skip to main content
research-article

Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device

Authors Info & Claims
Published:10 November 2013Publication History
Skip Abstract Section

Abstract

Developing and certifying safety-critical and highly reliable systems almost always includes significant emphasis on hazard analysis and risk assessment. There have been substantial improvements in automation and formalization of other aspects of critical system engineering including model-driven development, analysis of source code and models, and verification techniques. However, hazard analysis and risk assessment are still largely manual and informal activities, tool support is limited (which for both development and auditing, increases time and effort and reduces accuracy and correctness), and artifacts are not integrated with architectural descriptions, system interfaces, high-level behavioral descriptions or code.

The Error Model annex of the Architecture Analysis and Design Language (AADL) provides formal and automated support for a variety of forms of hazard analysis and risk assessment activities. Specifically, it enables engineers to formally specify errors, error propagation, error mitigation -- using annotations that are integrated with formal architecture and behavioral descriptions written in AADL. Plug-ins to the Open-Source AADL Tool Environment (OSATE) process these annotations to provide various forms of (semi)-automated support for reliability predication and tasks necessary to support common hazard analysis and risk assessment techniques such as Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA), and Functional Hazard Analysis (FHA).

In this paper, we illustrate basic aspects of Error Modeling in AADL using a simple safety-critical medical system -- an infant incubator called "Isolette". We summarize standard tasks involved in FMEA and FTA, we illustrate the principal steps involved in AADL Error Modeling for the Isolette, and we describe how those steps relate to FMEA and FTA. We give a brief survey of emerging automated analysis tools implemented as plug-ins to the AADL OSATE environment that process error modeling annotations. We believe this introduction to Error Modeling in AADL can expose engineers of high-integrity systems to techniques and tools that can provide a more rigorous, automated, and integrated approach to important risk management activities.

References

  1. Architecture Analysis & Design Language. www.aadl.info, 2012.Google ScholarGoogle Scholar
  2. J. Delange, P. Feiler, D. Gluch, and J. Hudak. AADL fault modeling and analysis within an ARP4761 safety assessment. Technical report, Carnegie Mellon Software Engineering Institute, 2013.Google ScholarGoogle Scholar
  3. E. S. Dominique Blouin, Skander Turki. AADL requirements annex (draft, progress update). https://wiki.sei.cmu.edu/aadl/images/a/af/Requirements annex aadl standards meeting 16-19 04 2012.pdf|.Google ScholarGoogle Scholar
  4. C. A. Ericson. Hazard Analysis Techniques for System Safety. Wiley-Interscience, 2005.Google ScholarGoogle ScholarCross RefCross Ref
  5. P. Feiler. Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model V2 Annex. Number SAE AS5506/3 (Draft) in SAE Aerospace Standard. SAE International, 2013.Google ScholarGoogle Scholar
  6. P. Feiler and D. Gluch. Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis and Design Language. Addison-Wesley, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. H. Feiler, J. Hansson, D. de Niz, and L. Wrage. System architecture virtual integration: An industrial case study. Technical Report CMU/SEI-2009-TR-017, CMU, 2009.Google ScholarGoogle Scholar
  8. P. Fenelon and J. A. Mcdermid. An integrated toolset for software safety analysis. Journal of Systems and Software, 21:279--290, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. Hatcliff, A. King, I. Lee, A. Fernandez, A. McDonald, E. Vasserman, and S. Weininger. Rationale and architecture principles for medical application platforms. In Proceedings of the 2012 International Conference on Cyberphysical Systems, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Kwiatkowska, G. Norman, and D. Parker. PRISM 4.0: Verification of probabilistic real-time systems. In G. Gopalakrishnan and S. Qadeer, editors, Proc. 23rd International Conference on Computer Aided Verification (CAV?11), volume 6806 of LNCS, pages 585--591. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. R. Larson, J. Hatcliff, and P. Chalin. Open source patient-controlled analgesic pump requirements documentation. In Proceedings of the International Workshop on Software Engineering in Healthcare, San Francisco, May 2013.Google ScholarGoogle ScholarCross RefCross Ref
  12. D. Lempia and S. Miller. DOT/FAA/AR-08/32. Requirements Engineering Management Handbook, 2009.Google ScholarGoogle Scholar
  13. N. Leveson. Safeware: System Safety and Computers. Addison-Wesley, 1995. Google ScholarGoogle Scholar
  14. N. Leveson. Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, 2012.Google ScholarGoogle ScholarCross RefCross Ref
  15. O-Sys. OpenFTA - http://www.openfta.com, 2013.Google ScholarGoogle Scholar
  16. SAE International. ARP4761 - Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, 1996.Google ScholarGoogle Scholar
  17. SEI/CMU. Open Source AADL Tool Environment (OSATE) - https://wiki.sei.cmu.edu/aadl, 2013.Google ScholarGoogle Scholar
  18. M. Wallace. Modular architectural representation and analysis of fault propagation and transformation. In Proc. FESCA 2005, ENTCS 141(3), Elsevier, pages 53--71, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. System Architecture Virtual Integration (SAVI) Initiative. https://wiki.sei.cmu.edu/aadl/index.php/Projects_and_Initiatives#AVSI_ SAVIwiki.sei.cmu.edu/aadl/index.php/Projects and Initiatives, 2012.Google ScholarGoogle Scholar

Index Terms

  1. Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!