Research Article
Architecture Level Safety Analyses for Safety-Critical Systems
| | Component | Error | Hazard description | Functional failure | Operational phases | Severity | Likelihood | Comment |
| | speed_sensor | “Failure on Failure” | “Faulty speed values” | “Loss of sensor readings” | “Acquire” | Critical | Probable | “Speed values are read as faulty” | | speed_sensor | “Failed on Failed” | “Failure of sensor” | “Sensor failed” | “Acquire” | Catastrophic | Frequent | “Is a major hazard. Pilot cannot estimate the speed due to sensor failure” | | throttle | “Failure on Failure” | “No command inputs due to actuator failure” | “Faulty or no commands” | “Output” | Critical | Remote | “Becomes a major hazard if there are command inputs to the actuator” | | throttle | “Failed on Failed” | “Faulty actuator” | “Actuator in failure state” | “Output” | Catastrophic | Frequent | “Is a major hazard. Pilot cannot control the PowerBoat with proper throttle” | | interface_unit | “Failure on Failure” | “Faulty or no input values and commands” | “Loss of actuator input values” | “Input” | Critical | Probable | “Becomes a major hazard if there happens to be faulty input values” | | interface_unit | “Failed on Failed” | “Failure of actuator” | “Actuator in failure state” | “Input” | Catastrophic | Frequent | “Is a major hazard. Pilot cannot set proper speed value or input commands” | | display_unit_inter | “Failure on Failure” | “Improper display due to faulty values or commands” | “Faulty values or commands on display” | “Output” | Marginal | Remote | “Remote possibility with display showing faulty values or commands” | | display_unit_inter | “Failed on Failed” | “Display unit not working properly” | “Faulty display unit” | “Output” | Marginal | Remote | “Not a major hazard” |
|
|
