Software engineering for safety: A roadmap

Proceedings of the Conference on the Future of Software Engineering, ICSE 2000

Volumn , Issue , 2000, Pages 213-224

  Lutz, Robyn R ^a  

^a CALIFORNIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Future directions; Software engineering; Software safety

Indexed keywords

COMPUTER SOFTWARE SELECTION AND EVALUATION; SAFETY ENGINEERING;

FUTURE DIRECTIONS; ROADMAP; SOFTWARE SAFETY;

SOFTWARE ENGINEERING;

EID: 84963992451     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/336512.336556     Document Type: Conference Paper

References (81)

1. J.-R. Abrial, E. Borger, and H. Langmaack. Formal Methods for Industrial Applications: Specifying and Programming the Steam Boiler Control, volume 1165 of LCNS. Springer-Verlag, 1996.
2. R. Alur and T. A. Henzinger. Logics and models of real time: A survey. In J. W. de Bakker, C. Huizing, W. P. de Roever, and G. Rozenberg, editors, Real Time: Theory in Practice, number 600 in LCNS, pages 74-106. Springer-Verlag, 1991.
3. A. Arora and S. S. Kulkarni. Detectors and correctors: A theory of fault-tolerance components. IEEE Trans on Software Eng, 24(1): 63-78, 1998.
4. D. M. Berry. The safety requirements engineering dilemma. In Proc of 9th Int Workshop on Software Specification and Design, 1998.
5. J. Bowen. Safety-critical systems, http://archive. comlab.ox, ac.uk/safety.html.
6. R. W. Butler and G. B. Finelli. The infeasibility of quantifying the reliability of life-critical real-time software. IEEE Trans on Software Eng, 19: 3-12, 1993.
7. E. M. Clarke, a. M. Wing, and et al. Formal methods: State of the art and future directions. ACM Computing Surveys, 28(4): 626-643, 1996.
8. P. C. Clements and N. Weiderman. Report on the 2nd international workshop on development and evolution of software architectures for product families. Technical Report 98-SR-003, CMU/SEI, 1998.
9. P.-J. Courtois and D. L. Parnas. Documentation for safety critical software. In Proc IEEE 15th Int Conf on Software Eng, pages 315-323, 1993.
10. C. Cruz-Neira and R. R. Lutz. Using immersive virtual environments for certification. IEEE Software, 16(4): 26-30, 1999.
11. W. J. Cullyer, S. J. Goodenough, and B. A. Wichmann. The choices of computer languages for use in safety critical systems. Software Engineering Journal, 6: 51-58, 1991.
12. R. DeLemos, A. Saeed, and T. Anderson. Analyzing safety requirements for process-control systems. IEEE Software, pages 42-53, 1995.
13. L. Dumas and A. Walton. Faster, better, cheaper: An institutional view. In Proc 50th Annual 1at Astronautical Congress, 1999.
14. B. Dutertre and V. Stavridou. Formal requirements analysis of an avionics control system. IEEE Trans on Software Eng, 23(5): 267-278, 1997.
15. S. Easterbrook, R. Lutz, R. Covington, J. Kelly, Y. Ampo, and D. Hamilton. Experiences using lightweight formal methods for requirements modeling. IEEE Trans on Software Eng, 24(1): 4-14, 1998.
16. M. Feather. Rapid application of lightweight formal methods for consistency analysis. IEEE Trans on Software Eng, 24(11): 949-959, 1998.
17. M. S. Feather, S. Fickas, A. Van Lamsweerde, and C. Ponsard. Reconciling systems requirements and runtime behavior. In Proc 9th IEEE lnt Workshop on Software Specification and Design, 1998.
18. N. E. Fenton and M. Neil. A strategy for improving safety related software engineering standards. IEEE Trans on Software Eng, 24(11): 1002-1013, 1998.
19. A. Finkelstein. Requirements engineering: A review and research agenda. In Proc 1st Asian and Pacific Software Engineering Conference, pages 10-19, 1994.
20. G. C. Gannod and R. R. Lutz. An approach to architecturaJ analysis of product lines, submitted.
21. S. Gardiner, editor. Testing Safety-Related Software. Springer-Verlag, London, 1998.
22. F. C. Grtner. Fllndamentals of fault-tolerant distributed computing. A CM Computing Surveys, 31(1): 1-26, 1999.
23. C. Gunter, J. Mitchell, and D. Notkin. Strategic directions in software engineering and programming languages. A CM Computing Surveys, 28(4): 727-737, 1996.
