Abstract
Functional Hazard Assessment (FHA) is a key early-stage engineering process that supports the incorporation of safety in design by identifying the high-level functional hazards the system may encounter. While many FHA-like methodologies have been proposed in the design engineering literature, many of these methodologies have had difficulty becoming accepted industry practice. Industry standards, on the other hand, either provide too little recommendation on how to represent the function of the system to perform FHA, or rely on existing design artefacts which insufficiently support the goals of the process. This paper presents some of the problems with current modelling languages (both proposed and used) for FHA which limit the scope, expressiveness, flexibility, and precision of the analysis. It then outlines desirable principles an FHA-supporting analysis language should embody, and introduces the Functional Reasoning Design Language (FRDL), a formal modelling language for describing the functional elements of a system and their interactions, which aims to satisfy these principles. To demonstrate the use of this language, the modelling and hazard analysis of a disaster response drone is presented. While this case study is limited in scope, it highlights how FRDL can represent system function while reducing the ambiguity present in typical FHA-supporting functional modelling languages.
