Application of Safety Analyses in Model Driven Development

Some high integrity software systems require the rigorous validation of safety properties. Assessing whether software architectures are able to meet these requirements is of great interest: to avoid the risk that the implementation does not fulfill requirements due to a bad design, and, to reduce the development cost of safety critical parts of the system. Safety analyses like FMECA and FTA are two methods used during preliminary safety assessments. We have implemented tools to automatically generate safety analyses from the models of the architecture: a UML profile for safety, modeling languages to express safety analyses, and a model transformation chain. Safety analysts can use these tools to annotate the models, analyze the architecture, and recommend system engineers mitigation means to apply for improving the architecture.