Skip to main content

Advertisement

SpringerLink
Log in

Generation of hazard relation diagrams: formalization and tool support

  • Regular Paper
  • Published:
Software and Systems Modeling Aims and scope Submit manuscript

Abstract

Developing safety-critical, software-intensive embedded systems are characterized by the need to identify hazards and to define hazard-mitigating requirements at the earliest possible stage of development, i.e., during requirements engineering. These hazard-mitigating requirements must be adequate in the sense that they must specify the functionality required by the stakeholders in addition to rendering the system sufficiently safe during operation. The adequacy of hazard-mitigating requirements is determined during requirements validation. Yet, the validation of the adequacy of hazard-mitigating requirements is burdened by the fact that hazards and contextual information about hazards are a work product of safety assessment, and hazard-mitigating requirements are a work product of requirements engineering. These work products are poorly integrated such that during validation, the information needed to determine the adequacy of hazard-mitigating requirements is not available to stakeholders. In consequence, there is the risk that inadequate hazard-mitigating requirements remain covert and the system is falsely considered safe. To alleviate this issue, we have previously proposed (Tenbergen et al., in: Proceedings of the 21st international working conference on requirements engineering: foundation for software quality, pp 17–32, 2015), improved, and evaluated (Tenbergen et al. in Requir Eng J 23(2):291–329, 2018. https://doi.org/10.1007/s00766-017-0267-9) a novel diagram type called “Hazard Relation Diagrams.” In this paper, we present a semiautomated formal approach and tool support for their generation. We make use of a running example to illustrate the concepts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. A more adequate mitigation might consider the use of a redundant source for yaw rate and lateral acceleration, e.g., through an inertial measuring unit.

  2. Here and in the following, we use the operator \( x \in_{t} U \) to denote that some \( x \) is element of some tuple \( U \), regardless of its index within \( U \). Since the tuples in this research are unambiguous due to their membership order and type-specificity, the following holds as a simplification of [4]: \( \in_{t} : = \exists x|U = (u_{1} , u_{2} , \ldots , u_{n} ) \wedge x = u_{t} ,0 < t < n \).

  3. The tool prototype including the implementation of pseudo-code scripts is available at https://bit.ly/34mSGW0.

  4. The diagrams in this manuscript have been created using these tool prototypes. Their implementations along with documentation for installation and usage are available at http://goo.gl/MdxJie.

  5. For researchers interested in replicating our experiments, all experimental materials are available at https://goo.gl/XwJJQu.

  6. The experimental results can be found at https://goo.gl/XwJJQu.

References

  1. Allenby, K., Kelly, T.: Deriving safety requirements using scenarios. In: Proceedings of the 5th IEEE International Symposium on Requirements Engineering, pp. 228–235 (2001)

  2. Ammar, L., Trabelski, A., Mahfoudhi, A.: Incorporating usability requirements into model transformation technologies. Requir. Eng. 20, 465–479 (2015)

    Article  Google Scholar 

  3. Aurum, A., Petersson, H., Wohlin, C.: State-of-the-art: software inspections after 25 years. Softw. Test. Verif. Reliab. 12(3), 133–154 (2002)

    Article  Google Scholar 

  4. Awodey, S.: From sets to types, to categories, to sets. In: Sommaruga, G. (ed.) Foundational Theories of Classical and Constructive Mathematics, pp. 113–125. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Basir, N., Denney, E., Fischer, B.: Deriving safety cases for hierarchical structure in model-based development. In: Proceedings of the 29th International Conference on Computer Safety, Reliability, and Security, pp. 68–81 (2010)

  6. Belli, F., Hollmann, A., Nissanke, N.: Modeling, analysis and testing of safety issuesan event-based approach and case study. In: Proceedings of the 26th International Conference Computer Safety, Reliability and Security, pp. 276–282 (2007)

  7. Berry, D.: The safety requirements engineering dilemma. In: Proceedings of the 9th International Workshop on Software Specification and Design, pp. 147–149 (1998)

  8. Bharadwaj, R., Heitmeyer, C.: Model checking complete requirements specifications using abstraction. Autom. Softw. Eng. 6(1), 37–68 (1999)

    Article  Google Scholar 

  9. Bishop, P., Bloomfield, R., Guerra, S.: The future of goal-based assurance cases. In: Proceedings of the Workshop on Assurance Cases. Supplemental Volume of the 2004 International Conference on Dependable Systems and Networks, pp. 390–395 (2004)

  10. Bitsch, F.: Safety patterns—the key to formal specification of safety requirements. In: Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, pp. 176–189 (2001)

