ABSTRACT
The development of a military safety critical system has many facets, one of which is the collecting of evidence that can be used to assist the production of the safety case necessary for certification of a system into military use. Within the certification process, static analysis is required by the UK Ministry of Defence to provide evidence of a systems integrity and fitness for purpose. In this paper we describe how we have extended the approach of static analysis to gain evidence of the dynamic integrity of a system. This work, based on the abstract interpretation of variable values into sets of ranges of values, has resulted in the development of a software tool, called the Exception Analyser. This tool can investigate the potential for code, written in C, C++ and Ada, to raise run time exceptions and then derive the system constraints which would prevent these exceptions from occurring. We outline the foundation behind our approach and present the results of a case study into the successful application of the tool on a safety critical military project.
- Andf99.ANDF TenDRA Software. web site: http://alph.dra.hmg.gb/TenDRA/index.html, 1999 .Google Scholar
- Bar97.Barnes J. High Integrity Ada: The SPARK Approach. Addison-Wesley Longman, 1997.Google Scholar
- Bou93.Bourdoncle F. Abstract Debugging of Higher- Order Imperative Languages. Proceedings of SIGPLAN'93 Conference on Programming Language Design and Implementation, 1993. Google ScholarDigital Library
- Buc98.Buckle G. Static Analysis of Safety Critical Software (Techniques, Tools and Experiences). Proceedings of the Sixth Safety-Critical Systems Symposium, Birmingham UK, 1998.Google ScholarCross Ref
- CG90.Carre B, and Garnsworthy J. Experiences with SPARK and its support tool, the SPARK Examiner. Ada UK Conference, October 1990.Google Scholar
- CC77.Cousot P, and Cousot R. Abstract Interpretation: A UniJied Lattice Model for Static Analysis of Programs. in Proceedings 4th ACM Symposium on Principals of Programming Languages, POPL77,1977. Google ScholarDigital Library
- Cur98.Currie I. Rationale Behind the Prototype C Analyser. Defence Evaluation Research Agency, Internal Report, DERA/CIS/CIS3/CR97469/1 .O, January 1998.Google Scholar
- DDC99.DDC-I. Safety Critical Real- World Sofmare Development. web site: http://www.ddci.com, 1999.Google Scholar
- GH98.Granville R, and Harrison K. Use of Static Code Analysis to Support the Safety CertiJication of Airborne Software. Proceedings of the Sixth Safety-Critical Systems Symposium, Birmingham UK, 1998.Google Scholar
- IPL99.IPL. Eveleigh House, Grove Street, Bath. http://www.iplbath.com/oOOO.htm. 1999Google Scholar
- JN95.Jones N.D, and Nielson F. Abstract Interpretation: Semantics-Based Tool for Program Analysis. in Handbook of Logic in Computer Science, Volume 4 Semantic modelling, edited by S.Abramsky, D.M.Gabbay and T.S.E.Maibaum, Clarendon Press, Oxford, 1995. Google ScholarDigital Library
- Lev95.Leveson N.G SAFEWARE: System Safety and Computers. Addison-Wesley Publishing, 1995. Google Scholar
- Ldr99.Liverpool Data Research Associates Ltd. 131 Mount Pleasant, Liverpool. http://www.ldra.coml. 1999Google Scholar
- MIS98.The Motor Industry Software Reliability Association Guidelines for the use of the C Language in Vechicle Based Software MISRA, Nuneaton, Warwickshire, UK, April 1998.Google Scholar
- MOD91.Ministry of Defence, Directorate of Standardisation, Kentigern House, 65 Brown Street, Glasgow G2 8EX. Interim Defence Standard 00-55. The procurement of safety critical software in Defence equipment, April 1991.Google Scholar
- Moo66.Moore R.E. Interval Analysis Prentice-Hall, Englewood Cliffs, NJ, 1966Google Scholar
- OSF91.OSF. ANDF; application portability and open systems. Technical report, Open Software Foundation, 11 Cambridge Center, Cambridge, MA 02142, USA, 1991.Google Scholar
- Ost81.Osterweil L. Using Data Flow Tools in Software Engineering in: Program Flow Analysis: Theory and Applications, Edited by S.S.Muchnick and N.D.Jones, Prentice-Hall Software Series, 1981.Google Scholar
- Pal96.Palmer S. MALPAS Executive Overview. TACS/99006/37, TA Constancy Services Limited, UK, 1996.Google Scholar
- QAC99.QAC. Programming Research Ltd., Glenbrook House, Hersham, Surrey. http:Nwww.prqa.co.uWindex.htm, 1999Google Scholar
- RTC92.RTCA-DO- 178B. Software considerations in airborne systems and equipment certijcation, December 1992.Google Scholar
- WCC95.Wichmann B.A, Canning A.A, Clutterbuck D.L, Winsborrow L.A, Ward N.J, and Marsh D.W.R. Industrial Perspective on Static Analysis. Software Engineering Journal, March 1995.Google Scholar
Index Terms
- Safety analysis of Hawk In Flight monitor
Recommendations
Safety analysis of Hawk In Flight monitor
The development of a military safety critical system has many facets, one of which is the collecting of evidence that can be used to assist the production of the safety case necessary for certification of a system into military use. Within the ...
On groupthink in safety analysis: an industrial case study
ICSE-SEIP '18: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in PracticeContext: In safety-critical systems, an effective safety analysis produces high-quality safety requirements and ensures a safe product from an early stage. Motivation: In safety-critical industries, safety analysis happens mostly in groups. The ...
Collision Analysis of Safety Devices to Prevent Hazards in Safety Critical Systems
SERE '14: Proceedings of the 2014 Eighth International Conference on Software Security and ReliabilityThe importance of safety-critical systems is increasing, as seen with the terrible accidents recently occurring in nuclear power plants and with airplanes. To ensure the safety of those systems, system engineers should consider how to prevent system ...
Comments