Safety-Oriented Design of Component Assemblies using Safety Interfaces

AbstractThis paper promotes compositional reasoning in the context of safety-critical systems, and demonstrates a safety-oriented component model using an application from the automotive industry: an Adaptive Cruise Controller (ACC). The application consists of four components for which a set of 18 fault modes have been identified. We show the impact of all single faults and double faults selected from this set, on a safety property associated with the ACC assembly. Analysis related to each fault mode is performed using compositional rules and derived safety interfaces for each component.The derivation of safety interfaces for the ACC components has been supported by implementation of two extensions to the SCADE tool set: (1) a front end that iteratively and automatically builds the environment in which the component is resilient in presence of a given fault, (2) fault mode libraries that can be reused for modeling several classes of faults affecting the input of a component. The result of the study is the illustration of system level safety in presence of certain single and double faults, based on compositional reasoning and the automatically generated interfaces. The component model uses reactive modules as the formal notation. The instantiation of the model in terms of modules specified in SCADE provides a link between formal analysis of components in safety-critical systems and the traditional engineering processes supported by model-based development