An Approach to Safety Analysis and Verification based upon Formal Functional Model

design transforms the semi-formal requirements specification into a formal implicit specification, which will then be further refined into formal explicit specification by detail design. Detail design has two goals: (1) transforming implicit specifications of processes and functions, defined in modules into explicit specifications to serve as a foundation for implementation in a specific programming language, and (2) transforming the structured abstract design specification into an objectoriented detailed design specification in order to achieve good quality of final implementation. Verification of a specification aims to ensure that the specification is internally consistent, acceptable and actually met by their implementation (or program). Program is an implementation of the detail design in a specific programming language. It is essential to ensure that a program transformed from a detailed design (an explicit specification) satisfies the specification. There are four levels of transformations: (1) transformation of the abstract data types, (2) transformation of explicit specifications of process, methods and functions, (3) transformation of modules, and (4) transformation of classes. The major features of the process model include (1) informal and semiformal specifications for user requirements and formal specification for abstract design, (2) specification for evolution process through informal, semi-formal and formal stages, and refinement for detailed design and implementation, and (3) rigorous review and testing to verify and validate specifications and programs [2]. 3 RESEARCH WORK This study is divided into three stages, which are capturing safety properties, hazard analysis and verification through inspection. For the requirement specification, it is written in SOFL as it provides a formal and comprehensible language for the requirements and design specification as well as a practical method for developing the software systems. Detail explanation of every stage is represented in this subsection. 3.1 Stage 1Capturing Safety Properties Functional requirements documents describe what the system should do, and it is conceivable that documents may be incomplete and contain mistakes [4]. Safety properties are one of the outputs of functional requirements for safety-critical systems. Fig. 3 explains the process of capturing safety properties from functional requirements, and it consists of three steps: (1) Capturing the desired safety-related functions, necessary data resources and constraints, (2) Deriving functional scenario from safety-related function, and (3) Deriving safety properties from functional scenario using five keys as guidelines. These processes and five keys will assist the developer in finding and identifying the appropriate safety properties required to ensure that the related functions are free from failure. The five keys for capturing safety properties are functional constraints, domain knowledge, developer experience, real-time constraints for functions and the input/output device. Fig. 2 The Software Development Process using SOFL