Actionable definition of Safety Design Patterns using AADLv2, ALISA and the Error Modeling Annex
Presented as part of the 2020 HCSS conference.
Demonstrating safety of critical systems is achieved by the careful examination of evidences built from software, hardware, functional, and non-functional properties and the architecture that combines them to form the overall system. Formal methods (model checking, theorem proving) provide evidences that are later combined to form a system’s assurance case. Error Taxonomies provide guideline to evaluate errors or faults that may affect a system. Design patterns provide reusable solutions to recurring engineering problem to guide the system architect. Surveys like [Preschern et al] provides both a definition of safety-related design patterns, and the architectural design decisions they imply. Surprisingly, deriving a correct instantiation of these patterns for an actual system, and the associated verification plan is an open question. Patterns are defined in a very abstract way, that must be adjusted to a specific project. They lack any actionable definitions that can be processed, for both their architectural core concepts, and the verification plan they imply. |
The AADL group at CMU/SEI is currently conducting a study to model these design patterns using the AADL, and later relate them to actual system’s architecture, but also to a verification plan. AADL provides a modeling framework for describing the architecture of hardware and platform resources, software components, and flexible allocation software components to resources. Through its annex languages and tool plug-in extensibility mechanisms, it also provides a variety of architecture analyses including hazard analysis, schedulability analysis, dependence analysis. In addition, ALISA supports the definition of assurance plan that relates an architectural description to a set of verification methods connected to formal analysis. In this talk, we will illustrate how to leverage AADL and its ecosystem to capture Safety design patterns as a library of model elements; capture for each pattern the corresponding abstract verification plan they presume; and then apply them to specific system instances. We will discuss different usage of AADL to ensure correct traceability between a design pattern definition and its instantiation, either through extension and refinement; or through the preservation of design patterns structural invariants based on a graph representation of the pattern. Hence, we illustrate how these models can be used as actionable definition of patterns.
– Preschern C., Kajtazovic N., Kreiner C. (2019) Safety Architecture Pattern System with Security Aspects. In: Noble J., Johnson R., Zdun U., Wallingford E. (eds) Transactions on Pattern Languages of Programming IV. Lecture Notes in Computer Science, vol 10600. Springer, Cham
Copyright 2020 Carnegie Mellon University. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. DM20-0728
Jerome Hugues is Senior Researcher at the Software Enigneering Institute on the Assuring Cyber-Physical Systems team. He holds a PhD (2005) and an engineering degree (2002) from Telecom ParisTech. His research interests focus on design of software-based real- time and embedded systems and tools to support it. He is a member of the SAE AS-2C committee working on the AADL since 2005. Prior to joining the CMU/SEI, he was professor at the Department of Engineering of Complex Systems of the Institute for Space and Aeronautics Engineering (ISAE), in charge of teaching curriculum on systems engineering, safety-critical systems and real-time systems. He contributes to the OSATE, Ocarina and TASTE projects AADL toolchains.