An Integrated Formal Approach for Developing High Quality Software for Safety-Critical Systems

Author(s)
Ouyang, MengGolay, Michael W.
Thumbnail
DownloadANP-035.pdf (2.264Mb)
Other Contributors
Advanced Nuclear Power Technology Program (Massachusetts Institute of Technology)
Metadata
Show full item record
Abstract
This report presents the results of a study which devises an Integrated Formal Approach (IFA) for improving specifications of the designs of computer programs used in safety-critical systems. In this IFA, the formal specification techniques of a formal method — Development Before The Fact (DBTF) and its supporting tool — the OO1 Tool Suite, are used systematically to identify and remove various kinds of defects in software specifications. Defects usually exist in most computer programs developed using ad-hoc processes in which mathematical formality is not enforced in the program development effort. Five classes of defects are identified from program studies. The IFA here is designed in order to reduce the number of these defects more efficiently. The information produced from the application of the Approach is also used in a discussion of a conceptual process of updating one's knowledge of the quality of the tested specification. This IFA is then applied in two cases studies. On case is that for specifying the small and functionally simple Reactor Protection System (RPS) program. The other case that for specifying a larger sized, more complex program named the Signal Validation Algorithm (SVA) used in actual nuclear power plant safety systems. The results of the applications show that the IFA can quickly identify and remove any ambiguities and inconsistencies in using words and terms, and incompleteness in defining functions and operations in the specifications. The results also show that for a small program like the RPS, functional correctness can be achieved with very high confidence. For a larger program like the SVA, the IFA could efficiently help the system designers to identity there places where improvements of design in functional completeness and correctness should be made. In all, using this approach requires much less work force while producing larger benefits in obtaining a very reliable specification of the program.
Date issued
1995-09
URI
http://hdl.handle.net/1721.1/67642
Publisher
Massachusetts Institute of Technology. Center for Advanced Nuclear Energy Systems. Advanced Nuclear Power Program
Series/Report no.
MIT-ANP;TR-035
Collections