On Safety Analysis For AADL Architectures Of Safety-Critical Systems

Complex real-time embedded safety-critical systems that are wildly used in the critical information domains,such as,aviation,aerospace,nuclear energy,etc,are safety-critical systems.Safety-critical systems must ensure system safety.However,system design defects can lead to internal system random errors and permanent errors.Meanwhile,many safety-critical systems are usually working in the extreme environment,so they are inevitable be disturbed and lead to errors.Errors can further result in failures,even lead to the occurrence of accidents and may lead to disastrous consequences.Safety analysis and assessment is an important step for system safety assurance in the development process of safety-critical systems.Safety assessment is for the judgement of system safety using safety analysis approaches.Identifying safety problems and modifying system design at the system design phase can seriously lower the development cost and improve system safety in the view of the whole system,comparing to do these works in the latter phases.Architecture Analysis and Design Language(AADL)can build runtime architecture model and describe non-functional properties for safety-critical systems.Therefore,this dissertation primarily study the design approach and safety analysis approaches for AADL safety models of safety-critical systems.The main contributions of this dissertation are as follows:1.Due to weaknesses of the safety modeling of AADL and Error Model Annex(EMA),we create Hazard Model Annex(HMA).We propose the design approach for AADL safety models.AADL,EMA and HMA are used to build AADL architectures for safety-critical systems and we also define the formal semantics for AADL safety models to support safety analysis and assessment approaches proposed subsequently.2.For behaviors of permanent errors and random errors in the safety-critical systems,we propose a qualitative safety analysis method for AADL architectures.Studying the mapping relationship from an AADL safety model to a DSPN model,we propose model transformation rules and the model composition approach.Experiment results show that the proposed method can effectively analyze system safety.3.For the problem that safety-critical systems may suffer the threat of external environment and the problem of the high occurrence frequency of error bursts in the execution,we propose quantitative safety analysis approaches for high-level and low-level AADL architectures of safety-critical systems,respectively.We use Stochastic Multi-player Games(SMGs)to analyze the competitive relation in the high-level architecture.We extend the AADL thread execution state machine and use Discrete Time Markov Chain(DTMC)to analyze the system execution and the occurrence process of errors in the low-level architecture.Based on AADL safety models,we propose generation methods for SMG and DTMC models,so that probabilistic model checking techniques can be integrated for system safety analysis.Experiment shows that the proposed approaches can analyze effects of the external environment on system safety,and effects of random error behaviors and error burst behaviors on system safety.4.Most safety assessment methods do not contain definite failure probabilities allocation approaches.For characteristics of AADL architectures,we propose the failure probabilities allocation approach for AADL safety models.We also propose safety assessment approaches for AADL architectures,combining generation methods of analyzable models(DSPN and DTMC,etc.)in this thesis.The experiment and the comparison analysis of safety assessment approaches demonstrate the effectiveness of the proposed approach,which can be a reference method for the practical application.