The importance of safety-relevant systems in many application domains of embedded systems, such as aerospace, railway, health care, automotive and industrial automation is continuously growing. Thus, along with the growing system complexity, also the need for safety assessment as well as its effort is increasing drastically in order to guarantee the high quality demands in these application domains. Therefore, the safety assessment aims at identifying drawbacks or insufficiencies of the system architecture in terms of safety. The early identification of such drawbacks is crucial for a cost efficient development process.
The goal of the safety assessment process is to identify all failures that cause hazardous situations and to demonstrate that their probabilities are sufficiently low. In the application domains of safety-relevant systems the safety assurance process is defined by the means of safety standards (e.g., the IEC 61508 standard). Traditionally, the analysis of a system in terms of safety consists of bottom-up safety analysis approaches, such as Failure Mode and Effect Analysis (FMEA), and top-down ones, such as Fault Tree Analysis (FTA), to identify failure modes, their causes, and effects with impact on the system safety. With Component Fault Trees (CFTs) there is a model- and component-based methodology for fault tree analysis, which supports reuse by a modular and compositional safety analysis strategy. Component fault tree elements can, for example, be related to development artefacts and can be reused along with the respective development artefact.
In current practice, Failure Mode and Effects (and Diagnostic) Analysis (FME(D)A) and Fault Tree Analysis (FTA), which are both required to be performed by various standards, are built and maintained separately. Although FME(D)A as well as FTA are constructed based on the same system specification they are often created during different phases of the system development process for different purposes. In order to ensure completeness and consistency of both kinds of safety analyzed with respect to the system specification manual reviews are preformed. Such reviews are time-consuming and therefore costly.