Abstract
Formal methods based system development is considered as a promising approach to develop the safe critical systems. This chapter discusses the standard safety life-cycle, traditional safety analysis techniques, traditional system engineering approach, standard design methodologies and safety standards that are used for developing the critical systems. Furthermore, we have given a list of successful industrial case studies based on formal techniques. Moreover, we discuss the role of medical device regulations. Finally, this chapter shows the usability of formal techniques for developing the critical systems and to motivate for developing a new methodology, and associated techniques and tool in the context of medical device development, which are covered in the remaining chapters.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdelmoez, W., Nassar, D. M., Shereshevsky, M., Gradetsky, N., Gunnalan, R., Ammar, H. H., et al. (2004). Error propagation in software architectures. In Proceedings, 10th international symposium on software metrics (pp. 384–393).
Abrial, J.-R. (1996). The B-book: Assigning programs to meanings. New York: Cambridge University Press.
Abrial, J.-R. (2010). Modeling in Event-B: System and software engineering (1st ed.). New York: Cambridge University Press.
Acuña, S. T., & Juristo, N. (2005). International series in software engineering. Software process modeling. Berlin: Springer.
Archinoff, G. H., Hohendorf, R. J., Wassyng, A., Quigley, B., & Borsch, M. R. (1990). Verification of the shutdown system software at the Darlington nuclear generating station. Presented at the international conference on control instrumentation and nuclear installations, Glasgow.
Artigou, J. Y., & Monsuez, J. J. (2007). Cardiologie et maladies vasculaires. Paris: Elsevier Masson.
Bayes, B. V. N., de Luna, A., & Malik, M. (2006). The morphology of the electrocardiogram. In The ESC textbook of cardiovascular medicine (pp. 1–36). Oxford: Blackwell.
Bell, R., & Reinert, D. (1993). Risk and system integrity concepts for safety-related control systems. Microprocessors and Microsystems, 17, 3–15.
Berry, G., Bouali, A., Fornari, X., Ledinot, E., Nassor, E., & de Simone, R. (2000). ESTEREL: A formal method applied to avionic software development. Science of Computer Programming, 36(1), 5–25.
Bjørner, D., & Jones, C. B. (Eds.) (1978). The Vienna development method: The meta-language. London: Springer.
Blanc, L., & Dissoubray, S. (2000). Esterel methodology for complex system design. Microelectronic Engineering, 54(1–2), 163–170.
Blanchard, B. S., & Fabrycky, W. J. (2006). Prentice Hall international series in industrial and systems engineering. Systems engineering and analysis. Upper Saddle River: Pearson Prentice Hall.
Bowen, J., & Stavridou, V. (1993). Safety-critical systems, formal methods and standards. Software Engineering Journal, 8(4), 189–209.
Bozzano, M., & Villafiorita, A. (2010). Design and safety assessment of critical systems (1st ed.). Boston: Auerbach.
Britt, J. J. (1994). Case study: Applying formal methods to the traffic alert and collision avoidance system (TCAS) II. In Ninth annual conference on computer assurance, COMPASS’94 (pp. 39–51).
Butler, M., & Yadav, D. (2007). An incremental development of the Mondex system in Event-B. Formal Aspects of Computing, 20(1), 61–77.
Cai, K.-Y. (1996). Introduction to fuzzy reliability. Norwell: Kluwer Academic.
CC. Common criteria. http://www.commoncriteriaportal.org/.
CC (2009). Common criteria for information technology security evaluation, part 1: Introduction and general model. http://www.iec.ch/.
CC (2009). Common criteria for information technology security evaluation, part 2: Security functional requirements. http://www.iec.ch/.
CC (2009). Common criteria for information technology security evaluation, part 3: Security assurance components. http://www.iec.ch/.
CDRH (2006). Safety of marketed medical devices. Center for Devices and Radiological Health, US FDA.
