Information Technology Reference
In-Depth Information
that leads to the unrealistic number of test cases in the ultradependable range.
Specification limitation reduces the number of inputs to the least possible.
Exhaustive testing
: There are many circumstances in which it is possible to
test all possible inputs that a piece of software could ever receive (i.e., to
test exhaustively). Despite the relative simplicity of the idea, it is entirely
equivalent to a proof of correct operation. If a piece of software can be tested
exhaustively and that testing can be trusted (and that is not always the case),
then the quantification needed in fault-tree analysis of the system, including
that software, is complete—the probability of failure of the software is zero.
Life testing
: Although initially we had to reject life testing as infeasible, with the
application of the elements of restricted testing already mentioned, for many
software components it is likely that life testing becomes feasible. What is
required is that the sample space presented by the software's inputs be “small
enough” that adequate samples can be taken to estimate the required probability
with sufficient confidence (i.e., sufficient tests are executed to estimate the
software's probability of failure).
There are many other tree analysis techniques used in risk assessment such as event
tree analysis (ETA). ETA is a method for illustrating through graphical representation
of the sequence of outcomes that may develop in a software code after the occurrence
of a selected initial event. This technique provides an inductive approach to risk
assessment as they are constructed using forward logic. Event tree analysis and fault
tree analysis are closely linked. Fault trees often are used to quantify system events
that are part of event tree sequences. The logical processes employed to evaluate an
event tree sequence and to quantify the consequences are the same as those used in
fault tree analysis.
Cause-consequence analysis (CCA) is a mix of fault tree and event tree analyses.
This technique combines cause analysis, described by fault trees, and consequence
analysis, described by event trees. The purpose of CCA is to identify chains of events
that can result in undesirable consequences. With the probabilities of the various
events in the CCA diagram, the probabilities of the various consequences can be
calculated, thus establishing the risk level of the software or any subset of it.
Management oversight risk tree (MORT) is an analytical risk analysis technique
for determining causes and contributing factors for safety analysis purposes in which
it would be compatible with complex, goal-oriented management systems. MORT
arranges safety program elements in an orderly and logical fashion, and its analysis
is carried out similar to software fault tree analysis.
15.4
RISK EVALUATION
The risk evaluation analysis is a quantitative extension of the FMEA based on the
severity of failure effects and the likelihood of failure occurrence, possibly augmented
with the probability of the failure detection. For an automation system application,
the severity is determined by the effects of automation function failures on the safety
Search WWH ::
Custom Search