SafetyML™: Safety Modeling Language™ for Safety-Critical Apps
SafetyML™ FAQ: What is SafetyML and how does it work?
What is the SafetyML™ (Safety Modeling Language™)?
The SafetyML™ (Safety Modeling Language™) is a UML/SysmL profile and model library for specifying the architectures and designs of safety-critical systems. Since SafetyML is designed and implemented as a UML profile (UML dialect) and model library it is compatible with the UML and OMG SysML architecture modeling language standards, and can be implemented in popular visual modeling tools that comply with those standards.
The SafetyML profile specifies basic constructs for specifying essential constructs related to safety-critical systems including, but not limited to the following: Safety Integrity Levels (SILs), hazards, risks, reliability, availability, faults, errors, failures, failure modes, failure causes, and harmful effects.
The SafetyML model library specifies recursive analysis, design and architecture patterns that can be applied during the full System Development Life Cycle (SDLC) on "both sides" of the System V-Model (a.k.a. System Vee Model). When used with a pragmatic "Agile" subset of either UML 2 or SysML 1.x, these recursive analysis, design, and architecture patterns facilitate scalable traceability on the "left side" of the System-V Model, and scalable Verification & Validation (V&V) on the "right side" of the System-V Model.
The SafetyML can be customized to support a broad range of international safety standards including, but not limited to, ISO 26262 (Automotive), DO-178-C (Aerospace), ISO 14971 (Medical Devices), and EN 50128 (Railway Transportation).
The SafetyML profile specifies basic constructs for specifying essential constructs related to safety-critical systems including, but not limited to the following: Safety Integrity Levels (SILs), hazards, risks, reliability, availability, faults, errors, failures, failure modes, failure causes, and harmful effects.
The SafetyML model library specifies recursive analysis, design and architecture patterns that can be applied during the full System Development Life Cycle (SDLC) on "both sides" of the System V-Model (a.k.a. System Vee Model). When used with a pragmatic "Agile" subset of either UML 2 or SysML 1.x, these recursive analysis, design, and architecture patterns facilitate scalable traceability on the "left side" of the System-V Model, and scalable Verification & Validation (V&V) on the "right side" of the System-V Model.
The SafetyML can be customized to support a broad range of international safety standards including, but not limited to, ISO 26262 (Automotive), DO-178-C (Aerospace), ISO 14971 (Medical Devices), and EN 50128 (Railway Transportation).
Why use SafetyML?
SafetyML is designed to be used by Agile and Lean systems engineers and software developers who are tasked with developing safety-critical systems, but want to avoid the problems associated with traditional BUFD ("Big Up Front Design" ) languages, such as full standard UML 2 and its SysML dialect:
SafetyML offers the following advantages over BUFD languages:
SafetyML offers the following advantages over BUFD languages:
- Small & Lean → easier to learn and apply: When used with a pragmatic "Agile" (i.e., essential or "Lean") subset of UML 2 or SysML , SafetyML is relatively easy to learn and apply. If you already have a solid foundation and experience applying Agile UML 2 or SysML, you should be able to learn SafetyML during a 2-3 day hands-on workshop.
- Supports recursive analysis, design, and architecture patterns → scalable: The SafetyML model library specifies recursive analysis, design and architecture patterns that can be applied during the full System Development Life Cycle (SDLC) on "both sides" of the System V-Model (a.k.a. System Vee Model). When used with a pragmatic "Agile" subset of either UML 2 or SysML 1.x, these recursive analysis, design, and architecture patterns facilitate scalable traceability on the "left side" of the System-V Model, and scalable Verification & Validation (V&V) on the "right side" of the System-V Model.
- Compatibility & Portability → straightforward to implement in UML2/SysML compliant tools: Since SafetyML is designed and implemented as a UML profile (UML dialect) and model library it is compatible with the UML and OMG SysML architecture modeling language standards, and can be implemented in popular visual modeling tools that comply with those standards.
- Expressibility & Precision → precise blueprints for safety-critical systems of arbitrary complexity: Since SafetyML emphasizes precise basic constructs and powerful recursive patterns, a relatively small number of SafetyML constructs can specify safety-critical systems of arbitrary complexity (systems-of-systems → systems → subsystems → ...).
