Presentation is loading. Please wait.

Presentation is loading. Please wait.

Testing safety-critical software systems

Published byDulcie Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Testing safety-critical software systems"— Presentation transcript:

1 Testing safety-critical software systems
Marcos Mainar Lalmolda Quality Assurance and Testing 20th November 2009 1 1

2 Contents What a safety-critical software system is Standards
Programming features and languages Approaches on design Testing Conclusion 2 2

3 What a safety-critical software system is
Harm people's lives causing deaths. They are widely used in various different fields, almost in everything nowadays. A safety-critical software system is a computer system whose failure or malfunction may severely harm people's lives, environment or equipment. Some fields and examples: Medicine (patient monitors) Nuclear engineering (nuclear power station control) Transport (railway systems, cars anti-lock brakes) Aviation (control systems: fly-by-wire) Aerospace (NASA space shuttle) Civil engineering (calculate structures) Military devices Etc. 3 3

4 Safety-critical Standards
Industries specific Medical device software: IEC 62304 Nuclear power stations: IEC 60880 Aerospace: AS9100A Airbone: DO178B Scale of 5 safety integrity levels: 4 is very high, 0 not safety related. Safety engineering 4 4

5 Programming features and languages (I)
General principle: Try to keep the system as simple as possible. Programming features not recommended: Pointers and dynamic memory allocation/deallocation. Unstructured programming (gotos) Variant data Implicit declaration and initialisation Recursion Concurrency and interrupts 5 5

6 Programming features and languages (II)
Features which increase reliability: Strong typing Run time constraint checking Parameter checking Language to be avoided: C Language recommended: Ada Ada subset for safety-critical software: SPARK Other languages: increased overhead 6 6

7 Approaches on design Formal methods
Assume that errors exist and design prevention and recovery mechanisms. “Program verification does not mean error-proof programs […]. Mathematical proofs can also be faulty. So whereas verification might reduce the program-testing load, it cannot eliminate it” (F.P. Brooks, No Silver Bullet, 1987). 7 7

8 Testing safety-critical software systems (I)
physical condition of platform that threatens the safety of personnel or the platform, i.e. can lead to an accidenta condition of the platform that, unless mitigated, can develop into an accident through a sequence of normal events and actions"an accident waiting to happen" Basic idea: Identify hazards as early as possible in the development life-cycle and try to reduce them as much as possible to an acceptable level. Remember: Always test software against specifications! Independent verification required If formal methods have been used then formal mathematical proof is a verification activity. Already known techniques used for typical systems White box testing Black box testing Reviews Static analysis Dynamic analysis and coverage 8 8

9 Testing safety-critical software systems (II)
Specific procedures and techniques from safety engineering: Probabilistic risk assessment (PRA) Failure modes and effects analysis (FMEA) Fault trees analysis (FTA) Failure mode, effects and criticality analysis (FMECA) Hazard and operatibility analysis (HAZOP) Hazard and risk analysis Cause and effect diagrams (aka fishbone diagrams or Ishikawa diagrams) 9 9

10 Probability Risk Assessment
Hazard Severity Probability Risk Risk Criteria Tolerable? Risk Reduction Measures No Yes *From Safety-Critical Computer Systems – Open Questions and Approaches presentation, Andreas Gerstinger, February 16, 2007, Institute of Computer Technology, Wien 10 10 10 10

11 Fault tree analysis (FTA)
A graphical technique that provides a systematic description of the combinations of possible occurrences in a system which can result in an undesirable outcome (failure). An undesired effect is taken as the root of a tree of logic Each situation that could cause that effect is added to the tree as a series of logic expressions. Events are labelled with actual numbers about failure probabilities. The probability of the top-level event can be determined using mathematical techniques. 11 11

12 An example of a Fault tree
*From 12 12

13 Conclusions Complex subject
Suitably trained and experienced people are key to the success of any software development. Main objective of testing techniques: minimise risk of implementation errors. Above all, the best way to minimise risk both to safety, reliablity and to the timescale of a software project is to keep is simple. 13 13

14 Questions ¿? 14 14

15 References Wikipedia. http://en.wikipedia.org
IPL Information Processing Ltd, An Introduction to Safety Critical Systems, Testing Papers. IPL Information Processing Ltd, An Introduction to Software Testing, Testing Papers. Evangelos Nikolaropoulos, Testing safety-critical software, Hewlett-Packard Journal, June Frederick P. Brooks, Jr. , No Silver Bullet: Essence and Accidents of Software Engineering, 1986. Andreas Gerstinger, Safety-Critical Computer Systems – Open Questions and Approaches presentation, February 16, 2007, Institute of Computer Technology, Wien. Fault Tree Analysis: How to understand it. 15 15

Download ppt "Testing safety-critical software systems"

Similar presentations

Medical Device Software Development

Medical Device Software Development
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
NCSR “DEMOKRITOS” Institute of Nuclear Technology and Radiation Protection NATIONAL TECHNICAL UNIVERSITY OF ATHENS School of Chemical Engineering Fuzzy.

NCSR “DEMOKRITOS” Institute of Nuclear Technology and Radiation Protection NATIONAL TECHNICAL UNIVERSITY OF ATHENS School of Chemical Engineering Fuzzy.
Copyright © 2013 United Launch Alliance, LLC. Unpublished Work. All Rights Reserved. Civil Space 2013 Critical Challenges: Safety, Mission Assurance, and.

Copyright © 2013 United Launch Alliance, LLC. Unpublished Work. All Rights Reserved. Civil Space 2013 Critical Challenges: Safety, Mission Assurance, and.
Risk Analysis for Testing Based on Chapter 9 of Text Based on the article “ A Test Manager’s Guide to Risks Analysis and Management” by Rex Black published.

Risk Analysis for Testing Based on Chapter 9 of Text Based on the article “ A Test Manager’s Guide to Risks Analysis and Management” by Rex Black published.
Reliability Risk Assessment

Reliability Risk Assessment
Root Cause Analysis Presented By: Team: Incredibles

Root Cause Analysis Presented By: Team: Incredibles
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Introduction ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Introduction ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.

Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.
Hazard Analysis and Critical Control Points

Hazard Analysis and Critical Control Points
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.

Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
Quality Risk Management ICH Q9 Annex I: Methods & Tools

Quality Risk Management ICH Q9 Annex I: Methods & Tools
Software Safety Chloe Sanderson CNS07U. Overview What is software safety? What are its causes? How can it be overcome? Example of analysis technique Example.

Software Safety Chloe Sanderson CNS07U. Overview What is software safety? What are its causes? How can it be overcome? Example of analysis technique Example.
Cleanroom Software Engineering Crystal Donald. Origins Developed by Dr. Harlan Mills in 1987 Developed by Dr. Harlan Mills in 1987 Name derived from hardware.

Cleanroom Software Engineering Crystal Donald. Origins Developed by Dr. Harlan Mills in 1987 Developed by Dr. Harlan Mills in 1987 Name derived from hardware.
What Exactly are the Techniques of Software Verification and Validation www.softwaretestinggenius.com A Storehouse of Vast Knowledge on Software Testing.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Similar presentations

Ads by Google