)
Dezfuli, H., Benjamin, A., Everett, M., Smith, C., Stamatelatos, M., Youngblood, R.: NASA System Safety Handbook. Volume 1, System Safety Framework and Concepts for Implementation. US National Aeronautics and Space Administration, Document No. NASA/SP-2010-580 (2011). https://ntrs.nasa.gov/search.jsp?R=20120003291. Accessed 25 Oct 2018
Dittel, T., Aryus, H.: How to “survive” a safety case according to ISO 26262. In: Proceedings of the 29th International Conference on Computer Safety, Reliability and Security, pp. 97–111 (2010)
Eclipse UML2 Tools: Luna Package Distribution. https://goo.gl/6EfDUi. Accessed 25 Oct 2018
Eclipse UML2 Tools: Luna Package Distribution. https://goo.gl/fXLxfe. Accessed 25 Oct 2018
Eclipse Modeling Tools: Luna Package Distribution. https://goo.gl/qo9Sf5. Accessed 25 Oct 2018
Ericson III, C.: Hazard Analysis Techniques for System Safety. Wiley, Hoboken (2005)
Eshuis, R., Wieringa, R.: A formal semantics for UML activity diagrams—formalizing workflow models. Technical report, University of Twente (2001)
Fagan, M.: Design and code inspections to reduce errors in program development. IBM Syst. J. 15(3), 182–211 (1976)
Fagan, M.: Advances in software inspections. IEEE Trans. Softw. Eng. 12(7), 744–751 (1986)
Firesmith, D.: Engineering safety requirements, safety constraints, and safety-critical requirements. J. Object Technol. 3(3), 27–42 (2004)
Flynn, D., Warhurst, R.: An empirical study of the validation process within requirements determination. Inf. Syst. J. 4(3), 185–212 (1994)
Fuentes-Fernandés, L., Vallecillo-Moreno, A.: An introduction to UML profiles. Upgrade 5(2), 6–13 (2004)
Glinz, M., Fricker, S.: On shared understanding in software engineering: an essay. Comput. Sci. Res. Dev. 30(3–4), 363–376 (2015)
Glinz, M.: Improving the quality of requirements with scenarios. In: Proceedings of the 2nd World Congress on Software Quality, pp. 55–60 (2000)
Goodhue, D.: Development and measurement validity of a task-technology fit instrument for user evaluations of information system. Decis. Sci. 29(1), 105–138 (1998)
Guillerm, R., Sadou, N., Demmou, H.: Combining FMECA and fault trees for declining safety requirements of complex systems. In: Proceedings of the Annual European Safety and Reliability Conference, pp. 1287–1293 (2011)
Hansen, K., Ravn, A., Stavridou, V.: From safety analysis to software requirements. IEEE Trans. Softw. Eng. 24(7), 573–584 (1998)
Hart, C., Mulhall, P., Berry, A., Loughran, J., Gunstone, R.: What is the purpose of this experiment? Or can students learn something from doing experiments? J. Res. Sci. Teach. 37(7), 655–675 (2000)
Hatcliff, J., Wassyng, A., Kelly, T., Comar, C., Jones, P.: Certifiably safe software-dependent systems: challenges and directions. In: Proceedings on the Future Software Engineering, pp. 182–200 (2014)
Hawkins, R., Kelly, T., Knight, J., Graydon, P.: A new approach to creating clear safety arguments. In: Advances in Systems Safety, pp. 3–23. Springer, London (2011)
Heitmeyer, C., Kirby, J., Labaw, B., Archer, M., Bharadwaj, R.: Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans. Softw. Eng. 24(11), 927–948 (1998)
High, K., Kelly, T., Mcdermid, J.: Safety Case Construction and Reuse using Patterns, pp. 55–69 (1997)
International Organization for Standardization: ISO26262: Road Vehicles—Functional Safety (2011)
International Requirements Engineering Board: IREB Glossary, version 1.6. https://goo.gl/NOh7NX. Accessed 25 Oct 2018
Jedlitschka, A., Ciolkowski, M., Pfahl, D.: Reporting experiments in software engineering. In: Shull, F., Singer, J., Sjøberg, D.I.K. (eds.) Guide to Advanced Empirical Software Engineering, pp. 201–228. Springer, London (2008)
Kelly, T., Weaver, R.: The goal structuring notation—a safety argument notation. In: Proceedings of the Workshop on Assurance Cases of Dependable Systems and Networks (2004)
Kelly, T.: Reviewing assurance arguments—a step-by-step approach. In: Proceedings of the Workshop Assurance Cases for Security (2007)
Kelly, S., Tolvanen, J.-P.: Domain-Specific Modeling—Enabling Full Code Generation. Wiley, New York (2008)
Kotonya, G., Sommerville, I.: Integrating safety analysis and requirements engineering. In: Proceedings of the Joint 4th International Computer Science Conference and the 4th Asia-Pacific Software Engineering Conference, pp. 259–271 (1997)
Lagarde, F., Espinoza, H., Terrier, F., André, C., Gérard, S.: Leveraging patterns on domain models to improve UML profile definition. In: Proceedings of 11th International Conference on Fundamental Approaches to Software Engineering, pp. 116–130 (2008)
Lagarde, F., Espinoza, H., Terrier, F., Gérard, S.: Improving UML profile design practices by leveraging conceptual domain models. In: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, pp. 445–448 (2007)
Lee, J., Katta, V., Jee, E., Raspotnig, C.: Means-ends and whole-part traceability analysis of safety requirements. J Syst. Softw. 83, 1612–1621 (2010)
Lehmann, E., Leighton, F., Meyer, A.: Mathematics for Computer Science. (2017). https://courses.csail.mit.edu/6.042/spring17/mcs.pdf. Accessed 6 Nov 2018