- Simulation & Executability → easier to test and debug: SafetyML can be simulated and executed (behavioral diagram simulation, parametric simulation, and support Round-Trip Engineering) in those visual modeling tool implementations that support these features.
- Safety focus → emphasized throughout Agile SDLC: SafetyML's safety-critical language constructs and recursive patterns are deeply integrated into the system architecture, analysis, design, implementation, and V&V, so safety is treated critically throughout the Agile System Development Life Cycle, rather than being treated as secondary or tertiary importance.
What are the core SafetyML diagrams?
When used by Agile MBSE practitioners applying an Agile SysML subset, the SafetyML commonly extends the following SysML diagram types:
When used by Agile Architecture practitioners applying an Agile UML 2 subset, the SafetyML commonly adds a Requirements diagram type and extends the following UML 2 diagram types:
- Requirements
- Activity
- Block Definition
- Internal Block
- Parametric
- Sequence
- State Machine
When used by Agile Architecture practitioners applying an Agile UML 2 subset, the SafetyML commonly adds a Requirements diagram type and extends the following UML 2 diagram types:
- Requirements (added or "borrowed" from SysML dialect)
- Activity (shared with AgileML)
- Class
- Composite Structure
- Sequence
- State Machine
What is Model-Based Functional Safety (MBFS)? What is Model-Based Safety Analysis (MBSA)?
Background: Both Model-Based Functional Safety (MBFS) and Model-Based Safety Analysis (MBSA) are sub-disciplines of Model-Based Engineering, an umbrella term that describes an architecture-centric approach to systems and software development that emphasizes a System Architecture Model (SAM) defined using an architecture modeling language standard (e.g., UML 2, SysML) as the primary work artifact throughout the System Development Life Cycle (SDLC). Other well-known subdisciplines of Model-Based Engineering include Model-Driven Development (MDD) using UML 2 and Model-Based Systems Engineering (MBSE) using SysML.
- Model-Based Functional Safety (MBFS) is an approach to traditional Functional Safety which emphasizes a Functional Safety Model specified with an architecture modeling language, such as UML 2 or SysML, as the primary work artifact for Functional Safety.
- Model-Based Safety Analysis (MBSA) is an approach to traditional Safety Analysis which emphasizes a Safety Analysis Model specified with an architecture modeling language, such as UML 2 or SysML, as the primary work artifact for Safety Analysis.
How can SafetyML be customized for our problem domain and project?
Just as SafetyML customizes UML2 and OMG SysML via profiles and model libraries, SafetyML is is designed to be further tailored for problem domains and projects. Contact us for details.
Who created SafetyML?
SafetyML™ was designed by Cris Kobryn, an internationally recognized system architecture modeling language expert known for successfully leading the UML 1, UML 2, and SysML language design teams for these de facto international standards. Cris has over 25 years professional experience in the design and implementation of system architecture modeling languages that are scalable and simulatable. In addition to his contributions to the UML 1, UML 2, and SysML de facto standards, Cris has also designed several specialized languages and model libraries that extend SysML:
- AgileML™ (Agile Modeling Language™) for Agile Architecture & Design MODSIM applications
- CyberML™ (Cyber Modeling Language™) for Cybersecurity Architecture & Design MODSIM applications
- CryptoML™ (Crypto Modeling Language™) for Cryptoeconomic Architecture & Design MODSIM applications
- SafetyML™ (Safety Modeling Language™) for Safety-critical Architecture & Design MODSIM applications
How can I learn more about SafetyML?
We plan to publish more information about SafetyML on this web in the near future. While SafetyML continues to evolve it is being actively used in PivotPoint's Model-Based Functional Safety + SafetyML hands-on training.
If you would like to submit new questions for the SafetyML FAQ or would like to subscribe to a SafetyML mailing list please contact us.
If you would like to submit new questions for the SafetyML FAQ or would like to subscribe to a SafetyML mailing list please contact us.
SAFETYML and SAFETY MODELING LANGUAGE are trademarks of PivotPoint Technology Corporation. UML and OMG SysML are trademarks of the Object Management Group. All other trademarks are the property of their respective owners.