The Safety-Critical Systems Lectures Series
Contributions by
Jan Peleska
and many others whose names will be listed here during the next lectures.
Context of this Lectures Series
This is a series of lectures and seminars
of our initiative Graduate Studies in Safety-Critical Systems. It is
intended for an international audience of engineers working in the field,
graduate students working
on their Diploma, Masters, PhD of Habilitation degrees in computer
science or electrical engineering. Due to the international character
of the initiative, lectures will be held in English. At present, the lecture series is divided into
three parts, each part planned as a two hours/week lecture for one semester:
- Safety-Critical Systems I: Basic concepts - problems - methods - techniques
- Safety-Critical Systems II: Management aspects - standards - V-Models - TQM - assessment -
process improvement
- Safety-Critical Systems III: Formal methods and tools - model checking - testing -
partial verification - inspection techniques - case studies
Objectives and summary of the Safety-Critical Systems II Lecture
For the development of safety-critical systems, it does not suffice to
know the safety-related technical aspects; it is of equal importance
to justify that the complete development process - from requirements
definition to acceptance testing - has been performed adequately. The
term "adequately" refers to a whole range of aspects which are of both
organisational and technical nature:
- On company level, the company policy and the company's
organisational structure shall ensure that employees
have a thorough understanding of
safety issues ("safety awareness") and that they receive the necessary
support (time, money, training, tools etc.)
and encouragement to perform their duties according to this
understanding. These objectives lead to the topic of Total Quality
Management and the introduction of company-wide standards derived
from national or international standards which regulate the life
cycles of projects or product developments.
- On project or product development level, it has to be understood
which laws and standards are applicable for the specific development,
and how these standards are to be "implemented" (or better
"instantiated") for the development. This leads us to the field of
project management and V-models.
- Developments according to standards enforces organised and
documented activities during the life cycle: this may improve the
process quality, that is, the quality of each production step in a
development. However, the quality of a concrete product cannot be
ensured just by controlling process quality since this does not
guarantee that the specific product properties are met. This leads us
to the field of Verification, Validation and Test methods and their
application to product assurance, where the quality aspects of a
specific safety-related product are investigated.
- The development costs for safety-critical systems can be considerably
reduced if components developed before may be re-used in the new
development. While the topic or component re-use or re-use by design
patterns and frameworks is quite well understood for commercial and
office applications, re-use within a safety-critical context is still a
research area: Which additional verification effort is needed before an
existing component developed for a non-critical project may be re-used
for a product whose malfunction might cause the loss of human lives?
-
It is an accepted fact that organised and documented developments may
produce tons of paper and too few lines of executable code if managers
and project teams are inexperienced or not properly trained or if an
inappropriate standard is applied. As a consequence, other approaches
- such as extreme programming - which focus less on documentation and
regulation of the development process but emphasise development
skills, detailed design and coding are becoming increasingly
popular. Could these approaches be applied in the safety-critical
context as well?
The themes and questions sketched above will be presented and
discussed in more detail in the Safety-Critical Systems II
lectures. We will introduce the basic concepts of total quality
management, introduce the most important standards for safety-critical
developments in avionics, space systems, railways and medical systems
and explain the common concepts underlying these standards. Reuse and
extreme programming are discussed for potential application in
safety-critical developments.
We would like to emphasise two aspects of these lectures:
First, our research group has considerable experience in the practical
application of these concepts in projects with our partners from
avionics, railways and space industry. As a consequence, we may
justifiably claim that we not only know how these concepts are meant
to be applied in practice, but also know why and when they fail to
produce the desired results. Second, IT experts wishing to work as
project managers or as managers responsible for product quality should
be familiar with the topics introduced in this lecture: The increasing
amount of software in safety-critical systems requires that these
developments should rather be managed by computer scientists than by
electrical engineers.
Related Activities of Other Groups and Organisations
References
- N. Storey: Safety-Critical Computer Systems. Addison Wesley Longman 1996.
- M. R. Lyu: Software Reliability Engineering. McGraw-Hill 1995.
More references will be introduced during the lectures!
Exercises
Serie 1 (