PhD Seminar 23 November 2004

1
PhD Seminar 23 November 2004

• Per Trygve Myhrer

2
Overview

• Methods that can be used to identify hazards
  early in the development process
• Methods to achieve traceability and Intent
  Specification

2
3
Finding hazards early

• It is important to
• Identify hazards
• Be able to insert barriers or preventive action
  early
• We do not want a lot of analysis that are useless
  after changes and gives a false sense of security

3
4
Finding hazards early II

• In the BUCS project we have tried out several
  methods for identifying hazards
• PHA on System concept
• PHA on High level requirements
• PHA to find deviations from the happy scenarios
• Use of the KJ process with focus on hazards

4
5
Preliminary Hazard Analysis

• Brainstorming, structured by PHA table and system
  concept
• What can go wrong
• The results depend on the participants
  experience and knowledge
• PHA will work best if the members of the analysis
  have experience with the system that is going to
  be made

5
6
PHA on system concept
6
7
PHA on High level requirements
7
8
Happy Scenarios
8
9
The KJ process
Teacher is not able to select add element to
notice board from the menue
Students are able to add items to the notice
board without having the proper access
privilegies
9
10
Safety when using Agile methods

• Agile methods uses stories for requirements
• We add the hazard stories

Hazard Story
Stories
Development
Refractoring
10
11
The methods

• None of the methods will find hazards that none
  of the members have experienced or thought might
  happen
• We need more experiences and this can be done by
  building and using a experience database

11
12
Traceability

• Traceability is important because it
• Makes it possible to get an overview of the
  system and help people easy find reasons for
  decisions when developing software
• Link hazards to proposed barriers and actions
  identified
• Will help us to document our decisions

12
13
Why Intent Specification ?

• Intent Specification will allow us to
• Explain reason for decisions
• Show consequences of decisions
• In order to justify our decisions we can use
• Expert judgment
• Experiences
• What if? analysis

13
14
Intent Specification

• Intent Specification has hyperlinks that links
  parts of documentation and code that influence
  each other
• Links from requirements through the documentation
  and down to the code
• Decisions on how to comply with a safety
  requirements and links to the code where its done

14
15
Example of Intent Specification
Before start of development
History of previous systems
High level requirements
Requirements
PHA
Architecture
Hazop CCA
Requirements for components
User guides
Code
15
System is finished
16
SpecTRM

• SpecTRM is a tool that can be used to realize
  Intent Specification. The tool is
• Made to be used to develop safety critical
  software systems and supports the use of Intent
  Specification
• Adaptable and can also be used for a system that
  is not safety critical

16
17
Discussion

• Challenges with traceability
• Traceability both ways will add more work to
  maintain
• Is it enough to have traceability only bottom
  up?
• PHA Happy scenarios is probably the best method
• Are Agile Methods are useful for business
  critical systems?

17