Automated Fault Tree Analysis from AADL Models

Cyber-physical systems, used in domains such as avionics or medical devices, perform critical functions where a fault might have catastrophic consequences (mission failure, severe injuries, etc.). Their development is guided by rigorous practice standards that prescribe safety analysis methods in order to verify that failure have been correctly evaluated and/or mitigated. This laborintensive practice typically focuses system safety analysis on system engineering activities. As reliance on software for system operation grows, embedded software systems have become a major source of hazard contributors. Studies show that late discovery of errors in embedded software system have resulted in costly rework, making up as much as 50% of the total software system cost. Automation of the safety analysis process is key to extending safety analysis to the software system and to accommodate system evolution. In this paper we discuss three elements that are key to safety analysis automation in the context of fault tree analysis (FTA). First, generation of fault trees from annotated architecture models consistently reflects architecture changes in safety analysis results. Second, use of a taxonomy of failure effects ensures coverage of potential hazard contributors is achieved. Third, common cause failures are identified based on architecture information and reflected appropriately in probabilistic fault tree analysis. The approach utilizes the SAE Architecture Analysis & Design Language (AADL) standard and the recently published revised Error Model Annex V2 (EMV2) standard to represent annotated architecture models of systems and embedded software systems. The approach takes into account error sources specified with an EMV2 error propagation type taxonomy and occurrence probabilities as well as direct and indirect propagation paths between system components identified in the architecture model to generate a fault graph and apply transformations into a fault tree representation to support common mode analysis, cut set determination and probabilistic analysis.

[1]  平岡 洋二 Fault Tree Analysisを用いた高信頼性設計およびその知識マネジメント : Fault Tree Analysis支援システム開発と自動車部品開発における効果検証 , 2013 .

[2]  D. Parker,et al.  Engineering Failure Analysis & Design Optimisation with HiP-HOPS , 2012 .

[3]  Julien Delange,et al.  Architecture-led Diagnosis and Verification of a Stepper Motor Controller , 2016 .

[4]  Anjali Joshi,et al.  Automatic Generation of Fault Trees from AADL Models , 2007 .

[5]  Karama Kanoun,et al.  A System Dependability Modeling Framework Using AADL and GSPNs , 2006, WADS.

[6]  Myron Hecht,et al.  Using SysML to Automatically Generate of Failure Modes and Effects Analyses , 2015 .

[7]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[8]  Gregory Tassey,et al.  Prepared for what , 2007 .

[9]  Mariëlle Stoelinga,et al.  Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools , 2014, Comput. Sci. Rev..

[10]  Steven P. Miller,et al.  A proposal for model-based safety analysis , 2005, 24th Digital Avionics Systems Conference.

[11]  Peter H. Feiler,et al.  Challenges in Validating Safety-Critical Embedded Systems , 2009 .

[12]  Martin Walker,et al.  Engineering failure analysis and design optimisation with HiP-HOPS , 2011 .

[13]  Richard F. Paige,et al.  FPTC: Automated Safety Analysis for Domain-Specific Languages , 2008, MoDELS Workshops.

[14]  Michael W. Whalen,et al.  Efficient generation of inductive validity cores for safety properties , 2016, SIGSOFT FSE.

[15]  Christoph Lauer,et al.  Fault tree synthesis from UML models for reliability analysis at early design stages , 2011, SOEN.

[16]  Donald T Ward,et al.  Estimating Return on Investment for SAVI (a Model-Based Virtual Integration Process) , 2011 .

[17]  David Powell Failure mode assumptions and assumption coverage , 1992 .

[18]  Julien Delange,et al.  Architecture Fault Modeling and Analysis with the Error Model Annex, Version 2 , 2016 .

[19]  Pierre Bieber,et al.  Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System , 2002, EDCC.

[20]  Julien Delange,et al.  AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment , 2014 .

[21]  Neeraj Suri,et al.  The customizable fault/error model for dependable distributed systems , 2003, Theor. Comput. Sci..

[22]  Thomas Noll,et al.  Characterization of Failure Effects on AADL Models , 2013, SAFECOMP.