A Model-Based Safety Analysis of Dependencies Across Abstraction Layers

Identifying and mitigating possible failure propagation from one safety-critical application to another through common infrastructural components is a challenging task. Examples of such dependencies across software-stack layers (e.g., between application and middleware layer) are common causes and failure propagation scenarios in which a failure of one software component propagates to another software component through shared services and/or common computational resources. To account for this, safety standards demand freedom from interference in order to control failure propagation between mixed-critical software components. Safety analysis is typically focused on one abstraction layer, while robustness tests try to find failure propagation paths across abstraction layers. To this end, this paper presents a model-based failure propagation analysis combining failure propagation within and across abstraction layers. A classification of dependencies in combination with fault trees is used to perform a model-based dependency analysis. In addition, a novel modeling technique for integrating failure propagation aspects resulting from shared services and resources is presented. The analysis was used to carry out an early safety assessment of a real-world automotive redundancy mechanism within an integrated architecture. The results show that the method improved reusability and modularity, and made it easier to estimate failure propagation issues, including possible violations of freedom from interference within an integrated system.

[1]  Gianluca Palermo,et al.  Early Stage Interference Checking for Automatic Design Space Exploration of Mixed Critical Systems , 2017, RAPIDO.

[2]  Henrik Theiling,et al.  Multicore in Real-Time Systems – Temporal Isolation Challenges due to Shared Resources , 2013, DATE 2013.

[3]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[4]  Rüdiger Kapitza,et al.  Fail∗: Towards a versatile fault-injection experiment framework , 2012, ARCS 2012.

[5]  H. Kopetz,et al.  Automotive Software Development for a Multi-Core System-on-a-Chip , 2007, Fourth International Workshop on Software Engineering for Automotive Systems (SEAS '07).

[6]  Marc Zeller,et al.  ALFRED: A Methodology to Enable Component Fault Trees for Layered Architectures , 2015, 2015 41st Euromicro Conference on Software Engineering and Advanced Applications.

[7]  Michael Behrisch,et al.  Improving the Efficiency of Dislocality Constraints for an Automated Software Deployment in Safety-Critical Systems , 2018, Software Engineering.

[8]  St. Kowalewski,et al.  Entwurfsmuster für fehlertolerante softwareintensive Systeme (Design Patterns for Fault-Tolerant Software-Intensive Systems) , 2002 .

[9]  Peter Liggesmeyer,et al.  Modeling Quality Aspects: Safety , 2012, Model-Based Engineering of Embedded Systems.

[10]  Paul De Meulenaere,et al.  Powerwindow: a Multi-component TACLeBench Benchmark for Timing Analysis , 2016, 3PGCIC.

[11]  Martin Walker,et al.  Engineering failure analysis and design optimisation with HiP-HOPS , 2011 .

[12]  Peter H. Feiler,et al.  The Architecture Analysis & Design Language (AADL): An Introduction , 2006 .

[13]  Bastian Zimmer,et al.  A Systematic Approach for Software Interference Analysis , 2014, 2014 IEEE 25th International Symposium on Software Reliability Engineering.

[14]  Bernhard Kaiser,et al.  Contract-Based Design of Embedded Systems Integrating Nominal Behavior and Safety , 2015, Complex Syst. Informatics Model. Q..

[15]  Vasilis Fthenakis,et al.  Hazard and operability (HAZOP) analysis. A literature review. , 2010, Journal of hazardous materials.

[16]  Rushby John,et al.  Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance , 1999 .

[17]  Mario Trapp,et al.  Vertical Safety Interfaces - Improving the Efficiency of Modular Certification , 2011, SAFECOMP.

[18]  Hans-Christian Reuss,et al.  A Model-Driven Approach for Dependent Failure Analysis in Consideration of Multicore Processors Using Modified EAST-ADL , 2017 .

[19]  Daniel Schneider,et al.  Conditional Safety Certification of Open Adaptive Systems , 2013, TAAS.

[20]  B. L. Di Vito,et al.  A model of cooperative noninterference for integrated modular avionics , 1999 .

[21]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[22]  Patrik Feth,et al.  Service-based Modeling of Cyber-Physical Automotive Systems: A Classification of Services , 2016 .

[23]  Peter Liggesmeyer,et al.  A formal approach for automating compositional safety analysis using flow type annotations in component fault trees , 2017 .