Chris Johnson

Safety-Critical Systems Development

Chris Johnson, University of Glasgow

| Main index | Exams | Booklist | Open assessments | Useful links | Part 1 notes (pdf) | Part 2 notes (pdf)


Computers control many of the systems that protect us from death and injury. Automatic braking systems are intended to reduce the risks of car accidents. Medical imaging systems help in the diagnosis of diseases. Even the programs that control our microwave cookers help to protect us from exposure to radiation.

This course will equip students with an initial understanding of the tools and techniques that are being used to aid the development of safety-critical systems. An initial analysis of previous failures will work through current attempts to standardise 'best practice'. We will then look at the problems that complicate the design of safety-critical systems.


This module encourages student's to apply software and hardware engineering techniques, learnt in other areas of the course, to support the development of safety-critical applications. It also encourages students to consider the particular methodological and professional issues that surround the development of safety-critical systems.


By the end of the course, students should:
  1. understand the professional and social issues involved in the design and testing of safety-critical systems;
  2. recognise the importance of standards and show a clear understanding of recent initiatives in this area;
  3. be able to apply a number of risk analysis techniques such as Faliure Modes, Effects and Criticality Analysis and Fault Tree Analysis;
  4. be able to apply a number of safety critical design techniques such as literate specification;
  5. be able to apply a number of safety critical evaluation techniques such as Black Box testing and the observational evaluation of operator performance;
  6. be able to identify the main characteristics of an appropriate safety culture within large organisations.
The presentation and treatment of this material is described below. We will use excerpts from Nancy Leveson's Safeware: System safety and computers, Addison-Wesley, ISBN 0-201-11972-2.

You can also use my Handbook of Incident and Accident Reporting.


There are no explicit pre-requisites but a course on Software Engineering and Human-Computer Interaction would be an advantage.


This course is worth 10 credits.


This course is assessed through an examination (70%) and through a sustained practical exercise (30%).

The open assessment is based upon a real-world case study. This will focus upon one of three areas:

For example, a testing exercise might involve an analysis of the Ariane 5 failure and a report on the testing techniques that might be used to protect systems from the weaknesses of `legacy' software. Similarly, an exercise on requirements engineering might begin by analysing the failure of the London ambulance system and might then proceed to plan requirements gathering for a call desk to support Strathclyde Regional Fire Brigade.