Universal Safety Format (USF)

DruckversionPer E-Mail sendenPDF-Version

The Universal Safety Format (USF) is a way to formally define functional safety mechanisms and automatically weave them into system models and source code.

Why USF?

The usual approach to improve the functional safety of a technical system’s software is to manually add safety mechanisms to the existing source code as an additional development step. The drawback of this approach: The additional changes can easily introduce flaws to the functional part of the software.  The introduction of safety code introduces additional complexity, and the combination of functional and safety code is harder to grasp than the functional code alone.

USF improves this by separating functional code and safety mechanisms more clearly: This is accomplished by picking safety mechanisms from a library (e.g., a Dual Modular Redundancy pattern) and just specifying the locations in the code where the mechanism should be weaved in. An automatic tool will then do the tedious work of mixing the functional code properly with the safety code.

Why “Universal”?

Source code is usually not the only granularity where functional safety mechanisms have to be introduced. Actually, there are at least three abstraction levels where this applies:

  1. Model level, e.g., in a system modeled using SysML or AUTOSAR
  2. Source code level, e.g., the C code of an embedded system
  3. Intermediate level, e.g., the IR code of an LLVM toolsuite

USF supports all three levels by abstracting from the domain details, defining only the concepts relevant for the safety mechanism at hand. This is the “universal” in USF. It is up to the tools implementing USF and the actual weaving to map the concepts on the targeted levels.

The SAFE4I project

USF is a result of the publicly funded research project SAFE4I (https://www.edacentrum.de/safe4i/). At the moment, several project partners are developing tools based on USF, among them tools for modeling safety mechanisms and tools for applying mechanisms to models and source code.