A framework for the hazard analysis of software intensive critical systems

Software-Intensive Critical System (SICS) is a relatively rapid emergent technology, which is being deployed in applications where a single software error may lead to extremely severe consequences. Software is touching every aspect of human lives in areas such as aviation, aerospace, automotive, transportation, biomedical and nuclear power plants to name a few. The system safety of SICS is highly dependent on the reliability of software under the assumption that hardware is fault-free. No softwarebased system can be considered completely reliable even if it has been comprehensively tested and even if its accuracy has been confirmed using software testing tools. Software modules of SICS, if executed with undetected and volatile errors may lead to catastrophic accidents. The reason for the occurrence of accidents in SICS may be due to the unsafe states that are undetected during the design phase of the system. Safety of SICS de pends entirely on the safe operations of the software and hence software safety is essential. Software safety, which is a component of overall system safety, refers to the features and measures which guarantee that a SICS operates predictably under normal and abnormal conditions, so as to diminish the probability of occurrence of accidents. Therefore, software in critical systems must be designed and implemented in such a way as to detect and transform an unsafe system state to safe state or a fail-safe state upon occurrence of an unpredictable fault or error during the operation of the critical system. A structured approach to the identification of hazards ensures that, to the extent possible, all potential hazards are identified and assessed. When compared to graphical hazard analysis techniques such as Fault Tree Analysis (FTA), Event Tree Analysis (ETA), Unified Modelling Language (UML) diagrams, Reliability Block Diagrams (RBD), Petri Nets (PN) are well-suited for the analysis of safety-critical data and behaviour in SICS. In this thesis, a new hazard analysis framework for SICS is proposed using the principles of Generalized Stochastic Petri Nets (GSPN). A novel concept called Safety Petri Nets (SPN) is introduced to perform qualitative and quantitative analysis of safety factors and to identify, track and eliminate software-specific hazards thereby assuring an echelon of safety. While traditional methods like FTA are restricted to systems whose components have no stochastic interdependencies the proposed SPN supports stochastic interdependencies and data flow activity. The behaviour of SICS can be represented graphically using SPN based on the dynamic functioning of software considering prime factors like priority transition, immediate transition, and probability for analyzing relation between the places or nodes to identify the hazards that may occur. The graphical representation of SICS corresponds to SPN trees which assist in the detection of errors that may occur during software development of SIC