曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
5 Low Risk Acceptable
*Extracted from MIL-STD 882C
FAA System Safety Handbook, Chapter 13: Launch Safety
December 30, 2000
13 -
26
It is intended to provide a limited representative sampling of those software safety analysis methods and
tools available to the CST licensee or operator. General systems safety analysis have been omitted in that
they are addressed in Paragraph 4.3. It is the licensee or operator’s responsibility to assess the
applicability and viability of a particular analysis method or tool to their CST, methods of operations, and
organizational capabilities.
· Code Inspection: a formal review process during which a safety team checks the actual code,
comparing it stepwise to a list of hazard concerns.
· Hardware/Software Safety Analysis9: this analysis is a derivative of the system PHA10. The
PHA when integrated with the requirements leveled upon the software will identify those
programs, routines, or modules that are critical to system safety and must be examined in
depth.
· Software Failure Modes and Effects Analysis (SFMEA)11: identifies software related design
deficiencies through analysis of process flow-charting. It also identifies interest areas for
verification /validation and test and evaluation. Technique is used during and after the
development of software specifications. The results of the PHA and SSHA, if complete, can
be used ass a guide for focusing the analysis.
· Software Fault Tree Analysis (SFTA)12: used to identify the root cause(s) of a “top”
undesired event. When a branch of the hardware FTA leads to the software of the system, the
SFTA is applied to that portion of software controlling that branch of the hardware FTA. The
outputs from the SFMEA, Software Requirements Hazard Analysis (SRHA), Interface
Analysis, and Human Factors/Man-Machine Interface Analysis can provide inputs to the
SFTA. SFTA can be performed at any or all levels of system design and development.
· Software Hazard Analysis (SHA)13: used to identify, evaluate, and eliminate or mitigate
software hazards by means of a structured analytical approach that is integrated into the
software development process.
· Software Sneak Circuit Analysis (SSCA)14: is used to uncover program logic that could cause
undesired program outputs or inhibits, or incorrect sequencing/timing. When software
controls a safety critical event, an SSCA can help detect a condition that would cause a
catastrophic mishap if the cause were an inadvertent enabling condition.
Generic Software Safety Provisions
Two recommended sources for the applicant of generic software safety provisions used in the design and
development of CST systems that have safety-critical applications are the Joint Software System Safety
Committee Software System Safety Handbook and Eastern and Western Range Safety Requirements,
(EWR 127-1). Using the generic software safety provision previously discussed and other available
software safety “best practices” the applicant should be able to develop system software safety
requirements. This should be done early in the software engineering process, in order for software design
features to be specified that will eliminate, mitigate, or control hazards/risks at an acceptable level with
minimal program impact.
9 Alternate Names: Software Hazard Analysis (SHA) and Follow-On Software Hazard Analysis.
10 See Paragraph 4.3.
11 Alternate Names: Also knows as Software Fault Hazard Analysis (SFHA) and Software Hazardous Effects Analysis (SHEA).
12 Alternate Name: Also know as Soft Tree Analysis (STA).
13 Alternate Name: Software Safety Analysis (SSA).
14 Should be cross-referenced to system SCA.
FAA System Safety Handbook, Chapter 13: Launch Safety
December 30, 2000
13 -
27
Design and Development Process Guidelines
The following guidelines should be applied to the software design and development process:
· A software quality assurance program should be established for systems having safety-critical
functions.
· At least two people should be thoroughly familiar with the design, coding, testing and
operation of each software module in the CST system.
· The software should be analyzed throughout the design, development, and maintenance
processes by a software system safety team to verify and validate the safety design
requirements have been correctly and completely implemented.
· The processes as described in the software development plan should be enforceable and
auditable. Specific coding standards or testing strategies should be enforced and they should
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(44)
