A comprehensive safety engineering approach for software-intensive systems based on STPA

TL;DR

This paper introduces a comprehensive safety engineering approach using STPA to identify and mitigate software-related hazards in safety-critical systems, integrating testing and model checking within the software development process.

Contribution

It presents a novel safety engineering framework based on STPA that combines safety analysis, testing, and model checking for safer software development.

Findings

Effective identification of software hazards using STPA

Integration of safety analysis with testing and model checking

Application demonstrated on automotive software controller

Abstract

Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller.