Dependability of Critical Computer SystemsF.J. Redmill M. CARPENTIER Director General DG XIII, Telecommunications, Information Industries and Innovation of the Commission of the European Communities It is with great pleasure that I introduce and recommend this collection of guidelines produced by EWICS TC7. This Technical Committee has consistently attracted technical experts of high quality from all over Europe and the standard of the Committee's work has reflected this. The Committee has been sponsored by the Commission of the European Communities since 1978. During this period, there has been the opportunity to observe the enthusiasm and dedication in the activities of the group, the expertise and effort invested in its work, the discipline in meeting objectives and the quality of the resulting guidelines. It is no surprise that these guidelines have influenced the work of international standardisation bodies. Now the first six of EWICS TCTs guidelines are being made available as a book. I am convinced that all computer system developers who use them will greatly enhance their chances of achieving quality systems. v Acknowledgements In the preparation of this book, the editoLisgrateful to P. Bishop, G. Covington II, C. Goring, and W. Quirk for their help in editing the guidelines. In addition, he would like to thank S. Bologna, W. Ehrenberger, M. Ould, J. Rata, L. Sintonen and J. Zalewski for reviewing the chapters and providing additional material. |
Contents
GUIDELINES TO DESIGN COMPUTER SYSTEMS FOR SAFETY | 1 |
Technical Overview | 3 |
13 Hazards Failures and Accidents | 5 |
14 Principles for Design for Safety | 7 |
15 How to Use These Guidelines | 9 |
16 The Four Main Steps in Designing for System Safety | 10 |
17 Conformance Clause | 12 |
Designing for System Safety | 14 |
The Translation of Functional Requirements to Detailed Component Specifications | 106 |
24 Coding and Construction | 129 |
25 Integration of Hardware and Software | 134 |
26 Verification and Validation | 138 |
27 Qualification | 154 |
28 Operation and Maintenance | 157 |
A GUIDELINE ON SOFTWARE QUALITY ASSURANCE AND MEASURES | 165 |
Technical Overview | 167 |
Analysis of the Functional Specification | 18 |
Designing for Safety | 21 |
Validation of Design | 35 |
25 Related Standards and Guidelines | 41 |
GUIDELINES FOR THE ASSESSMENT OF THE SAFETY AND RELIABILITY OF CRITICAL COMPUTER SYSTEMS | 43 |
Technical Overview | 44 |
12 A Summary of Development Process and Problems | 46 |
13 Scope | 48 |
14 How to Use These Guidelines | 49 |
15 Conformance Clause | 51 |
Safety and Reliability Assessment | 53 |
22 Criteria | 57 |
23 Techniques | 64 |
24 Safety Case for the Target System | 65 |
25 Assessment Plan | 72 |
26 References | 74 |
A QUESTIONNAIRE FOR SYSTEM SAFETY AND RELIABILITY ASSESSMENT | 77 |
Technical Overview | 80 |
12 Scope and Structure | 81 |
13 How to Use the Questionnaire | 82 |
14 An Evaluation System for the Questionnaire for SafetyRelated Applications | 83 |
The Questionnaire | 88 |
22 System Requirements Specification | 97 |
12 Scope of the Guideline | 168 |
13 How to Use the Guideline | 169 |
Software Quality Assurance and Measures | 171 |
22 Basic Rules for Attribute Specification | 174 |
23 Measures of Attributes | 182 |
24 Acceptance Criteria | 187 |
25 Standards and References | 189 |
GUIDELINES ON THE MAINTENANCE AND MODIFICATION OF SAFETYRELATED COMPUTER SYSTEMS | 195 |
Technical Overview | 197 |
12 Scope and Structure | 198 |
13 Dataflow Diagrams | 199 |
14 Conformance Clause | 200 |
Guidelines on Maintenance and Modification | 202 |
22 Formal Approach to ChangeControl Procedures | 210 |
23 Details of Maintenance Activities | 213 |
24 Further Details of Maintenance Activities | 233 |
25 Data Dictionary | 245 |
26 Bibliography | 266 |
Glossary | 273 |
Appendix | 279 |
281 | |
Common terms and phrases
acceptance test activity anomaly report assessment assessor audit checks component computer systems CONFIGURATION CHANGES CONFIGURATION MANAGEMENT REPORT corrective maintenance Critical Computer dataflow diagrams defined detailed Électricité de France ensure environment errors evaluation EWICS TC7 failure analysis fault tolerance ference number(s formal functional specification guidelines identified IEEE implementation inputs integrity interfaces internal safety body Item Item Response Item number Item MAINTENANCE ACTION DATA maintenance cycle maintenance database measure ment modules number Item Response operation organisation perform phase planned values plant preventive maintenance procedures Quality Assurance questionnaire redundancy regression test Response Comment number Response Comment Yes/No REVALIDATION AND CONFIGURATION revalidation request safety and reliability safety-critical safety-related schedule Section Software Engineering Software Maintenance Software Quality Software Quality Assurance standards Step structure subsystem system requirements specification target system techniques test data tion user management Verification and Validation Yes/No Provide document