Supporting Safety Evaluation Process using AADL

Cyber-physical systems, used in domains such as avionics or medical devices, perform safety-critical functions where a fault might have catastrophic consequences (mission failure, severe injuries, etc.). Their development is guided by rigorous practice standards to avoid any error. However, as more software-based functions are integrated into a system, interaction complexity has increased significantly over the years. While software appears to ease upgrades and adaptation, interaction complexity, e.g., due to shared hardware resources, has resulted in high error leakage to system integration. Late discovery of errors introduced in requirements and architecture design have resulted in costly rework, making up as much as 70% of the total software system cost. To overcome these issues, architecture-centric model-based approaches abstract system concerns into analyzable architecture models. These models are then analyzed to spot and detect errors, issues or defects that are usually detected lately in the development process (likely testing or operational phases) and incur a costly rework and re-engineering efforts. This predictive analysis approach is often used for time-related performance criteria, such as schedulability and latency. Despite their importance, safety and reliability criteria are still investigated by system engineers in a labor-intensive process and are often not revisited later in development. Assumptions made during such early analysis may be violated during design and implementation and may ignore fault contributors that are due to software design and coding errors. To address this issue, we have added an error behavior annotation to SAE AADL, an international language standard for modeling embedded software system architectures that captures the interaction between software, hardware and the physical system in a single notation. We have added tools to process the enhanced notation in support of safety and reliability practice standards, such as SAE ARP4761. By automating system analysis and generating adequate documentation, we show how we can assist engineers in validating system architecture and make the safety/reliability evaluation process repeatable and less error-prone.