9. Safety Architectural Patterns - Research - MÃ¤lardalens hÃ¶gskola

More documents

Recommendations

Info

8. Safety PatternsWhen we consider the patterns in the safety domain then all of the safety characteristicscome into the play to have their proper role. These characteristics have a greater directinfluence in the systems that require safety. While finding the patterns related to safety wehave to see reliability, availability mainly and the patterns related to it. Since, these patternsserve for these different qualities attributes and their sub attributes at the same time, so canbe listed in the safety domain. Like, to improve the reliability into the system we needredundancy and to fulfill the system redundancy the literature has found many patterns thatare applied. When these patterns are defined in architectural form that involves redundancy,they decrease the risk of the system failure due to software or hardware fault, and in turnimprove the safety of the system.8.1. Formal Specification PatternsThe formal specification patterns help to formulate the safety requirements in formalnotations and some available approaches help to jot those requirements in natural language.Furthermore they actually transfer expert knowledge because of the patterns has beendevised by the expert of formal methods and formal notations. These patterns actually serveas a recipe book which contains all of the safety requirement in formal notations and a usercan pick the relevant requirement form these as a check list on which the safety requirementscan be applied. In that check list a safety engineer can watch that which safety requirementsare relevant or the specific respective system development.Formal specification patterns are used in the following way [45]:1. The user selects and determines the suitable formal formula in a list with all kinds ofcommon formal specification patterns for safety requirements.2. In the second step the user has to adapt the pattern to the respective safety requirement incontext to the operational model. As a result we get formal specified safety requirements,which are instances of the patterns in the list.These patterns have been put in order and given a classification based on which distinctcharacteristics of the different specification patterns can be known.Figure 17: Main classification scheme of formal patterns for safety requirements [45]The benefits of using formal method are apparent and quite obvious but at the same time itneeds a great effort and economically pretty expensive with respect to resources and manpower. Furthermore, the common perception of the engineers is that the formal methods aredifficult to understand and hard to apply for the software development .Therefore it is used38
only for safety parts of the automations and critical parts of the system. More to this, some ofthe attributes and properties are very complex to express in temporal logics and sometimeerror prone as well. Most of the practitioners and verification users are also not logiciansalthough they know very well about the properties which they want to verify but cannotexpressed it in good logic and formal language.The detail and the example of these patterns classification can be described in below:Static safety requirementsIt includes the property that an operation should hold that property as true in the wholeoperational model. Traffic light crossing requirement can be applied here when it is notpermitted that a green light would be turned on for main road and at the same time for sideroads.Dynamic safety requirementsThese requirements include that a property must be true in some of the states while in otherstates it should be false. The permission to open the traffic gates is given only when the trainhas passed.Safety requirement about general access guaranteeThese requirements are related to all model states. Emergency break is one of theserequirements where the emergency break should be actuated or accessible in all situations.Safety requirements with Temporal DependenciesIn these requirements the temporal dependencies exist between the event of detected defectand the action against it. It requires when a specific statement should begin and for how longit should remain valid. Pneumatic break is one of such example when the defect is detectedsoftware control system has to be switched off after a certain delay.Safety requirements about chronological successionIn these requirements the property is dependent on the occurrence of other properties. It hasthe proposition of “if then” and it tells how long exactly the predecessor and from whenexactly the successor event is permitted to be valid.Safety requirement about duration of validityThese requirements refer to the duration respectively ending of the validity of a propertywhich is actually dependent on the other properties. Like, the flow of water is only possiblewhen the temperature reaches to a certain level in the pipeline.Safety requirement about beginning of validityThese requirements are about the beginning of validity of a property, which is dependent onthe other properties too. An example can be “The safeguard of a level crossing is onlypermitted to be terminated, strictly after the railroad crossing has been completely vacated ifthe train had passed.“Safety requirement about beginning and duration of validity39
Page 1 and 2: MÄLARDALENS HÖGSKOLASchool of Inn
Page 3 and 4: Contents1. Introduction ...........
Page 5 and 6: 12.1. Patterns’ Investigation Res
Page 7 and 8: 2. Usability Supporting Architectur
Page 9 and 10: USAP are actually the software resp
Page 11 and 12: User USAPs has also been defined in
Page 13 and 14: 3. The ArchWiz ProjectThe purpose o
Page 15 and 16: Collaboration toolsRequirements too
Page 17 and 18: search and find the safety patterns
Page 19 and 20: Thesis WorkProject MeetingsWeeklyMe
Page 21 and 22: JAXB: The JAXB library is used to c
Page 23 and 24: 5. Introduction to SafetyIn easy wo
Page 25 and 26: The above tree shows that some of t
Page 27 and 28: systems actually evolved due to the
Page 29 and 30: example is of these technique is MR
Page 31 and 32: incomplete specification which are
Page 33 and 34: 7.2. Safety PropertiesSafety proper
Page 35 and 36: ecause one the system face them and
Page 37: provides the decisions about the ar
Page 41 and 42: DependencyThe tactics are some time
Page 43 and 44: The same way redundancy can be appl
Page 45 and 46: Consequences‣ The results produce
Page 47 and 48: Error handler is also one of the pa
Page 49 and 50: 10. Safety Architecture Transformat
Page 51 and 52: Advantages:‣ The functionalities
Page 53 and 54: The component of the Protected-Sing
Page 55 and 56: cost can be high and more power con
Page 57 and 58: periodically to ensure both are ope
Page 59 and 60: RationaleBecause in the safety exec
Page 61 and 62: Figure 29: Safety scenarios, strate
Page 63 and 64: FD2.3-There should be a functionali
Page 65 and 66: If the requirement is time related
Page 67 and 68: Threat1 *CounterMeasuresDefinesScen
Page 69 and 70: architectural evaluation. The most
Page 71 and 72: 14. Future Work14.1. ArchWiz ToolDe
Page 73 and 74: [16] Air Force System Safety Handbo
Page 75: [48] Birolini A., Reliability Engin

9. Safety Architectural Patterns - Research - MÃ¤lardalens hÃ¶gskola

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?