Experience Report Contributions of SFMEA to Requirements Analysis.pdf
《Experience Report Contributions of SFMEA to Requirements Analysis.pdf》由会员分享,可在线阅读,更多相关《Experience Report Contributions of SFMEA to Requirements Analysis.pdf(8页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、ExperienceReport?ContributionsofSFMEAtoRequirementsAnalysisRobynR?Lutz?andRobertM?WoodhouseJetPropulsionLaboratoryCaliforniaInstituteofTechnologyPasadena?CA?AbstractThisexperiencereportdescribesthelessonslearnedfromtheuseofSoftwareFailureModesandE?ectsAnalysis?SFMEA?forrequirementsanalysisofcrit?ica
2、lspacecraftsoftware?TheSFMEAprocesswasfoundtobesuccessfulinidentifyingsomeambigu?ous?inconsistent?andmissingrequirements?Moreimportantly?theSFMEAprocess?followedbyaback?wardanalysissomewhatsimilartoFaultTreeAnal?ysis?FTA?identi?edfoursigni?cant?unresolvedre?quirementsissues?Theseissuesinvolvedcomple
3、xsys?teminterfacesandunanticipateddependencies?Ourresultschallengesomecurrentviewsonthelimita?tionsofSFMEAandsuggestthatrecente?ortsbyresearcherstointegrateSFMEAwithabroaderFTAapproachhavemerit?TheProblemTherearesoftwareprogramsonboardspacecraftthatmustautonomouslydetect?identify?andoverseetherecove
4、ryofthespacecraftfromfaultsduring?ight?Sincethesefaultscanthreatenthewell?beingofthespacecraftandthesuccessofitsscienti?cmission?thesoftwarethatrespondstosuchfaultsisconsideredtobecriticalbythedevelopmentteam?Afaultisgiventhestandardde?nitionhereofbeingeither?adefectinahardwaredeviceorcomponent?or?a
5、nincor?rectstep?process?ordatade?nitioninacomputerprogram?Thosefaultswhichcancausepowerloss?excessivetemperature?propellanttankoverpres?sure?interruptionofuplinkcommandability?orlossofdownlinkedscienti?candengineeringtelemetryaredetectedandhandledbyonboardsoftware?Requirementsanalysisofthiscriticals
6、oftwareisdi?cultsincethesoftwareisoftenbothcomplexand?Toappear?ICRE?April?ColoradoSprings?CO?Firstauthor?smailingaddressisDept?ofComputerSci?ence?IowaStateUniversity?Ames?IA?highlycoupled?Thesoftwarethatrespondstofaultsisoftendependentonotherdistributedsoftwareandhardwarecomponents?forexample?asingl
7、ehard?warefaultmaya?ectmultiplesoftwareprocesses?andsubjecttotimingconstraints?forexample?thesoft?waremustprovidequickrecoveryoffunctionality?Thesepropertiesmakethecorrectandcompletespec?i?cationofrequirementshardtodetermineandhardtovalidate?Inparticular?inadequatesoftwareresponsestoex?tremeconditio
8、nsandboundarycasesareofconcern?Appropriatesoftwareresponsestoanomaloushard?warebehavior?unanticipatedstates?invaliddata?andsignalsaturationarerobustnessissuesthatshouldberesolved?ifpossible?duringtherequirementsphase?OurApproachThisexperiencereportdescribesouruseofSoft?wareFailureModesandE?ectsAnaly
9、sis?SFMEA?followedbyabackwardanalysissomewhatsimilartoFaultTreeAnalysis?FTA?toassistinanalyz?ingthesoftwarerequirementsforcriticalportionsofthespacecraftsoftware?Theapproachwasusedontwenty?foursoftwaremodulesontwospacecraftsys?tems?CassiniandGalileo?Thegoalsweretohelpreducethenumberoffailuremodes?mi
10、nimizetheef?fectoftheremainingfailuremodes?andsearchforunanticipatedfailuremodes?Afailuremodeisde?nedtobe?thephysicalorfunctionalmanifestationofafailure?Afailureisde?nedtobe?theinabil?ityofasystemorcomponenttoperformitsrequiredfunctionswithinspeci?edperformancerequirementslimits?SoftwareFailureModes
11、andE?ectsAnalysisisanextensionofthehardwareFailureModesandE?ectsAnalysis?FMEA?TheprocedureforperforminghardwareFMEAhasbeenstandardized?ThereisnocomparablestandardforperformingSFMEA?althoughitsuseiswell?documented?Forex?ample?atechniquesimilartoSFMEA?calledSoft?wareErrorE?ectsAnalysis?SEEA?wasusedint
12、hedevelopmentoftherendezvousandberthingsoftwarefortheColumbusFreeFlyer?Forcriticalsoftware?aSEEAwasrequired?TheSystemSafetyAnalysisHandbookprovidesabrief?non?proceduraldescrip?tionofSFMEA?AmoredetaileddescriptionoftheSFMEAprocessasappliedtoourprojectappearsinSection?WeembeddedtheSFMEAinatwo?steprequ
