Method and apparatus for analyzing hazard of elevator control software, and computer readable recording medium

US 9,952,960 B1
Filed: 12/01/2017
Issued: 04/24/2018
Est. Priority Date: 10/19/2016
Status: Expired due to Fees

First Claim

Patent Images

1. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:

determining an attribute and function demands of the elevator software control system;

analyzing tasks of the elevator software control system based on the determined attribute and the function demands;

generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; and

determining at least one of the hazard of the elevator software control system based on the specification,wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), andwherein the structure of the elevator software control system is divided into an internal part and an external part;

the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and

the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of analyzing a hazard of a software control system which is operated by a computer and based on STPA (System Theoretic Process Analysis) is provided. The method includes determining an attribute and function demands of the system, analyzing tasks of the system based on the determined attribute and the function demands, generating specification of a relation between the tasks using CTT (Concur Task Tree) method, the CTT method representing a hierarchical relation of a control flow between the tasks, determining at least one of the hazard of the system based on the specification and generating a safety constraint of the system based on the determined hazard. The determining at least one of the hazard of the system uses a guide word mapping table of CTT based STPA.

Citations

14 Claims

1. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:
- determining an attribute and function demands of the elevator software control system;
  
  analyzing tasks of the elevator software control system based on the determined attribute and the function demands;
  
  generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks; and
  
  determining at least one of the hazard of the elevator software control system based on the specification,wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), andwherein the structure of the elevator software control system is divided into an internal part and an external part;
  
  the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and
  
  the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car.
- View Dependent Claims (2, 3, 4, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the determining the attribute and the function demands of the elevator software control system comprises generating a use case diagram regarding the attribute and the function demands of the elevator software control system.
  - 3. The method of claim 2, further comprising generating a control structure map of the elevator software control system based on the attribute and the function demands of the elevator software control system prior to the analyzing the tasks of the elevator software control system.
  - 4. The method of claim 1,wherein the guide word mapping table of the CTT based STPA comprises guide words defined by the STPA corresponding to the relation between the tasks which are defined by the CTT method.
  - 11. A non-transitory computer readable recording medium comprising at least one command, the command implementing the method of claim 1 when the command is operated by a computer.
  - 12. The non-transitory computer readable recording medium of claim 11, wherein the determining the attribute and the function demands of the elevator software control system comprises generating a use case diagram regarding the attribute and the function demands of the elevator software control system.
  - 13. The non-transitory computer readable recording medium of claim 12, the method further comprises generating a control structure map of the elevator software control system based on the attribute and the function demands of the elevator software control system prior to the analyzing the tasks of the elevator software control system.
  - 14. The non-transitory computer readable recording medium of claim 11,wherein the guide word mapping table of the CTT based STPA comprises guide words defined by the STPA corresponding to the relation between the tasks which are defined by the CTT method.

5. A method of analyzing a hazard of an elevator software control system by a computer, the method comprising:
- determining an attribute and function demands of the elevator software control system;
  
  analyzing tasks of the elevator software control system based on the determined attribute and the function demands;
  
  generating specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks;
  
  determining at least one of the hazard of the elevator software control system based on the specification; and
  
  generating a safety constraint of the elevator software control system based on the determined hazard,wherein the determining at least one of the hazard of the elevator software control system uses a guide word mapping table of CTT based System Theoretic Process Analysis (STPA), andwherein the structure of the elevator software control system is divided into an internal part and an external part;
  
  the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button;
  
  the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car; and
  
  the internal part of the elevator software control system includes a load sensor to measure a load to be applied to the car.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein the CTT method includes an abstract task which is a superordinate task of other tasks, a user task which is operated by a user, an application task operated by the elevator software control system and an interaction task which is operated by interaction between the user and the elevator software control system according to characteristics of the tasks.
  - 7. The method of claim 6, wherein abstract tasks including Summon Car, Boarding, Take Car to Destination Floor and Load weight are generated;
    - interaction tasks, which are operated by interaction between the user and the elevator software control system, including Pressed Summon Button, Pressed Floor Request Button and Hold doors are generated;
      
      application tasks, which are operated by the elevator software control system, including Detect Car Position, Calculate Distance, Move Car, Stop Car, Open Doors, Check Changed Weight, Ring Alarm and Close Doors are generated; and
      
      user tasks, which are operated by the user, including Get into Car and Get off Car are generated.

8. A apparatus for analyzing a hazard of an elevator software control system based on System Theoretic Process Analysis (STPA), the apparatus comprising:
- a hardware processor;
  
  a demand determining part stored in a non-transitory computer readable recording medium configured to determine an attribute and function demands of the elevator software control system;
  
  a task analyzing part stored in the non-transitory computer readable recording medium configured to analyze tasks of the elevator software control system based on the determined attribute and the function demands;
  
  a specification generating part stored in the non-transitory computer readable recording medium configured to generate specification of a relation between the tasks using Concur Task Tree (CTT) method, the CTT method representing a hierarchical relation of a control flow between the tasks;
  
  a hazard determining part stored in the non-transitory computer readable recording medium configured to determine at least one hazard of the elevator software control system based on the specification and the STPA; and
  
  a safety constraint generating part stored in the non-transitory computer readable recording medium configured generate a safety constraint of the elevator software control system based on the determined hazard,wherein the demand determining part further configured to generate a use case diagram regarding the attribute and the function demands of the elevator software control system; and
  
  wherein the structure of the elevator software control system is divided into an internal part and an external part;
  
  the external part of the elevator software control system includes a summon button to summon an elevator and the summon button includes an up button and a down button; and
  
  the internal part of the elevator software control system includes a car where passengers board and a door, and a floor request button, an open button and a close button are disposed in the car.
- View Dependent Claims (9, 10)
- - 9. The apparatus of claim 8, wherein the CTT method includes an abstract task which is a superordinate task of other tasks, a user task which is operated by a user, an application task operated by the elevator software control system, and an interaction task which is operated by interaction between the user and the elevator software control system according to characteristics of the tasks.
  - 10. The apparatus of claim 9, wherein abstract tasks including Summon Car, Boarding, Take Car to Destination Floor and Load weight are generated;
    - interaction tasks, which are operated by interaction between the user and the elevator software control system, including Pressed Summon Button, Pressed Floor Request Button and Hold doors are generated;
      
      application tasks, which are operated by the elevator software control system, including Detect Car Position, Calculate Distance, Move Car, Stop Car, Open Doors, Check Changed Weight, Ring Alarm and Close Doors are generated; and
      
      user tasks, which are operated by the user, including Get into Car and Get off Car are generated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sangmyung University Industry-Academy Cooperation Foundation
Original Assignee
Sangmyung University Industry-Academy Cooperation Foundation
Inventors
Han, Hyuk Soo, Kim, EunBi
Primary Examiner(s)
DAO, THUY CHAN

Application Number

US15/828,602
Publication Number

US 20180107582A1
Time in Patent Office

144 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/0796   Safety measures, i.e. ensur...

G06F 11/3608   using formal methods, e.g. ...

G06F 8/10   Requirements analysis; Spec...

G06F 8/433   Dependency analysis; Data o...

G06F 8/75   Structural analysis for pro...

Method and apparatus for analyzing hazard of elevator control software, and computer readable recording medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for analyzing hazard of elevator control software, and computer readable recording medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links