  11. Boehm, B.: Verifying and validating software requirements and design specifications. IEEE Softw. 75–88 (1984)

  12. Carver, J., Jaccheri, L., Morasca, S., Shull, F.: Issues in using students in empirical studies in software engineering education. In: Proceedings of the 9th International Software Metrics Symposium, pp. 239–249 (2003)

  13. Carver, J., Nagappan, N., Page, A.: The impact of educational background on the effectiveness of requirements inspections: an empirical study. IEEE Trans. Softw. Eng. 34(6), 800–812 (2008)

    Article  Google Scholar 

  14. Cheung, S., Kramer, J.: Checking Safety properties using compositional reachability analysis. ACM Trans. Softw. Eng. Methodol. 8, 49–78 (1999)

    Article  Google Scholar 

  15. Cleland-Huang, J., Heimdahl, M., Huffman Hayes, J., Lutz, R., Maeder, P.: Trace queries for safety requirements in high assurance systems. In: Proceedings of the 18th International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 179–193 (2012)

  16. Cleland-Huang, J., Settimi, R., BenKhadra, O., Berezhanskaya, E., Christina, S.: Goal-centric traceability for managing non-functional requirements. In: Proceedings of the 27th International Conference on Software Engineering, pp. 362–371 (2005)

  17. Cooper, K., DePrenger, M., Mattern, S., McKinley, A., Pajouhesh, A., Shampine, D.: Joint Software Systems Safety Engineering Handbook. United States Department of Defense, Version 1.0, 2010. http://www.acqnotes.com/Attachments/Joint-SW-Systems-Safety-Engineering-Handbook.pdf. Accessed 9 Apr 2020

  18. Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 3rd edn. Sage Publications, Los Angeles (2008)

    Book  Google Scholar 

  19. Despotou, G., Kelly, T., White, S., Ryan, M.: Introducing safety cases for health IT. In: Proceedings of the 4th International Workshop on Software Engineering in Health Care, pp. 44–50 (2012)

  20. Dezfuli, H., Benjamin, A., Everett, M., Smith, C., Stamatelatos, M., Youngblood, R.: NASA System Safety Handbook. Volume 1, System Safety Framework and Concepts for Implementation. US National Aeronautics and Space Administration, Document No. NASA/SP-2010-580 (2011). https://ntrs.nasa.gov/search.jsp?R=20120003291. Accessed 25 Oct 2018

  21. Dittel, T., Aryus, H.: How to “survive” a safety case according to ISO 26262. In: Proceedings of the 29th International Conference on Computer Safety, Reliability and Security, pp. 97–111 (2010)

  22. Eclipse UML2 Tools: Luna Package Distribution. https://goo.gl/6EfDUi. Accessed 25 Oct 2018

  23. Eclipse UML2 Tools: Luna Package Distribution. https://goo.gl/fXLxfe. Accessed 25 Oct 2018

  24. Eclipse Modeling Tools: Luna Package Distribution. https://goo.gl/qo9Sf5. Accessed 25 Oct 2018

  25. Ericson III, C.: Hazard Analysis Techniques for System Safety. Wiley, Hoboken (2005)

    Book  Google Scholar 

  26. Eshuis, R., Wieringa, R.: A formal semantics for UML activity diagrams—formalizing workflow models. Technical report, University of Twente (2001)

  27. Fagan, M.: Design and code inspections to reduce errors in program development. IBM Syst. J. 15(3), 182–211 (1976)

    Article  Google Scholar 

  28. Fagan, M.: Advances in software inspections. IEEE Trans. Softw. Eng. 12(7), 744–751 (1986)

    Article  Google Scholar 

  29. Firesmith, D.: Engineering safety requirements, safety constraints, and safety-critical requirements. J. Object Technol. 3(3), 27–42 (2004)

    Article  Google Scholar 

  30. Flynn, D., Warhurst, R.: An empirical study of the validation process within requirements determination. Inf. Syst. J. 4(3), 185–212 (1994)

    Article  Google Scholar 

  31. Fuentes-Fernandés, L., Vallecillo-Moreno, A.: An introduction to UML profiles. Upgrade 5(2), 6–13 (2004)

    Google Scholar 

  32. Glinz, M., Fricker, S.: On shared understanding in software engineering: an essay. Comput. Sci. Res. Dev. 30(3–4), 363–376 (2015)

    Article  Google Scholar 

  33. Glinz, M.: Improving the quality of requirements with scenarios. In: Proceedings of the 2nd World Congress on Software Quality, pp. 55–60 (2000)

  34. Goodhue, D.: Development and measurement validity of a task-technology fit instrument for user evaluations of information system. Decis. Sci. 29(1), 105–138 (1998)

    Article  Google Scholar 

  35. Guillerm, R., Sadou, N., Demmou, H.: Combining FMECA and fault trees for declining safety requirements of complex systems. In: Proceedings of the Annual European Safety and Reliability Conference, pp. 1287–1293 (2011)

