Title :
Deriving safety properties of critical software from the system risk analysis, application to ground transportation systems
Author :
Boulanger, J.L. ; Delebarre, V. ; Natkin, S. ; Ozello, J.P.
Author_Institution :
CEDRIC/CNAM, Paris, France
Abstract :
Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of “restrictivity”, used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented
Keywords :
formal specification; program verification; rail traffic; railways; reliability; risk management; safety-critical software; traffic control; CESIR joint research project; Lyon Subway; Maggaly automatic pilot; SNCF; System Preliminary Hazard Analysis; classical safe hardware design; critical software; formal method; formal proof; front collision; ground transportation systems; restrictivity; safety kernel; safety properties; safety software; system design choices; system risk analysis; train collision; Application software; Kernel; Life testing; Performance evaluation; Risk analysis; Software safety; Software systems; Software testing; System testing; Tiles;
Conference_Titel :
High-Assurance Systems Engineering Workshop, 1997., Proceedings
Conference_Location :
Washington, DC
Print_ISBN :
0-8186-7971-9
DOI :
10.1109/HASE.1997.648058
