Method and apparatus for analyzing hazard of elevator control software, and computer readable recording medium
First Claim
1. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:
- determining an attribute and function demands of the elevator software control system;
analyzing tasks of the elevator software control system based on the determined attribute and the function demands;
generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; and
determining at least one of the hazard of the elevator software control system based on the specification,wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), andwherein the structure of the elevator software control system is divided into an internal part and an external part;
the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and
the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of analyzing a hazard of a software control system which is operated by a computer and based on STPA (System Theoretic Process Analysis) is provided. The method includes determining an attribute and function demands of the system, analyzing tasks of the system based on the determined attribute and the function demands, generating specification of a relation between the tasks using CTT (Concur Task Tree) method, the CTT method representing a hierarchical relation of a control flow between the tasks, determining at least one of the hazard of the system based on the specification and generating a safety constraint of the system based on the determined hazard. The determining at least one of the hazard of the system uses a guide word mapping table of CTT based STPA.
-
Citations
14 Claims
-
1. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:
-
determining an attribute and function demands of the elevator software control system; analyzing tasks of the elevator software control system based on the determined attribute and the function demands; generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; and determining at least one of the hazard of the elevator software control system based on the specification, wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), and wherein the structure of the elevator software control system is divided into an internal part and an external part;
the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and
the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car. - View Dependent Claims (2, 3, 4, 11, 12, 13, 14)
-
-
5. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:
-
determining an attribute and function demands of the elevator software control system; analyzing tasks of the elevator software control system based on the determined attribute and the function demands; generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; determining at least one of the hazard of the elevator software control system based on the specification; and generating a safety constraint of the elevator software control system based on the determined hazard, wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), and wherein the structure of the elevator software control system is divided into an internal part and an external part;
the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button;
the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car; and
the internal part of the elevator software control system includes a load sensor to measure a load to be applied to the car. - View Dependent Claims (6, 7)
-
-
8. A apparatus for analyzing a hazard of an elevator software control system based on System Theoretic Process Analysis (STPA), the apparatus comprising:
-
a hardware processor; a demand determining part stored in a non-transitory computer readable recording medium configured to determine an attribute and function demands of the elevator software control system; a task analyzing part stored in the non-transitory computer readable recording medium configured to analyze tasks of the elevator software control system based on the determined attribute and the function demands; a specification generating part stored in the non-transitory computer readable recording medium configured to generate specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; a hazard determining part stored in the non-transitory computer readable recording medium configured to determine at least one hazard of the elevator software control system based on the specification and the STPA; and a safety constraint generating part stored in the non-transitory computer readable recording medium configured generate a safety constraint of the elevator software control system based on the determined hazard, wherein the demand determining part further configured to generate a use case diagram regarding the attribute and the function demands of the elevator software control system; and wherein the structure of the elevator software control system is divided into an internal part and an external part;
the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and
the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car. - View Dependent Claims (9, 10)
-
Specification