xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F...
Transcript of xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F...
![Page 1: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/1.jpg)
2
TP311
10006SY0814226
� � � � � �
1
![Page 2: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/2.jpg)
Research and Application of Software Safety
Requirements Analysis Method
A Dissertation Submitted for the Degree of Master
Candidate Zhang Yifan
Supervisor Bao Xiaohong
School of Reliability & System Engineering
Beihang University, Beijing, China
![Page 3: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/3.jpg)
2
TP311
10006SY0814226
P 2008 9 18 2011 1 20
2010 12 17 2010 12 28
) 2011 1
![Page 4: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/4.jpg)
7
: ,
O
)
: 2
5
) 、
、 2
)
)
2 2
2 2
![Page 5: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/5.jpg)
i
O
) )
3
) )
) ) ) ) ) )
![Page 6: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/6.jpg)
ii
Abstract
With the scope of applying computer software expanding, its status and importance are gradually
enhanced and prominent, especially in the aerospace field which has high reliability and safety requirement,
how to ensure the quality of software has become the focus of the current works. Requirements phase, as
the true sense of the beginning of the software development work, are most closely to other software
development processes. And the requirements elicitation as the basis work and important part of the
requirements engineering, its quality directly affects the quality of software design and then
influence and determine the quality of software code, Until the final quality of the whole
system. There are many safety-related standards existing for developing safety-critical
systems. Despite the high number, we can hardly find a mature way to guide us to carry out
safety-related work during the software requirements phase.
The objective of this research is to propose an effective and operable framework which
combines with the existing software engineering process well, software organizations can
generate and classify software safety requirements to guide their following development
process. In order to solve this problem, at first this paper provides a framework for software
safety requirements analysis work and identifies the basic strategy and specific work of
software safety requirements analysis in different software development processes. Then for
software safety requirements elicitation, the core part of software safety requirement analysis
work, this paper makes in-depth study from two aspects: idea and methods of software safety
requirements analysis. In the aspect of achieve generic aviation software safety requirements,
this paper develops the list of generic software safety requirements and provides clear cutting
steps of generic software safety requirements; in the aspect of achieve specific software
safety requirements, this paper considers both software safety requirements flow-down
analysis and software safety influence analysis and provides the specific ideas and
implication steps. Besides, for the key analysis methods applied in the software safety
requirements elicitation work, this paper describes in details from the aspects of principle,
aim, steps and so on.
Finally, we apply this set of ideas and methods to engine control system control software,
modeling and analysis in detail and generate generic and specific software safety requirement
![Page 7: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/7.jpg)
iii
based on the results of analysis, which verifies the correctness and validity of this method.
Key Words: Requirements Elicitation, Requirements Analysis, Requirement
Engineering, Software safety, Safety-Critical, Safety analysis, Airworthiness
![Page 8: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/8.jpg)
iv
1.1. ...................................................................................................................... 1
1.1.1. .................................................................................................................. 11.1.2. 4.................................................................................................................. 2
1.2. .............................................................................................................................. 3
1.2.1. .................................................................. 31.2.2. ........................................................................ 17
1.3. ................................................................................................................................ 22
1.4. ................................................................................................................................ 23
1.5. ................................................................................................................................................ 23
6
2.1. .................................................................................................................... 24
2.1.1. .................................................................................................... 242.1.2. ........................................................................................................ 25
2.2. ............................................................................................................................ 25
2.2.1. 4.................................................................................................... 252.2.2. .................................................................................................... 26
2.3. ................................................................................................................................................ 27
3.1. .................................................................................................... 28
3.1.1. ................................................................................................................ 303.1.2. .................................................................................................... 303.1.3. .................................................................................................... 313.1.4. ............................................................................................ 32
3.2. .................................................................................................... 32
3.2.1. .................................................................................... 343.2.2. ............................................................................................ 40
3.3. ............................................................................................................ 41
3.3.1. . ................................................................................ 413.3.2. ................................................................................ 433.3.3. ............................................................................................ 45
3.4. ................................................................................................................................................ 45
4.1. H ................................................................ 46
![Page 9: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/9.jpg)
v
4.1.1. ........................................................................................................ 464.1.2. PHA ............................................................................................... 464.1.3. FHA ............................................................................................... 48
4.2. H ................................................................ 49
4.2.1. ................................................................................................ 504.2.2. ........................................................................................................ 50
4.3. ............................................................................................ 53
4.4. ................................................................................................................................................ 54
8
5.1. ) .................................................................................................... 56
5.1.1 ............................................................................................ 565.1.2 ........................................................................ 57
5.2. .................................................................................................................... 58
5.2.1 ............................................................................................ 585.2.2 ............................................................................................ 60
5.3. ................................................................................................................................................ 75
............................................................................................................................................ 76
........................................................................................................................................ 76
............................................................................................................................................ 77
![Page 10: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/10.jpg)
vi
1 GJB/Z 142 ........................................................................................ 7
2 RTCA DO-178B H ................................................................................. 11
3 NASA ................................................................. 13
4 ............................................................................................................. 15
5 ..................................................................................................... 16
6 ................................................................................................. 16
7 ......................................................................................................... 29
8 ......................................................................................................... 33
9 ..................................................................................... 42
10 ................................................................................... 44
11 ........................................................................................................................... 51
12 ........................................................................................................................... 52
13 ............................................................................................................... 56
14 ........................................................................................................... 57
15 ................................................................................................... 68
16 《 ................................................................................................... 70
17 ............................................................................................................... 71
18 ....................................................................................... 72
19 ............................................................................... 72
20 ....................................................................................................... 74
![Page 11: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/11.jpg)
vii
1 H ....................................................................................................... 4
2 IEC 61508 SIL ............................................................................................................... 5
3 RTCA DO-178B DAL ......................................................................................................... 6
4 ......................................................................................... 15
5 H ......................................................................................... 20
6 H ..................................................................................... 21
7 H ......................................................................................... 29
8 ................................................................................................................. 31
9 ................................................................................................. 34
10 ............................................................................................... 35
11 ............................................................................................... 35
12 ....................................................................................................................... 41
13 ........................................................................................................................... 48
14 ................................................................................................................... 49
15 ......................................................................................... 53
16 ................................................................................... 59
17 ............................................................................................... 59
18 ................................................................................................... 60
19 ............................................................................................................... 61
20 ........................................................................................................................... 61
21 ....................................................................................................... 62
22 FHA ................................................................................................. 63
23 ....................................................................................................... 68
24 ....................................................................................................... 70
25 ................................................................................................... 73
26 ................................................................................................... 74
27 ........................................................................................... 74
28 ................................................................................................... 75
![Page 12: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/12.jpg)
![Page 13: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/13.jpg)
)
1
1.1. 4
1.1.1.
