This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Fault-Tree Generation for Embedded Software Implementing Dual-Path Checking
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 12, 2011 by SAE International in United States
Annotation ability available
Given the fast changing market demands, the growing complexity of features, the shorter time to market, and the design/development constraints, the need for efficient and effective verification and validation methods are becoming critical for vehicle manufacturers and suppliers. One such example is fault-tree analysis. While fault-tree analysis is an important hazard analysis/verification activity, the current process of translating design details (e.g., system level and software level) is manual. Current experience indicates that fault tree analysis involves both creative deductive thinking and more mechanical steps, which typically involve instantiating gates and events in fault trees following fixed patterns. Specifically for software fault tree analysis, a number of the development steps typically involve instantiating fixed patterns of gates and events based upon the structure of the code. In this work, we investigate a methodology to translate software programs to fault trees. In particular we investigate software architectures for dual-path safety checking. Dual-path checking is used to verify computations; a primary chain of functions computes the desired variable, and a secondary chain of functions computes an approximation of the desired variable. The end results of the two paths are compared. If the computed values are within a certain tolerable range of each other, then the computation of the primary path is accepted. If the computed values are out of the tolerable range, then an error is indicated, and an error handler is invoked. For dual-path checking to function as intended, one needs to identify any common cause failures resulting from the dependencies on a shared variable across the two paths, and mitigate the risk of failures for those variables. In this paper, we focus on detecting safety-critical variables for dual path implementations using fault trees. The work discusses different issues in dual path checks and possible templates that can be used to generate fault trees for dual paths.
CitationGhosal, A., Czerny, B., and D'Ambrosio, J., "Fault-Tree Generation for Embedded Software Implementing Dual-Path Checking," SAE Technical Paper 2011-01-1004, 2011, https://doi.org/10.4271/2011-01-1004.
- Ericson, C. A. II “ Hazard Analysis Techniques for System Safety ” John Wiley & Sons New Jersey 2005
- Leveson, N.G. “ Safeware: System Safety and Computers ” Addison Wesley 2001
- Amberkar, S. Czerny, B. D'Ambrosio, J. Demerly, J. et al. “A Comprehensive Hazard Analysis Technique for Safety-Critical Automotive Systems,” SAE Technical Paper 2001-01-0674 2001 10.4271/2001-01-0674
- US Nuclear Regulatory Commission “ Fault Tree Handbook ” NUREG-0492 January 1981
- Czerny, B. D'Ambrosio, J. “ An Integrated Hazard Analysis Approach for Safety-Critical Automotive Systems ” Proceedings of the International System Safety Conference 2004
- Czerny, B. D'Ambrosio, J. “ An Hierarchical FMEA Unified System Model for Comprehensive Hazard Analysis ,” Proceedings of the International System Safety Conference 2006
- Czerny, B. J. D'Ambrosio, J.G. “A Hierarchical FMEA Approach as Part of a Comprehensive Hazard Analysis Method for Safety-Critical Automotive Systems,” SAE 2006 World Congress & Exhibition April 2006
- Papadopoulos, Y. Maruhn, M. “ Model-Based Synthesis of Fault Trees from Matlab - Simulink Models ” Dependable Systems and Networks 2001
- Voas, J. Miller, K. “ An Automated Code-Based Fault-Tree Mitigation Technique ” SAFECOMP 1995, 14 th International Conference on Computer Safety, Reliability and Security
- Raaphorst, A. G. T. Netten, B. D. Vingerhoeds, R. A. “ Automated Fault-Tree Generation For Operational Fault Diagnosis ” Electric Railways in a United Europe, Conference Publication No. 405 IEE 1995
- Rae, A. Lindsay, P. “ A Behaviour-Based Method for Fault Tree Generation ” Proceedings of the 22 nd International System Safety Conference 2004
- Dehlinger, J. Dugan, J. B. “ Analyzing Dynamic Fault Trees Derived From Model-Based System Architectures ” Nuclear Engineering and Technology 40 5 August 2008
- Majdara, A. Wakabayashi, T. “ Component-based Modeling of Systems for Automated Fault Tree Generation ” Reliability Engineering and System Safety 94 2009 Elsevier Ltd.