  36. Hansen, K., Ravn, A., Stavridou, V.: From safety analysis to software requirements. IEEE Trans. Softw. Eng. 24(7), 573–584 (1998)

    Article  Google Scholar 

  37. Hart, C., Mulhall, P., Berry, A., Loughran, J., Gunstone, R.: What is the purpose of this experiment? Or can students learn something from doing experiments? J. Res. Sci. Teach. 37(7), 655–675 (2000)

    Article  Google Scholar 

  38. Hatcliff, J., Wassyng, A., Kelly, T., Comar, C., Jones, P.: Certifiably safe software-dependent systems: challenges and directions. In: Proceedings on the Future Software Engineering, pp. 182–200 (2014)

  39. Hawkins, R., Kelly, T., Knight, J., Graydon, P.: A new approach to creating clear safety arguments. In: Advances in Systems Safety, pp. 3–23. Springer, London (2011)

  40. Heitmeyer, C., Kirby, J., Labaw, B., Archer, M., Bharadwaj, R.: Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans. Softw. Eng. 24(11), 927–948 (1998)

    Article  Google Scholar 

  41. High, K., Kelly, T., Mcdermid, J.: Safety Case Construction and Reuse using Patterns, pp. 55–69 (1997)

  42. International Organization for Standardization: ISO26262: Road Vehicles—Functional Safety (2011)

  43. International Requirements Engineering Board: IREB Glossary, version 1.6. https://goo.gl/NOh7NX. Accessed 25 Oct 2018

  44. Jedlitschka, A., Ciolkowski, M., Pfahl, D.: Reporting experiments in software engineering. In: Shull, F., Singer, J., Sjøberg, D.I.K. (eds.) Guide to Advanced Empirical Software Engineering, pp. 201–228. Springer, London (2008)

    Chapter  Google Scholar 

  45. Kelly, T., Weaver, R.: The goal structuring notation—a safety argument notation. In: Proceedings of the Workshop on Assurance Cases of Dependable Systems and Networks (2004)

  46. Kelly, T.: Reviewing assurance arguments—a step-by-step approach. In: Proceedings of the Workshop Assurance Cases for Security (2007)

  47. Kelly, S., Tolvanen, J.-P.: Domain-Specific Modeling—Enabling Full Code Generation. Wiley, New York (2008)

    Book  Google Scholar 

  48. Kotonya, G., Sommerville, I.: Integrating safety analysis and requirements engineering. In: Proceedings of the Joint 4th International Computer Science Conference and the 4th Asia-Pacific Software Engineering Conference, pp. 259–271 (1997)

  49. Lagarde, F., Espinoza, H., Terrier, F., André, C., Gérard, S.: Leveraging patterns on domain models to improve UML profile definition. In: Proceedings of 11th International Conference on Fundamental Approaches to Software Engineering, pp. 116–130 (2008)

  50. Lagarde, F., Espinoza, H., Terrier, F., Gérard, S.: Improving UML profile design practices by leveraging conceptual domain models. In: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, pp. 445–448 (2007)

  51. Lee, J., Katta, V., Jee, E., Raspotnig, C.: Means-ends and whole-part traceability analysis of safety requirements. J Syst. Softw. 83, 1612–1621 (2010)

    Article  Google Scholar 

  52. Lehmann, E., Leighton, F., Meyer, A.: Mathematics for Computer Science. (2017). https://courses.csail.mit.edu/6.042/spring17/mcs.pdf. Accessed 6 Nov 2018

  53. Leveson, N.: Safeware: System Safety and Computers. Addison-Wesley, Reading (1995)

    Google Scholar 

  54. Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Cambridge (2011)

    Google Scholar 

  55. Leveson, N.: The use of safety cases in certification and regulation. J. Syst. Saf. 47(6) (2011). https://dspace.mit.edu/handle/1721.1/102833. Accessed 9 Apr 2020

  56. Maurer, M.: Design and test of driver assistance systems. In: Winner, H., Hakuli, S., Wolf, G. (eds.) Driver Assistance Systems Technical Manual. Vieweg + Teubner, Berlin (2009). (in German)

    Google Scholar 

  57. Moody, D.: The “physics” of notation: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)

    Article  Google Scholar 

  58. Object Management Group: Meta Object Facility (MOF) 2.0 Query/View/Transformation Specification, Version 1.3. OMG Document Number formal/2016-06-03. http://goo.gl/RGUr44. Accessed 25 Oct 2018

  59. Object Management Group: OMG Meta Object Facility (MOF) Core, Version 2.5. OMG Document Number formal/2015-06-05. http://goo.gl/phs4kA. Accessed 25 Oct 2018