1986 Nancy Leveson “ ”
[1] )) ) )
) O
) )) )
1985 6 1987 1 1Therac-25 6
1 3 1991 1
1 1996 5
: 40 5 3
1999 4B : 9
2
)
H
Leveson )
[2][3]
80 )
) )
[4] [5]
![Page 14: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/14.jpg)
.
2
1.1.2. 4
)
) )
)
) H )
)
)
) )
O
O
![Page 15: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/15.jpg)
)
3
1.2.
)
2
1.2.1.
) )
)
[6]
FAA 1991 146[7] “ ”
)
NASA
NASA
) ) O
1.2.1.1
2
A
A
![Page 16: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/16.jpg)
.
4
[8]
、 )
1 2
1 H
1 1969 MIL-STD-882 2 1977 MIL-STD-882A 3 1984 MIL-STD-882B 4 1993 MIL-STD-882C 5 2000 MIL-STD-882D 6 2005 MIL-STD-882E 7 2005 MIL-HDBK-516B 8 1999 Joint Software System
Safety Committee
9 1996 NASA-STD-8719.13A 10 2004 NASA-STD-8719.13B 11 1996 NASA-GB-1740.13 12 2004 NASA-GB-8719.13 13 2001 EN 50128 )
14 1997 DEF Stan 00-55 15 2007 DEF Stan 00-56 16 1999 IEC61508 17 1994 IEEE 1228 18 1992 RTCA DO-178B 19 1996 ARP4754 ) 20 1996 ARP4761 )
21 1990 GJB 900-1990 22 1997 GJB/Z 99-1997 23 1997 GJB/Z102-9 24 2004 GJB/Z 142-2004
![Page 17: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/17.jpg)
)
5
“ ”
SIL IEC, MOD,
ADoD ) (DAL) RTCA
SIL [9]
IEC 61508 “ ”[10] 4 SIL
SIL1 SIL4 SIL
SIL
IEC 61508 SIL 2 2
2 IEC 61508 SIL
SIL
4 >=10-5 to <10-4 >=10-9 to <10-8 3 >=10-4 to <10-3 >=10-8 to <10-7 2 >=10-3 to <10-2 >=10-7 to <10-6 1 >=10-2 to <10-1 >=10-6 to <10-5
DAL SIL ARP4754[11] ARP4761[12]
A
DAL DALs
RTCA DO-178B “ ”[13]
DAL 3 2
![Page 18: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/18.jpg)
.
6
3 RTCA DO-178B DAL
A )
B /A ) /A
C )
D )
E )
OA
A 66 “ ” D
28 “ ”
D
1.2.1.2 3 2
、 , 、
2
1.2.1.2.1 GJB/Z 142-2004
) ) )
GJB/Z 142 H H
1 2
![Page 19: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/19.jpg)
)
7
1 GJB/Z 142
GJB/Z 142 H 、
2
1)
2)
3)
GJB/Z142 、 , 、
2
1.
、 2
1)
2)
3) 2
1)
2) )
![Page 20: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/20.jpg)
.
8
3) )
4) )
5)
6)
7)
8)
9)
10)
4)
2
1)
2) )
3)
4)
5) )
2.
O 、 2
1)
2)
![Page 21: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/21.jpg)
)
9
3) 、 )
4)
5)
3.
、2
1) O
2)
3) )
4) 2
1) ) ) )
2)
5)
6)
7) ) ) )
GJB/Z 142 H
) ) ) ) )
![Page 22: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/22.jpg)
.
10
H
GJB/Z 142
H H 2
1) V
2) H
3)
,
4) H H
1.2.1.2.2 RTCA DO-178B
DO-178B [14] 1982 RTCA EUROCAE
DO-178B )
(RTCA) DO-178 EUROCAE ED-12
DO-178 DO-178 1985
DO-178A ED-12A
DO-178A
( DO-178A
RTCA
RTCA EUROCAE “ ”
“ ” “ ” DO-178B 1992
DO-178B H DAL H
“ ” DO-178B H
![Page 23: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/23.jpg)
)
11
2 2
2 RTCA DO-178B H
DO-178B
、 ) )
、 2
1)
2)
、 )
、
H
DO-178B 、 2
1) )
2)
3)
4)
![Page 24: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/24.jpg)
.
12
5)
6)
7)
8)
9)
10)
2
1)
2)
1.2.1.2.3 NASA Software Safety Guidebook
NASA [15] 、 2
ROM,EPROM,EEPROM )
) )
NASA
NASA H 3 2
![Page 25: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/25.jpg)
)
13
3 NASA
1.
H 2
1) NSTS 19943, Command Requirements and Guidelines for NSTS Customers.
2) STANAG 4404 (Draft), NATO Standardization Agreement (STANAG) Safety
Design Requirements and Guidelines for Munition Related Safety-Critical Computing
Systems.
