Safety analysis of hybrid real-time system requirements using qualitative models

Abstract

The safety analysis of requirements is a key problem area in the development of software for hybrid real-time safety systems. Major obstruction of using formal methods for hybrid real-time systems in industry is the difficulty that engineers have in understanding and applying the quantitative methods in the abstract requirements phase. While formal methods technology in safety-critical systems can help increase confidence in the software, the difficulty and complexity of using them can cause other hazards. In order to overcome this obstruction, we propose a framework of requirements engineering for the hybrid real-time systems. It consists of a qualitative method for requirements specification, called QFM (Qualitative Formal Method), and a safety analysis method for the software requirements based on causality information, called CRSA (Causal Requirements Safety Analysis). The QFM emphasizes the idea of a causal and qualitative reasoning in formal methods to reduce the difficulty of specifying and validating the software requirements of hybrid safety systems. We use the qualitative formal languages, Compositional Modeling Language, and Causal Functional Representation Language in particular, to specify hybrid system dynamics and the required behavior respectively. The system behavior has been simulated by the Device Modeling Environment, and validated against the required behavior. CRSA can evaluate the logical contribution of the software elements to the physical hazards of systems without the subjective and ad hoc decisions of safety analysts, by using the causality information that is kept during specification by QFM. Using the Shutdown System 2 (SDS2) of Wolsong nuclear power plants as a realistic example, we demonstrate that the QFM provides a practical solution for requirements specification of HRTS, and that the CRSA is a systematic approach for safety analysis of HRTS software.