1. I&C Lab Seminar Procedure for the Software Requirements Specification for Safety Critical Systems 2002. 7. 22 Seo Ryong Koo Korea Advanced Institute Science and Technology

2. I&C Lab. Seminar 2 Background  KNICS 2 차년도 과제 SRS 작성 지원 – 원자로보호계통 SRS 작성 BP CP ATIP –NuSCR 을 이용한 SRS 작성  SRS 작성을 위한 절차서 작성 지원 –NuSCR 을 이용한 SRS 작성시 절차서 필요 –AECL 의 Software Work Practice 참고 “Procedure for the Specification of Software Requirements for Safety Critical Systems” 월성 SDS SRS 작성 절차서 최초의 정형기법을 이용한 SRS 작성 경험

3. I&C Lab. Seminar 3 Table of Contents  Introduction  Software Requirements Specification Overview  Software Requirements Specification Underlying Model  The Software Requirements Specification Process  Contents and Organization of the Software Requirements Specification  Notation

4. I&C Lab. Seminar 4 Introduction  Purpose –To define the process for preparing a SRS –To specify the contents and organization of an SRS –To define the notation to be used in an SRS  Scope  Structure of this procedure  Definitions

5. I&C Lab. Seminar 5 SRS Overview  The purpose of SRS is to document the requirements for a software component to be developed within a computer system.  The SRS is based on Design Input Document (DID) produced by the specifiers and designers of system. –The system requirements documentation –The system design documentation –The safety requirements –The hardware design and reference documentation

6. I&C Lab. Seminar 6 SRS Overview  Specification of the SRS consists of: –Definition of the interface between the computer system and the system of which it is a component. –Definition of the interface between the computer system and its developed software component. –Definition of the relationship between monitored and input variables. –Definition of the relationship between controlled and output variables. –Definition of the required behavior of the controlled variables in terms of the monitored variables. –Definition of the required responses to expected errors or faults. –Definition of the necessary constraints on the design of the software. –Definition of dictionaries and indexes.

7. I&C Lab. Seminar 7 SRS Underlying Model  The functional requirements –One of the major pieces of the SRS –Specifying the ideal behavior of the controlled variables in terms of the monitored variables Using a finite state machine model –Specifying the allowable deviation from this ideal behavior By the performance timing requirements and accuracy requirements

8. I&C Lab. Seminar 8 The SRS Process 1. Identify the computer system and software boundaries 2. Define the monitored and controlled variables 3. Define the computer system’s functional behavior 4. Define the computer system’s timing requirements 5. Define the undesired event handling 6. Define the software design constraints 7. Define the dictionaries and indexes 8. Show traceability to the original requirements 9. Perform consistency and completeness checking on the SRS

9. I&C Lab. Seminar 9 The SRS Process Developed Software Pre-Developed Software Developed Software Pre-Developed Software Hardware Computer System 1. Identify the computer system and software boundaries

10. I&C Lab. Seminar 10 The SRS Process  The computer system and software boundaries shall be clearly identified in order to determine the monitored and controlled variables at the computer system boundary, and the input and output variables at the software boundary.  The computer system shall be illustrated through the use of a context diagram.  The context diagram shall be included in Chapter 2.0 of the SRS. 1. Identify the computer system and software boundaries

11. I&C Lab. Seminar 11 The SRS Process  The monitored and controlled variables that make up the computer system interface, and the input and output variables that make up the software interface, shall be defined.  Two general categories –External monitored or controlled variables –Internal monitored or controlled variables  Input exceptions shall be explicitly defined.  In the interfaces chapter, Chapter 3.0 of the SRS 2. Define the monitored and controlled variables

12. I&C Lab. Seminar 12 The SRS Process  The process of defining each monitored (or controlled) variable shall consist of specifying; –The external device, or internal computer system facility to which the monitored (or controlled) variable is an interface –The attributes that define the monitored (or controlled) variable –The input (or output) variables associated with the monitored (or controlled) variable, and the attributes that define the input (or output) variables at the software boundary –The relationship between the monitored (or controlled) variable and the input (or output) variables 2. Define the monitored and controlled variables

13. I&C Lab. Seminar 13 The SRS Process  The computer system functional behavior defines the value of the controlled variables in terms of the current and past values of the monitored variables.  As a finite state machine  The steps in this process 1.Identify the dependencies between the monitored and controlled variables 2.For each controlled variable, express its function and any dependency on history in informal terms 3.Identify commonality among the functions 4.Partition the functions as is necessary and appropriate 5.Formally specify the functions 6.Check the functions for consistency and completeness 3. Define the computer system function al behavior

14. I&C Lab. Seminar 14 The SRS Process 1.Identify monitored and controlled variable dependencies -For each controlled variable, the monitored variables that determine its behavior shall be identified. 2.Express function and history dependencies in informal terms -It is useful to express the desired computer system behavior for each controlled variable in informal terms. 3.Identify commonality among the functions -Further understanding of the individual functions can be achieved by reviewing each function for common monitored variable history dependencies and common functional requirements between the functions. 3. Define the computer system function al behavior

15. I&C Lab. Seminar 15 The SRS Process 4.Partition the functions -Expressing complex functions in terms of simpler sub- functions -Too little partitioning can lead to extremely complex individual functions while too much partitioning results in easy to understand individual function -A function may be partitioned for the following reasons: -A function is too complex to understand without partitioning -It is necessary to show a timing requirement on an intermediate calculation within the function -System requirements such as channelization make partitioning necessary or highly desirable -Functions share common functional requirements -Functional dependencies shall be shown using function overview diagrams 3. Define the computer system function al behavior