3) EWRR 127-1, Range Safety Requirements - Western Space and Missile Center,
Attachment-3, Software System Design Requirements. See Section 3.16 Safety-Critical
Computing System Software Design Requirements.
4) AFISC SSH 1-1, System Safety Handbook - Software System Safety, Headquarters
Air Force Inspection and Safety Center.
5) EIA Bulletin SEB6, A System Safety Engineering in Software Development
![Page 26: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/26.jpg)
.
14
(Electrical Industries Association).
6) Underwriters Laboratory - UL 1998, Standard for Safety - Safety-Related Software,
January 4th, 1994.
7) NUREG/CR-6263 MTR 94W0000114, High Integrity Software for Nuclear Power
Plants, The MITRE Corporation, for the U.S. Nuclear Regulatory Commission.
2.
2
1)
2) PHA 2
PHA
3) )FMECA
NASA
) ) )
FTA)FMECA 2
1)
2)
3)
1.2.1.2.4
[16]
) )) ) FAA )
) NASA ) )
![Page 27: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/27.jpg)
)
15
“ ”
H 4 2
4
H
PHA
H
H 2
1.
、 STANAG 4404,NATO
Mitre(Ada)
* &���
53#�
* ���>:�,���
/A 4
,�-0�?"
�)��
;��TEMP ;��SEMP ;��PHL ;��PHA ;��SSHA ;��SDP ;��CRLCMP$� ;��SPRA7� ;��:�%83��<'%82$
%* ���>:�,���
1�&!<'2$���
"�&��� ��#0!) �
��+!* &�
7�SDP�SEMP�TEMP$� 1���+��(6�
#0�����.
:������.
:�9=�6
@��*�
%8�7�
;� ;
�&�
�&�� �>��
(��'
4
![Page 28: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/28.jpg)
.
16
2.
2 ) )
SS$�-S/ SDD SDP/ SQAP/ QAPP$� PHA$� CRLCMP$� &!* �����'��
�����;�"( SCF)�
3�RHA/ SRCA �����'��
3�SS, S/ SDD 3�TEMP 3�OOD4% 3�SPr A.� 3��=��� ��'��+
3�CRLCMP SCF�
��2�,�!��
�����,+'� ,+*#6 ��: �%,++�/#� "/���;2��(
"/2�$��: 5)1��! "/����;1�$�� 9��"/$�<�7SCFs
2������&
>��%�
2�08�-
2�V&V�T&E�CM '��
3� 3�
�'��
�'����;��
)��(
5
,
H 2
6
![Page 29: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/29.jpg)
)
17
1.2.2.
H ) ) )
、
3 3
)
)
O
H 2
1.2.2.1
) ) ) )
) )
2 ) ) ) ) ,O
: ) [17]
1987 Yue K
“What” “How” , “Why”
2 , [18]
![Page 30: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/30.jpg)
.
18
[19][20] ,
2 KAOS(knowledge acquisition in automated
specification) [21][22] I*(distributed intention) [23][24], GONFR(goal-oriented
non-function requirement)[25] (knowledge
acquisition in automated specification, KAOS)[26] 。
Bubenko[27]
[28]
H 2
1.2.2.2 7
O “
P ”
O
H (scenario-based)
[29]3
3 [30]
( )
》
![Page 31: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/31.jpg)
)
19
,
O , O
60 [31] (event trace diagram)[32])use case[33])UML [34][35])
) H
) ) ) )
) [36]
O
) [37]
H :
[38]
O
1.2.2.3
[39] H
2
![Page 32: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/32.jpg)
.
20
5 H
Elena Navarro, Pedro Sanchez, Patricio
Letelier, Juan A. Pastor and Isidro Ramos[40] Letier et al [41,42]
,
KAOS Du Junwei, Xu
Zhongwei, Mei Meng Du Junwei [43]
H
) [44,45,46,47]
) [48]
[49]
)
WL_Net[50] Petri [51,52,53,54,55]
![Page 33: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/33.jpg)
)
21
1.2.2.4
[56,57] H
O H 6 2
6 H
H
GJB/Z 142
H
)
H
3
, RTCA DO-178B
2
3
NASA
)
FTA)PHA)FMECA)
3
3
H
H
)
) )
) )
![Page 34: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/34.jpg)
.
22
1.3.
H 2
1.
1)
2) H
3) H
2.
1)
2)
3.
1) ) PHA
2) ) FHA
3) ) DFA
4. )
1)
2)
![Page 35: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/35.jpg)
)
23
1.4.
. 2
.)
)
.)
)
.)
H
.)
) )
.) )
)
.) 、 H
1.5.
. .H H
)
![Page 36: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/36.jpg)
.
24
6
Safety “ ”[58]
) )
Software Safety [59] Nancy
Leveson 1986 [1]
,
)
A
O
A
2.1.
)) -) :
)
) ) )
2.1.1.
CPU ) )
)
A
O 、
![Page 37: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/37.jpg)
)
25
2
1)
2)
3)
4)
5)
2.1.2.
H / / H 、
) ) ) ) ) ) )
H 3 H 、 ) ) ) )
) ) )
)
1) ) ) )
A O )
2) )
) )
O
3)
) )
2.2.
2.2.1. 4
IEEE [60] 2
![Page 38: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/38.jpg)
.
26
)
NASA [61]
。
) )
、 )H )
438B[62] 2
1) 3
2) ,
“ ” )
) 3
3) ) ) 3
4) ) 3
5)
2.2.2.
GJB/Z 142-2004
O
H 、 2
1)
2)
3) 。
![Page 39: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/39.jpg)
)
27
4)
5)
6)
7)
H 、
)
2.3.
.
)
. H
![Page 40: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/40.jpg)
.
28
3.1.
