SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND Queensland 4072 Australia TECHNICAL REPORT No. 99-46 A Process for Derivation and Quantification of Safety Requirements for Components of Complex Systems

This report describes a formal approach to verification and validation of safety requirements for embedded software, by application to a simple control-logic case study. The logic is formally specified in Z. System safety properties are formalised by defining The paper develops a theoretical basis for assigning safety requirements for components of complex systems, including software, in a form that integrates well with established system-safety engineering processes. Safety requirements here include integrity targets, in the form of maximum acceptable failure rates. We propose a process for flowing safety requirements down to components, by integrating system hazard analysis techniques in a manner that enables functional and quantitative analysis. The originality of the process lies not so much in the individual steps as in the integration of their results within a single coherent framework. In outline, the steps of the proposed process are: 1. Definition of an appropriate system conceptual design model. 2. Identification and classification of “system hazards”: roughly, states of the system that can contribute to accidents and mishaps. Functional Failure Analysis is the suggested technique. 3. Identification of protective measures and system safety functions, by consideration of possible accident sequences arising from unsafe actions and possible component failures. Event Tree Analysis is the suggested technique. 4. Construction of a detailed cause-and-effect model, to record how faults propagate through the system, and to identify possible common causes. Fault Tree Analysis is the suggested technique. 5. Allocation of functional and quantitative safety requirements, using the models from previous steps to justify quantitative targets. A simple running example is used to illustrate the concepts, terminology and features of the process. The terminology of IEC 61508 is used where possible.