Modular Safety Cases for Product Lines Based on Assume-Guarantee Contracts

Abstract

Safety cases are recommended, and in some cases required, by a number of standards. In the product line context, unlike for single systems, safety cases are inherently complex because they must argue about the safety of a family of products that share various types of engineering assets. Safety case modularization has been proposed to reduce safety case complexity by separating concerns, modularizing tightly coupled arguments, and localizing effects of changes to particular modules. Existing modular safety-case approaches for product lines propose a feature-based modularization, which is too coarse to modularize the claims of different types, at different levels of abstraction. To overcome these limitation, a novel, modular safety-case architecture is presented. The modularization is based on a contract-based specification product-line model, which jointly captures the component-based architecture of systems and corresponding safety requirements as assume-guarantee contracts. The proposed safety-case architecture is analyzed against possible product-line changes and it is shown that it is robust both with respect to fine and coarse-grained, and also product and implementation-level changes. The proposed modular safety case is exemplified on a simplified, but real automotive system.