lecturer: Peter H. Feiler

Safety-critical systems are systems whose failure or malfunction may result in injury or death, or damage or loss of equipment, or damage to the environment. These safety risks are managed by a range of safety analyses ranging from hazard analysis to fault tree analysis. As safety-critical system have become increasingly software intensive the embedded software system has become an increasing risk factor. For this reason the SAE Architecture Analysis & Design Language (AADL) international standard has been developed to support model-based engineering of embedded and real-time software intensive systems.

This presentation discusses how AADL contributes to safety engineering in several ways. AADL supports modeling of the embedded software, the computing platform, and the physical system annotated with analysis-specific information. Safety properties can be validated through analysis throughout the life cycle of different degrees of fidelity and formality. AADL supports fault modeling and modeling of fault tolerant solutions. In addition, safety risks due to mismatched assumptions between system engineers and embedded software engineers can be addressed. This will be illustrated by the examples of end-to-end latency and security analysis. AADL models can be the basis for property preserving generation of the runtime system for the task and communication architecture. This will be illustrated by the example of optimizing port-based communication of data streams while preserving deterministic sampling. The presentation concludes with an illustration of fault propagation analysis and the use of model checking to validate the mode logic of a dual redundant flight control system.