Build Safety-Critical Designs with UML-based Fault Tree Analysis - Defining a Profile
Tables, Matrices and Hazard Analyses
In addition to the elements of the profile, new tables and matrices are added in the profile as well, shown in Table 2 below.
The Hazard analysis is generated as an external file with a helper macro. This macro scans the entire model and generates the tab-separated value file1 that can be loaded into most spreadsheet programs.
[Tab-separated value format was used because Excel has defects in its interpretation of the more-common comma-separated value (CSV) file format.]
The macro generates the name from the current date and time so that multiple versions of the hazard analysis can be kept. The output is divided into three sections.
 |
| Table 2: Tables and Matrix summary views |
The first section lists the hazards and their metadata, including the description, fault tolerance time, fault tolerance time units, probability, severity, risk, and safety integrity level.
The second section lists the relations between the faults and the hazards as defined by multiple intervening logical operators and logic flows. Each fault is identified with is name, description and other metadata.
The third section lists the relations between the faults and the "normal" UML model elements " requirements and classes related with the manifests, detects, extenuates, and traceToReqs relations.
The hazard analysis provides a summary with enough information to trace from the safety requirements to the model elements realizing those requirements, as well as from the faults and hazards to the requirements and design.
Creating the Profile
Once the metamodel is understood it can be used as a blueprint for the
profile. Metaclasses in the metamodel become stereotypes.
Metaattributes become tags. The result is the creation of an integrated
set of stereotypes, tags, and constraints such as shown in Figure 3
below.
 |
| Figure 3: Profile Structure |
Using the Profile
To use the profile in Rhapsody, you can create a new model of the type
Safety Analysis or you can add the profile after the model is created.
If you do this, you must select the project in the browser,
right-click, and change the type of the model to Safety Analysis
Profile.
Once the model is created, a new diagram type is available on the diagram toolbar " the FTA diagram. All of the standard UML features remain available to you. I recommend that you put the safety analysis in a separate package in your model to separate it from your requirements and design elements. Again, if you're using a different tool to create the profile, the exact mechanisms to install and use the profile are likely to differ.
Conclusion
Fault Tree Analysis (FTA) is well established as a useful method for
understanding how normal events, conditions and faults combine to
create hazardous conditions. The safety analysis profile discussed in
this paper adds the ability to create and report on FTA diagrams into a
UML tool.
This includes the specification of safety-related metadata, such as hazard severity, risk, probability and safety integrity level, as well as fault probability and MTBF.
The profile extends the FTA method by supplying relations from the analysis to normal UML model elements " specifically, requirements, source of faults, and elements that can detect or extenuate the faults. These extensions add value by making the relations between the safety analysis and the UML model elements explicit and traceable.
This profile supports the safety approach identified in the Harmony/ESW (Embedded Software) process [4,5] from IBM/Rational, developed by the author. Through the use of this profile, developers and safety analysts can use a common language and tool environment, improving their collaboration and quality of work.
"Build safety-critical designs with UML-based fault tree analysis" is a 3-part series:
To read Part 1, go to "The basics"
To read Part 2, go to "Defining a a profile"
To read Part 3, go to "Anesthesia ventilator evaluation"
Bruce has worked as a software developer in real-time systems for over 25 years and is a well-known speaker, author, and consultant in the area of real-time embedded systems. He is on the Advisory Board of the Embedded Systems Conference where he has taught courses in software estimation and scheduling, project management, object-oriented analysis and design, communications protocols, finite state machines, design patterns, and safety-critical systems design. He develops and teaches courses and consults in real-time object-oriented analysis and design and project management and has done so for many years. He is the chief evangelist for Rational/IBM. Bruce worked with various UML partners on the specification of the UM, both versions 1 and 2. He is a former co-chairs of the Object Management Group's Real-Time Analysis and Design Working Group. He is the author of several other books on software, including Doing Hard Time: Developing Real-Time Systems with UML, Objects, Frameworks and Patterns (Addison-Wesley, 1999), Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems (Addison-Wesley, 2002), Real-Time UML 3rd Edition: Advances in the UML for Real-Time Systems (Addison-Wesley, 2004), Real-Time UML Workshop for Embedded Systems (Elsevier Press, 2006) and several others, including a short textbook on table tennis. His latest book on employing agile methods to develop real-time and embedded systems, Real-Time Agiliy, will appear in June, 2009.
References
[1] Leveson, Nancy. Safeware:
System Safety and Computers Reading, MA: Addison-Wesley, 1995
[2] Guidance for FDA Reviewers and Industry: Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices Washington, D.C.; FDA, 1998
[3] IEC 65A/1508: Functional Safety: Safety-Related Systems Parts 1-7 IEC 1995
[4] Douglass, Bruce Powel. Doing Hard Time: Developing Real-Time Systems with UML, Objects, Frameworks and Patterns Reading, MA: Addison-Wesley, 1999
[5] Douglass, Bruce Powel. Real-Time Agility Reading, MA: Addison-Wesley, 2009.
[6] Douglass, Bruce Powel. Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems Addison-Wesley, 2002
Loading comments... Write a comment