The Hazard Analysis and Risk Assessment (HARA) solution supports users with hazard identification and safety goal creation using the Coverage Matrix and Safety Analysis views. The views do not rely on any hard-coded SystemWeaver IDs (SIDs). Those used in this article are from our HARA example, but any SIDs that fit your meta model will work fine. The advantage of using our SIDs is that you can then reuse our configurations without the need to change the SID. This article describes how to configure the views.


Prerequisites

  • An installation of the SystemWeaver Explorer client (swExplorer)
  • Knowledge of XML
  • Assignment of the SW Architect role in the server
  • The SWExtension.HazardIdentification extension file is located in the Client's swExplorerExtensions directory


Note: With the release of R32, there are now two separate configurations whereas in earlier versions there was only one (Hazard Analysis).


The configuration is done in the Configure the explorer dialog, accessible from the File tab. The extension views to be configured are Coverage Matrix and Safety Analysis



Coverage Matrix

Abstract Data Pattern


Optional Attribute Types

The view does not require any hard-coded attributes, however, the following example attributes might be of interest.


Hazards (TSHA)

NameSIDTypeDimensionRange
Hazard ID
Identifier used for Hazards
I2HID
IdentitySingle
Annotation
An optional rationale
ABANStringSingle


Hazardous Events (TSHE)

NameSIDTypeDimensionRange
Hazardous Events ID
Identifier used for Hazardous Events
HEIDIntegerSingle
Severity
Definition according to ISO 26262
2BSE
EnumerationSingleS0;S1;S2;S3;N/A
Severity argumentation
Argumentation or rationale for the used Severity value
SEVARG
StringSingle
Exposure
Definition according to ISO 26262
2BEC
EnumerationStringE0;E1;E2;E3;E4;N/A
Exposure argumentation
Argumentation or rationale for the used Exposure value
EXPARG
StingSingle
Controllability
Definition according to ISO 26262
2BCY
EnumerationSingleC0;C1;C2;C3;N/A
Controllability argumentation
Argumentation or rationale for the used Controllability value
CONARG
StringSingle
ASIL rationale
Argumentation or rationale for why an ASIL level was chosen. This attribute is often used when a different ASIL than the inherited one is set on an item.
26AR
StringSingle
ASIL (computed)
This attribute is computed automatically for Hazardous events according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item. For all other Item types, the attribute is used to show the maximum ASIL of the items that the current item points to
26CASComputedSingleExample Path: 

if SID='TSHE' then (if @2BCY='C1' and @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and  @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C2' and  @2BEC='E3' and @2BSE='S2' then 'A' else (if @2BCY='C2' and  @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and  (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'A' else (if @2BCY='C2' and  (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'B' else (if @2BCY='C2' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E1' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E2' and @2BSE='S2' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and @2BSE='S1' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and @2BSE='S2' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and  (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'D' else (if @2BCY=''  or  @2BEC='' or @2BSE='' then 'Unclassified' else'QM')))))))))))))))))))


else (if SID='EASG' then (f:=/SGDF.Select(@26CAS); if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>')))))) 


else 

  (f:=((/I2SR) union (/IDFF/I2SR) union (/IDRE/IDFF/I2SR) union (/ITSR/I2SR)).Select(@26AS); 

  highest:= if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>'))))); 


  u:=(/I2SR union /IDFF union /ITFC union /5IRR/5IDS*/IDRE union /5IRS/5ISS*/ITSR).Select(@26AS);

  UpperLevel:= if u= [] then '' else (if 'D' in u then 'D' else (if 'C' in u then 'C' else (if 'B' in u then 'B' else (if 'A' in u then 'A' else (if 'QM' in u then 'QM' else '')))));


  if highest != '' then 

    (if highest !=UpperLevel then UpperLevel + '(' + highest + ')' else UpperLevel) else UpperLevel))

ASIL (automatic)

