Software Platform Embedded Systems "XT"
What distinguishes component-integrated fault trees (CFT) from classical fault trees (FT), which are the state of the practice, in terms of the quality of the safety models? How do engineers assess the consistency, clarity, and maintainability of the resulting safety models?
For about four years, Fraunhofer IESE has been investigating how the model-based development paradigm can be extended to the area of functional safety. One result of the research are CFT for the component-based representation of safety models. The competence area Empiricism, which is responsible for the empirical evaluation of the project results, took up the task of systematically evaluating the new form of representation. In order to answer the questions, an evaluation design was created and coordinated with the participating project partners. Together with domain experts and method experts, a test booklet was developed that had to be worked on by the test persons. We were able to win engineers from companies involved in the project as participants for this survey. They were taught the necessary basics for the development of CFT in the context of a one-hour training session. Then they received an explanation of the system to be studied and the procedure. Each test person worked on a test booklet created specifically for him/her. The tasks were the same for all participants, but their sequence was chosen randomly. The tasks referred to typical tasks familiar to the engineers, such as adding a new component or changing an existing component. Each task had to be modeled with FT and with CFT. Following each task, the test persons were asked to assess the consistency, clarity, and maintainability of the FT- resp. CFT-based safety model. The finished tasks were evaluated by an expert using the following categories: correct, incorrect, non-existent. Although we were unable to determine a statistically significantly higher proportion of correct solutions when CFT were used, the participants assessed the modeling capacity of CFT with regard to consistency, clarity, and maintainability of the resulting safety models as significantly higher. The result of this evaluation demonstrates the potential of CFT as a model-based representation for safety models.