Automatic Generation of RAMS Analyses from Model-based Functional Descriptions using UML State Machines

In today's industrial practice, safety, reliability or availability artifacts such as fault trees, Markov models or FMEAs are mainly created manually by experts, often distinctively decoupled from systems engineering activities. Significant efforts, costs and timely requirements are involved to conduct the required analyses. In this paper, we describe a novel integrated model-based approach of systems engineering and dependability analyses. The behavior of system components is specified by UML state machines determining intended/correct and undesired/faulty behavior. Based on this information, our approach automatically generates different dependability analyses in the form of fault trees. Hence, alternative system layouts can easily be evaluated. The same applies for simple variations of the logical input-output relations of logical units such as controllers. We illustrate the feasibility of our approach with the help of simple examples using a prototypical implementation of the presented concepts

Safety-oriented design of component assemblies using safety interfaces

This paper promotes compositional reasoning in the context of safety-critical systems, and demonstrates a safety-oriented component model using an application from the automotive industry: an Adaptive Cruise Controller (ACC). The application consists of four components for which a set of 18 fault modes have been identified. We show the impact of all single faults and double faults selected from this set, on a safety property associated with the ACC assembly. Analysis related to each fault mode is performed using compositional rules and derived safety interfaces for each component. The derivation of safety interfaces for the ACC components has been supported by implementation of two extensions to the SCADE tool set: (1) a front end that iteratively and automatically builds the environment in which the component is resilient in presence of a given fault, (2) fault mode libraries that can be reused for modeling several classes of faults affecting the input of a component. The result of the study is the illustration of system level safety in presence of certain single and double faults, based on compositional reasoning and the automatically generated interfaces. The component model uses reactive modules as the formal notation. The instantiation of the model in terms of modules specified in SCADE provides a link between formal analysis of components in safety-critical systems and the traditional engineering processes supported by model-based development. Keywords: Component-based system development, safety, component assemblies, safety interfaces, fault modes, SCADE