  60. Object Management Group: OMG Unified Modeling Language (OMG UML), Version 2.5. OMG Document Number formal/2015-03-01. http://goo.gl/7cQyPv. Accessed 25 Oct 2018

  61. Palin, R., Habli, I.: Assurance of Automotive Safety—A Safety Case Approach, vol. 6351, pp. 82–96 (2010)

  62. Panach, J.I., España, S., Moreno, A.M., Pastor, Ó.: Dealing with usability in model transformation technologies. In: Proceedings of Conceptual Modeling, pp. 498–511 (2008)

  63. QVT Operational Eclipse Plugin, v3.5.0. https://goo.gl/SglK1F. Accessed 25 Oct 2018

  64. Saeed, A., de Lemos, R., Anderson, T.: Robust requirements specifications for safety-critical systems. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security (1993)

  65. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. 15, 410–457 (2006)

    Article  Google Scholar 

  66. SparxSystems Enterprise Architect, Version 14. https://goo.gl/V7z4Ms. Accessed 25 Oct 2018

  67. SparxSystems: Enterprise Architect User Guide (2014). https://goo.gl/w2Enek. Accessed 25 Oct 2018

  68. Stamm, B., Baumann, R., Kündig-Herzog, M.: A safety critical computer system in a railway application. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security (1993)

  69. Strüber, D., Born, K., Gill, R. Groner, K.D., Kehrer, T., Ohrndorf, M., Tichy, M.: Henshin: a usability-focused framework for EMF model transformation development. In: Proceedings of the International Conference on Graph Transformations, pp. 196–208 (2017)

  70. Sun, L.: Establishing Confidence in Safety Assessment Evidence. Dissertation, University of York (2012)

  71. Tenbergen, B., Weyer, T., Pohl, K.: Supporting the validation of adequacy in requirements-based hazard mitigations. In: Proceedings of the 21st International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 17–32 (2015)

  72. Tenbergen, B., Weyer, T., Pohl, K.: Hazard relation diagrams: a diagrammatic representation to increase validation objectivity of requirements-based hazard mitigations. Requir Eng J 23(2), 291–329 (2018). https://doi.org/10.1007/s00766-017-0267-9

    Article  Google Scholar 

  73. Troubitsyna, E.: Elicitation and Specification of Safety Requirements. In: Proceedings of the 3rd International Conference on Systems, pp. 202–207 (2008)

  74. Tsuchiya, T., Terada, H., Kusumoto, S., Kikuno, T., Kim, E.: Derivation of safety requirements for safety analysis of object-oriented design documents. In: Proceedings of the 21st Annual International Computer Software and Applications Conference, pp. 252-255 (1997)

  75. Venkatesh, V., Bala, H.: Technology acceptance model 3 and a research agenda on interventions. Decis. Sci. 39(2), 273–315 (2008)

    Article  Google Scholar 

  76. Wang, J., Yang, J.: A subjective safety and cost based decision model for assessing safety requirements specifications. Int. J. Reliab. Qual. Saf. Eng. 8, 35–57 (2001)

    Article  Google Scholar 

  77. Wiegers, K.: Peer Reviews in Software: A Practical Guide. Addison-Wesley, Boston (2002)

    Google Scholar 

  78. Wilson, S., Kelly, T., McDermid, J.: Safety case development: current practice, future prospects. In: Proceedings of the 12th Annual CSR WS on Safety and Reliability of Software Based Systems, pp. 135–156 (1997)

  79. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M., Regnell, B., Weelén, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012)

    Book  Google Scholar 

  80. Xu, X., Bao, X., Lu, M., Chang, W.: A study and application on airborne software safety requirements elicitation. In: Proceedings of the 9th International Conference on Reliability, Maintainability and Safety, pp. 710–716 (2011)

Download references

Acknowledgements

This research was partly funded by the German Federal Ministry of Education and Research under Grant Number 01IS12005C. We would like to thank our colleagues André Heuer, Marian Daun, Kevin Keller, and Jonathan Baker for their assistance with implementation and rationale categorization.

Author information

Authors and Affiliations

  1. Department of Computer Science, State University of New York at Oswego, Oswego, USA

    Bastian Tenbergen

  2. paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany

    Thorsten Weyer

Authors
  1. Bastian Tenbergen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thorsten Weyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bastian Tenbergen.

Additional information

Communicated by Jeff Gray.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix: Pseudo-script listings

Appendix: Pseudo-script listings

figure c
figure d
figure e

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tenbergen, B., Weyer, T. Generation of hazard relation diagrams: formalization and tool support. Softw Syst Model 20, 175–210 (2021). https://doi.org/10.1007/s10270-020-00799-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-020-00799-1

Keywords

Search

Navigation