Title :
System safety as an emergent property in composite systems
Author :
Black, Jennifer ; Koopman, Philip
Author_Institution :
Carnegie Mellon Univ., Pittsburgh, PA, USA
fDate :
June 29 2009-July 2 2009
Abstract :
Decomposition is used to manage system complexity, but is problematic for emergent properties such as system safety. Previously, we introduced Indirect Control Path Analysis (ICPA) for elaborating system safety goals in composite systems. We now provide mathematical definitions of emergent and composable system behaviors in the context of formal specifications and ICPA, and identify useful special cases in which partial decomposition of emergent safety goals is possible. We apply ICPA to a semi-autonomous automotive system to identify safety goals for key subsystems, and then monitor the system and subsystem goals at run-time in an implementation of the vehicle. Although false negatives at the subsystem level indicate the subgoals do not fully compose the original safety goal, some system-level goal violations are detected by subsystem monitors. In addition, monitoring at both the system and subsystem level has identified certain safety-related errors that may be imperceptible to system testers.
Keywords :
automotive engineering; formal specification; large-scale systems; road safety; composable system behavior; composite system; emergent safety goal; formal specification; indirect control path analysis; safety-related errors; semi-autonomous automotive system; system complexity; system safety; Automotive engineering; Collision avoidance; Control system analysis; Control systems; Formal specifications; Interconnected systems; Monitoring; Runtime; System testing; Vehicle safety;
Conference_Titel :
Dependable Systems & Networks, 2009. DSN '09. IEEE/IFIP International Conference on
Conference_Location :
Lisbon
Print_ISBN :
978-1-4244-4422-9
Electronic_ISBN :
978-1-4244-4421-2
DOI :
10.1109/DSN.2009.5270316
