Luiz Eduardo Galvão Martins

Requirements engineering for safety-critical systems

ContextSafety-Critical Systems (SCS) are becoming increasingly present in our society. A considerable amount of research effort has been invested into improving the SCS requirements engineering process as it is critical to the successful development of SCS and, in particular, the engineering of safety aspects. ObjectiveThis article aims to investigate which approaches have been proposed to elicit, model, specify and validate safety requirements in the context of SCS, as well as to what extent such approaches have been validated in industrial settings. The paper will also investigate how the usability and usefulness of the reported approaches have been explored, and to what extent they enable requirements communication among the development project/team actors in the development of SCS. MethodWe conducted a systematic literature review by selecting 151 papers published between 1983 and 2014. The research methodology to conduct the SLR was based on the guidelines proposed by Kitchenham and Biolchini. ResultsThe results of this systematic review should encourage further research into the design of studies to improve the requirements engineering for SCS, particularly to enable the communication of the safety requirements among the project team actors, and the adoption of other models for hazard and accident models. The presented results point to the need for more industry-oriented studies, particularly with more participation of practitioners in the validation of new approaches. ConclusionThe most relevant findings from this review and their implications for further research are as follows: integration between requirements engineering and safety engineering areas; dominance of the traditional approaches; early mortality of new approaches; need for industry validation; lack of evidence for the usefulness and usability of most approaches; and the lack of studies that investigate how to improve the communication process throughout the lifecycle. Based on the findings, we suggest a research agenda to the community of researchers and advices to SCS practitioners.

A case study using a protocol to derive safety functional requirements from Fault Tree Analysis

State-of-the-art in Requirements Engineering offers many frameworks and techniques to enable requirements engineers in their work. However, for critical systems there are gaps in state-of-the-art, and these can result in dire consequences, potentially putting lives in danger and damage infrastructure and threaten the environment. A well known technique used to help requirements engineers to understand safety hazards situations in the context of safety-critical software is Fault Tree Analysis (FTA). This technique is a good one to decompose hazards identified in the system context into events that may put the system functionalities in risk. However, FTA does not offer a protocol of how to derive safety functional requirements from fault trees. In this paper we present a case study adopting a protocol to help requirements engineers to derive safety functional requirements from FTA. The proposed protocol was based on a study performed in a Brazilian company in the area of electronic medical devices. The development of prototype of a low cost insulin infusion pump, which is a critical system, offered the basis to propose and test a protocol to derive safety functional requirements from FTA. During the case study we collected evidences that help us to discuss if FTA is sufficient to guide software engineers to implement the corresponding control software and also if FTA offers enough information to help requirements engineers to derive safety functional requirements.

Integration between requirements engineering and safety analysis

We analyze activities performed in safety analysis and tool support.We present challenges/problems relating to the integration between safety and RE.We present taxonomies about hazard and safety analysis techniques.Hazard and safety-related information are classified in taxonomies.We discuss the benefits of the integration between RE and Safety Engineering. Context: Safety-Critical Systems (SCS) require more sophisticated requirements engineering (RE) approaches as inadequate, incomplete or misunderstood requirements have been recognized as a major cause in many accidents and safety-related catastrophes. Objective: In order to cope with the complexity of specifying SCS by RE, we investigate the approaches proposed to improve the communication or integration between RE and safety engineering in SCS development. We analyze the activities that should be performed by RE during safety analysis, the hazard/safety techniques it could use, the relationships between safety information that it should specify, the tools to support safety analysis as well as integration benefits between these areas. Method: We use a Systematic Literature Review (SLR) as the basis for our work. Results: We developed four taxonomies to help RE during specification of SCS that classify: techniques used in (1) hazard analysis; (2) safety analysis; (3) safety-related information and (4) a detailed set of information regarding hazards specification. Conclusions: This paper is a step towards developing a body of knowledge in safety concerns necessary to RE in the specification of SCS that is derived from a large-scale SLR. We believe the results will benefit both researchers and practitioners.

Requirements Engineering for Safety-Critical Systems: Overview and Challenges

In a world that depends increasingly on complex, critical, and intertwined systems, requirements engineering is crucial to developing and maintaining safety-critical systems (SCSs). Researchers studied the state of the art (through the literature) and the state of the practice (through in-depth interviews with practitioners) to discover what approaches are available for capturing, specifying, and communicating safety requirements throughout the SCS lifecycle and to determine the remaining challenges.

Specifying Safety Requirements with GORE languages

Context: A suitable representation of Safety-Critical Systems (SCS) requirements is crucial to avoid misunderstandings in safety requirements and issues in safety specification. However, current general requirements specification languages do not fully support the particularities of specifying SCS. Objective: In this paper, our goal is to identify and propose a set of important features that should be provided by requirements languages to support an early safety requirements specification. Moreover, we aim to compare the ability of the four most used Goal-Oriented Requirements Engineering (GORE) languages (i*, KAOS, GRL, NFR-Framework) in supporting the proposed features. Method: We first established a conceptual foundation and a conceptual model based on the literature, challenges elicited in previous works, and demands of safety standards at the requirements level that practitioners must satisfy in order to certify their systems. Results: We proposed a set of 15 features that requirements languages should provide to an early safety requirements specification. Regarding the comparison of GORE languages, in summary, all surveyed languages lacks explicit modeling constructs to express how hazards can occur in the system, the accidents, their impact and how they can mitigated. Conclusions: The conceptual foundation, conceptual model, and the set of features is a novelty. Finally, the features can be used to propose new requirements languages for SCS or to define extensions for the ones already available.

Safe-RE: a safety requirements metamodel based on industry safety standards

Context: The development of Safety-Critical Systems (SCS) requires an adequate understanding of safety terms to avoid the specification of poor, incomplete or unclear safety requirements. However, there are some misunderstandings, mostly by requirements engineers, about the definition of such concepts. Hence, integration of safety concerns in the Requirements Engineering (RE) and a common nomenclature is necessary to improve the specification of these systems. Objective: To fill this gap, this paper presents Safe-RE, a safety requirements metamodel based on industry safety standards whose aim is to support the specification of safety-related concepts in the RE process. Method: We rely on safety standards as a basis for our work since companies must follow them to have their systems certified. Results: To illustrate the Safe-RE metamodel usage, we applied its concepts in an insulin infusion pump system. Conclusions: We hope that Safe-RE can contribute to improving the elicitation and specifications of such systems and therefore, reducing accidents and safety-related catastrophes. We also discuss some benefits we envision of using the metamodel, its limitations, and open issues.