Deductive cause-consequence analysis (DCCA)

Abstract In this paper we present a new form of formal safety analysis: deductive cause-consequence analysis (DCCA). Deductive Cause-Consequence Analysis is a way to use formal methods for safety analysis. It substitutes error-prone informal reasoning by mathematical proofs. DCCA allows to rigorously prove whether a failure on component level is the cause for system failure or not. DCCA is a formal generalization of the two most common safety analysis techniques: failure modes and effects analysis (FMEA) and fault tree analysis (FTA). We apply the method to a real world case study: the height control in the Elbe-tunnel in Hamburg. This shows how formal safety analysis with DCCA helps identifying design flaws and weaknesses in a real-world industrial system.

[1]  Pierre Bieber,et al.  Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System , 2002, EDCC.

[2]  Frank Ortmeier,et al.  Safety analysis of the height control system for the Elbtunnel , 2002, Reliab. Eng. Syst. Saf..

[3]  Frank Ortmeier,et al.  Safety optimization: a combination of fault tree analysis and optimization techniques , 2004, International Conference on Dependable Systems and Networks, 2004.

[4]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[5]  Andreas Thums,et al.  Formale Fehlerbaumanalyse , 2004 .

[6]  Michael R. Beauregard,et al.  The Basics of FMEA , 1996 .

[7]  R. C. Bromley,et al.  Failure modes, effects and criticality analysis (FMECA) , 1994 .

[8]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[9]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[10]  Gerhard Schellhorn,et al.  Model Checking FTA , 2003, FME.

[11]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[12]  Frank Ortmeier,et al.  Failure-Sensitive Specification A formal method for finding failure modes , 2004 .

[13]  Gerhard Schellhorn,et al.  Formal Fault Tree Semantics , 2002 .

[14]  R. F. Griffiths,et al.  HAZOP and HAZAN: Notes on the identification and assessment of hazards : by T.A. Kletz, Institution of Chemical Engineers, Rugby, 1983, ISBN 0-85295-165-5, 81 pages, paperback, £8.00 incl. postage and packing. , 1984 .