Model-based fault injection for safety analysis
In model-based fault injection, user-specified faults may be (automatically) injected into the nominal model (i.e., without faults) of the system of interest (see Figure 3.2). In this approach, the user can specify the faults to be injected manually, or by picking them from a predefined library. For instance, the xSAP tool [MBI1] provides libraries to specify the most common failure patterns (e.g., stuck-at faults, non-deterministic faults, ramp-down, etc.), to specify their dynamics (e.g., permanent faults, sporadic faults, etc.) and to instantiate them using specific parameters. The resulting model after fault injection is called extended model and can be analysed using safety assessment techniques to produce artefacts such as FTs and FMEA tables. In xSAP, both the nominal and the extended model are written in the SMV language, and the extended model is generated automatically using the given fault specifications. Similar techniques can be used to analyse the effectiveness of fault detection, isolation, and recovery procedures. Faults to be injected may include different classes of faults (HW/SW/functional) at different levels of abstraction.
- Automated fault injection enables fault specification using a library and the automatic generation of the extended model, thus preventing modelling errors due to manual activities.
- Improvement of the communication between the system engineer and safety experts, by facilitating understanding of the logic and the eventual failures of the system.
- Achievement of a systematic and comprehensive safety assessment that allows to early identify the greatest number of possible critical problems related to the impact of failures on the functionality of the system.
- The method facilitates the safety assessment analysis (e.g., FTA, FMEA) on different variants of a given model, obtained by enabling only a specific subset of possible faults, thus supporting incremental verification and trade-off analyses.
- Tool support usability can be improved, e.g., editing and customization of fault libraries.
- The automated analysis, in presence of a high number of faults, may be subject to the state-explosion problem, impacting the effectiveness of verification.
- [MBI1] B. Bittner, M. Bozzano, R. Cavada, A. Cimatti, M. Gario, A. Griggio, C. Mattarei, A. Micheli and G. Zampedri. The xSAP Safety Analysis Platform. In Proceedings of TACAS 2016. Eindhoven, The Netherlands, April 2-8, 2016.
- [MBI2] M.Bozzano, A.Cimatti, J.-P.Katoen, V. Y.Nguyen, T.Noll and M.Roveri. Safety, Dependability, and Performance Analysis of Extended AADL Models. The Computer Journal, 54(5):754-775, 2011.
- [MBI3] M. Bozzano, A. Cimatti, J.-P. Katoen, P. Katsaros, K. Mokos, V.Y. Nguyen, T. Noll, B. Postma and M. Roveri. Spacecraft Early Design Validation using Formal Methods. Reliability Engineering & System Safety 132:20-35. December 2014.