,
) ) ) )
)
)
GJB2786A 2
1)
2)
3)
4)
5)
7 2
![Page 41: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/41.jpg)
)
29
'� ��� $������&�
����� ������� &�$�
)%�������, ����
'������
$�������
+"�������, ��
!������, ��
����*����������
��,
������ �
(��������&�-
$�������#&�
����������
���������
����������
'�, �����
��� ��
������
������
������
�� ���
!�
7
H 7 2
7 H
1 )
2 A
3
)
) 4
A
)
A )
2
![Page 42: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/42.jpg)
.
30
3.1.1.
PHA FHA PHA
FHA H
) )
2
1. 3
2. 3
3. 3
4. 3
5. ) 3
6. 3
7. 3
8. 3
3.1.2.
H 2
1
2
O
3
![Page 43: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/43.jpg)
)
31
8 ) ) 2
8
IA 2 H
IIA)IIB 3
IIIA)IIIB 4
IV 5
2-3
3.1.3.
2
![Page 44: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/44.jpg)
.
32
O
3.1.4.
H
A
2
1) )
2)
3) A
3.2.
、 )
![Page 45: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/45.jpg)
)
33
) ) )
) )
2
� �������
����������������
�� ��
�����������
���������
����
���
��
8
2
1) 2 ) ) )
![Page 46: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/46.jpg)
.
34
、 ) GJB) )
)
2)
3) )
4)
3.2.1.
H 9 2
9
1 Joint Software System Safety Committee
Software system safety handbook
2 ESD-TR-86-278 Guideline For Designing User Interface Software
3 NASA-GB-8719.13 NASA Software Safety Guidebook 4 FAA System safety Handbook 5 SSP 50021 Safety Requirements Document 6 NSTS 19943 Command Requirements and
Guidelines for NSTS Customers 7 STANAG 4404
NATO Standardization Agreement (STANAG) Safety Design Requirements and Guidelines for Monition Related Safety-Critical Computing Systems
8 EWRR 127-1 Range Safety Requirements - Western Space and Missile Center, Attachment-3, Software System Design Requirements
9 AFISC SSH 1-1 -
System Safety Handbook - Software System Safety
10 EIA Bulletin SEB6
A System Safety Engineering in Software Development
![Page 47: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/47.jpg)
)
35
110
2
10
9 5
31 17
41 7
112
11
1.
) ) H
2.
) ) )
3. 4. ) )
5. 6.
7.
8. 9. 10.
、
11. 、
12. 、
13. ) 14. POST POST
![Page 48: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/48.jpg)
.
36
15.
16.
H 17. 3
18.
3 0.2 19.
20.
21. 、
3
O 22.
23. 3
24. 25. 3
26.
27. 。
28.
29. 。
5-7 30.
31.
32.
33.
34.
35. 36.
![Page 49: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/49.jpg)
)
37
37.
38. 39. 40. 41. 42. 43. 44. ) 3 ) 45.
46.
)
47.
)
48. )
) 49. )
) 50. )
51. ) )
52. ) )
53. )
54. )
55. )
56. )
57. 58.
59. 60.
61. , 62. 63. ) A
![Page 50: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/50.jpg)
.
38
64. 24
) 65. FDIR )
66. A 67. , 68. 69. )
70.
71. 。 72. 。 73.
74.
75. ,
76. ,
77. ,
78. 、 79. 80.
81.
82. 83. ) ) “
” 84.
85. / )
86.
87.
88.
![Page 51: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/51.jpg)
)
39
89.
90.
91. 、
92.
93.
94.
/ 95. ) )
) 96.
97. / 98. 99.
100. 101. 102.
103. 。 104.
105. /
106.
107. 、
108. 109.
、 )
110.
![Page 52: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/52.jpg)
.
40
3.2.2.
2
1)
H ) ) ) )
2
3
3
A
2)
H
2
![Page 53: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/53.jpg)
)
41
12
3.3.
) ) )
)
) )
) ) ) 、
)
H
2
3.3.1. .
NASA
GJB/Z 142 O 、
3
3
O
3 3
![Page 54: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/54.jpg)
.
42
)
)
2
�����- FHA-PHA
�������
��� �
����
� ���������
- SFTA
���� �������
�� �����
9
2 1)
�
2)
PHA FHA )
![Page 55: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/55.jpg)
)
43
) )
3) SFTA
SFMEA
)
) )
O
4) ,
)
3.3.2.
NASA 、
3GJB/Z142
3
O
,
)
2
![Page 56: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/56.jpg)
.
44
�������
������� �������
��������
��������
�������
�������
������
10
1)
,
2)
)
3)
SDFD ) SCFD
)
4)
、
![Page 57: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/57.jpg)
)
45
5)
3.3.3.
、 2
1.
2. O
) ) ) )
3. ) )
、 ) )
4. H
) )
3.4.
.
.
H .
) )
![Page 58: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/58.jpg)
.
46
)
H
4.1. . 3
H 、 PHA )
FHA ) ) ) SFTA
H 2
4.1.1.
)
)
2 1) )
2) ) ) )
3)
4.1.2. PHA
PHA
PHA PHL
、 ) ) ) ) ) ) )
PHL
![Page 59: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/59.jpg)
)
47
、
)
PHA ) )
PHA
PHA
PHA 2
1) ) ) )
)
2)
3)
4)
a) )
b)
c)
d)
e)
f)
5) A
6)
2
![Page 60: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/60.jpg)
.
48
13
2 2
2
) )
)
4.1.3. FHA
)
H
“ ”
,
H 、 2
1)
2)
3)
4)
5)
6)
7)
![Page 61: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/61.jpg)
)
49
2
14
1 4 …… …… …… …… …… …… ……
FHA 2
1. FHA FMEA
FHA FHA A
FMEA)FTA FMEA FHA
2. FHA
FHA ,
3. FHA
4.
FHA A
5.
4
4.2. 3
H 、 )
) DFA ) )
SFMECA H 2
![Page 62: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/62.jpg)
.
50
4.2.1.
3
H 、 2 1.
