{"title":"Deriving safety properties of critical software from the system risk analysis, application to ground transportation systems","authors":"J. Boulanger, V. Delebarre, S. Natkin, J. Ozello","doi":"10.1109/HASE.1997.648058","DOIUrl":null,"url":null,"abstract":"Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of \"restrictivity\", used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented.","PeriodicalId":319609,"journal":{"name":"Proceedings 1997 High-Assurance Engineering Workshop","volume":"192 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 1997 High-Assurance Engineering Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1997.648058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of "restrictivity", used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
