THE DYNAMIC FLOWGRAPH METHODOLOGY FOR ASSESSING THE DEPENDABILITY OF EMBEDDED SOFTWARE SYSTEMS

The Dynamic Flowgraph Methodology (DFM) is an integrated methodological approach to modeling and analyzing the behavior of software-driven embedded systems for the purpose of reliability/safety assessment and verification, The methodology has two fundamental goals: 1) to identify how certain postulated events may occur in a system; and 2) to identify an appropriate testing strategy based on an analysis of system functional behavior, To achieve these goals, the methodology employs a modeling framework in which system models are developed in terms of causal relationships between physical variables and temporal characteristics of the execution of software modules, These models are then analyzed to determine how a certain state (desirable or undesirable) can be reached, This is done by developing timed fault trees which take the form of logical combinations of static trees relating system parameters at different points in time. The prime implicants (multi-state analogue of minimal cut sets) of the fault trees can be used to identify and eliminate system faults resulting from unanticipated combinations of software logic errors, hardware failures and adverse environmental conditions, and to direct testing activity to more efficiently eliminate implementation errors by focusing on the neighborhood of potential failure modes arising from these combinations of system conditions.