Improving Safety Assessment of Complex Systems: An Industrial Case Study

The complexity of embedded controllers is steadily increasing. This trend, stimulated by the continuous improvement of the computational power of hardware, demands for a corresponding increase in the capability of design and safety engineers to maintain adequate safety levels. The use of formal methods during system design has proved to be effective in several practical applications. However, the development of certain classes of applications, like, for instance, avionics systems, also requires the behaviour of a system to be analysed under certain degraded situations (e.g., when some components are not working as expected). The integration of system design activities with safety assessment and the use of formal methods, although not new, are still at an early stage. These goals are addressed by the ESACS project, a European- Union-sponsored project grouping several industrial companies from the aeronautic field. The ESACS project is developing a methodology and a platform – the ESACS platform – that helps safety engineers automating certain phases of their work. This paper reports on the application of the ESACS methodology and on the use of the ESACS platform to a case study, namely, the Secondary Power System of the Eurofighter Typhoon aircraft.

[1]  M. Bozzano,et al.  Integrating Fault Tree Analysis with Event Ordering Information ∗ , 2003 .

[2]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[3]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[4]  Jacques Devooght,et al.  Probabilistic Dynamics : The Mathematical and Computing Problems Ahead , 1994 .

[5]  David Coppit,et al.  Combining various solution techniques for dynamic fault tree analysis of computer systems , 1998, Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231).

[6]  Mary Sheeran,et al.  A Tutorial on Stålmarcks's Proof Procedure for Propositional Logic , 1998, FMCAD.

[7]  Antoine Rauzy,et al.  The AltaRica Formalism for Describing Concurrent Systems , 1999, Fundam. Informaticae.

[8]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[9]  Olivier Coudert,et al.  Fault Tree Analysis: 1020 Prime Implicants and Beyond , 1993 .

[10]  Carol-Sophie Smidts,et al.  Probabilistic reactor dynamics. II: A Monte Carlo study of a fast reactor transient , 1992 .

[11]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[12]  Peter Liggesmeyer,et al.  Improving system reliability with automatic fault tree generation , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[13]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[14]  Ioannis A. Papazoglou Markovian Reliability Analysis of Dynamic Systems , 1994 .

[15]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[16]  David Coppit,et al.  The Galileo fault tree analysis tool , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[17]  Gilles Audemard,et al.  Bounded Model Checking for Timed Systems , 2002, FORTE.

[18]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[19]  Mary Sheeran,et al.  A Tutorial on Stålmarck's Proof Procedure for Propositional Logic , 2000, Formal Methods Syst. Des..

[20]  Pierre Bieber,et al.  Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System , 2002, EDCC.

[21]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[22]  Tunc Aldemir,et al.  Computer-Assisted Markov Failure Modeling of Process Control Systems , 1987, IEEE Transactions on Reliability.

[23]  Olivier Coudert,et al.  Implicit and incremental computation of primes and essential primes of Boolean functions , 1992, [1992] Proceedings 29th ACM/IEEE Design Automation Conference.

[24]  Olivier Coudert,et al.  Fault tree analysis: 10/sup 20/ prime implicants and beyond , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[25]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[26]  M. Marseguerraa,et al.  A concept paper on dynamic reliability via Monte Carlo simulation , 1998 .

[27]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[28]  N. Siu,et al.  Risk assessment for dynamic systems: An overview , 1994 .

[29]  Piergiorgio Bertoli,et al.  A SAT Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions , 2002, CADE.

[30]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.