| 1. |
- de la Vara, José Luis, et al.
(author)
-
An Industrial Survey of Safety Evidence Change Impact Analysis Practice
- 2016. - 13
-
In: IEEE Transactions on Software Engineering. - : IEEE. - 0098-5589 .- 1939-3520. ; 42:12, s. 1095-1117
-
Journal article (peer-reviewed)abstract
- In many application domains, critical systems must comply with safety standards. This involves gathering safety evidence in the form of artefacts such as safety analyses, system specifications, and testing results. These artefacts can evolve during a system's lifecycle, creating a need for impact analysis to guarantee that system safety and compliance are not jeopardised. Although extensive research has been conducted on change impact analysis and on safety evidence management, the knowledge about how safety evidence change impact analysis is addressed in practice is limited. This paper reports on a survey targeted at filling this gap by analysing the circumstances under which safety evidence change impact analysis is addressed, the tool support used, and the challenges faced. We obtained 97 valid responses representing 16 application domains, 28 countries, and 47 safety standards. The results suggest that most practitioners deal with safety evidence change impact analysis during system development and mainly from system specifications. Furthermore, the level of automation in the process is low and insufficient tool support is the most frequent challenge. Other notable findings include that the different artefact types used as safety evidence seem to co-evolve, the evolution of safety case should probably be better managed, and no commercial impact analysis tool has been reported as used for all artefact types. Finally, we identified over 20 areas where the state of the practice in safety evidence change impact analysis can be improved.
|
|
| 2. |
- de la Vara, José Luis, et al.
(author)
-
Survey on Safety Evidence Change Impact Analysis in Practice: Detailed Description and Analysis
- 2014
-
Reports (other academic/artistic)abstract
- Critical systems must comply with safety standards in many application domains. This involves gathering safety evidence in the form of artefacts such as safety analyses, system specifications, and testing results. These artefacts can evolve during a system’s lifecycle, and impact analysis might be necessary to guarantee that system safety and compliance are not jeopardised. Although extensive research has been conducted on impact analysis and on safety evidence management, the knowledge about how safety evidence change impact analysis is addressed in practice is limited. This technical report presents a survey targeted at filling this gap by analysing the circumstances under which safety evidence change impact analysis is addressed, the tool support used, and the challenges faced. We obtained 97 valid responses representing 16 application domains, 28 countries, and 47 safety standards. The results suggest that most projects deal with safety evidence change impact analysis during system development and mainly from system specifications, the level of automation in the process is low, and insufficient tool support is the most frequent challenge. Other notable findings are that safety case evolution should probably be better managed, no commercial impact analysis tool has been reported as used for all artefact types, and experience and automation do not seem to greatly help in avoiding challenges.
|
|
| 3. |
- Zhang, Long, 1988-
(author)
-
Application-level Chaos Engineering
- 2022
-
Doctoral thesis (other academic/artistic)abstract
- With the development of software techniques, software systems nowadays are becoming highly complex. In order to keep such systems as reliable as possible, developers need to design various error-handling mechanisms. Considering that the error-handling code needs to work properly in production, it should not only be tested offline but also verified in production after deploying the system. Chaos engineering is a technique that assesses a software system's error-handling mechanisms in production directly. In order to apply chaos engineering, developers first monitor the target system and identify its steady state. Then specific failures are injected in a controlled manner so that the system's error-handling code is triggered and analyzed. By comparing the observed behavior during a chaos engineering experiment with the steady state, developers confirm whether the designed error-handling mechanisms work as expected.In the field of chaos engineering, there still exist technical challenges that affect the effectiveness of the approach. This thesis makes contributions to the following three open challenges in chaos engineering.First of all, as chaos engineering experiments are done in production, it is important to improve the efficiency of these experiments. In order to reduce unrealistic experiments, we propose a new approach that synthesizes chaos engineering fault models using the naturally happening errors in production.Second, in order to analyze a system's steady state and detect its abnormal behavior during chaos engineering experiments, sufficient observability is the key. We propose a multi-layer observability improvement solution for Dockerized Java applications. With the help of our solution, developers are able to improve an application's observability at the operating system level, the runtime environment level, and the application level, with limited effort.Last, chaos engineering should be helpful to locate actual places for resilience improvements. We propose three fault injection approaches that apply chaos engineering at the application level to take domain-specific knowledge into consideration.
|
|