16. I&C Lab. Seminar 16 The SRS Process 5.Formally specify the function -The formal specification of the functions shall be via function tables using either the structured decision format or in an equally well defined tabular format -An overview of the relationship between monitored variables, functions, state variables, and controlled variables shall be shown by a function overview diagram 6.Check the functions for consistency and completeness -The following checks shall be performed on the function tables -Input domain completeness -State variable completeness -Input/output consistency -Notation consistency 3. Define the computer system function al behavior

17. I&C Lab. Seminar 17 The SRS Process  Specify timing precision –The specification of the minimum time that a monitored variable must maintain its value before it changes to a new value –Determined by the computer system environment or represent an assumption by the specifier –In the interfaces chapter, Chapter 3.0 of the SRS  Specify functional timing requirements –Timing requirements which are an integral part of the actual function –“function must maintain a light ‘on’ for a period of five seconds” –In the functions chapter, Chapter 4.0 of the SRS 4. Define the timing requirements

18. I&C Lab. Seminar 18 The SRS Process  Specify performance timing requirements –Allowable deviations in time between the specified behavior of the system and its actual behavior –In the timing requirements chapter, Chapter 6.1 of the SRS 4. Define the timing requirements

19. I&C Lab. Seminar 19 The SRS Process  Specifying the undesired event handling shall involve showing coverage within the functions chapter of the SRS  Directly specifying the appropriate response to all expected errors and failure modes identified by the hazard analysis  In Chapter 5.0 of the SRS 5. Define the undesired event handling

20. I&C Lab. Seminar 20 The SRS Process  The software capacity requirements (in Section 6.2 of the SRS)  The constraints associated with the hardware environment (in Section 7.1 of the SRS)  The constraints associated with the software environment (in Section 7.2 of the SRS)  The reliability requirements (in Chapter 8 of the SRS)  The maintainability requirements (in Chapter 9.0 of the SRS)  The safety requirements (in Chapter 10.0 of the SRS)  The security requirements (in Chapter 11.0 of the SRS)  The requirements on conformity to specific standards and codes (in Chapter 12.0 of the SRS) 6. Define the software design constraints

21. I&C Lab. Seminar 21 The SRS Process  The meaning of the encoded values, as they have been defined in the monitored variable, state variable, function and controlled variable descriptions, shall be summarized in Section 15.1 of the SRS.  The purpose of functions shall be summarized in Section 15.2 of the SRS.  The index tables for the monitored variables, controlled variables, functions, state variables, and encoded values shall be included in Sections 15.3, 15.4, 15.5, 15.6, and 15.7 respectively of the SRS. 7. Define the dictionaries and indexes

22. I&C Lab. Seminar 22 The SRS Process  The traceability to original requirements in the DID shall be specified through the use of a coverage matrix.  In Appendix A of the SRS 8. Define the traceability to original requirements

23. I&C Lab. Seminar 23 The SRS Process  All monitored and controlled variables that are measured and affected by the computer system have been included in the interfaces section of the SRS  All relevant attributes for all monitored and controlled variables have been specified  Each controlled variable is defined by a function table in the functions chapter of the SRS  Each computer function is defined by a function overview diagram, a state transition diagram if applicable, and all appropriate function entities  All function overview diagram conform to the conventions specified within this procedure  All state transition diagram conform to the conventions specified within this procedure  All relevant attributes have been specified for all function entities that describe a computer function 9. Perform consistency and completeness checking on the SRS

24. I&C Lab. Seminar 24 The SRS Process  All monitored variables, controlled variables, state variables, functions, and encoded values referenced within each function table are defined in the SRS  All function tables conform to the syntax specified within this procedure  No circular dependencies exist between functions  No transient state values exist  Every monitored variable is used in at least one function table  The logical OR of all conditions within a function table form a tautology  The functions specified by each function table are deterministic  The sections of the SRS that specify the nonfunctional requirements are complete  The index and reference sections of the SRS are complete 9. Perform consistency and completeness checking on the SRS

25. I&C Lab. Seminar 25 Contents and Organization of the SRS 1.Introduction 1.1 Purpose 1.2 Organization 1.3 Notation 2.Computer System Context 3.Interfaces 3.1 Monitored Variables 3.2 Controlled Variables 3.3 Input Exceptions 4.Functions 5.Undesired Event Handling 6.Performance Requirements 6.1 Timing Requirements 6.2 Software Capacity Requirements 7.Design Constraints 7.1 Hardware Environment 7.2 Software Environment 8.Reliability Requirements 9.Maintainability Requirements 10.Safety Requirements 11.Security Requirements 12.Standards and Codes 13.Other Requirements 14.Comparison With Similar System in Other Generating Stations 15.Dictionary and Index 16.References APPENDIX

26. I&C Lab. Seminar 26 Notation  Typical context diagram

27. I&C Lab. Seminar 27 Notation  State transition diagram

28. I&C Lab. Seminar 28 Notation  Function overview diagram

29. I&C Lab. Seminar 29 Notation  Structured decision table

30. I&C Lab. Seminar 30 향후 과제  원자로보호계통 SRS 작성 절차서 – 보호계통 용어 정리 –NuSCR 기반 절차서 작성 NuSCR 을 이용한 작성 Process 수립 NuSCR 을 이용한 notation 정리 – 한글 절차서 작성