# Hazard property in terms of variables used

Hazard Analysis:

Hazard analysis is an important factor associated with any
type of software critical systems. Many times, even some minor neglected errors
can lead the system to hazardous situations. However, some situations can be
made under control but it’s not the same case every time.  In our system, we have classified the
conditions into two types, either controllable or non-controllable.

We Will Write a Custom Essay Specifically
For You For Only \$13.90/page!

order now

The most important mechanism for
improving the safety of a system is to identify the hazard state of the system
as it has the potential to cause an unexpected, unplanned or undesired event or
a series of events. A hazard that occurs in a system could inevitably lead to
an accident (loss event), which could result in an injury or illness or even
loss of a human life, and the hazard could also have a negative impact on the
environment. An approach in hazard analysis is proposed in this paper in order
to avoid hazard from happening in a safety-critical system. The approach
consists of three steps: (1) deriving hazards from safety properties, (2) using
Fault Tree Analysis (FTA) to analyze the possible causes of each hazard, and
(3) converting each minimal cut-set of FTA into a formal property in terms of
variables used in the formal specification. A case study based on an
Auto-cruise Control (ACC) system for vehicles is used as an example to
illustrate the process.2

Hazardous condition

Type

Control technique

Any changes made to the mathematical simulation

Controllable

Situation can be controlled by regular testing approaches

Automatic operation from automatic to manual mode

Uncontrollable

There is no immediate way to control the situation. However, the situation
is very rare to occur.

Injection of more quantity of insulin or glucagon hormones in a
single dosage

Controllable

System is continuously monitoring the dosage. If it goes high, it

Injection of more quantity of insulin or glucagon dosage for a
specific interval.

Controllable

System is continuously monitoring the dosage. If it goes high, it

Injection of less quantity of insulin or glucagon hormones due to low
availability.

Controllable

System will alert as the quantity goes down the Refill bar.

Loss of the patient’s data history due to software malfunction.

Uncontrollable

The scenario cannot be controlled as the system won’t have
information about amount of dosage.

Insertion of a different hormone than the actual required one.

Controllable

System will alert as soon as a different hormone system is
implemented.

Input of wrong information in manual operational mode.

Uncontrollable

There is no immediate method to control the scenario.

Misuse of credentials

Uncontrollable

Life threatening damages can occur as there is no way to control the
situation.

Fault tolerance:

Error detection is an important component of fault
tolerance. Errors can be solved by offending component, alternative means of
computation or by raising an exception. Fault
tolerance is generally implemented by error detection and subsequent system
recovery. Recovery consists of error handling (to eliminate errors from the
system state) and fault handling (to prevent located faults from being
activated again). Fault handling involves four steps: fault diagnosis, fault
isolation, system reconfiguration, and system reinitialization. Using
sufficient redundancy might allow recovery without explicit error detection 1.
Physical faults are usually considered hardware faults while design
faults are software faults.

Our system is software based.
Hence, only software errors can be encountered as it has nothing to deal with
hardware.  Arithmetic and algorithmic are
two types of errors that can be encountered in this system according to our
analysis.   However, there are very much less chances for
the occurrence of arithmetic errors. On the other hand, algorithmic errors can
be encountered in the program due to poor coding of the algorithm. Faults can
be tolerated in known before the arrival of emergency.

The following table shows some
faults and how they can be handled.

Failure mode

Causes

Prevention techniques

Delay caused by the adverse effects of the

Incorrect blood sugar measurement or
functions that does nothing for long period of time

Various measurements are considered for
deciding the proper direction of blood glucose level after verification of
absence of previous dosages.

Incorrect amount of computed overdose or underdose

Due to incorrect computational algorithm.

By proper testing of the algorithms before implementing
into the system for the end users.

Extreme high or low level of consumption.

Due to overdose or low level set by unknown
person.

Could result in dangerous  situations.

References:

2   http://ieeexplore.ieee.org/document/6611740/

1    https://moodle.frankfurt-university.de/mod/resource/view.php?id=13727