Requirements Analysis for Safety Critical Systems

Requirements not only have to deal with events that are unexpected, they also need to anticipate the consequences of things going wrong. The unexpected can arise from many sources. Environmental events, often attributed incorrectly to “acts of God”, create problems through adverse weather and physical conditions, causing machinery to break down so that normal system functions cannot be assumed. Furthermore, people make mistakes. Even though many accidents are blamed on people making mistakes, human error is usually only one of many contributing factors. Safety critical systems should prevent, or at least reduce the chance of, human error. Requirements analysis has to try to anticipate these problems, but this is a difficult task. The problem is one of 20/20 foresight, or trying to anticipate all the possible combinations of future events that might occur in a designed system, and then trying to ensure that the design prevents or at least counteracts possible failures. Given the large number of possible errors people can make, in combination with extremes in weather and the many components in complex systems that could fail, we have a combinatorial explosion. So anticipating the future is a very difficult task; however, that does not mean we should not attempt it. Even standard methods such as object-oriented analysis and use cases draw attention to alternative as well as normal courses of action.