)
2.
2
1) 3
2) 2
a)
b)
c)
d) )
e)
f)
g)
h) 、
4.2.2.
)
![Page 63: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/63.jpg)
)
51
Page-Jones Gane
Ward,Mellor,Hatiy,Pirbhai 。
)
1. 2
1)
2) ) )
3) 。 )
4) O
2. 2
2
����
��
���
������ ����� �������
��������!�����
����"�����#���#�
���������������� �������������
���
11
3. 2
1)
![Page 64: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/64.jpg)
.
52
12
、
2)
a) 。 。
b) )
4.
1) “ ” “ ” “ ”
2)
3) O
4)
5) 、) )
6)
![Page 65: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/65.jpg)
)
53
4.3.
15
H
1
PHAPHA )
)
2
H
3
)
4
5
6
) )
![Page 66: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/66.jpg)
.
54
4.4.
. H
、
PHA ) FHA )
DFA )
![Page 67: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/67.jpg)
.
55
8
) ) ) )
H )
)
) O
) ) ) ) )
)
)
) H
[63]) [64])
) )
[65,66] [67] )
)
H
ARP4761
)
[68]
)
H
)
![Page 68: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/68.jpg)
)
56
5.1.
5.1.1
) … ) )
) ) ) …
H ) ) )
H H ) )
) )… ) … )
132
��
����������
��
�������� ���
�������
��
���
����������
T�P
�������
��
�T���P���N
�����
����
13
) ) )
) ) N) T)H
; ; H )H
H DA H
H H H
![Page 69: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/69.jpg)
.
57
H
5.1.2
H
H 3
2
���� ��� ����� �A
���� ������
� �B
�����������
���
���
����
���� ��� ����
� �A
� �B
14
BIT
BIT
CPU
I/O ) BIT
CPU I/O )
![Page 70: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/70.jpg)
)
58
H )
) ) ) ) ) )
)
5.2.
)
5.2.1
)
) )
)
H 、 2 11
)
21
、 ) ) ) )
31
、 )
5.2.1.1
H H )
16 2
![Page 71: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/71.jpg)
.
59
16
1 、
2 、
3 )
) ) 4
5
6 。
7
5.2.1.2
) ) )
17 2
17
1 、
)
2 、
3
) ) )
![Page 72: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/72.jpg)
)
60
4
5
6 。
7
5.2.1.3
2
18
1 ) ) )
2
3 。 4
5 、
5.2.2
H 、 2
![Page 73: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/73.jpg)
.
61
5.2.2.1
1.
) 2
19
1 /
2
3
2.
a)
20
1 2 ) 3 4 《 5 6 7 ) 8 9
10 11 N2 12 13 14 15 16 《 17 18
![Page 74: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/74.jpg)
)
62
b)
21
0101
/ 0102 0103
0104 ) ) 0105
0106 ) 0107
0108 0201
0202 0203
0204 0205
0301 VBV 0401 VSV 0501
0601 0602
0603
0604
0605
H 0701 N 0702
0801
0901
0902
N2
1001
1101 1201
1202 《 1203
1204 1301
1401
c) FHA
![Page 75: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/75.jpg)
²�± �D4*�|tµ¹t%Ø�O�cñ�Ã5
63
Æ 22 4*�|tµ¹µ¹¶ FHA
(¾º8 (¾ K{Ð��/ïwà� U� b Q4*�a> ³¶ t%kF»f� 0101 �ÝÖäÚt% x&¸�k��À*�� Bó �ÝÖKÒ 4 � 0102 �R /<RäÚt
% x&¸�k��À*�� Bó �R/<RKÒ 4 �
0103 �]ÕäÚt% x&¸�k��À*�� Bó �]ÕKÒ 4 � 0104 Ó*äÚt% ��� Bó � 4 �
��µ¹\ß Bó �� 4 � ���X^W Bó Ó*KÒ 4 � ��@�~] Bó ��µ¹�C 2 =È�ÌÉæ5v� Ó*���W·�U� Bó � 2 �Õ 4*�Ô�½�·�Ó* Bó 4*�Ô� 2 �Õ
0105 �ê�°�Ó*
äÚt% ��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*Ô� õÅ� °�Ó*�j( 1 ÌÉæ5v�
0106 Ó*�Ù+¥ô
ÕÓ* ��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*Ô� õÅ� °�Ó*�j( 1 ÌÉæ5v� ��sâ°��×Ó*� õÅ� °�Ó*�j( 1 ÌÉæ5v�
0107 °���¤êÓ
* Ó*��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*Ô� õÅ� °�Ó*�j( 1 ÌÉæ5v�
