Generation of hazard relation diagrams: formalization and tool support

Abstract

Developing safety-critical, software-intensive embedded systems are characterized by the need to identify hazards and to define hazard-mitigating requirements at the earliest possible stage of development, i.e., during requirements engineering. These hazard-mitigating requirements must be adequate in the sense that they must specify the functionality required by the stakeholders in addition to rendering the system sufficiently safe during operation. The adequacy of hazard-mitigating requirements is determined during requirements validation. Yet, the validation of the adequacy of hazard-mitigating requirements is burdened by the fact that hazards and contextual information about hazards are a work product of safety assessment, and hazard-mitigating requirements are a work product of requirements engineering. These work products are poorly integrated such that during validation, the information needed to determine the adequacy of hazard-mitigating requirements is not available to stakeholders. In consequence, there is the risk that inadequate hazard-mitigating requirements remain covert and the system is falsely considered safe. To alleviate this issue, we have previously proposed (Tenbergen et al., in: Proceedings of the 21st international working conference on requirements engineering: foundation for software quality, pp 17–32, 2015), improved, and evaluated (Tenbergen et al. in Requir Eng J 23(2):291–329, 2018. https://doi.org/10.1007/s00766-017-0267-9 ) a novel diagram type called “Hazard Relation Diagrams.” In this paper, we present a semiautomated formal approach and tool support for their generation. We make use of a running example to illustrate the concepts.