Skip to Main Content
Software-driven hardware configurations account for the majority of modern safety-critical complex systems. The often costly failures of such systems can be attributed to software specific, hardware specific, or software/hardware interaction failures. The understanding of how failures propagate in such complex systems might provide critical information to designers, because, while a software component may not fail in terms of loss of function, a software operational state can cause an associated hardware failure. The least expensive phase of the product life cycle to address failures is during the design stage. This research presents a means to evaluate how a combined software/hardware system behaves and how such failures propagate to result in potential failures downstream, during the conceptual design stage. In particular, this paper proposes the use of high-level system modeling and model-based reasoning approaches to model failure propagation in combined software-hardware systems, introducing the Function-Failure Identification and Propagation (FFIP) analysis framework to help formalize the design of safety-critical systems. The fact that the hardware and software designers do not share the same background, knowledge, methods, or language contributes significantly to software/hardware interaction failures. A high-level systems analysis method, such as FFIP, is geared toward the unification of language and modeling concepts and may help to more seamlessly bridge such a gap. The technique is applied to the design of the Reaction Control System Jet Selection of the NASA space shuttle to evaluate failure propagation within the Reaction Control System Jet selection, specifically for the redundancy management system. The paper concludes with the extensions and mappings to the software domain that are required for a truly integrated methodology.