| 1. |
- De Nicola, Giuseppe, et al.
(författare)
-
A hybrid testing methodology for railway control systems
- 2004
-
Ingår i: Computer Safety, Reliability, and Security. SAFECOMP 2004. - Berlin, Heidelberg : Springer. - 9783540231769 - 9783540301387 ; , s. 116-129
-
Konferensbidrag (refereegranskat)abstract
- International standards for V&V processes prescribe systematic testing as a fundamental step of safety-critical systems life-cycle, in order to prove the fulfilment of their requirements. However, proposed approaches are quite general and, for complex systems, imply an excessive number of test-cases to ensure the correctness of system behaviour in any operating scenarios, including unexpected ones. A more detailed methodology is needed to extensively test all the aspects of a complex system, while keeping the number of test-cases below a reasonable threshold. This paper describes the ASF hybrid testing methodology, combining black-box and white-box techniques, based on the identification and reduction of influence variables. Such an approach was successfully applied to validate ASF implementation of the SCMT system (an Italian Automatic Train Control specification), showing its time effectiveness and full achieved coverage. The same methodology, with the related customization, is now being improved in order to test the new ERTMS/ETCS systems. © Springer-Verlag 2004.
|
|
| 2. |
- Eriksson, Lars-Henrik
(författare)
-
Using Formal Methods in a Retrospective Safety Case
- 2004
-
Ingår i: Computer Safety, Reliability, and Security. - : Springer Berlin/Heidelberg. - 9783540301387 ; , s. 31-44
-
Konferensbidrag (refereegranskat)abstract
- Today the development of safety-critical systems is to a large extent guided by standards that make demands on both development process and system quality. Before the advent of these standards, development was typically done on a "best practise'' basis which could differ much between application areas. Some safety-critical systems (e.g. railway interlockings) have a long technical and economical lifetime so that today we have many legacy safety-critical systems in operation which were developed according to practises that would be regarded as unacceptable today. Usually, such systems are allowed to continue operating by virtue of past performance. If there is doubt about the integrity of a legacy system, an alternative to replacement could be making a "retrospective'' safety case demonstrating that the legacy system is indeed safe to use. Using as example a case taken from railway signalling, we will show how formal verification can be used in a retrospective safety case. In this application of formal methods several particular problems arise, such as uncertainty about the original requirements and the required safety level of the various system functions. We will discuss such problems and the approach taken to deal with them in the example case.
|
|
