“…RELATED WORK While there has been work in formal modelling for safetycritical systems, especially in the context of formal system development [5], and runtime models for managing self adaptation and the complexity of evolving software behaviour while it is executing [6], there appears to be scant work on formal modelling to inform (human) operational decision making during the execution of safety-critical systems. One issue for quantitative analysis of dependable systems development is state space explosion and numerical simulation difficulties in the presence of rare events [7].…”