Formal safety assessment via contract-based design

Abstract

Safety Assessment (SA) is an engineering discipline aiming at the analysis of systems under faults. According to industrial practice and standards, SA is based on the construction of complex artifacts such as Fault Trees, which describe how certain faults may cause some top-level events. SA is intended to mirror the hierarchical design of the system focusing on the safety aspects. In this paper, we propose a formal approach where the nominal specification of a hierarchically decomposed system is automatically extended to encompass faults. The approach is based on a contract-based design paradigm, where components at different levels of abstraction are characterized in terms of the properties that they have to guarantee and the assumptions that must be satisfied by their environment. The framework has several distinguishing features. First, the extension is fully automated, and requires no human intervention, based on the idea that intermediate events are failures to fulfill the contracts. Second, it can be applied stepwise, and provides feedback in the early phases of the design process. Finally, it efficiently produces hierarchically organized fault trees.