Copyright Chris Johnson, 1999.
Xday, XX May 200X.

9.30 am - 11.15am



University of Glasgow





DEGREES OF BEng, BSc, MA, MA (SOCIAL SCIENCES).





COMPUTING SCIENCE - SINGLE AND COMBINED HONOURS
ELECTRONIC AND SOFTWARE ENGINEERING - HONOURS
SOFTWARE ENGINEERING - HONOURS





SAFETY-CRITICAL SYSTEMS DEVELOPMENT





Answer 3 of the 4 questions.

1.

a) Why it is useful to think of safety as a relative and not an absolute concept.

[4 marks]

b) Why does Reason's distinction between latent and active failures have important implications for the development of safety critical software.

[6 marks]

c) Briefly explain at least two ways in which confidential incident reporting systems can be used to support the development of safety-critical computer systems.

[10 marks]

2.

Section 5. Specify Non-Functional Requirements. Non functional requirements are constraints on the system design. They may arise from user requirements, technical disciplines or the external environment. They are often "ilities", can be divided into product or support constraints and include the following areas:

  1. reliability
  2. maintainability
  3. operability
  4. safety
  5. security
  6. engineering standards
  7. environment
  8. support
Non-functional requirements are often expensive but add quality. Early identification will avoid costly changes and facilitate the trade-off process leading to a cost-effective solution. Blanket application of individual non-functional requirements will be unnecessarily costly and should be avoided. They should be identified against and linked to the lowest level function in the decomposition to which they specifically apply. Non-functional requirements should also be expressed as unique statements of requirement with the same attributes as system functions.

UK Ministry of Defence, Smart Procurement Initiative (SPI)

a) Proide a briefly definition for each of the non-functional requirements mentioned in the Smart Procurement Initiative (SPI) document and explain how they relate to Laprie's concept of dependability.

[4 marks]

b) Briefly provide an explanation of why the MOD SPI document includes the following sentence: "Blanket application of individual non-functional requirements will be unnecessarily costly and should be avoided."

[4 marks]

c) With an example drawn from any of the case studies that have been introduced in this course, explain why it is so difficult to maintain an adequate safety case for a safety-critical computer system.

[12 marks]

3.

a) Briefly explain the differences between hardware and software that are increasingly complicating the development of safety-critical systems.

[5 marks]

b) What are kernel requirements and why is it necessary to identify the intent of a safety-critical specification?

[5 marks]

c) Why is it important to explicitly identify completeness requirements for safety-critical software? Illustrate your answer by explianing how the lack of these criteria may have contributed to one of the incidents or accidents that you have studied during this course.

[10 marks]

4.

Using the lessons learnt from recent accidents, explain why safety culture can be less important than the application and oversight of safety-critical standards.

[20 marks]

END

There are sample solutions for this paper. Send me your solutons and I'll email you the URL.