Integration of safety analysis and software development methods

High integrity software systems require the rigorous validation of safety properties. Assessing whether software architectures are able to meet these properties is of great interest: to avoid the risk that the implementation does not fulfil safety requirements due to a bad design, and to reduce the development cost of safety critical parts of the system. A preliminary safety assessment is a process which aims to evaluate how safe is a system architecture with the help of safety analysis techniques. We propose some guidelines and procedures to conduct such a process in software systems, remarking the automatic generation of FMECA and FTA. We have also designed and implemented tools to support these procedures and this generation of safety analyses from the models of the software architecture: a UML profile for safety, modelling languages to express safety analyses, a model transformation chain, and tool adaptors. Safety analysts can use these tools to annotate the models, to store safety information keeping traceability to system elements, to analyse the architecture, and to suggest system engineers the combination of mitigation means to apply for improving the architecture.