Example of a State Machine Model Software Hazard Ana lysis Wate Reading at set point lose drain Reading at setpoint Turn off pump level at High reading setpoint pen drain pipe pl Water Low reading le Activate pump low Software Hazard Analsis Requirements validation Requirements are source of most operational errors and almost all the software contributions to accidents Much of software hazard analysis effort therefore should focus on requirements Problem is dealing with complexity 1)Use blackbox models to separate external behavior from complexity of internal design to accomplish the behavior. 2) Use abstraction and metamodels to handle large number of discrete states required to describe software behavior Do not have continuous math to assist us But new types of state machine modeling languages drastically reduce number of states and transitions modeler needs to describe✡☎✣✞✡☎✆✞✙☎✕✔✥✧✦✩★☎✮ ￾✂✙☎✚✠✛✜✍☎✑✡✔☞✜✍☎✏✞✍☎✑✒✔✓✂✕☎✍☎✗✝✞✆✞✘✆ Example of a State Machine Model c ✢ Reading at set point / Close drain pipe / Water level high level at setpoint Water Low reading / Activate pump Reading at setpoint / Turn off pump Water level low Open drain pipe High reading c ✢✡☎✣✞✡☎✆✞✙☎✕✔✥✧✦✩★☎★ ￾✂✙☎✚✠✛✜✍☎✑✡✔☞✜✍☎✏✞✍☎✑✒✔✓✂✕☎✍☎✗✝✞✆✞✘✆ Requirements Validation Requirements are source of most operational errors and almost all the software contributions to accidents. Much of software hazard analysis effort therefore should focus on requirements. Problem is dealing with complexity 1) Use blackbox models to separate external behavior from complexity of internal design to accomplish the behavior. 2) Use abstraction and metamodels to handle large number of discrete states required to describe software behavior. Do not have continuous math to assist us But new types of state machine modeling languages drastically reduce number of states and transitions modeler needs to describe