24. K. Hansen, A. P. Ravn, and V. Stavridou. From safety analysis to software requirements. IEEE Trans on Software Eng, 24(7): 573-584, 1998.
25. M. P. E. Heimdahl and N. Leveson. Completeness and consistency in hierarchical state-based requirements. IEEE Trans on Software Eng, 22(6): 363-377, 1996.
26. C. Heitmeyer, J. Kirby, B. Labaw, M. Archer, and R. Bharadwaj. Using abstraction and model checking to detect safety violations in requirements specification. IEEE Trans on Software Eng, 24(11): 927-949, 1998.
27. D. S. Hermann. Software Safety and Reliability. IEEE Computer Society Press, 1999.
28. G. J. Holzmann. The model checker Spin. IEEE Trans on Software Eng, 23(5): 279-295, 1997.
29. L. M. Ippolito and D. R. Wallace. A study on hazard anMysis in high integrity software standards and guidelines. Technical Report NISTR 5589, U.S. Department of Commerce, 1995.
30. L. J. Jagadeesan, C. Puchol, and J. E. V. Olnhausen. Safety Property Verification of ESTEREL Programs and Applications to Telecommunications Software, volume 939 of LNCS, pages 127-140. Springer-Verlag, 1995.
31. S. J. Keene. Developing software for safety critical systems. IEEE, NTSC ISBN 0-7803-4573-8, 1998.
32. J. C. Knight and L. G. Nakano. Software test techniques for system fault-tree analysis. In Proc of 16th Int Conf on Computer Safety, Reliability, and Security, 1997.
33. J.-C. Laprie and B. Littlewood. Probabilistic assessment of safety-critical software: Why and how? CA CM, 35(2): 13-21, 1992.
34. N. Leveson. Software safety in embedded computer systems. CACM, 34(2): 35-46, 1991.
35. N. Leveson. Safeware. Addison-Wesley, Reading, MA, 1995.
36. N. G. Leveson, M. P. E. Heimdahl, and J. D. Reese. Designing specification languages for process control systems: Lessons learned and steps to the future. In SIGSOFT Foundations of Software Engineering, 1999.
37. N. G. Leveson, L. D. Pinnel, S. D. Sandys, S. Koga, and J. D. Reese. Analyzing software specifications for mode confusion potential. In Proc Workshop on Human Error and System Development, pages 132-146, 1997.
38. B. Littlewood and D. Wright. Some conservative stopping rules for the operational testing of safety-critical software. IEEE Trans on Software Eng, 23(11): 673-683, 1997.
39. R. R. Lutz. Targeting safety-related errors during software requirements analysis. Journal of Systems and Software, 34: 223-230, 1996.
40. R. R. Lutz. Extending the product family approach to support safe reuse. Journal of Systems and Software, to appear, 2000.
41. R. R. Lutz and Y. Ampo. Experience report: Using formal methods for requirements analysis of critical spacecraft software. In Proc of 19th Annual Software Eng Workshop, pages 231-248, 1994.
42. R. R. Lutz and J. S. K. Wong. Detecting unsafe error recovery schedules. IEEE Trans on Software Eng, 18(8): 749-760, 1992.
43. R. R. Lutz and R. Woodhouse. Requirements analysis using forward and backward search. Annals of Software Eng, 3: 459-475, 1997.
44. T. Maier. FMEA and FTA to support safe design of embedded software in safety-critical systems. In Proc CSR 12th Annual Workshop on Safety and Reliability of Software Based Systems, 1995.
45. J. A. McDermid. Engineering safety-criticM systems. In I. Wand and R. Milner, editors, Computing Tomorrow, Future Research Directions in Computer Science, pages 217-245, Cambridge, 1996. Cambridge University Press.
46. J. A. McDermid, M. Nicholson, D. J. Pumfrey, and P. Fenelon. Experience with the application of HAZOP to computer-based systems. In Proc 10th Annual Con] on Computer Assurance, pages 37-48, 1995.
47. E. Mikk, Y. Lakhnech, M. Siegel, and G. J. Holzmann. Implementing statecharts in Promela/Spin. In Proc 2nd IEEE Workshop on Industrial-Strength Formal Specification Techniques, 1998.
48. S. P. Miller. Specifying the mode logic of a flight guidance system in CoRe and SCR. In Proc Formal Methods in Software Practice Workshop, pages 44-53, 1998.
49. NASA Mars Climate Orbiter Mishap Investigation Board. Phase I report, November 1999.
50. P. G. Neumann. The RISKS digest. http://www.csl.sri.com/www.isko/risks.html; http://catless.ncl, ac.uk/Risks.