0108 gcÀ*Ó* ��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*��� õÅ� °�Ó*�j( 1 ÌÉæ5v� Ó*Ô� õÅ� °�Ó*�j( 1 ÌÉæ5v�
0201 ����t% ��H Bó Ó*KÒk�� 4 ÌÉæ5v� õÅ� °�Ó*�j( 1 ÌÉæ5v�
��T Bó Ó*KÒ 4 ÌÉæ5v�
![Page 76: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/76.jpg)
, Á°ÁJIN©EN�Ë}
64
õÅ� °�Ó*�j( 1 ÌÉæ5v� 0202 Ó*)ã��t
% ��H Bó 4*�KãkÓ*Ô
� 3 ÌÉæ5v�
õÅ� 4*�KãkÓ*Ô
� 1 ÌÉæ5v�
��T Bó 4*�e� 4 ÌÉæ5v� õÅ� 4*�e� 1 ÌÉæ5v�
0203 4*����ç
t% Öãy* Bó�Óõ�õÅ��
¨Ä u'¿*�4*�6¾
!¡ë�Ô� 3 ÌÉæ5v�
ÖãòV Bó�Óõ�õÅ��
¨Ä u'x��9á�4*
�6¾�¯PU��Û
�$iÕ�
3 ÌÉæ5v�
���çKt�;I¥�;
*� Bó�Óõ�õÅ��
¨Ä u'Kt�4*�Ô� 1 �Õ
���çKt�;S¥�;
*� Bó�Óõ�õÅ��
¨Ä u'Kt�°��Õ 1 �Õ
0204 )ã��t% ��H Bó�Óõ�õÅ��
¨Ä ÖãÔÑ�4*�Ô
��?o 2 ÌÉæ5v�
��T Bó�Óõ�õÅ��
¨Ä )ã�ëék¼Öã
en 2 ÌÉæ5v�
0205 ã��t% ��H Bó�Óõ�õÅ��
¨Ä ã�ëé�Öãen 2 ÌÉæ5v�
��T
Bó�Óõ�õÅ��
¨Ä ÖãÔÑ�°��Õ 3 ÌÉæ5v�
0301 �Õt% K{ Bó�Óõ�õÅ��
¨Ä 4*����W�Õ 1 �Ut%�ÍÀ*�Õ
0401 VBVt% Kt� VBVA�]�» Bó�Óõ�õÅ��
¨Ä � 4 �Ut%�Í VBV A
���»
![Page 77: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/77.jpg)
²�± �D4*�|tµ¹t%Ø�O�cñ�Ã5
65
Kt� VBVA���» Bó�Óõ�õÅ��
¨Ä 4*�?o 1 �Ut%�Í VBV A
�]�» y*
Bó�Óõ�õÅ��
¨Ä 4*�?o 1 ÌÉæ5v�
0501 VSVt% Kt� VSVA�]�» Bó�Óõ�õÅ��
¨Ä 4*�?o 1 �Ut%�Í VSV A
���» Kt� VSVA���» Bó�Óõ�õÅ��
¨Ä a>4*�¥u' 2 �Ut%�Í VSV A
�]�» y*
Bó�Óõ�õÅ��
¨Ä 4*�?o 1 ÌÉæ5v�
t%�:
Bó�Óõ�õÅ��
¨Ä ãÜ®4*�?o 1 ÌÉæ5v�
òV
Bó�Óõ�õÅ��
¨Ä 4*�?o 1 ÌÉæ5v�
0601 î%t% Kt
Bó�Óõ�õÅ��
¨Ä 4*�ÔÖ 2 mÈ�Ø�æ5§Yv
� 0602 ö1ÖLÖãî
% Kt
Bó�Óõ�õÅ��
¨Ä 4*�ÔÖ 2 ���1_Öãî%@
Ó�£ 0603 4*�r��Z
î% Kt
Bó�Óõ�õÅ��
¨Ä 4*�Ô� 2 mÈ�Ø�æ5§Yv
� 0604 ö11��:1
'î% Kt
Bó�Óõ�õÅ��
¨Ä 4*�Ô1 2 mÈ�Ø�æ5§Yv
� 0605 �1ÖLp´Ö
ãî% Kt
Bó�Óõ�õÅ��
¨Ä 4*�ÔÖ 2 mÈ�Ø�æ5§Yv
� 0701 �¶`�t% Kt��¶`���]
�» Bó�Óõ�õÅ��
¨Ä �6¾�4*��×
7���-ª« 2 ÌÉæ5v�
0702 ¶`�t% Kt�¶`����
�» Bó�Óõ�õÅ��
¨Ä �6¾�4*��×
7���-ª« 2 ÌÉæ5v�
![Page 78: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/78.jpg)
, Á°ÁJIN©EN�Ë}
66
0801 3u't% 3u'hGl]
Bó�Óõ�õÅ��
¨Ä 4*�u'3; 1 ÌÉæ5v�
3u't%K{ ¨ì 4*���x�3u
' 3 ÌÉæ5v�
0901 Q4*���µ
¹¥�0 K{ Bó�Óõ�õÅ��
¨Ä 4*����Z�. 3 mÈ
0902 Qõ���4¤
���¥�0 K{ Bó�Óõ�õÅ��
¨Ä ��4¤����W
U� 3 mÈ
1001 Q4*� N2ÖãÞÅ��îÖ
K{ Bó�Óõ�õÅ��
¨Ä 4*�K2 N2��îÖ(¾
1 �Õ
1101 zðÎ~�F¢ Ï# Bó�Óõ�õÅ��
¨Ä å"(¾K{ 2 íU� b 4*��Õ 2 íU� b
�#
Bó�Óõ�õÅ��
¨Ä 4*�t%6¾!è 2 ÌÉæ5v�
1201 [Â�¬�=È
�8 K{ Bó�Óõ�õÅ��
¨Ä 4*�K2[Â�¬
�=È(¾ 3 m=zð�d
1202 ��¦Ç K{ Bó�Óõ�õÅ��
¨Ä 4*�K2��¦Ç
(¾ 4 m=zð�d
1203 o*¦Ç K{
Bó�Óõ�õÅ��
¨Ä 4*�K2o*¦Ç
(¾ 4 m=zð�d
1204 ��¦Ç K{ Bó�Óõ�õÅ��
¨Ä 4*�K2��¦Ç
(¾ 4 m=zð�d
1301 |q�M K{ Bó�Óõ�õÅ��
¨Ä � 4 m=zð�d
1401 ���µ¹¥â
Ê K{ Bó�Óõ�õÅ��
¨Ä � 3 m=âÊzð
![Page 79: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/79.jpg)
67
3. (SFTA)
,
( ,
, , a)
(
(
15
![Page 80: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/80.jpg)
68
������
���$�"�
$��"���
&%#�� ����)�
���$�
'��!��!�
0.%�,���&
0.%�/"$����
��+��$�
�#��%���$�
*��3
���$�
-'��
����($�
��$�2��1�$�
��"$�
&%#����3
���
�#�������$�
*�$�
15
23
1 ,
, 2
3
、 4 , 5
![Page 81: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/81.jpg)
69
6
,
、
7
8
,
、
b)
16
![Page 82: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/82.jpg)
70
16
24
1 ,
、 2
、 3
4 ,
5.2.2.2
,
,
,
1. (
(
1) 5ms
2) 25ms
3)
;
2.
