LNCS 2788 Critical Feature Analysis of a
Radiotherapy Machine 1st Edition by Andrew Rae,
Daniel Jackson, Prasad Ramanan, Jay Flanz,
Didier Leyman ISBN 3540398783 9783540398783 pdf
download
https://ebookball.com/product/lncs-2788-critical-feature-
analysis-of-a-radiotherapy-machine-1st-edition-by-andrew-rae-
daniel-jackson-prasad-ramanan-jay-flanz-didier-leyman-
isbn-3540398783-9783540398783-14498/
Explore and download more ebooks or textbooks
at ebookball.com
, Get Your Digital Files Instantly: PDF, ePub, MOBI and More
Quick Digital Downloads: PDF, ePub, MOBI and Other Formats
LNCS 2788 Automatic Timeliness Verification of a Public Mobile
Network 1st Edition by Ciancamerla, Minichino, Serro, Tronci ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-automatic-timeliness-
verification-of-a-public-mobile-network-1st-edition-by-
ciancamerla-minichino-serro-tronci-
isbn-3540398783-9783540398783-10904/
LNCS 2788 A Dependability Model for Domestic Systems 1st Edition by
Guy Dewsbury, Ian Sommerville, Karen Clarke, Mark Rouncefield ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-a-dependability-model-
for-domestic-systems-1st-edition-by-guy-dewsbury-ian-sommerville-
karen-clarke-mark-rouncefield-
isbn-3540398783-9783540398783-10176/
LNCS 2788 Visual Modeling and Verification of Distributed Reactive
Systems 1st Edition by Iqbal, AK Bhattacharjee, SD Dhodapkar, Ramesh
ISBN 3540398783 9783540398783
https://ebookball.com/product/lncs-2788-visual-modeling-and-
verification-of-distributed-reactive-systems-1st-edition-by-
iqbal-ak-bhattacharjee-sd-dhodapkar-ramesh-
isbn-3540398783-9783540398783-14518/
LNCS 2788 Software Tamper Resistance Using Program Certificates 1st
Edition by Hongxia Jin, Gregory Sullivan, Gerald Masson ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-software-tamper-
resistance-using-program-certificates-1st-edition-by-hongxia-jin-
gregory-sullivan-gerald-masson-
isbn-3540398783-9783540398783-9638/
,LNCS 2788 Using IEC 61508 to Guide the Investigation of Computer
Related Incidents and Accidents 1st Edition by Chris Johnson ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-using-iec-61508-to-guide-
the-investigation-of-computer-related-incidents-and-
accidents-1st-edition-by-chris-johnson-
isbn-3540398783-9783540398783-12290/
LNCS 2788 Security Policy Configuration Issues in Grid Computing
Environments 1st Edition by George Angelis, Stefanos Gritzalis, Costas
Lambrinoudakis ISBN 3540398783 9783540398783
https://ebookball.com/product/lncs-2788-security-policy-
configuration-issues-in-grid-computing-environments-1st-edition-
by-george-angelis-stefanos-gritzalis-costas-lambrinoudakis-
isbn-3540398783-9783540398783-10174/
LNCS 2788 Fault Tolerant Communication System to Improve Safety in
Railway Environments 1st Edition by César Mataix, Pedro MartÃ-n,
Francisco Javier RodrÃ-guez, MarÃ-a José Manzano, Javier Pozo ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-fault-tolerant-
communication-system-to-improve-safety-in-railway-
environments-1st-edition-by-ca-c-sar-mataix-pedro-martan-
francisco-javier-rodraguez-maraa-josa-c-manzano-javier-pozo-
isbn-354/
Nonlinear Feature Selection by Relevance Feature Vector Machine 1st
Edition by Haibin Cheng, Haifeng Chen, Guofei Jiang, Kenji Yoshihira
9783540734987
https://ebookball.com/product/nonlinear-feature-selection-by-
relevance-feature-vector-machine-1st-edition-by-haibin-cheng-
haifeng-chen-guofei-jiang-kenji-yoshihira-9783540734987-9614/
Research Methods and Statistics A Critical Thinking Approach 3rd
Edition by Sherri Jackson 0495510017 978-0495510017
https://ebookball.com/product/research-methods-and-statistics-a-
critical-thinking-approach-3rd-edition-by-sherri-
jackson-0495510017-978-0495510017-17350/
, Critical Feature Analysis
of a Radiotherapy Machine
Andrew Rae1, Daniel Jackson2, Prasad Ramanan2, Jay Flanz3, Didier Leyman4
1
Information Technology and Electrical Engineering
University of Queensland, St Lucia, QLD Australia
Laboratory for Computer Science
2
Massachusetts Institute of Technology, Cambridge, MA
Northeast Proton Therapy Center
3
Massachusetts General Hospital, Boston, MA
4
Ion Beam Applications
Louvain-La-Neuve, Belgium
Abstract. The software implementation of the emergency shutdown feature in a
major radiotherapy system was analyzed, using a directed form of code review
based on module dependences. Dependences between modules are labelled by
particular assumptions; this allows one to trace through the code, and identify
those fragments responsible for critical features. An ‘assumption tree’ is con-
structed in parallel, showing the assumptions which each module makes about
others. The root of the assumption tree is the critical feature of interest, and its
leaves represent assumptions which, if not valid, might cause the critical feature
to fail. The analysis revealed some unexpected assumptions that motivated im-
provements to the code.
