Reliability and Safety Verification methodology

Verification method for robustness

We research and develop the assurance methods for verification completeness, and the key technologies for robustness verification including the non-functional specifications.

Automated verification method

We first research on the analysis of system configuration, operational conditions and system error pattern models. Based on those concepts, algorithms and methodologies for the automated generation of verification cases and the automated success criteria of verification results will be developed.

Reliability and Safety Assurance methodology

Assurance method for verification completeness

We research technology to evaluate verification completeness of whole End-to-End software systems based on verification information produced by various software systems.

Assurance method for defect propagation

We formulate systematic defect modes in the whole software system, then research and demonstrate the evaluation method of propagation effects into whole systems.

Explication and evaluation of general safety requirements using Goal Structuring Notation

Safety requirements for a specific system domain like general safety require- ments and safety standards tend to have obscure and ambiguous descriptions. Misinterpretations of them can cause excessively redundant, or just deficient safety design, which can be a trigger of cost escalation or an accident as a worst case. In this research, we focus on implicit assumptions as a root of am- biguousness mentioned above and propose a method to explicate an article in general safety requirements aiming for mutual understanding among stakehold- ers and improving system safety. The target of our research is Computer-Based Control System (CBCS) safety requirements, which are a safety standard for spacecraft systems and explication in our method is carried out by means of Goal Structuring Notation (GSN). In order to evaluate our proposal in a quan- titative way, we performed a comparative experiment with the help of Japan Aerospace eXploration Agency's engineers. The result of the experiment shows that GSN-based CBCS safety requirements, which are obtained by our method, are more effective to detect and correct errors in a given document on system safety than usual safety requirements written in natural language. Moreover, by analyzing correlative relationship between the two results obtained by the experiment and by the interview to the examinees, we conclude that GSN-based CBCS safety requirements can reduce misunderstandings among developers of a system and certifiers for safety.

Orthogonal Defect Classification for Spacecraft Software and its application for Verification Strategy

Many countries besides Japan develop outer space technology such as artificial satellites. But insignificant software anomalies, complex component errors, and a lack of assumptions on the part of developers often cause utter project failures, e.g. Ariane 5 and the Mars Climate Orbiter. Reasons for such failures include the reuse of legacy systems and software development process problems. Independent Verification and Validation (IV&V) is one way of reducing the risks, with verification and validation done by independent organizations and through outside funding. Conversely, this method is confronted with many difficulties because it depends on manpower. Such difficulties include inconsistencies between systems, increased workloads, quality dependence for engineers, and know-how succession. Computer-aided verification is said to be an effective way of solving this problem if verification quality can be assured.
  The main objective of this research is to reveal better software verification strategies by using anomalies that are produced in spacecraft onboard software development projects. Orthogonal Defect Classification (ODC) is a defect classification method developed by Ram Chillarege. It uses quality analysis (e.g. HAZOP) and quantity analysis (e.g. FTA) aspects and can completely solve software problems by analyzing defect tendencies from defect characters and their respective numbers. ODC is widely used in industry fields because it does not depend on specific technology or a specific software development process.
  We propose improving this method for spacecraft onboard software to more accurately classify anomalies to establish a procedure for validation. We then apply our improved method to fifty anomalies from five spacecraft projects by using a root causal analysis method for ODC called Deep Dive for spacecraft software, which reveals root causes of and tendencies for problems.
  We suppose that utilizing Software in Loop Simulation (SILS) and Hardware in Loop Simulation (HILS) for test optimization can improve the problem that spacecraft onboard software development has according to the defect analysis results. Simulations can run be used in early phase because they do not need hardware. They help to find more anomalies before System Test phase. Simulations can reduce testing cost because these can perform faster than real-time simulations and tests. Moreover, these are used in some spacecraft onboard software developments. However, it takes enormous time to construct a scenario-based test case because these are made by professionals. We think that a scenario-based test case input generation can solve this problem by improving comprehensiveness while reducing costs.