![Page 83: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/83.jpg)
71
;
;
17
���
���� ���
� �
���� �
���� �
����� �
��
CAN������
17
3.
(
/���
��58 ���)
��!��)
�7� ��)
��.&�) �� 4�
��1���7�
4�����
$6�&�"���658�
$6�&�"�����(�#��BI T���%�
��6 �!���
��'�� $6 �
��6 �!���
/��7��$6�&�" ��
/��7��$6�&�" ��
��6 ����'��
/��7��$6�&�" ��
$6�&(6���6+$��
4�����
$6���6 , ��
4��3���4���, �����
4������4��3, �����
���%#"���*
����
��������20-
����
![Page 84: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/84.jpg)
72
18
4.
l !
l
l VBV
l VSV
l
5.
,
,
%�-$��+.���#
)"�-$�
�-�#�'
��%�'��!�
&�)$�
�(�$"(!�� �
�#(���
(��$"(!�� �
�� �)��
(��$"(!�� �
� �������
(��$"(!�� �
&�)��
*�����,'��������&
*��
�-�'��
�-�'�����,'���)*��
"(!������
'���I / O��
'���I / O��
*���I / O��
+.��I / O��
'���I / O��
'���I / O��
'��������
��������
19
![Page 85: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/85.jpg)
73
, ,
,
, a)
,
25
25
。
,
3;
(
、
,
3
(
b)
![Page 86: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/86.jpg)
74
20
,
, ,
26
26
, 。 。
c)
27
27
;
; ;
;
;
,
![Page 87: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/87.jpg)
75
5.2.2.3
28
1 , 2 、 3 4 5 、 6 、 ,
7 8 9
10 11 。 12
5.3. �
——
, ,
,
![Page 88: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/88.jpg)
76
�����
�����
,
( )
( )
( )
,
( ) ,
( ) ,
,
,
。 , 。
������
( )
( )
![Page 89: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/89.jpg)
77
( )
,
( )
,
�!���
,
( )
, ,
( )
( )
![Page 90: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/90.jpg)
78
���� [1] N.G.Leveson. Software safety: Why, what, and how?[J] ACM Computing Surveys, 18(2),
June 1986.
[2] N.G.Leveson. "A New Approach to System Safety Engineering"[M], Aeronautics and Astronautics, Massachusetts, Institute of Technology, Draft of New Book, 2005.
[3] [3] N.G.Leveson. "The Role of Software in Spacecraft Accidents"[J], AIAA Journal of Spacecraft and Rockets, Vol. 41, No. 4, July 2004
[4] Gottesdeiner, E., Requirements by Collaboration[M], Addison-Wesley, 2002.
[5] Samuel Renault, Xavier Franch, Carme Quer. PABRE: Pattern-Based Requirements Elicitation, Research Challenges in Information Science[J], 2009, 81-92.
[6] Matthew John Squair. Issues in the Application of Software Safety Standards[J]
[7] Bowen,J. & Stavidrou,V., Safety-Critical Systems,Formal Methods and Standards[J], In IEE/BCS Software Engineering Journal, Volume8 No.4, pp189-209,1992.
[8] Atchison,B., Wabenhorst,A., A Survey of International Safety Standards[J], Software Verification Research Centre (SVRC), SVRC Technical Report 99-30, The University of Queensland QLD, Australia, 1999.
[9] GJB/Z 142-2004 Guide for military software safety analysis[S]
[10] IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems[S]
[11] ARP4754 Certification Considerations for Highly-Integrated Or Complex Aircraft Systems[S]
[12] ARP4761 Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment[S]
[13] RTCA DO-178B Software Considerations in Airborne Systems and Equipment Certification[S]
[14] Dima Zemskyy Safety and Reliability Considerations in DO 178B[C]
[15] NASA-GB-8719.13 NASA Software Safety Guidebook[S]
[16] Joint Software System Safety Committee SOFTWARE SYSTEM SAFETY HANDBOOK[S]
[17] Li Yonghua Requirement Engineering Based on Combining Goal with Scenarios[C]
[18] Yue K.What Does It Mean to Say that a Specification is Complete?[J] In: Proceedings of the IEEE International Workshop on Software Specifications and Design,Monterey:IEEE Computer Society Press,1987.42-49.
![Page 91: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/91.jpg)
79
[19] Lamsweerde AV. Goal-Oriented Requirements Engineering:A Guided Tour.[J] Proceedings of the Fifth IEEE International Symposium on Requirements Engineering.Los Alamitos:IEEE Computer Society Press,2001.249-262.
[20] Dardenne A,Lamsweerde AV and Fickas S.Goal-Directed Requirements Acquisition[J].Science of Computer Programming,1993,20(1-2):3-50.
[21] Lamsweerde AV,Dardenne A,Delcourt B,Dubisy F.The KAOS Project: Knowledge Acquisition in Automated Specification of Software[J].In: Proceedings AAAI Spring Symposium Series,Stanford University:American Association for Artificial Intelligence,1991.59-62.
[22] Darimont R,Delor E,Massonet P,Lamsweerde AV.GRAIL/KAOS:An Environment for Goal-Driven Requirements Engineering[C].In:Proc.ICSE’98-20th Intl.Conf.on Software Engineering,Kyoto:ACM Press,1998.58-62.
[23] Yu E.Modelling Organizations for Information Systems Requirements Engineering[C].In:Proc.RE'93-1st Intl Symp.on Requirements Engineering, San Diego:IEEE Computer Society Press,1993.34-41.
