Fault tree construction of hybrid system requirements using qualitative formal method

When specifying requirements for software controlling hybrid systems and conducting safety analysis, engineers experience that requirements are often known only in qualitative terms and that existing fault tree analysis techniques provide little guidance on formulating and evaluating potential failure modes. In this paper, we propose Causal Requirements Safety Analysis (CRSA) as a technique to qualitatively evaluate causal relationship between software faults and physical hazards. This technique, extending qualitative formal method process and utilizing information captured in the state trajectory, provides specific guidelines on how to identify failure modes and relationship among them. Using a simplified electrical power system as an example, we describe step-by-step procedures of conducting CRSA. Our experience of applying CRSA to perform fault tree analysis on requirements for the Wolsong nuclear power plant shutdown system indicates that CRSA is an effective technique in assisting safety engineers.

[1]  Wei-Tek Tsai,et al.  A framework for designing safe software systems , 1995, Proceedings Nineteenth Annual International Computer Software and Applications Conference (COMPSAC'95).

[2]  Nancy G. Leveson,et al.  Safety verification in MURPHY using fault tree analysis , 1988, Proceedings. [1989] 11th International Conference on Software Engineering.

[3]  Daniel G. Bobrow,et al.  CML: A Compositional Modeling Language , 1994 .

[4]  Janusz Górski,et al.  Formalising Fault Trees , 1995 .

[5]  Jang-Soo Lee,et al.  Behavior verification of hybrid real-time requirements by qualitative formalism , 1997, Proceedings Fourth International Workshop on Real-Time Computing Systems and Applications.

[6]  Michael Friedman,et al.  Software Assessment: Reliability, Safety, Testability , 1995 .

[7]  Nancy G. Leveson,et al.  Safety Analysis of Ada Programs Using Fault Trees , 1983, IEEE Transactions on Reliability.

[8]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[9]  Richard Fikes,et al.  Causal functional representation language with behavior-based semantics , 1995, Appl. Artif. Intell..

[10]  Nancy G. Leveson,et al.  Analyzing Software Safety , 1983, IEEE Transactions on Software Engineering.

[11]  J.-S. Lee,et al.  Qualitative formal method for requirements specification and validation of hybrid real-time safety systems , 2000, IEE Proc. Softw..

[12]  Anders P. Ravn,et al.  From Safety Analysis to Software Requirements , 1998, IEEE Trans. Software Eng..

[13]  Kaisa Sere,et al.  Safety Analysis in Formal Specification , 1999, World Congress on Formal Methods.

[14]  Jonathan S. Ostroff,et al.  Formal methods for the specification and design of real-time safety critical systems , 1992, J. Syst. Softw..

[15]  John A. McDermid,et al.  Software fault trees and weakest preconditions: a comparison and analysis , 1993, Softw. Eng. J..

[16]  John A. McDermid,et al.  An integrated tool set for software safety analysis , 1993, J. Syst. Softw..

[17]  Nancy G. Leveson,et al.  Safety Analysis Using Petri Nets , 1987, IEEE Transactions on Software Engineering.

[18]  Shaoying Liu,et al.  A Model-Oriented Approach to Safety Analysis Using Fault Trees and a Support System , 1996, J. Syst. Softw..

[19]  Stephen Sungdeok Cha A safety-critical software design and verification technique , 1992 .