Dependability Cases

Many large software systems display fragility or a lack of dependability caused by inattention to details at various stages of development (e.g., missing data, undocumented assumptions, lack of testing), resulting in a failure to catch errors. This technical note explains how to create a dependability case for a system that helps identify and keep track of such details. A dependability case is defined here as a structured argument providing evidence that a system meets its specified dependability requirements. The technical note describes how to structure the argument and present evidence to support it. A sample problem is presented, as well as issues raised by that problem and future goals

The Architecture Analysis & Design Language (AADL): An Introduction

In November 2004, the Society of Automotive Engineers (SAE) released the aerospace standard AS5506, named the Architecture Analysis & Design Language (AADL). The AADL is a modeling language that supports early and repeated analyses of a system's architecture with respect to performance-critical properties through an extendable notation, a tool framework, and precisely defined semantics. The language employs formal modeling concepts for the description and analysis of application system architectures in terms of distinct components and their interactions. It includes abstractions of software, computational hardware, and system components for (a) specifying and analyzing real-time embedded and high dependability systems, complex systems of systems, and specialized performance capability systems and (b) mapping of software onto computational hardware elements. The AADL is especially effective for model-based analysis and specification of complex real-time embedded systems. This technical note is an introduction to the concepts, language structure, and application of the AADL

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

SAE Standard Aerospace Recommended Practice (ARP) 4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, provides general guidance on evaluating the safety aspects of a design and identifies processes, methods, and tools to support the evaluation. The Architecture Analysis and Design Language (AADL) Error Model Annex defines features to enable specification of risk mitigation methods in an architecture and assessments of system properties such as safety and reliability. This report describes how the AADL Error Model Annex supports the safety assessment processes and techniques presented in SAE Standard ARP4761. It provides a mapping between constructs of the AADL Error Model Annex and the assessment techniques identified in ARP4761 and presents examples of using the Error Model Annex with those techniques. The processes and techniques of the ARP4761 standard that this report addresses are the Functional Hazard Assessment, Preliminary System Safety Assessment, System Safety Assessment, Fault Tree Analysis, Failure Modes and Effects Analysis, Markov Analysis, and Dependence Diagrams, also referred to as Reliability Block Diagrams.</p

Architecture Fault Modeling and Analysis with the Error Model Annex, Version 2

<p>Safety-critical software-reliant systems must manage component failures and conditions of anomalous interaction among components as hazards that affect a system's safety, reliability, and security so the potential effects of hazards on system operation are reduced to an acceptable risk. Standards and recommended practices for safety-critical systems outline methods for analysis, but security-related practices are typically addressed through separate guidance. This report provides guidance on using the Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling and analysis, which supports automated safety, reliability, and security analyses from the same annotated architecture model to ensure consistency across analysis results. EMV2 augments architecture models expressed in the Architecture Analysis & Design Language with fault information to characterize anomalous conditions. The report introduces concepts for architecture fault modeling of systems in an operational environment at three levels of abstraction. In addition, EMV2 introduces the concept of error types to characterize exceptional conditions and their propagation. Finally, EMV2 allows users to specify which system components are expected to detect, report, and manage anomalous conditions and their propagation and to reflect the effects of recovery and repair actions as error behavior states. The report includes several example models.</p

Embedded System Architecture Analysis Using SAE AADL

The emerging Society of Automotive Engineers Architecture Analysis and Design Language (AADL) standard is an architecture modeling language for real-time, fault-tolerant, scalable, embedded, multiprocessor systems. It enables the development and predictable integration of highly evolvable systems as well as analysis of existing systems. It supports early and repeated analyses of a system's architecture with respect to performance-critical properties through an extendable notation, a tool framework, and precisely defined semantics. This report discusses the role and benefits of using the AADL in the process of analyzing an existing avionics system. The AADL is used to describe architecture patterns in the system being analyzed and to identify potentially systemic issues in the system. Findings related to timing, scheduling, and fault tolerance and the benefits of the use of the AADL are examined. The report also highlights the benefits of working with architecture abstractions that are reflected in the AADL notation, in particular the separation of architecture design decisions from implementation decisions. Such a lightweight architecture analysis is typically followed by a full-scale AADL model of the system with required and actual timing, performance, and reliability figures, and its analysis to determine whether the requirements are met

Framework Document: Model-Based Verification Pilot Study

This Pilot Study Framework document describes the processes, activities, artifacts, and deliverables associated with an Engineering Practice Investigation of Model-Based Verification (MBV)

Model-Based Verification: Abstraction Guidelines

Model-Based Verification (MBV) is a systematic approach to finding defects (errors) in software requirements, designs, or code. The approach judiciously incorporates mathematical formalism, in the form of models, to provide a disciplined and logical analysis practice, rather than a "proof of correctness" strategy. This technical note presents a number of abstraction techniques that can be used to build essential models of system behavior in the context of MBV and details a methodology for creating state machine models using those techniques. In building essential models, abstraction is used to hide details and expose the entities, variables, states, and transitions needed to construct a state machine model. Through illustrative examples, this technical note identifies the types of simplifications that are useful and effective and highlights the importance of the perspective in determining what are the important elements to include in an abstracted model

Evaluating and Mitigating the Impact of Complexity in Software Models

Software Engineering Institut

Model-Based Verification -- Scope, Formalism, and Perspective Guidelines

The goal of model-based verification (MBV) is to reduce the number of defects. Like any other quality assurance (QA) technique, it is not equally efficient in every situation. It is critical to determine where and how to use MBV to achieve the largest impact in terms of the number and criticality of defects found with a reasonable amount of effort. This document provides guidance for defining the scope, formalism (approach and tools), and perspective for applying MBV. The critical (important or risky) aspects of the system and its development, including both programmatic and technical issues, drive these choices and form the basis for these guidelines

Model-Based Verification: Claim Creation Guidelines

Model Based Verification (MBV) is a systematic approach to finding defects (errors) in software requirements, designs, or code. MBV involves creating essential models of system behavior and analyzing these models against formal representations of expected properties, known as claims. Claim generation has been identified as a particularly complex activity within model-based verification. This technical note describes a pattern-based approach to facilitate claim generation. The report includes a list of directly usable patterns for the most frequent expected properties found in system specifications