A formal approach to hazard decomposition in Software Fault Tree Analysis

Abstract

As digital control systems are used in life-critical applications, assessment of the safety of these control systems becomes increasingly important. One means of formally performing this assessment is through fault tree analysis. Software Fault Tree Analysis (SFTA) starts with a system-level hazard that must be decomposed in a largely-human-intensive manner until specific modules of the software system are indicated. These modules can then be formally analyzed using statement templates. The focus of this thesis is to approach the decomposition of a system-level hazard from a formalized standpoint. Decomposition primarily proceeds along two distinct but interdependent dimensions, specificity of event and subsystem size. The Specificity-of-Event dimension breaks abstract or combined events into the specific system events that must be analyzed by the fault tree. The Subsystem-Size dimension deals with the scope of the hazard, and itemizes the subsystems where localized events may lead to the hazard. Decomposition templates are developed in this thesis to provide a framework for decomposing a system-level hazard to the point at which line-by-line code analysis can be conducted with existing statement templates. These templates serve as guides for conducting the decomposition, and ensure that as many as possible of all the applicable decomposition aspects are evaluated