1 Introduction
A key difficulty in the analysis of large software systems is the isolation and evalu-
ation of critical source code. Ideally, safety critical requirements would be imple-
mented by safety critical modules, neatly isolated from the non-critical code. In
practice, the safety of a system is tightly bound to its correct operation, and a single
safety feature requires the cooperation of many modules.
This paper reports on our experiences analyzing the source code of a radiotherapy
machine. We concentrated on a single feature of the software—the emergency stop
function. As expected, we found that reasoning about this function required us to
make assumptions about the behaviour of other parts of the system. Inspecting the
tree of assumptions produced by our analysis exposed some conditions under which
the software might not behave as intended.
S. Anderson et al. (Eds.): SAFECOMP 2003, LNCS 2788, pp. 221−234, 2003.
Springer-Verlag Berlin Heidelberg 2003
Radiotherapy Machine 1st Edition by Andrew Rae,
Daniel Jackson, Prasad Ramanan, Jay Flanz,
Didier Leyman ISBN 3540398783 9783540398783 pdf
download
https://ebookball.com/product/lncs-2788-critical-feature-
analysis-of-a-radiotherapy-machine-1st-edition-by-andrew-rae-
daniel-jackson-prasad-ramanan-jay-flanz-didier-leyman-
isbn-3540398783-9783540398783-14498/
Explore and download more ebooks or textbooks
at ebookball.com
, Get Your Digital Files Instantly: PDF, ePub, MOBI and More
Quick Digital Downloads: PDF, ePub, MOBI and Other Formats
LNCS 2788 Automatic Timeliness Verification of a Public Mobile
Network 1st Edition by Ciancamerla, Minichino, Serro, Tronci ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-automatic-timeliness-
verification-of-a-public-mobile-network-1st-edition-by-
ciancamerla-minichino-serro-tronci-
isbn-3540398783-9783540398783-10904/
LNCS 2788 A Dependability Model for Domestic Systems 1st Edition by
Guy Dewsbury, Ian Sommerville, Karen Clarke, Mark Rouncefield ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-a-dependability-model-
for-domestic-systems-1st-edition-by-guy-dewsbury-ian-sommerville-
karen-clarke-mark-rouncefield-
isbn-3540398783-9783540398783-10176/
LNCS 2788 Visual Modeling and Verification of Distributed Reactive
Systems 1st Edition by Iqbal, AK Bhattacharjee, SD Dhodapkar, Ramesh
ISBN 3540398783 9783540398783
https://ebookball.com/product/lncs-2788-visual-modeling-and-
verification-of-distributed-reactive-systems-1st-edition-by-
iqbal-ak-bhattacharjee-sd-dhodapkar-ramesh-
isbn-3540398783-9783540398783-14518/
LNCS 2788 Software Tamper Resistance Using Program Certificates 1st
Edition by Hongxia Jin, Gregory Sullivan, Gerald Masson ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-software-tamper-
resistance-using-program-certificates-1st-edition-by-hongxia-jin-
gregory-sullivan-gerald-masson-
isbn-3540398783-9783540398783-9638/
,LNCS 2788 Using IEC 61508 to Guide the Investigation of Computer
Related Incidents and Accidents 1st Edition by Chris Johnson ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-using-iec-61508-to-guide-
the-investigation-of-computer-related-incidents-and-
accidents-1st-edition-by-chris-johnson-
isbn-3540398783-9783540398783-12290/
LNCS 2788 Security Policy Configuration Issues in Grid Computing
Environments 1st Edition by George Angelis, Stefanos Gritzalis, Costas
Lambrinoudakis ISBN 3540398783 9783540398783