Clarke, E. M., & Wing, J. M. (1996). Formal methods: State of the art and future directions. ACM Computing Surveys, 28, 626–643.
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., et al. (2007). Combination of abstractions in the Astrée static analyzer. In Lecture notes in computer science. Proceedings of the 11th Asian computing science conference on advances in computer science: Secure software and related issues (pp. 272–300). Berlin: Springer.
Craigen, D., Gerhart, S., & Ralston, T. (1993). An international survey of industrial applications of formal methods. In J. P. Bowen & J. E. Nicholls (Eds.), Workshops in computing. Z user workshop, London, 1992 (pp. 1–5). London: Springer. ISBN 978-3-540-19818-5.
Crow, J., Owre, S., Rushby, J., Shankar, N., & Srivas, A. (1995). A tutorial introduction to PVS. Computer Science Laboratory, SRI International.
Cullyer, W. J. (1989). Implementing high integrity systems: The viper microprocessor. IEEE Aerospace and Electronic Systems Magazine, 4(6), 5–13.
Cullyer, W. J., Goodenough, S. J., & Wichmann, B. A. (1991). The choice of computer languages for use in safety critical systems. Software Engineering Journal, 6, 51–58.
Dobrica, L., & Niemelä, E. (2002). A survey on software architecture analysis methods. IEEE Transactions on Software Engineering, 28(7), 638–653.
Draft defence standard 00-56 (1996). Safety management requirements for defence systems containing programmable electronics. Ministry of Defence, UK.
Eubanks, C. F., Kmenta, S., & Ishii, K. (1996). System behavior modeling as a basis for advanced failure modes and effects analysis. In Proceedings of the ASME design engineering technical conference. London: UCL Press.
Fankhauser, H. (2001). Safety functions versus control functions. In U. Voges (Ed.), Lecture notes in computer science: Vol. 2187. Computer safety, reliability and security (pp. 66–74). Berlin: Springer.
FDA. Food and Drug Administration. http://www.fda.gov/.
Fries, R. C. (2011). Handbook of medical device design. New York: Dekker.
Gall, H. (2008). Functional safety IEC 61508/IEC 61511 the impact to certification and the user. In Proceedings of the 2008 IEEE/ACS international conference on computer systems and applications, AICCSA’08 (pp. 1027–1031). Washington: IEEE Comput. Soc.
Gibbs, W. W. (1994). Software’s chronic crisis. Scientific American, September.
Gordon, M. J. C. (1983). LCF-LSM: A system for specifying and verifying hardware. University of Cambridge Computer Laboratory.
Halbwachs, N., Caspi, P., Raymond, P., & Pilaud, D. (1991). The synchronous dataflow programming language Lustre. In Proceedings of the IEEE (pp. 1305–1320).
Hall, A. (1996). Using formal methods to develop an ATC information system. IEEE Software, 13(2), 66–76.
Harel, D. (1987). Algorithmics: The spirit of computing. Boston: Addison-Wesley Longman.
Harrild, D. M., & Henriquez, C. S. (2000). A computer model of normal conduction in the human atria. Circulation Research, 87, 25–36.
Hegde, V., & Raheja, D. (2010). Design for reliability in medical devices. In Reliability and maintainability symposium (RAMS), 2010 proceedings—annual (pp. 1–6).
Heimdahl, M. P. E., & Leveson, N. G. (1996). Completeness and consistency in hierarchical state-based requirements. IEEE Transactions on Software Engineering, 22, 363–377.
Hennebert, C., & Guiho, G. (1993). SACEM: A fault tolerant system for train speed control. In The twenty-third international symposium on fault-tolerant computing, FTCS-23 (pp. 624–628). Digest of papers.
High Confidence Software and Systems Coordinating Group (2009). High-confidence medical devices: Cyber-physical systems for 21st century health care (Technical report). NITRD. http://www.nitrd.gov/About/MedDevice-FINAL1-web.pdf.
