Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Software fault trees and weakest preconditions: a comparison and analysis

Software fault trees and weakest preconditions: a comparison and analysis

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
Software Engineering Journal — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

© The Institution of Electrical Engineers
Published

Software development in safety-critical systems demands techniques which provide both the precision of formal methods and the practicality of tried and trusted engineering methods, giving a measure of rigour as required by the application. In particular, reasoning about system behaviour in the presence of failures requires a realistic use of formal methods. We show how to capture the semantics implied by software fault trees using a form of weakest precondition programming in modelling the failure properties of different software expressions as an example. Leveson et al. [1] have used software fault trees to produce ‘failure templates’ at the statement level for the Ada programming language. These templates are concerned solely with logical program errors and not with compiler errors, control errors, memory errors etc. which could be captured by a system-wide view of the software. Furthermore, the notion of software fault tree ‘failure templates’ is confusing for safety engineers used to normal fault tree analysis; the trees are motivated by failures, rather than by working back from system hazards, and thus are much more akin to failure modes and effects analysis. We propose a more traditional view in the application of fault trees to software expressions, which leads to a difference in their expression in weakest precondition semantics.

Inspec keywords: safety; program diagnostics; formal verification; software reliability

Other keywords: engineering methods; safety-critical systems; weakest precondition programming; formal methods; software fault trees; weakest preconditions; semantics; reasoning about system behaviour; fault trees; failure properties; software expressions

Subjects: Diagnostic, testing, debugging and evaluating systems; Software engineering techniques

References

    1. 1)
      • IEC 65a: Functional Safety of Electrical/Electronic/Programmable Electronic Systems: Generic Aspects. International Electrotechnical Commission, 1992.
    2. 2)
      • `Interim Defence Standard', 00-55, 1991.
    3. 3)
      • P. Fenelon , J. McDermid . Safety CASE: an integrated toolset for software safety analysis. J. Syst. Softw.
    4. 4)
      • D. Gries . (1981) , The science of programming.
    5. 5)
      • T.J. Shimeall , N.G. Leveson . An empirical comparison of software fault tolerance and fault emission. IEEE Trans. , 2 , 173 - 182
    6. 6)
      • Bondavalli, A., Simoncini, L.: `Failure classification with respect to detection', PDCS First Year Report, May 1990, 2.
    7. 7)
      • N.H. Roberts , W.E. Vesely , V.F. Haas , F.F. Goldberg . (1981) , Fault tree handbook (NUREG-0492).
    8. 8)
      • N.G. Leveson , S. Cha , T. Shimeall . Safety vertification of Ada programs using software fault trees. IEEE Softw. , 4 , 48 - 59
    9. 9)
      • McDermid, J.A.: `Safety cases and safety arguments', Proc. CSR Conf. on Software Safety, April 1991, .
    10. 10)
      • N.G. Leveson , J.L. Stolzy . Safety analysis of Ada programs using fault trees. IEEE Trans. , 5 , 479 - 484
    11. 11)
      • E.W. Dijkstra . (1976) , A discipline of programming.
    12. 12)
      • J.R. Taylor . (1982) , Fault tree and cause consequence analysis for control software validation.
    13. 13)
      • P.A. Bennett , J.A. McDermid . (1991) , Software engineer's reference book.
    14. 14)
      • N.G. Leveson , P.R. Harvey . Analyzing software safety. Trans. , 5 , 569 - 579
http://iet.metastore.ingenta.com/content/journals/10.1049/sej.1993.0028
Loading

Related content

content/journals/10.1049/sej.1993.0028
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address