Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System

Bieber, Pierre; Castel, C.; Seguin, Christel

doi:10.1007/3-540-36080-8_3

Cited by 47 publications

(43 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have used our toolchain to generate the reachable state space of several AltaRica models: 1 RUDDER describes a control system for the rudder of an A340 aircraft [4]; ELEC refers to three simplified electrical generation and power distribution systems for a hypothetical twin jet aircraft; the HYDRAU model describes a hydraulic system similar to the one of the A320 aircraft [8].…”

Section: Compilation Of Altarica and Experimental Evaluationmentioning

confidence: 99%

A Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica

Albore

Zilio

Infantes

et al. 2017

Model-Based Safety and Assessment

Self Cite

View full text Add to dashboard Cite

OATAO is an open access repository that collects the work of Toulouse researchers and makes it freely available over the web where possible. Abstract. The design of complex safety critical systems raises new technical challenges for the industry. As systems become more complex-and include more and more interacting functions-it becomes harder to evaluate the safety implications of local failures and their possible propagation through a whole system. That is all the more true when we add time to the problem, that is when we consider the impact of computation times and delays on the propagation of failures.We describe an approach that extends models developed for Safety Analysis with timing information and provide tools to reason on the correctness of temporal safety conditions. Our approach is based on an extension of the AltaRica language where we can associate timing constraints with events and relies on a translation into a realtime modelchecking toolset. We illustrate our method with an example that is representative of safety architectures found in critical systems.

show abstract

Section: Compilation Of Altarica and Experimental Evaluationmentioning

confidence: 99%

A Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica

Albore

Zilio

Infantes

et al. 2017

Model-Based Safety and Assessment

Self Cite

View full text Add to dashboard Cite

show abstract

“…Further details of the specification language and the FLM methodology fall outside the scope of this paper (for concrete examples we refer readers to [2] and [7] respectively). For the purpose of the illustrative examples in this paper, it is sufficient to note that the Cecilia OCAS tool's sequence generator module automates extraction of the minimal cut sets (i.e.…”

Section: Modelling Approachmentioning

confidence: 99%

Application of the 'lightweight refinement relation to establishing confidence in safety assessment models

Lisagor¹,

Kelly²

2010

5th IET International Conference on System Safety 2010

View full text Add to dashboard Cite

This paper presents a 'lightweight refinement' relation that enables rational comparison of safety assessment models of a system. The comparison process contributes to establishing confidence in adequacy of the models by identification of apparent inconsistencies that require explicit justification.The paper further demonstrates how the 'machinery' of refinement can be applied to individual models to identify key 'simulation cases' and aid the task of model review.

show abstract

“…Nevertheless, failure modes of components must still be injected by a safety engineer into the system model before model checking can be performed. Bieber et al [2] used model checking as a means to check if all unexpected events have been eliminated by conventional FTA techniques. Yang et al [28] defined various fault modes for each component and used model checking in each fault mode to check for safety properties.…”

Section: Related Workmentioning

confidence: 99%

“…The hydraulic system in an advanced airplane such as an Airbus A320 supplies hydraulic power for aircraft control during flight and on the ground [2]. The safety requirements are listed as follows: 1) We need to ensure that we are not in a state of total loss of hydraulic power, which is classified as catastrophic, and 2) we need to verify that a single failure does not result in total loss of power.…”

Section: Airbus A320 Hydraulic Systemmentioning

confidence: 99%

See 1 more Smart Citation

Model Checking Safety-Critical Systems Using Safecharts

Hsiung

Chen

Lin

2007

IEEE Trans. Comput.

View full text Add to dashboard Cite

Abstract-With rapid developments in science and technology, we now see the ubiquitous use of different types of safety-critical systems in our daily lives such as in avionics, consumer electronics, and medical systems. In such systems, unintentional design faults might result in injury or even death to human beings. To make sure that safety-critical systems are really safe, there is a need to verify them formally. However, the verification of such systems is getting more and more difficult because designs are becoming very complex. To cope with high design complexity, currently, model-driven architecture design is becoming a well-accepted trend. However, existing methods of testing and standards conformance are restricted to implementation code, so they do not fit very well with model-based approaches. To bridge this gap, we propose a model-based formal verification technique for safety-critical systems. In this work, the model-checking paradigm is applied to the Safecharts model, which was used for modeling but not yet used for verification. Our contributions listed are as follows: First, the safety constraints in Safecharts are mapped to semantic equivalents in timed automata for verification. Second, the theory for safety constraint verification is proven and implemented in a compositional model checker (that is, the State-Graph Manipulator (SGM)). Third, prioritized and urgent transitions are implemented in SGM to model the risk semantics in Safecharts. Finally, it is shown that the priority-based approach to mutual exclusion of resource usage in the original Safecharts is unsafe and corresponding solutions are proposed here. Application examples show the feasibility and benefits of the proposed model-driven verification of safety-critical systems.

show abstract

Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System

Cited by 47 publications

References 3 publications

A Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica

A Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica

Application of the 'lightweight refinement relation to establishing confidence in safety assessment models

Model Checking Safety-Critical Systems Using Safecharts

Contact Info

Product

Resources

About