Safety-Guided Design through System-Theoretic Process Analysis, Benefits and Difficulties

Development environments for embedded systems are moving towards increased automation between Commercial Of The Shelf (COTS) engineering tools. While automation provides new opportunities for e.g. verification, it also to some extent decreases the possibility of identifying and acting on safety issues that arise during development. To investigate the relationship between tool integration and safety we performed a System-Theoretic Process Analysis (STPA) of a tool chain from an industrial case study. This tool chain was then reanalyzed and redesigned twice, in part motivated by identified hazards. This paper presents our experiences from applying STPA to safety-guided design in the context of integrating COTS engineering tools into tool chains. We discuss the benefits of and difficulties with applying STPA. We also suggest improvements that complement STPA with support methods and tools. The primary benefit was the support in categorizing risks and causes. The three difficulties we encountered were identifying context-specific causal factors, defining control structures across several domains (management, user, technical, etc.) and limiting the domains taken into account. The use of STPA during safety-guided design would be facilitated by the use of expert systems and simulation, especially in regard to relating different domains.QC 20220530iFES