[24] Yu E.Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering[C].In:Proc.RE-97-3rd Int.Symp.on Requirements Engineering, Annapolis:IEEE Computer Society Press,1997.226-235.
[25] Mylopoulos J,Chung L,Nixon B.Representing and Using Nonfunctional Requirements:A Process-Oriented Approach[J].IEEE Transactions on Software Engineering,1992,6(18):483-497.
[26] Dardenne A, van Lamsweerde A, Fickas S., Goal-directed Requirements acquisition[J]. Science of Computer Programming, 20(1, 2). 3-50.
[27] Bubenko, et al. Software Requirements Acquisition through Enterprise Modeling[C]. Software Engineering and Knowledge Engineering (SEKE’94). Jurmala, Latvia, 1994.
[28] Dardenne A,Fickas S,Lamsweerde AV.Goal-Directed Concept Acquisition in Requirements Elicitation[C].In:Proc.IWSSD-6-6thIntl.Workshop on Software Specification and Design,Como:IEEE Computer Society Press,1991.14-21.
[29] Desharnais J,Frappier M,Khédri R,Mili A.Integration of sequential scenarios[C]. In:Proceedings of the 6th European conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering, Zurich:Springer-Verlag,1997.310-326.
[30] Chin G,Rosson MB.Progressive design:staged evolution of scenarios in the design of a collaborative science learning environment[C].In:Proceedings of the SIGCHI conference on Human factors in computing systems,Los Angeles: ACM Press,1998.611-618.
[31] Sutcliffer A.Scenario-Based Requirements Engineering[C].In:Proceedings of the 11th IEEE International Requirements Engineering Conference.Los Alamitos: IEEE Computer Society Press,2003.320-329.
[32] Rumbaugh J,Blaha M,eds.Object-Oriented Modelling and Design[M],New Jersey:Prentice Hall,1991.
![Page 92: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/92.jpg)
80
[33] Billard EA.system scenarios as Use Case Maps[C].In:Proceedings of the 4th international workshop on Software and performance,Redwood Shores:ACM Press,2004.266-277.
[34] Fowler M.UML Distilled[M].2nd edition,Addison-Wesley,1997.
[35] Jger D,Schleicher A,Westfechtel B.Using UML for software process modeling[C].In:Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering,Toulouse:Springer-Verlag,1999. 91-108.
[36] Young RM,Barnard P.The use of scenarios in human-computer interaction research:turbocharging the tortoise of cumulative science[C].In:Proceedings of the SIGCHI/GI conference on Human factors in computing systems and graphics interface,Toronto:ACM Press,1986.291-296.
[37] Carroll J,Rosson MB,McInerney P.Scenarios in practice[C].In:CHI'03 extended abstracts on Human factors in computing systems,Ft.Lauderdale: ACM Press,2003.1046-1047.
[38] Fickas S,Johnson L,Karat J,Potts C.Using scenarios to elicit user requirements[C].In:Conference companion on Human factors in computing systems,Boston:ACM Press,1994.467
[39] Lahoz C.H.N, Camargo Jr.J.B, Abdala, M.A.D, Burgareli L.A, A Software Safety Requirements Elicitation Study On Critical Computer Systems[C]
[40] Elena Navarro†, Pedro Sánchez‡, Patricio Letelier, Juan A. Pastor‡ and Isidro Ramos A Goal-Oriented Approach for Safety Requirements Specification[C]
[41] E. Letier and A. van Lamsweerde, “High Assurance Requires Goal Orientation”[C], Proceedings of International Workshop on Requirements for High Assurance Systems, Essen, September 2002.
[42] S. Kelly, K. Lyytinen, M. Rossi: “METAEDIT+ A fully configurable Multi-User and Multi-tool CASE and CAME Environment”[C]. Proceedings of 8th International Conference on Advances Information System Engineering, LNCS1080, Springer-Verlag, 1996, 1-21.
[43] Du Junwei, Xu Zhongwei, Mei Meng, Du Junwei Verification of Scenario-Based Safety Requirement Specification on Components Composition[C]
[44] 。 [J]. 2006
[45] [J]. 2005
[46] [J]. 2005
[47] [J]. 2007
[48] ( [C] 7 2007
[49] 2007
![Page 93: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/93.jpg)
81
[50] WL_Net [J]. 2008
[51] Petri [J]. 2001
[52] Petri [J]. 1998
[53] Petri [J]. 1998
[54] Petri [J]. 1998
[55] Petri [J]. 1998
[56] [C]. 2003
[57] [J]. 1997
[58] ISO8402: 1994 - Quality management and quality assurance[S]
[59] GJB102-1997 [S]
[60] IEEE830-1998 Recommended Practice for Software Requirements Specifications[S]
[61] NASA-STD-8719.13B. NASA Software Safety Standard[S]
[62] GJB438B-2009 [S]
[63] . [J]. , 2009, 9(10)
[64] . [D]. ,2007
[65] . [D]. ,2008
[66] [J]. 2007
[67] FADEC [D]. 2004
[68] — [D]. 2009
![Page 94: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/94.jpg)
82
������"� ����
Zhang Yifan, Bao Xiaohong, Li Zhen A framework for airborne aviation software safety
requirements analysis. International Symposium on Aircraft Airworthiness 2009(EI,ISTP)
![Page 95: xQ 8 Õ I ó O ¬ Ã n · 6 ¼ " Ôª ¼ 6 \ Á ¬ Ã óî xQ 8 P 2008 i9 18 ø h 2011 i1 20 ø 9 F ï Ø@ ø 2010 i12 17 ø F ï Ð ø 2010 i12 28 ø 6` Ï6É` ) 6` Ï6 ø 2011](https://reader033.fdocuments.us/reader033/viewer/2022052010/6020b1ebf2b9c8773542c20c/html5/thumbnails/95.jpg)
83
�
:
)
,
;
;
;
—
2008
;