A Model-Based Safety Analysis of Dependencies Across Abstraction Layers

Identifying and mitigating possible failure propagation from one safety-critical application to another through common infrastructural components is a challenging task. Examples of such dependencies across software-stack layers (e.g., between application and middleware layer) are common causes and failure propagation scenarios in which a failure of one software component propagates to another software component through shared services and/or common computational resources. To account for this, safety standards demand freedom from interference in order to control failure propagation between mixed-critical software components. Safety analysis is typically focused on one abstraction layer, while robustness tests try to find failure propagation paths across abstraction layers. To this end, this paper presents a model-based failure propagation analysis combining failure propagation within and across abstraction layers. A classification of dependencies in combination with fault trees is used to perform a model-based dependency analysis. In addition, a novel modeling technique for integrating failure propagation aspects resulting from shared services and resources is presented. The analysis was used to carry out an early safety assessment of a real-world automotive redundancy mechanism within an integrated architecture. The results show that the method improved reusability and modularity, and made it easier to estimate failure propagation issues, including possible violations of freedom from interference within an integrated system.