Hazard Relation Diagrams: a diagrammatic representation to increase validation objectivity of requirements-based hazard mitigations

摘要

When developing safety-critical embedded systems, it is necessary to ensure that the system under development poses no harm to human users or external systems during operation. To achieve this, potential hazards are identified and potential mitigations for those hazards are documented in requirements. During requirements validation, the stakeholders assess if the documented hazard-mitigating requirements can avoid the identified hazards. Requirements validation is highly subjective. Among others, validation depends on the stakeholders’ understanding of the involved processes, their familiarity with the system under development, and the information available. In consequence, there is the risk that stakeholders judge the adequacy of hazard-mitigating requirements based on their individual opinions about the hazards, rather than on the documented information about the system’s hazards. To improve the validation of hazard-mitigating requirements, we recently proposed a diagrammatic representation called Hazard Relation Diagrams (Tenbergen B, Weyer T, Pohl K, Supporting the validation of adequacy in requirements-based hazard mitigations. In: Requirements engineering: foundation for software quality. LNCS, vol 9013. Springer, pp 17–32, 2015). In this paper, we extend the ontology of Hazard Relation Diagrams, present their notations, and define well-formedness rules. We elaborate on the application of Hazard Relation Diagrams to visualize complex relationships between hazards and mitigations and present an automated approach to generate Hazard Relation Diagrams. Finally, we report on our empirical evaluations about the impact of Hazard Relation Diagrams on review objectivity, effectiveness, efficiency, and reviewer’s subjective confidence.