Safety-Oriented Design of Component Assemblies using Safety Interfaces

This paper promotes compositional reasoning in the context of safety-critical systems, and demonstrates a safety-oriented component model using an application from the automotive industry: an Adaptive Cruise Controller (ACC). The application consists of four components for which a set of 18 fault modes have been identified. We show the impact of all single faults and double faults selected from this set, on a safety property associated with the ACC assembly. Analysis related to each fault mode is performed using compositional rules and derived safety interfaces for each component. The derivation of safety interfaces for the ACC components has been supported by implementation of two extensions to the SCADE tool set: (1) a front end that iteratively and automatically builds the environment in which the component is resilient in presence of a given fault, (2) fault mode libraries that can be reused for modeling several classes of faults affecting the input of a component. The result of the study is the illustration of system level safety in presence of certain single and double faults, based on compositional reasoning and the automatically generated interfaces. The component model uses reactive modules as the formal notation. The instantiation of the model in terms of modules specified in SCADE provides a link between formal analysis of components in safety-critical systems and the traditional engineering processes supported by model-based development.

[1]  Dorian Petit,et al.  The B Method and the Component-Based Approach , 2004, Trans. SDPS.

[2]  András Pataricza,et al.  Checking General Safety Criteria on UML Statecharts , 2001, SAFECOMP.

[3]  A. Rauzy,et al.  AltaRica : Constraint automata as a description language , 1999 .

[4]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[5]  Mats Per Erik Heimdahl,et al.  Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier , 2005, SAFECOMP.

[6]  Jan Jürjens,et al.  Developing Safety-Critical Systems with UML , 2003, UML.

[7]  Felix Redmill,et al.  System Safety: HAZOP and Software HAZOP , 1999 .

[8]  Lars Grunske,et al.  Model-Driven safety evaluation with state-event-based component failure annotations , 2005, CBSE'05.

[9]  John A. McDermid,et al.  Safety Case Construction and Reuse Using Patterns , 1997, SAFECOMP.

[10]  Tim Kelly,et al.  Supporting the use of COTS in safety critical applications , 1997 .

[11]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[12]  Andrea Bondavalli,et al.  Failure classification with respect to detection , 1990, [1990] Proceedings. Second IEEE Workshop on Future Trends of Distributed Computing Systems.

[13]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[14]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[15]  G. Stålmarck,et al.  Integration of Formal Methods into System Safety and Reliability Analysis , 1999 .

[16]  Thomas A. Henzinger,et al.  Reactive Modules , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[17]  Simin Nadjm-Tehrani,et al.  Formal verification of fault tolerance in safety-critical reconfigurable modules , 2005, International Journal on Software Tools for Technology Transfer.

[18]  Simin Nadjm-Tehrani,et al.  Safety Interfaces for Component-Based Systems , 2005, SAFECOMP.

[19]  Marco Bozzano,et al.  ESACS: an integrated methodology for design and safety analysis of complex systems , 2003 .

[20]  Howard Barringer,et al.  Component Verification with Automatically Generated Assumptions , 2005, Automated Software Engineering.

[21]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[22]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[23]  Ivica Crnkovic,et al.  SaveCCM - a component model for safety-critical real-time systems , 2004 .

[24]  하수철,et al.  [서평]「Component Software」 - Beyond Object-Oriented Programming - , 2000 .

[25]  Yan Jin,et al.  Component-based design and analysis: a case study , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[26]  John Håkansson,et al.  SaveCCM: An Analysable Component Model for Real-Time Systems , 2006, FACS.

[27]  Bernhard Schätz,et al.  Integrated Development of Embedded Systems with Auto F OCUS ∗ , 2002 .

[28]  Peter G. Bishop,et al.  Software Criticality Analysis of COTS/SOUP , 2002, SAFECOMP.