Proving Compliance of Implementation Models to Safety Specifications

  • Markus Oertel
  • Omar Kacimi
  • Eckard Böde
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8696)


Current safety standards like the ISO 26262 require a continuous safety argumentation starting from the initial hazard and risk assessment, down to the implementation of hardware and software. To enable re-use of components and ease handling of changes in the system, modular safety cases are addressed by many research projects. Current approaches are focusing on hierarchical safety specifications describing the relevant fault propagation behavior. Nevertheless, it needs to be ensured that the final implementation meets the safety specification. Currently, this is at most a manual and error prone process of matching fault trees or test results to the specification. In this paper, we present an automated approach based on fault-injection and model checking for proving the compliance of an implementation to a safety specification. In our multi-aspect analysis, (safety and functional aspect) we rely on the popular specification mechanism of safety contracts and implementations modeled in Matlab/Stateflow.


Verification and Validation Safety Critical Systems Model-based Design Fault-Injection Fault Modeling Model Checking Formal Methods 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baumgart, A., Böde, E., Büker, M., Damm, W., Ehmen, G., Gezgin, T., Henkler, S., Hungar, H., Josko, B., Oertel, M., Peikenkamp, T., Reinkemeier, P., Stierand, I., Weber, R.: Architecture modeling. Tech. rep., OFFIS (March 2011)Google Scholar
  2. 2.
    Benveniste, A., Caillaud, B., Nickovic, D., Passerone, R., baptiste Raclet, J., Reinkemeier, P., Sangiovanni-vincentelli, A., Damm, W., Henzinger, T., Larsen, K.: Contracts for systems design. Tech. rep., Research Centre Rennes – Bretagne Atlantique (2012)Google Scholar
  3. 3.
    Bozzano, M., Villafiorita, A.: Improving system reliability via model checking: The FSAP/NuSMV-SA safety analysis platform. In: Anderson, S., Felici, M., Littlewood, B. (eds.) SAFECOMP 2003. LNCS, vol. 2788, pp. 49–62. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Damm, W., Hungar, H., Josko, B., Peikenkamp, T., Stierand, I.: Using contract-based component specifications for virtual integration testing and architecture design. In: Design, Automation Test in Europe Conference Exhibition (2011)Google Scholar
  5. 5.
    Echtle, K.: Fehlertoleranzverfahren. Springer (1990)Google Scholar
  6. 6.
    Ellims, M., Bridges, J., Ince, D.: The economics of unit testing. Empirical Software Engineering 11(1), 5–31 (2006)CrossRefGoogle Scholar
  7. 7.
    Hungar, H.: Compositionality with strong assumptions. In: Nordic Workshop on Programming Theory (November 2011)Google Scholar
  8. 8.
    ISO: Road Vehicles - Functional Safety. International Standard Organization, iSO 26262 (November 2011)Google Scholar
  9. 9.
    Joshi, A., Heimdahl, M.P.E.: Model-based safety analysis of simulink models using SCADE design verifier. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 122–135. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Kacimi, O., Ellen, C., Oertel, M., Sojka, D.: Creating a reference technology platform: Performing model-based safety analysis in an heterogeneous development environment. In: Proceedings of the MODELSWARD Conference (2014)Google Scholar
  11. 11.
    Kececioglu, D.: Reliability engineering handbook, vol. i. PTR Prentice Hall, Englewood Cliffs (1991)zbMATHGoogle Scholar
  12. 12.
    Lamport, L., Merz, S.: Specifying and verifying fault-tolerant systems. In: Langmaack, H., de Roever, W.-P., Vytopil, J. (eds.) FTRTFT 1994 and ProCoS 1994. LNCS, vol. 863, pp. 41–76. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  13. 13.
    Oertel, M., Mahdi, A., Böde, E., Rettberg, A.: Contract-based safety: Specification and application guidelines. In: Proceedings of the 1st International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (2014)Google Scholar
  14. 14.
    Papadopoulos, Y., Maruhn, M.: Model-based synthesis of fault trees from matlab-simulink models. In: International Conference on Dependable Systems and Networks, DSN 2001, pp. 77–82 (2001)Google Scholar
  15. 15.
    Papadopoulos, Y., McDermid, J.A.: Hierarchically performed hazard origin and propagation studies. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 139–152. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Peikenkamp, T., Cavallo, A., Valacca, L., Böde, E., Pretzer, M., Hahn, E.M.: Towards a unified model-based safety assessment. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 275–288. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    RTCA: DO-178C: Software Considerations in Airborne Systems and Equipment Certification. Radio Technical Commission for Aeronautics (RTCA) (2011)Google Scholar
  18. 18.
    SAE: ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)Google Scholar
  19. 19.
    Schäfer, A.: Combining real-time model-checking and fault tree analysis. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, Springer, Heidelberg (2003)Google Scholar
  20. 20.
    Svenningsson, R., Vinter, J., Eriksson, H., Törngren, M.: MODIFI: A MODel-Implemented Fault Injection Tool. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 210–222. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Markus Oertel
    • 1
  • Omar Kacimi
    • 1
  • Eckard Böde
    • 1
  1. 1.OFFIS e.V.OldenburgGermany

Personalised recommendations