Safety Requirements and Fault Trees Using Retrenchment

In the formal modelling of safety critical systems, an initial abstract model captures the ideal, fault free, conception of the system. Subsequently, this model is enriched with the detail required to deal with envisaged faults that the system is designed to be robust against, resulting in a concrete extended system model. Normally, conventional refinement cannot provide a formal account of the relationship between the two models. Retrenchment, a liberalisation of refinement introduced to address such situations, allows model evolution, and is deployed to provide a formal account of the fault injection process that yields the extended system model. The simulation relationship of retrenchment is used to derive fault trees for the faults introduced during the injection process. A two bit adder example drawn from the FSAP/NuSMV-SA safety analysis platform is used to illustrate the technique.

[1]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[2]  Willem-Paul de Roever,et al.  Data Refinement: Theory , 1998 .

[3]  Willem-Paul de Roever,et al.  Data Refinement by Willem-Paul de Roever , 1998 .

[4]  Didier Bert B’98: Recent Advances in the Development and Use of the B Method , 1998, Lecture Notes in Computer Science.

[5]  Jonathan Jacky The way of Z , 1996 .

[6]  Marco Bozzano,et al.  ESACS: an integrated methodology for design and safety analysis of complex systems , 2003 .

[7]  Rolf Adams,et al.  Limitations of formal methods and an approach to improvement , 1995, Proceedings 1995 Asia Pacific Software Engineering Conference.

[8]  Jim Woodcock,et al.  Refinement of State-Based Concurrent Systems , 1990, VDM Europe.

[9]  Marco Bozzano,et al.  Improving Safety Assessment of Complex Systems: An Industrial Case Study , 2003, FME.

[10]  Richard Banach,et al.  Retrenchment and Punctured Simulation , 1999, IFM.

[11]  Richard Banach,et al.  Sharp Retrenchment, Modulated Refinement and Simulation , 2005, Formal Aspects of Computing.

[12]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[13]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[14]  Kaisa Sere,et al.  Program Development by Refinement: Case Studies Using The B Method , 1998 .

[15]  Jonathan P. Bowen,et al.  Formal Methods and Software Safety , 1992 .

[16]  John Derrick,et al.  Refinement in Z and Object-Z , 2001 .

[17]  Richard Banach,et al.  Structuring Retrenchments in B by Decomposition , 2003, FME.

[18]  Richard Banach,et al.  Retrenchment: An Engineering Variation on Refinement , 1998, B.

[19]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[20]  Jane Sinclair,et al.  Introduction to formal specification and Z , 1991, Prentice Hall International Series in Computer Science.

[21]  M. Bozzano,et al.  Integrating Fault Tree Analysis with Event Ordering Information ∗ , 2003 .

[22]  Eerke Albert Boiten,et al.  IO-refinement in Z , 1998, FM-Trends 1998.

[23]  Stefania Gnesi,et al.  FME 2003: Formal Methods: International Symposium of Formal Methods Europe, Pisa, Italy, September 8-14, 2003. Proceedings , 2003, Lecture Notes in Computer Science.

[24]  Eerke Albert Boiten,et al.  Refinement in Z and Object-Z: Foundations and Advanced Applications , 2001 .

[25]  Shaoying Liu,et al.  The practice of formal methods in safety-critical systems , 1995, J. Syst. Softw..

[26]  Richard Banach,et al.  Requirements validation by lifting retrenchments in B , 2004, Proceedings. Ninth IEEE International Conference on Engineering of Complex Computer Systems.

[27]  Steve Schneider The B-method - an introduction , 2001, The cornerstones of computing series.

[28]  R. Banacha,et al.  Retrenching Partial Requirements into System Definitions : A Simple Feature Interaction Case Study , 2022 .

[29]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[30]  Marco Bozzano,et al.  Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform , 2003, SAFECOMP.