Hiller, M., Jhumka, A., & Suri, N. (2001). An approach for analysing the propagation of data errors in software. In Proceedings of the 2001 international conference on dependable systems and networks (formerly: FTCS), DSN’01 (pp. 161–172). Washington: IEEE Comput. Soc.
Hinchey, M. G., & Bowen, J. P. (1995). Prentice Hall international series in computer science. Applications of formal methods. London: Prentice Hall.
Hokstad, P., & Corneliussen, K. (2004). Loss of safety assessment and the IEC 61508 standard. Reliability Engineering & Systems Safety, 83(1), 111–120.
Houston, I., & King, S. (1991). CICS project report experiences and results from the use of Z in IBM. In S. Prehn & W. Toetenel (Eds.), Lecture notes in computer science: Vol. 551. VDM’91 formal software development methods (pp. 588–596). Berlin: Springer.
IEC60513 (1994). International Electrotechnical Commission: Fundamental aspects of safety standards for medical electrical equipment. http://www.iec.ch/.
IEC62304 (2006). International Electrotechnical Commission: Medical device software—software life-cycle processes. http://www.iec.ch/.
IEC60513 (2007). International Electrotechnical Commission: Medical electrical equipment. http://www.iec.ch/.
IEC61508 (2008). IEC functional safety and IEC 61508: Working draft on functional safety of electrical/electronic/programmable electronic safety-related systems. http://www.iec.ch/.
IEEE-SA. IEEE Standards Association. http://standards.ieee.org/.
IEEE Std. 1012-1998. IEEE standard for software verification and validation. http://standards.ieee.org/.
IEEE Std. 1074-1997. IEEE standard for developing software life cycle processes. http://standards.ieee.org/.
Imperial Chemical Industries Ltd., Chemical Industries Association, & Chemical Industry Safety and Health Council (1977). A guide to hazard and operability studies. London: Chemical Industry Safety and Health Council of the Chemical Industries Association.
ISO. International Organization for Standardization. http://www.iso.org/.
ISO 13485. International Organization for Standardization: Medical devices—quality management systems—requirements for regulatory purposes. http://www.iso.org/.
ISO 14971. International Organization for Standardization: Medical devices—application of risk management to medical devices. http://www.iso.org/.
Jetley, R. P., Carlos, C., & Purushothaman Iyer, S. (2004). A case study on applying formal methods to medical devices: Computer-aided resuscitation algorithm. International Journal on Software Tools for Technology Transfer, 5(4), 320–330.
Jetley, R., Purushothaman Iyer, S., & Jones, P. (2006). A formal methods approach to medical device review. Computer, 39(4), 61–67.
Johnson, J. A. (2012). FDA regulation of medical devices. http://www.fas.org/sgp/crs/misc/R42130.pdf.
Jones, C. B. (1990). Systematic software development using VDM (2nd ed.). Upper Saddle River: Prentice Hall.
Kaivola, R., Ghughal, R., Narasimhan, N., Telfer, A., Whittemore, J., Pandav, S., et al. (2009). Replacing testing with formal verification in Intel Coretm i7 processor execution engine validation. In Proceedings of the 21st international conference on computer aided verification, CAV’09 (pp. 414–429). Berlin: Springer.
Kanholm, J. (2003). ISO 13485:2003 & FDA QSR, 21 CFR 820, quality manual: 34 procedures and forms. Los Angeles: AQA Press.
Kapur, K. C. (2007). Reliability and maintainability (pp. 1921–1955). New York: Wiley.
Keatley, K. L. (1999). A review of the FDA draft guidance document for software validation: Guidance for industry. Quality Assurance, 7(1), 49–55.
Khan, M. G. (2008). Rapid ECG interpretation. Clifton: Humana Press.
Laprie, J. C. C., Avizienis, A., & Kopetz, H. (Eds.) (1992). Dependability: Basic concepts and terminology. Secaucus: Springer.
