Page 364 -
P. 364
13.2 Dependable processes 347
The safety life cycle
The International Electrotechnical Commission has devised a process standard (IEC 61508) for protection
systems engineering. This is based around the notion of a safety life cycle, which makes a clear distinction
between safety engineering and system engineering. The first stages of the IEC 61508 safety life cycle define the
scope of the system, assess the potential system hazards, and estimate the risks they pose. This is followed by
the specification of the safety requirements and the allocation of these safety requirements to different
subsystems. The idea is to limit the extent of safety-critical functionality to allow specific techniques for critical
systems engineering to be applied to the development of the safety-critical system.
http://www.SoftwareEngineering-9.com/Web/SafetyLifeCycle/
2. Requirements management to ensure that changes to the requirements are con-
trolled and that the impact of proposed requirements changes is understood by
all developers affected by the change.
3. Formal specification, where a mathematical model of the software is created
and analyzed. I discussed the benefits of formal specification in Chapter 12.
Perhaps its most important benefit is that it forces a very detailed analysis of the
system requirements. This analysis itself is likely to discover requirements
problems that may have been missed in requirements reviews.
4. System modeling, where the software design is explicitly documented as a set of
graphical models, and the links between the requirements and these models are
explicitly documented.
5. Design and program inspections, where the different descriptions of the system
are inspected and checked by different people. Inspections are often driven by
checklists of common design and programming errors.
6. Static analysis, where automated checks are carried out on the source code of
the program. These look for anomalies that could indicate programming errors
or omissions. I discuss static analysis in Chapter 15.
7. Test planning and management, where a comprehensive set of system tests is
designed. The testing process has to be carefully managed to demonstrate that
these tests provide coverage of the system requirements and have been correctly
applied in the testing process.
As well as process activities that focus on system development and testing, there
must also be well-defined quality management and change management processes.
Although the specific activities in a dependable process may vary from one company
to another, the need for effective quality and change management is universal.
Quality management processes (discussed in Chapter 24) establish a set of process
and product standards. They also include activities that capture process information
to demonstrate that these standards have been followed. For example, there may be a
standard defined for carrying out program inspections. The inspection team leader is
responsible for documenting the process to show that the inspection standard has
been followed.
