Abstract
Developing and certifying safety-critical and highly reliable systems almost always includes significant emphasis on hazard analysis and risk assessment. There have been substantial improvements in automation and formalization of other aspects of critical system engineering including model-driven development, analysis of source code and models, and verification techniques. However, hazard analysis and risk assessment are still largely manual and informal activities, tool support is limited (which for both development and auditing, increases time and effort and reduces accuracy and correctness), and artifacts are not integrated with architectural descriptions, system interfaces, high-level behavioral descriptions or code.
The Error Model annex of the Architecture Analysis and Design Language (AADL) provides formal and automated support for a variety of forms of hazard analysis and risk assessment activities. Specifically, it enables engineers to formally specify errors, error propagation, error mitigation -- using annotations that are integrated with formal architecture and behavioral descriptions written in AADL. Plug-ins to the Open-Source AADL Tool Environment (OSATE) process these annotations to provide various forms of (semi)-automated support for reliability predication and tasks necessary to support common hazard analysis and risk assessment techniques such as Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA), and Functional Hazard Analysis (FHA).
In this paper, we illustrate basic aspects of Error Modeling in AADL using a simple safety-critical medical system -- an infant incubator called "Isolette". We summarize standard tasks involved in FMEA and FTA, we illustrate the principal steps involved in AADL Error Modeling for the Isolette, and we describe how those steps relate to FMEA and FTA. We give a brief survey of emerging automated analysis tools implemented as plug-ins to the AADL OSATE environment that process error modeling annotations. We believe this introduction to Error Modeling in AADL can expose engineers of high-integrity systems to techniques and tools that can provide a more rigorous, automated, and integrated approach to important risk management activities.
- Architecture Analysis & Design Language. www.aadl.info, 2012.Google Scholar
- J. Delange, P. Feiler, D. Gluch, and J. Hudak. AADL fault modeling and analysis within an ARP4761 safety assessment. Technical report, Carnegie Mellon Software Engineering Institute, 2013.Google Scholar
- E. S. Dominique Blouin, Skander Turki. AADL requirements annex (draft, progress update). https://wiki.sei.cmu.edu/aadl/images/a/af/Requirements annex aadl standards meeting 16-19 04 2012.pdf|.Google Scholar
- C. A. Ericson. Hazard Analysis Techniques for System Safety. Wiley-Interscience, 2005.Google Scholar
Cross Ref
- P. Feiler. Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model V2 Annex. Number SAE AS5506/3 (Draft) in SAE Aerospace Standard. SAE International, 2013.Google Scholar
- P. Feiler and D. Gluch. Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis and Design Language. Addison-Wesley, 2012. Google Scholar
Digital Library
- P. H. Feiler, J. Hansson, D. de Niz, and L. Wrage. System architecture virtual integration: An industrial case study. Technical Report CMU/SEI-2009-TR-017, CMU, 2009.Google Scholar
- P. Fenelon and J. A. Mcdermid. An integrated toolset for software safety analysis. Journal of Systems and Software, 21:279--290, 1993. Google Scholar
Digital Library
- J. Hatcliff, A. King, I. Lee, A. Fernandez, A. McDonald, E. Vasserman, and S. Weininger. Rationale and architecture principles for medical application platforms. In Proceedings of the 2012 International Conference on Cyberphysical Systems, 2012. Google Scholar
Digital Library
- M. Kwiatkowska, G. Norman, and D. Parker. PRISM 4.0: Verification of probabilistic real-time systems. In G. Gopalakrishnan and S. Qadeer, editors, Proc. 23rd International Conference on Computer Aided Verification (CAV?11), volume 6806 of LNCS, pages 585--591. Springer, 2011. Google Scholar
Digital Library
- B. R. Larson, J. Hatcliff, and P. Chalin. Open source patient-controlled analgesic pump requirements documentation. In Proceedings of the International Workshop on Software Engineering in Healthcare, San Francisco, May 2013.Google Scholar
Cross Ref
- D. Lempia and S. Miller. DOT/FAA/AR-08/32. Requirements Engineering Management Handbook, 2009.Google Scholar
- N. Leveson. Safeware: System Safety and Computers. Addison-Wesley, 1995. Google Scholar
- N. Leveson. Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, 2012.Google Scholar
Cross Ref
- O-Sys. OpenFTA - http://www.openfta.com, 2013.Google Scholar
- SAE International. ARP4761 - Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, 1996.Google Scholar
- SEI/CMU. Open Source AADL Tool Environment (OSATE) - https://wiki.sei.cmu.edu/aadl, 2013.Google Scholar
- M. Wallace. Modular architectural representation and analysis of fault propagation and transformation. In Proc. FESCA 2005, ENTCS 141(3), Elsevier, pages 53--71, 2005. Google Scholar
Digital Library
- System Architecture Virtual Integration (SAVI) Initiative. https://wiki.sei.cmu.edu/aadl/index.php/Projects_and_Initiatives#AVSI_ SAVIwiki.sei.cmu.edu/aadl/index.php/Projects and Initiatives, 2012.Google Scholar
Index Terms
Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device
Recommendations
Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device
HILT '13: Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technologyDeveloping and certifying safety-critical and highly reliable systems almost always includes significant emphasis on hazard analysis and risk assessment. There have been substantial improvements in automation and formalization of other aspects of ...
A Qualitative Safety Analysis Method for AADL Model
SERE-C '14: Proceedings of the 2014 IEEE Eighth International Conference on Software Security and Reliability-CompanionFMECA (Failure Modes, Effects and Criticality Analysis) is an effective systematic process to evaluate software safety. In this paper, the safety model of embedded systems is built by integrating the AADL (Architecture Analysis and Design Language) ...
Architecture Fault Modeling with the AADL Error-Model Annex
SEAA '14: Proceedings of the 2014 40th EUROMICRO Conference on Software Engineering and Advanced ApplicationsSafety-Critical systems, as used in the automotive, avionics, or aerospace domains, are becoming increasingly software-reliant to the extent that the system cannot function without the software. On one hand the software system provides an integrated set ...







Comments