Leveson, N.: Safeware: System Safety and Computers. Addison-Wesley, Reading (1995)
Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Cambridge (2011)
Leveson, N.: The use of safety cases in certification and regulation. J. Syst. Saf. 47(6) (2011). https://dspace.mit.edu/handle/1721.1/102833. Accessed 9 Apr 2020
Maurer, M.: Design and test of driver assistance systems. In: Winner, H., Hakuli, S., Wolf, G. (eds.) Driver Assistance Systems Technical Manual. Vieweg + Teubner, Berlin (2009). (in German)
Moody, D.: The “physics” of notation: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)
Object Management Group: Meta Object Facility (MOF) 2.0 Query/View/Transformation Specification, Version 1.3. OMG Document Number formal/2016-06-03. http://goo.gl/RGUr44. Accessed 25 Oct 2018
Object Management Group: OMG Meta Object Facility (MOF) Core, Version 2.5. OMG Document Number formal/2015-06-05. http://goo.gl/phs4kA. Accessed 25 Oct 2018
Object Management Group: OMG Unified Modeling Language (OMG UML), Version 2.5. OMG Document Number formal/2015-03-01. http://goo.gl/7cQyPv. Accessed 25 Oct 2018
Palin, R., Habli, I.: Assurance of Automotive Safety—A Safety Case Approach, vol. 6351, pp. 82–96 (2010)
Panach, J.I., España, S., Moreno, A.M., Pastor, Ó.: Dealing with usability in model transformation technologies. In: Proceedings of Conceptual Modeling, pp. 498–511 (2008)
QVT Operational Eclipse Plugin, v3.5.0. https://goo.gl/SglK1F. Accessed 25 Oct 2018
Saeed, A., de Lemos, R., Anderson, T.: Robust requirements specifications for safety-critical systems. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security (1993)
Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. 15, 410–457 (2006)
SparxSystems Enterprise Architect, Version 14. https://goo.gl/V7z4Ms. Accessed 25 Oct 2018
SparxSystems: Enterprise Architect User Guide (2014). https://goo.gl/w2Enek. Accessed 25 Oct 2018
Stamm, B., Baumann, R., Kündig-Herzog, M.: A safety critical computer system in a railway application. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security (1993)
Strüber, D., Born, K., Gill, R. Groner, K.D., Kehrer, T., Ohrndorf, M., Tichy, M.: Henshin: a usability-focused framework for EMF model transformation development. In: Proceedings of the International Conference on Graph Transformations, pp. 196–208 (2017)
Sun, L.: Establishing Confidence in Safety Assessment Evidence. Dissertation, University of York (2012)
Tenbergen, B., Weyer, T., Pohl, K.: Supporting the validation of adequacy in requirements-based hazard mitigations. In: Proceedings of the 21st International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 17–32 (2015)
Tenbergen, B., Weyer, T., Pohl, K.: Hazard relation diagrams: a diagrammatic representation to increase validation objectivity of requirements-based hazard mitigations. Requir Eng J 23(2), 291–329 (2018). https://doi.org/10.1007/s00766-017-0267-9
Troubitsyna, E.: Elicitation and Specification of Safety Requirements. In: Proceedings of the 3rd International Conference on Systems, pp. 202–207 (2008)
Tsuchiya, T., Terada, H., Kusumoto, S., Kikuno, T., Kim, E.: Derivation of safety requirements for safety analysis of object-oriented design documents. In: Proceedings of the 21st Annual International Computer Software and Applications Conference, pp. 252-255 (1997)
Venkatesh, V., Bala, H.: Technology acceptance model 3 and a research agenda on interventions. Decis. Sci. 39(2), 273–315 (2008)
Wang, J., Yang, J.: A subjective safety and cost based decision model for assessing safety requirements specifications. Int. J. Reliab. Qual. Saf. Eng. 8, 35–57 (2001)
Wiegers, K.: Peer Reviews in Software: A Practical Guide. Addison-Wesley, Boston (2002)
Wilson, S., Kelly, T., McDermid, J.: Safety case development: current practice, future prospects. In: Proceedings of the 12th Annual CSR WS on Safety and Reliability of Software Based Systems, pp. 135–156 (1997)
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M., Regnell, B., Weelén, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012)
Xu, X., Bao, X., Lu, M., Chang, W.: A study and application on airborne software safety requirements elicitation. In: Proceedings of the 9th International Conference on Reliability, Maintainability and Safety, pp. 710–716 (2011)
Acknowledgements
This research was partly funded by the German Federal Ministry of Education and Research under Grant Number 01IS12005C. We would like to thank our colleagues André Heuer, Marian Daun, Kevin Keller, and Jonathan Baker for their assistance with implementation and rationale categorization.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Jeff Gray.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix: Pseudo-script listings
Appendix: Pseudo-script listings
Rights and permissions
About this article
Cite this article
Tenbergen, B., Weyer, T. Generation of hazard relation diagrams: formalization and tool support. Softw Syst Model 20, 175–210 (2021). https://doi.org/10.1007/s10270-020-00799-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10270-020-00799-1