Formal Fault Tree Semantics

In train control systems, more and more (electro-)mechanical devices are substituted by software based devices. To sustain the high level safety standards for these embedded systems, we propose the integration of fault tree analysis and formal methods. This combines two important safety analysis methods from the involved domains of engineering and software development. Our approach proposes to build a formal model of the system together with fault trees, which investigate the safety critical aspects by breaking them down to software and hardware requirements. The events of fault trees are formalized with respect to the model. Formal completeness and correctness conditions are given, using Interval Tempo- ral Logic with continuous semantics. They define a formal semantics of fault trees, which allows cause-consequence relations between events in addition to boolean decomposi- tion. The semantics is therefore suitable for dynamic sys- tems. We will prove, that the conditions guarantee, that the fault tree is a correct and complete analysis of the causes of the considered fault.

[1]  Amir Pnueli,et al.  A Compositional Real-Time Semantics of STATEMATE Designs , 1997, COMPOS.

[2]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[3]  Stuart Anderson,et al.  Validating Safety Models with Fault Trees , 1993, SAFECOMP.

[4]  John A. McDermid,et al.  Experience with the application of HAZOP to computer-based systems , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[5]  Wolfgang Reif,et al.  Verifying Concurrent Systems with Symbolic Execution , 2002, J. Log. Comput..

[6]  Anders P. Ravn,et al.  From Safety Analysis to Software Requirements , 1998, IEEE Trans. Software Eng..

[7]  Ben C. Moszkowski,et al.  A Temporal Logic for Multilevel Reasoning about Hardware , 1985, Computer.

[8]  Janusz Górski Extending Safety Analysis Techniques with Formal Semantics , 1994 .

[9]  Amir Pnueli,et al.  What is in a Step: On the Semantics of Statecharts , 1991, TACS.

[10]  Kirsten Mark Hansen,et al.  Linking Safety Analysis to Safety Requirements: Exemplified by Railway Interlocking Systems , 1996 .

[11]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[12]  Wolfgang Reif,et al.  SAFETY ANALYSIS OF A RADIO-BASED CROSSING CONTROL SYSTEM USING FORMAL METHODS , 2000 .

[13]  Roger D. Leitch Reliability Analysis for Engineers: An Introduction , 1995 .

[14]  Donald J. Reifer,et al.  Software Failure Modes and Effects Analysis , 1979, IEEE Transactions on Reliability.

[15]  C. A. R. Hoare,et al.  A Calculus of Durations , 1991, Inf. Process. Lett..

[16]  Michael R. Hansen,et al.  Semantics and Completeness of Duration Calculus , 1991, REX Workshop.