The DeSCAS Methodology and Lessons Learned on Applying Formal Reasoning to Safety Domain Knowledge - Forms/Format 2010

Information Technology Reference

In-Depth Information

1. Definition of a concrete domain specific model, which could be a func-

tional requirements model for a certain system under development.

2. Annotation (direct or indirect) of the concrete model, based on formal

domain ontologies: Thus, it is assured that requirements have a meaning

in the sense of the respective domain ontologies.

3. Reasoning about implications within and from other domains: This could

be an impact on safety and vice versa, due to a given definition of a system

under development and associated safety measures.

4. Feedback of consequences from another development stream for the very

own development activities: These could be concrete safety measures and

related activities which either impact the requirements model or concur-

rent implementation activities.

3

Example Application and Prototype Toolchain

To further illustrate the proposed methodology, the development of an exem-

plified assistance and automation system from the automotive domain will be

sketched as depicted in Fig. 2 and Fig. 3. Both the figure and the following

textual description refine the four steps described in Sect. 2.3 - the enumer-

ation of the subsequent text references the numbers in Fig. 3. This example

application refers to a lane departure warning system (LDWS) which alerts

thedriverassoonasthevehiclebeginstomoveoutofitslane[5].

Fig. 2. Vehicle equipped with a lane departure warning system (LDWS) almost

colliding with lateral tra c while driving at 120 km/h on a highway during daytime

1. Requirements model: The functional requirements of the system compo-

nent (the LDWS) are formulated, e.g. the driver has to be alerted when

the vehicle is leaving the trac lane.

2. Annotation: The system component is annotated with domain attributes

concerning the operations to be performed, the environment in which

the system will be used, and the types of accidents which may occur

due to malfunctions of the component. Regarding the LDWS, an exam-

ple operation would be the continuous observation of the vehicle's lateral

position within the trac lane. The environmental conditions refer to

driving situations on a normally frequented highway with a dedicated

Search WWH ::

Custom Search

Home