Lecomte, T., Servat, T., & Pouzancre, G. (2007). Formal methods in safety-critical railway systems. In 10th Brazilian symposium on formal methods, Ouro Preto (pp. 29–31).
Leveson, N. G. (1991). Software safety in embedded computer systems. Communications of the ACM, 34, 34–46.
Leveson, N. G., & Harvey, P. R. (1983). Software fault tree analysis. The Journal of Systems and Software, 3(2), 173–181.
Leveson, N. G., & Turner, C. S. (1993). An investigation of the Therac-25 accidents. Computer, 26, 18–41.
Leveson, N. G., Heimdahl, M. P. E., Hildreth, H., & Reese, J. D. (1994). Requirements specification for process-control systems. IEEE Transactions on Software Engineering, 20(9), 684–707.
Lions, J. L. (Chairman) (1996). Ariane 5 flight 501 failure: Report by the inquiry board (Technical report). Paris: European Space Agency.
Lyu, M. R. (Ed.) (1996). Handbook of software reliability engineering. Hightstown: McGraw-Hill.
Macedo, H. D., Larsen, P. G., & Fitzgerald, J. (2008). Incremental development of a distributed real-time model of a cardiac pacing system using VDM. In Lecture notes in computer science. Proceedings of the 15th international symposium on formal methods, FM’08 (pp. 181–197). Berlin: Springer.
Main Commission (1994). Report on the accident to Airbus A320-211 aircraft in Warsaw on 14 September 1993 (Technical report). Warsaw: Aircraft Accident Investigation.
Marciniak, J. J. (2002). Encyclopedia of software engineering (2nd ed.). New York: Wiley.
McDermid, J. A. (2002). Software hazard and safety analysis. In Proceedings of the 7th international symposium on formal techniques in real-time and fault-tolerant systems, FTRTFT’02 (pp. 23–36). London: Springer. Co-sponsored by IFIP WG 2.2.
McDermid, H. C., Forder, J., & Storrs, G. (1993). Sam—a tool to support the construction, review and evolution of safety arguments. In Directions in safety-critical systems (pp. 195–216). London: Springer.
MIL-STD-882C (1993). System safety program requirements. US DoD. http://www.system-safety.org/.
Miller, S. P., & Srivas, M. (1995). Formal verification of the AAMP5 microprocessor: A case study in the industrial use of formal methods. In Proceedings, Workshop on industrial-strength formal specification techniques (pp. 2–16).
Milner, R. (1982). A calculus of communicating systems. Secaucus: Springer.
NASA Technical Team (2004). NASA software safety guidebook (Technical report). NASA Technical Standard.
Neumann, P. (1995). Safeware: System safety and computers. Software Engineering Notes, 20, 90–91.
Overture. Overture: Formal modelling in VDM. http://www.overturetool.org/.
Parnas, D. L. (1972). On the criteria to be used in decomposing systems into modules. Communications of the ACM, 15, 1053–1058.
Paulk, M. C. (1995). The SEI series in software engineering. The capability maturity model: Guidelines for improving the software process. Reading: Addison-Wesley.
Price, D. (1995). Pentium FDIV flaw-lessons learned. IEEE MICRO, 15(2), 86–88.
Redmill, M. C. F., & Catmur, J. (1999). System safety: HAZOP and software HAZOP (1st ed.). Chichester: Wiley.
Register, O. F. (1999). Code of federal regulations. Guidance for industry and FDA: Regulation of medical devices: Background information for international officials.
Register, O. F. (2011). Code of federal regulations. Title 21, Food and drugs, Pt. 1-99 (p. 511). Revised as of April 1, 2011. US Independent Agencies and Commissions. ISBN 9780160883941.
Rouse, W. B., & Compton, W. D. (2009). Systems engineering and management. Information, Knowledge, Systems Management, 8(1–4), 231–240.
