Antonino, P., Trapp, M., and Venugopal, A., "Automatic Detection of Incomplete and Inconsistent Safety Requirements," SAE Technical Paper 2015-01-0268, 2015, doi:10.4271/2015-01-0268.
Evidence has shown that the lack of traceability between safety requirements and both architecture and failure propagation models is a key reason for the incompleteness and inconsistency of safety requirements, and, consequently, a root cause of safety incidents. In this regard, this paper presents checks for the automatic detection of incompleteness and inconsistency of safety requirements with respect to failure propagation models and architecture. First, the notion of safety requirements completeness and consistency was decomposed into small manageable pieces called Safety Requirement Completeness and Consistency Criteria. Breaking the complex notions of completeness and consistency into finer grains was important to allow systematic and precise elaboration of the completeness and consistency checks. Next, each Safety Requirement Completeness and Consistency Criteria was formalized using Set Theory notation, which, despite being a lightweight formalism, is sufficiently accurate to represent problem-specific knowledge, and can be used as a solid basis for automation using different technology platforms. Last, in order to concretize the checks formalized with Set Theory notation, they were realized with OCL, chosen because its expressions do not have the ambiguity of natural languages and are not difficult to use in real development environments, unlike more formal specification languages such as Z. It has been observed that these checks are solid and practical enough to support safety engineers in detecting incomplete and inconsistent safety requirements, and, consequently, for improving the detection of incompleteness and inconsistency of safety requirements with respect to architecture and failure propagation models.