In a manner known in itself, the analysis of dysfunctions of an embedded system, and in particular an avionics system, is done based on different analysis domains of these dysfunctions.
The analysis of the dysfunctions by these different domains has different purposes and is generally done independently for each of the domains.
These domains in particular include the diagnostic analysis domain, making it possible to identify the origin of appearance of an error message in an embedded system; the operating safety analysis domain, making it possible to analyze risks of the appearance of failure conditions; the safety analysis domain, making it possible to analyze consequences of the appearance of malevolent acts; and the operating warning analysis domain, making it possible to determine warnings indicating one or several dysfunctions of the system.
The analysis of dysfunctions based on at least some of the aforementioned domains is often done using so-called model-based reasoning techniques.
These techniques consist of the depiction of the analyzed system in the form of a formal model, then the automated analysis of the system using the formal model.
Thus for example, to analyze dysfunctions according to the diagnostic analysis domain, models are frequently used that describe the analyzed system in terms of components and interconnections. A reasoning engine is next implemented to perform diagnostic calculations from the models.
For the operating safety analysis domain, models are frequently used incorporating a fault tree. Such a tree graphically shows the possible combinations of events, and in particular of dysfunctions, that may lead to the appearance of a failure condition.
For the safety analysis domain, processing methods similar to those of the operating safety analysis domain can be used. Indeed, both domains analyze failure conditions, except that for the safety analysis domain, it involves failure conditions caused by malevolent acts, and the operating safety domain, it involves failure conditions caused by failures. Thus, it is for example possible to use fault trees similar to those previously mentioned to analyze dysfunctions according to the safety analysis domain.
One can then see that the analysis of dysfunctions according to different domains requires a special adaptation for each of the domains. This adaptation may sometimes be cumbersome. It is often necessary to build a specific model for each of the domains, which presents a major difficulty in analyzing dysfunctions of an embedded system.