This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item

EAA1CustomSingle


Example Configuration

<CoverageMatrixConfigs> 
<!--Hazards view: a view to elicit and overview hazards -->
    <CoverageMatrixConfig id="11">
        <MainItem itemType="CNDE"/>
        <ViewSettings>
            <Caption>Hazards</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview hazards</Description>
            <Image typeImage="206"/>
        </ViewSettings> 
        <Parameters>                                
            <Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA"  > 
                <Values>
                    <ForEachPathReference path="I2AHA">
                        <AddValue/>
                    </ForEachPathReference>   
                </Values>
            </Parameter>                
        </Parameters> 
        <MappingItem itemType="TSHA">
            <UIName>Hazard</UIName>
            <PartFromMainToMapping partType="DEHA" />
            <Attributes>ABAN</Attributes> 
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName> 
        </MappingItem>
        <NotApplicableItem itemType ="26NH">
            <UIName>N/A</UIName>
            <PartFromMainToMapping partType="I2NHZDS"/>
            <Attributes>ABAN</Attributes> 
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName> 
        </NotApplicableItem>
        <ColumnItems>
            <UIName>Guideword</UIName>
            <PathFromMain>$p/I2GWCT/I2GL</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType="I2GW" defItemType="26GW" />
            </PartFromMappings >
        </ColumnItems>
        <RowItems>
            <UIName>Item detail</UIName>
            <PathFromMain>/DEIT/I2SID union /DEIT/I2IRQ</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="I2HO" defItemType="2SE90" />
                <PartFromMapping partType="I2HARQ" defItemType="CONTRACT" />
                <PartFromMapping partType="I2HO" defItemType="2SE91" />
            </PartFromMappings>
        </RowItems>
    </CoverageMatrixConfig>
    <!--Hazardous events view: a view to elicit and overview hazardous events-->

    <CoverageMatrixConfig id="22">
        <MainItem itemType="CNDE"/>
        <ViewSettings>
            <Caption>Hazardous events</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview hazardous events</Description>
            <Image typeImage="204"/>
        </ViewSettings>
        <Parameters>                                
            <Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA"  > 
                <Values>
                    <ForEachPathReference path="I2AHA">
                        <AddValue/>
                    </ForEachPathReference>   
                </Values>
            </Parameter>     
        </Parameters>
        <MappingItem itemType="TSHE">
            <UIName>Hazardous event</UIName>
            <PartFromMainToMapping partType="DEHE" />
            <Attributes>HEID;2BSE;SEVARG;2BEC;EXPARG;2BCY;CONARG;26AR</Attributes> 
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName> 
        </MappingItem>
        <NotApplicableItem itemType ="NHZEV">
            <UIName>N/A</UIName>
            <PartFromMainToMapping partType="NNHZEV"/>
            <Attributes>HEID;2BSE;SEVARG;2BEC;EXPARG;2BCY;CONARG;26AR</Attributes> 
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName> 
        </NotApplicableItem>
        <ColumnItems>
            <UIName>Situation</UIName>
            <PathFromMain>$p/I2STCN/I2CMPSIT</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="HEH" defItemType="TSHA" />
                <PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
                <PartFromMapping partType="I2GH" defItemType="26GH" />
                <PartFromMapping partType="TRASIT" defItemType="I2LA" />
            </PartFromMappings >
        </ColumnItems>
        <RowItems>
            <UIName>Hazard</UIName>
            <PathFromMain>/DEHA</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="HEH" defItemType="TSHA" />
                <PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
                <PartFromMapping partType="I2GH" defItemType="26GH" />
                <PartFromMapping partType="TRASIT" defItemType="I2LA" />
            </PartFromMappings>
        </RowItems>
    </CoverageMatrixConfig>
</CoverageMatrixConfigs>

Explanation of the Configuration Elements

The <CoverageMatrixConfigs> and <CoverageMatrixConfig id=""> elements build the structure of the configuration and the individual configurations. The id attribute in <CoverageMatrixConfig> identifies the specific configuration, and should be a unique string value when multiple configurations exist in CoverageMatrixConfigs.


<MainItemType itemType="">  identifies the item type for which the configuration is valid. The itemType attribute is the SID of the main item type.


<ViewSettings> includes options that control the appearance in the UI:

  • The <Caption> text is the name of the configured view displayed in the View drop-down menu and as a label for a ribbon button.
  • The <RibbonGroup> text specifies the optional ribbon group where the button will be available.
  • The <Description> text specifies a hint that will be presented in the ribbon, if the <RibbonGroup> is specified.
  • The optional <Image> defines the icon to be used for the button. (See available icons.)


The optional <Parameters> offers parameterization, allowing the user to select which item to include in the view. The value of the parameters can be used further down in <PathFromMain> for both <CoulmnItems> and <RowItems>.


The <MappingItem itemType=""> defines the mapping item properties, which are SID, UIName, PartFromMainToMapping item, attributes, and default name. The attribute itemType is the SID of the mapping item type.