https://ebookball.com/product/lncs-2788-security-policy-
configuration-issues-in-grid-computing-environments-1st-edition-
by-george-angelis-stefanos-gritzalis-costas-lambrinoudakis-
isbn-3540398783-9783540398783-10174/
LNCS 2788 Fault Tolerant Communication System to Improve Safety in
Railway Environments 1st Edition by César Mataix, Pedro MartÃ-n,
Francisco Javier RodrÃ-guez, MarÃ-a José Manzano, Javier Pozo ISBN
3540398783 9783540398783
https://ebookball.com/product/lncs-2788-fault-tolerant-
communication-system-to-improve-safety-in-railway-
environments-1st-edition-by-ca-c-sar-mataix-pedro-martan-
francisco-javier-rodraguez-maraa-josa-c-manzano-javier-pozo-
isbn-354/
Nonlinear Feature Selection by Relevance Feature Vector Machine 1st
Edition by Haibin Cheng, Haifeng Chen, Guofei Jiang, Kenji Yoshihira
9783540734987
https://ebookball.com/product/nonlinear-feature-selection-by-
relevance-feature-vector-machine-1st-edition-by-haibin-cheng-
haifeng-chen-guofei-jiang-kenji-yoshihira-9783540734987-9614/
Research Methods and Statistics A Critical Thinking Approach 3rd
Edition by Sherri Jackson 0495510017 978-0495510017
https://ebookball.com/product/research-methods-and-statistics-a-
critical-thinking-approach-3rd-edition-by-sherri-
jackson-0495510017-978-0495510017-17350/
, Critical Feature Analysis
of a Radiotherapy Machine
Andrew Rae1, Daniel Jackson2, Prasad Ramanan2, Jay Flanz3, Didier Leyman4
1
Information Technology and Electrical Engineering
University of Queensland, St Lucia, QLD Australia
Laboratory for Computer Science
2
Massachusetts Institute of Technology, Cambridge, MA
Northeast Proton Therapy Center
3
Massachusetts General Hospital, Boston, MA
4
Ion Beam Applications
Louvain-La-Neuve, Belgium
Abstract. The software implementation of the emergency shutdown feature in a
major radiotherapy system was analyzed, using a directed form of code review
based on module dependences. Dependences between modules are labelled by
particular assumptions; this allows one to trace through the code, and identify
those fragments responsible for critical features. An ‘assumption tree’ is con-
structed in parallel, showing the assumptions which each module makes about
others. The root of the assumption tree is the critical feature of interest, and its
leaves represent assumptions which, if not valid, might cause the critical feature
to fail. The analysis revealed some unexpected assumptions that motivated im-
provements to the code.
1 Introduction
A key difficulty in the analysis of large software systems is the isolation and evalu-
ation of critical source code. Ideally, safety critical requirements would be imple-
mented by safety critical modules, neatly isolated from the non-critical code. In
practice, the safety of a system is tightly bound to its correct operation, and a single
safety feature requires the cooperation of many modules.
This paper reports on our experiences analyzing the source code of a radiotherapy
machine. We concentrated on a single feature of the software—the emergency stop
function. As expected, we found that reasoning about this function required us to
make assumptions about the behaviour of other parts of the system. Inspecting the
tree of assumptions produced by our analysis exposed some conditions under which
the software might not behave as intended.
S. Anderson et al. (Eds.): SAFECOMP 2003, LNCS 2788, pp. 221−234, 2003.
Springer-Verlag Berlin Heidelberg 2003
