PFI-TT: An Analysis Tool Supporting the Safe Deployment of New Features in Evolving Software Systems

The broader impact/commercial potential of this Partnerships for Innovation - Technology Translation (PFI-TT) project will develop a tool-supported environment designed to aid in the safety analysis of software intensive systems. Developing highly dependable software for medical infusion pumps, positive train controls, and robotics applications is a challenging process that requires rigorous and systematic hazard analysis.

Such systems are traditionally developed within a carefully controlled process that emphasizes detailed planning, upfront design, and phase-based quality assurance gateways. Despite these efforts, products are recalled for life-threatening safety vulnerabilities. The challenges of developing safety systems have led to the phenomenon known as the "big freeze" in which the cost, effort, and risk of introducing new features inhibit product evolution.

The proposed solution will aid software safety analysts and other stakeholders in identifying system-level changes while simultaneously building a safety-case for certification or internal audit purposes. These abilities enable an organization to evolve their products without sacrificing safety, security, or other critical concerns, thereby increasing their competitive advantage.

The project trains a diverse cadre of women, minorities, and persons with disabilities in entrepreneurial activities.

This project will utilize cutting-edge, deep learning technologies to train a domain-specific language model that will be used to automatically generate and evolve accurate trace links between artifacts such as requirements, design, code, and test cases. The generated trace links will be used to generate novel visualizations of hazards and their mitigation pathways (i.e., hazard slices), and to highlight changes that have been introduced across different versions of the system.

In addition, the hazard-slices will be integrated into existing safety-analysis techniques such as fault-trees and safety-assurance cases. The novel hazard-based visualizations are designed to aid analysts and developers in addressing emergent safety concerns in large, complex, and evolving software projects. Finally, the work will provide tools for analyzing changes in the software system, generating explanations to aid in the identification of potential safety problems, and recommending actions that could be taken to mitigate safety risks introduced by the changes.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.