System safety analysis techniques are well-established and are a required activity in the development of commercial aircraft and safety-critical ground systems. However, these techniques are based on informal system descriptions that are separate from the actual system design artifacts, and are highly dependent on the skill and intuition of a safety analyst. The lack of precise models of the system architecture and its failure modes often forces safety analysts to devote significant effort to gathering architectural details about the system behavior from multiple sources and embedding this information in safety artifacts, such as fault trees.
While model-based development (MBD) methods are widely used in the aerospace industry, they are generally disconnected from the safety analysis process itself. Model-based systems engineering (MBSE) methods and tools now permit system-level requirements to be specified and analyzed early in the development process. These tools can also be used to perform safety analysis based on the system architecture and initial functional decomposition. Design models from which aircraft systems are developed can be integrated into the safety analysis process to help guarantee accurate and consistent results. This is especially critical as both airborne and ground-based software for aircraft operating in the National Airspace System (NAS) continues to grow in complexity.
Under previous NASA funding, Rockwell Collins and the University of Minnesota developed and demonstrated an approach to model-based safety analysis. New MBSE tools that incorporate assume-guarantee compositional analysis techniques provide the basis for greatly improving earlier approaches to safety analysis and can be used to ensure model consistency, correctness of assumptions, and better scalability.
Using our AADL-based system architecture modeling and analysis tools as an exemplar, we will extend existing analysis methods to support system safety objectives of ARP4754A and ARP4761. This will include extensions to existing modeling languages to better describe failure conditions, interactions, and mitigations, and improvements to compositional reasoning approaches focused on the specific needs of system safety analysis. We will develop example systems based on the Wheel Braking System in SAE AIR6110 and NASA's quad-redundant flight control system (QFCS) to evaluate the effectiveness and practicality of our approach.
Models and code for the project are available on github.