51. P. G. Neumann. Computer Related Risks. ACM Press, 1995.
52. P. G. Neumann. Robust open-source software. CACM, 41(2): 128, 1998.
53. Northwestern University's Qualitative Reasoning Group. Welcome to the principles of operations, http://rax.arc.nasa.gov: 80/activities/pofo/docs/index.htm.
54. S. Owre, S. Rajan, J. Rushby, N. Shankar, and M. Srivas. PVS: Combining specification, proof checking, and model checking. In R. Alur and T. A. Henzinger, editors, Computer-Aided Verification, CAV '96, number 1102 in LNCS, pages 411-414, New Brunswick, N J, July/August 1996. Springer-Verlag.
55. D. L. Parnas, J. Van Schouwen, and S. P. Kwan. Evaluation of safety-critical software. CACM, 33(6): 636-648, 1990.
56. R. Pausch, J. Snoddy, R. Taylor, S. Watson, and E. Haseltine. Disney's Aladdin: First steps toward storytelling in virtuM reality. In Proc Siggraph, pages 193-203, 1996.
57. I. Peterson. Fatal Defect: Chasing Killer Computer Bugs. Times Books, New York, 1995.
58. H. Petrowski. To engineer is human. Vintage Books, New York, 1992.
59. S. L. Pfleeger. Software Engineering Theory and Practice. Prentice-Hall, Upper Saddle River, N J, 1998.
60. President's Information Technology Advisory Committee. Information Technology Research: Investing in Our Future. February 1999.
61. J. A. I. Profeta, N. P. Andrianos, B. Yu, B. W. Johnson, T. A. DeLong, D. Guaspari, and D. Jamsek. Safety-critical systems built with COTS. Computer, 29(11): 54-60, 1996.
62. D. Raheja. Assurance Technologies: principles and practices. McGraw-Hill, 1991.
63. P. Rodr{guez-Dapena. Software safety certification: A multidomain problem. IEEE Software, 16(4): 31-38, 1999.
64. J. Rushby. Critical system properties: Survey and taxonomy. Reliability Engineering and System Safety, 43(2): 189-214, 1994.
65. J. Rushby. Formal methods and their role in the certification of critical systems. In R. Shaw, editor, Safety and Reliability of Software Based Systems, pages 1-42. Springer, 1995.
66. J. Rushby. Using model checking to help discover mode confusions and other automation surprises. In Proc 3rd Workshop on Human Error, Safety, and System Development, 1999.
67. J. M. Rushby. Partitioning in avionics architectures: Requirements, mechanisms, and assurance. Technical reoort. SRI. March 1999.
68. J. Sifakis. Research directions for formal methods. ACM Computing Surveys, 28(4es), 1996.
69. G. Slabodkin. Software glitches leave navy smart ship dead in the water, http://www.gcn.com/archives-/gcn/1998/July13/cov2.htm, July 13 1998.
70. I. Sommerville. Software Engineering. Addison-Wesley, Wokingham, England, fifth edition, 1996.
71. V. Stavridou. Provably dependent software architectures for adaptable avionics. In Proc 18th Digital Avionics Systems Coal, 1999.
72. N. Storey. Safety-Critical Computer Systems. Addison Wesley Longman, Harlow, England, 1996.
73. L. Strigini. Considerations on current research issues in software safety. Reliability Engineering and System Safety, 43: 177-188, 1994.
74. K. Sullivan, J. B. Dugan, and D. Coppit. The Galileo fault tree analysis tool. In Proc 29th Annual IEEE Int Symposium on Fault-Tolerant Computing, 1999.
75. K. Sullivan, J. C. Knight, X. Du, and S. Geist. Information survivability control systems. In Proc 21st Int Conf Software Eng, pages 184-192, 1999.
76. N. Tmbert. The cost of COTS: An interview with John McDermid. Computer, 31(6): 46-52, 1998.
77. W.-T. Tsai, R. Mojdehbakhsh, and S. Rayadurgam. Capturing safety-critical medical requirements. Computer, 31(4): 40-41, 1998.
78. J. Voas and M. Friedman. Software Assessment: Reliability, Safety, Testability. John Wiley and Sons, 1995.
79. E. J. Weyuker. Using failure cost information for testing and reliability assessment. A CM Trans on Software Eng and Methodology, 5(2): 87-98, 1996.
80. Workshop on Research in Theoretical Computer Science. Challenges for theory of computing, 1999.
81. P. Zave. Classification of research efforts in requirements engineering. ACM Computing Surveys, 29(4): 315-321, 1997.