  • <UIName> specifies the user interface label for the mapping item.
  • <PartFromMainToMapping partType=""/> specifies the part type from the main item type to mapping item type. The attribute partType is the part SID from the main item type to mapping item type.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single
  • <DefaultMappingName> defines the default name for the mapping item, which can be a combination between ColumnValue, StringValue, and RowValue (in any order).


The <NotApplicableItem itemType="">, similar to the <MappingItem itemType="">, defines the not-applicable Item properties, which are UIName, SID, PartFromMainToMapping item, attributes, and default name. The attribute itemType is the SID of the not-applicable mapping item type.


The <ColumnItems> includes options that control the appearance in the UI, collecting column items and defining part(s) from mapping to column item.  

  • <UIName> specifies the user interface label for the column item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all column items. This path can include parameter(s), allowing users to select which item to include in a column list.
  • <PartFromMappings> is a grouping for PartFromMapping to ColumnItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
  • <PartFromMapping partType="" defItemType=""/> specifies the part type from the mapping item to the column item. The partType attribute is the SID of the PartFromMapping item to column item and the defItem attribute is the SID of the defobj item (column item).

 

The <RowItems>, similar to<ColumnItems>, includes options that control the appearance in the UI, collecting row items and defining part(s) from mapping to row item.  

  • <UIName> specifies the user interface label for the row item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items. This path can include parameter(s), allowing users to select which item to include in a row list.
  • <PartFromMappings> is a grouping for PartFromMapping to RowItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
  • <PartFromMapping partType="" defItemType=""/> specifies the part type from the mapping item to the row item. The partType attribute is the SID of the part from mapping item to row item and the defItem attribute is the SID of the defobj item (row item).


Example Result

Hazards

Hazardous Events


Safety Analysis


Abstract Data Pattern

Optional Attribute Types

The view does not require any hard-coded attributes, however, the following example attributes might be of interest.


Safety Goal (EASG)

NameSIDTypeDimensionRange
Safety Goal ID
Identifier used for Safety Goals
REIDString
Single

ASIL (automatic)

This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item

EAA1
CustomSingle


Example Configuration

<SafetyAnalysisConfigs> 
<SafetyAnalysisConfig id="33">
        <MainItem itemType="CNDE"/>                           
        <ViewSettings>
            <Caption>Safety goals</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview safety goal</Description>
            <Image typeImage="125"/>
        </ViewSettings>

        <MappingItem itemType="EASG"> 
            <UIName>Safety goal</UIName>
            <PartFromMainToMappingItem partType="DESG"/>
            <Attributes>REID;EAA1</Attributes>
            <DefaultMappingName> XYZ of #{Row}</DefaultMappingName> 
        </MappingItem>

        <RowItems>
            <UIName>Hazardous event</UIName>
            <PathFromMain>/DEHE[@26CAS != 'QM']</PathFromMain>
            <PartFromMappingItem partType="SGDF"/>
            <Attributes>26SG;26AS</Attributes>              
        </RowItems>
    </SafetyAnalysisConfig> 
</SafetyAnalysisConfigs>

Explanation of the Configuration Elements

The <SafetyAnalysisConfigs> and <SafetyAnalysisConfig id=""> elements build the structure of the configuration and the individual configurations. The id attribute in <SafetyAnalysisConfig > identifies the specific configuration, and should be a unique string value when multiple configurations exist in SafetyAnalysisConfigs.


 <MainItem itemType=""/>  identifies the item type for which the configuration is valid. The itemType attribute is the SID of the main item type.
<ViewSettings> see the view setting description for the CoverageMatrixConfigs above.

The <MappingItem itemType=""> defines the mapping item properties, which are SID, UIName, PartFromMainToMappingItem , attributes, and default name. The attribute itemType is the SID of the mapping item type.

  • <UIName> specifies the user interface label for the mapping item.
  • <PartFromMainToMappingItem partType=""/> specifies the part type from the main item type to mapping item type. The attribute partType is the part SID from the main item type to mapping item type.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single
  • <DefaultMappingName> defines the default name for the mapping item, which can be a combination between  StringValue and RowValue (in any order).

The <RowItems> includes options that control the appearance in the UI, collecting row items and defining part from mapping to row item.  

  • <UIName> specifies the user interface label for the row item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items. 
  • <PartFromMappingItem partType=""/> specifies the part type from the mapping item to the row item. The partType attribute is the SID of the part from mapping item to row item.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in the view. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single



Example Result


What's Next?

Check out examples of configured safety grids, graphs and charts