RTCA (1992). Do-178B, software considerations in airborne systems and equipment certification. Committee: SC-167. http://www.rtca.org/.
Rushby, J. (1995). Formal methods and their role in the certification of critical systems (Technical report). Safety and reliability of software based systems (twelfth annual CSR workshop).
Schumann, J. M. (2001). Automated theorem proving in software engineering. New York: Springer.
Sommerville, I. (1995). Software engineering (5th ed.). Redwood City: Addison-Wesley Longman.
Stepney, S., Cooper, D., & Woodcock, J. (2000). An electronic purse: Specification, refinement, and proof (Technical monograph PRG-126). Oxford University Computing Laboratory Programming Research Group.
Tekinerdogan, B., Sozer, H., & Aksit, M. (2008). Software architecture reliability analysis using failure scenarios. The Journal of Systems and Software, 81(4), 558–575.
Thomas, M. (1993). The industrial use of formal methods. Microprocessors and Microsystems, 17, 31–36.
Trafford, P. J. (1997). The use of formal methods for safety-critical system. PhD thesis, Kingston University.
Tretmans, J., Wijbrans, K., & Chaudron, M. R. V. (2001). Software engineering with formal methods: The development of a storm surge barrier control system revisiting seven myths of formal methods. Formal Methods in System Design, 19(2), 195–215.
Voas, J. (1997). Error propagation analysis for cots systems. Computing and Control Engineering Journal, 8(6), 269–272.
von Neumann, J. (1966). Theory of self-reproducing automata. Chicago: University of Illinois Press. A. W. Burks (Ed.).
Wassyng, A., & Lawford, M. (2003). Lessons learned from a successful implementation of formal methods in an industrial project. In K. Araki, S. Gnesi, & D. Mandrioli (Eds.), Lecture notes in computer science: Vol. 2805. FME 2003: Formal methods (pp. 133–153). Berlin: Springer.
Wichmann, B. A., & British Computer Society (1992). Software in safety-related systems (Special report). BCS.
Wilkinson, P. J., & Kelly, T. P. (1998). Functional hazard analysis for highly integrated aerospace systems. In Certification of ground/air systems seminar (pp. 4–146). New York: IEEE. Ref. No. 1998/255.
Wizemann, T. (Ed.) (2010). Public health effectiveness of the FDA 510(k) clearance process: Balancing patient safety and innovation: Workshop report. Washington: National Academies Press.
Woodcock, J., & Banach, R. (2007). The verification grand challenge. Journal of Universal Computer Science, 13(5), 661–668.
Woodcock, J., Stepney, S., Cooper, D., Clark, J. A., & Jacob, J. (2008). The certification of the Mondex electronic purse to ITSEC level E6. Formal Aspects of Computing, 20(1), 5–19.
Woodcock, J., Larsen, P. G., Bicarregui, J., & Fitzgerald, J. (2009). Formal methods: Practice and experience. ACM Computing Surveys, 41, 19:1–19:36.
Xu, H., & Maibaum, T. (2012). An Event-B approach to timing issues applied to the generic insulin infusion pump. In Z. Liu & A. Wassyng (Eds.), Lecture notes in computer science: Vol. 7151. Foundations of health informatics engineering and systems (pp. 160–176). Berlin: Springer.
Zhang, Y., Jones, P. L., & Jetley, R. (2010). A hazard analysis for a generic insulin infusion pump. Journal of Diabetes Science and Technology, 4(2), 263–283.
Zio, E. (2009). Reliability engineering: Old problems and new challenges. Reliability Engineering & Systems Safety, 94(2), 125–141.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Singh, N.K. (2013). Background. In: Using Event-B for Critical Device Software Systems. Springer, London. https://doi.org/10.1007/978-1-4471-5260-6_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5260-6_2
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5259-0
Online ISBN: 978-1-4471-5260-6
eBook Packages: Computer ScienceComputer Science (R0)