Browse Publications Technical Papers 2011-01-1004

Fault-Tree Generation for Embedded Software Implementing Dual-Path Checking 2011-01-1004

Given the fast changing market demands, the growing complexity of features, the shorter time to market, and the design/development constraints, the need for efficient and effective verification and validation methods are becoming critical for vehicle manufacturers and suppliers. One such example is fault-tree analysis. While fault-tree analysis is an important hazard analysis/verification activity, the current process of translating design details (e.g., system level and software level) is manual. Current experience indicates that fault tree analysis involves both creative deductive thinking and more mechanical steps, which typically involve instantiating gates and events in fault trees following fixed patterns. Specifically for software fault tree analysis, a number of the development steps typically involve instantiating fixed patterns of gates and events based upon the structure of the code. In this work, we investigate a methodology to translate software programs to fault trees. In particular we investigate software architectures for dual-path safety checking. Dual-path checking is used to verify computations; a primary chain of functions computes the desired variable, and a secondary chain of functions computes an approximation of the desired variable. The end results of the two paths are compared. If the computed values are within a certain tolerable range of each other, then the computation of the primary path is accepted. If the computed values are out of the tolerable range, then an error is indicated, and an error handler is invoked. For dual-path checking to function as intended, one needs to identify any common cause failures resulting from the dependencies on a shared variable across the two paths, and mitigate the risk of failures for those variables. In this paper, we focus on detecting safety-critical variables for dual path implementations using fault trees. The work discusses different issues in dual path checks and possible templates that can be used to generate fault trees for dual paths.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Evaluating Alternate Approaches for Co-Hosting Third Party Software within Safety Critical Applications in ISO 26262 Context


View Details


Low Latency Communication in Service Oriented Networks


View Details


Generic Open Architecture (GOA) Framework


View Details