70 likes | 193 Views
Block, OSL and MSL Safety Argument Modules. Overview. Block, OSL and MSL Modules provide the same top-level goal “{Guarantee X} is sufficiently assured” Saw how Block must guarantee certain behaviour to support the SR module
E N D
Overview • Block, OSL and MSL Modules provide the same top-level goal • “{Guarantee X} is sufficiently assured” • Saw how Block must guarantee certain behaviour to support the SR module • OSL, and MSL must similarly guarantee certain behaviour to support other modules • Note that these Modules don’t need to argue these guarantees are safe, onlythat they are provided • Again there are two main claims supported in these Modules: • Each Guarantee is assured • Product Argument • The process used in implementing the guarantees is adequate • Process Argument 19/04/07
Block/OSL/MSL Module Interface • Module is again split into two with the process argument contained within the product argument • Product argument provides the following public goal to other argument modules • This goal would be referenced when another module requires the guaranteed service • The following goal requires support from other Modules • Note that dependencies may be identified at many different development levels 19/04/07
Guarantee is assured • The argument can be made by mapping the Guarantee down through each level of development • Once down to code level can appeal directly to test and verification evidence • At each level new dependencies may be identified which must be satisfied • Dependencies for each Guarantee are identified in DGRs 19/04/07
Guarantee is assured • Each dependency at each level must be satisfied • This is done by the Guarantees of other modules 19/04/07
Guarantee is assured • A SC contract must be formed with each of the Modules whose guaranteed behaviour is required to support a dependency • The Blocks may, for example, have dependencies supported by the OSL, the OSL by the MSL and so on... 19/04/07
Process Argument • The process argument must cover all aspects of the development process • Including the DGR process • For each aspect of the process it must be shown that it is adequate and followed 19/04/07