13、ire?mentsanalysisprocess?Fig?TheSFMEAusedforwardsearchingtoidentifyCause?E?ectrelationshipsinwhichunexpecteddataorsoftwarebehavior?causes?canresultinfailuremodes?e?ects?Forexample?outdatedsensordata?cause?can?preventthesoftwarefromcommandinganeededhardwarerecon?gu?ration?e?ect?Notethatalthoughthecau
14、seisoftenlabeleda?fault?indescriptionsofSFMEA?itismoreuse?fultoconsiderunexpectedoranomalousdataandbehavior?aswellasstrictlyincorrectdataandbehavior?ThisisespeciallytrueforSFMEAperformedduringrequirementsanalysis?sincea?fault?atthisearlystageoftenmeansnothingmoreconcretethanadeviationfromexpecta?tio
15、ns?Abackwardsearchtechniquewasthenusedtoexaminethepossibilityofoccurrenceofeachanomaly?cause?thatproducedafailuremode?e?ect?Intheexampleabove?therootnodeforthebackwardsearchwas?outdatedsensordata?Inthiscaseourbackwardsearchforcir?cumstancesthatcouldleadtooutdatedsensordatafoundasituationinwhichfaile
16、dhardwarecontinuedtoprovide?inaccurate?datatothesoftware?Thisbaddata?duetothevotinglogicinthesoftware?couldvetoaneededrecoveryaction?Bydemonstratingthepossibilityofanewfailuremode?obsoletedatapreventingre?quiredactions?therequirementsspeci?cationswereimproved?Thefailuremodewaseliminatedbyachangetoth
17、esoftwarerequirements?ThebackwardsearchissimilartoaFaultTreeAnalysis?exceptthattherootnode?thecause?isnotnecessarilyafaultorevenanevent?AFaultTreeAnalysis?ontheotherhand?takesaknownfaultorhazardasitsrootandworksbackwardtodeterminethepossiblecauses?Anotherdif?ferencebetweenourbackwardsearchandFTAisth
18、atSoftwareFTAisusuallyappliedtocode?whereasthebackwardsearchhereisappliedtosoftwarerequirements?SinceFaultTreeAnaly?sishasbeenpreviouslydocumentedindetail?nofurtherdescriptionisprovidedhere?Notealsothatthebackwardsearchinthisre?quirementsanalysisevaluatesonlythe?possibil?ity?ofoccurrence?notthelikel
19、ihood?Atthere?quirementsphaseofdevelopmentthereisinsuf?cientknowledgetoprovideanynumericalmea?surementoftheprobabilityofoccurrence?Identify unexpected dataAnalyze enabling circumstancesForward Searchcause failure modesBackward Search SpecificationRequirementsSoftwareunexpected data or behaviorcontri
20、buting to possibility ofor behavior that can Figure?OverviewofAnalysisProcess?IntegratingSFMEAandBackwardSearchInourexperience?thestrengthofSFMEA?iden?tifyingpreviouslyunknownfailuremodes?andthestrengthofbackwardsearch?identifyingcombina?tionsofeventsandcircumstancesthatcouldcausethehypothesizedfaul
21、ttooccur?werecomplementary?Thus?somecurrentviewsregardingthelimitede?ec?tivenessofSFMEAwerenotsupportedbytheresultsofourintegratedSFMEAandbackwardsearchap?proach?Forexample?SFMEAisoftendescribedasonlyconsideringonediscrepantevent?fault?atatime?ratherthancombinationsofevents?Wefound?how?ever?thatwhen
22、integratedwithabackwardanaly?sis?theSFMEAoftenhelpedisolatecombinationsofeventsandcircumstancesthatcanleadtoundesirablestates?Itwasinterestingthatinfourcasesthefailuremodeidenti?edbytheSFMEAwasnotapreviouslyknownfailuremode?Thus?ifaFTAhadbeenper?formedstartingfromtheknownfailures?thesefourrequiremen
23、tinadequacieswouldhaveremainedhid?den?Instead?theSFMEAisolatedacause?e?g?badinput?thatledtoanundesirede?ect?e?g?badcon?troldecision?Thebackwardsearch?e?g?howcouldthatbadinputreachthesoftware?thenidenti?edacombinationofeventsorunexpectedinteractionsthatcouldleadtothefailuremodepostulatedintheSFMEA?Ou
24、rresultsindicatethatrecentworktointegratetheforwardsearchfore?ects?typicalofSFMEA?andthebackwardsearchforcontributingcauses?typicalofFTA?hasmerit?Forexample?arecentpaperbyMaierdescribestheuseofafault?treebasedhazardanalysistoderivesafetyrequirementsforarobot?scontrolsoftware?FMECA?FailureModes?E?ect
25、?andCriticalityAnalysis?isperformedonthedocumentedsoftwarerequirements?Maier?ndsthatthemajorbene?toftheFMECAliesinitsbeingapreparatoryactivitytofaulttreeconstruction?ArecentpaperbyMcDermidandPumfreyde?scribesatechniqueforsoftwaresafetyanalysisbasedonastructuredapproachtothe?imaginativeantic?ipationo
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Experience Report Contributions of SFMEA to Requirements Analysis
链接地址:https://www.deliwenku.com/p-49246849.html
限制150内