State/event fault trees - A safety analysis model for software-controlled systems

Safety models for software-controlled systems should be intuitive, compositional and have the expressive power to model both software and hardware behaviour. Moreover, they should provide quantitative results for failure or hazard probabilities. Fault trees are an accepted and intuitive model for safety analysis, but they are incapable of expressing state dependencies or temporal order of events. We propose to combine fault trees with an explicit State/Event semantics using a graphical notation that is similar to Statecharts. Our new model, named State-Event Fault Trees (SEFTs), subsumes both deterministic state machines suited to describe software behaviour, and Markov chains that model probabilistic failures, while keeping the visualisation of causal chains known from fault trees. We allow exponentially distributed probabilistic events, deterministic delays and triggered events. The model is compositional and joins components by typed ports. Quantitative evaluation is achieved by translating the component models to Deterministic and Stochastic Petri Nets (DSPNs) and using an existing tool for analysis. This paper, which is an extended version of [17], revisits the model elements and the analysis procedure and provides a small case study of a fire alarm system, completed by an outlook on our tool project ESSaRel.

[1]  G. S. Hura,et al.  The use of Petri nets to analyze coherent fault trees , 1988 .

[2]  Bernhard Kaiser,et al.  State event fault trees: a safety and reliability analysis technique for software controlled systems , 2006 .

[3]  J. Dugan,et al.  A modular approach for analyzing static and dynamic fault trees , 1997, Annual Reliability and Maintainability Symposium.

[4]  Giuliana Franceschinis,et al.  Exploiting Petri nets to support fault tree based dependability analysis , 1999, Proceedings 8th International Workshop on Petri Nets and Performance Models (Cat. No.PR00331).

[5]  Peter Liggesmeyer,et al.  A New Component Concept for Fault Trees , 2003, SCS.

[6]  John A. McDermid,et al.  An integrated tool set for software safety analysis , 1993, J. Syst. Softw..

[7]  B. Kaiser,et al.  Extending the expressive power of fault trees , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[8]  Gerhard Schellhorn,et al.  Formal Fault Tree Semantics , 2002 .

[9]  Bran Selic,et al.  Real-time object-oriented modeling , 1994, Wiley professional computing.

[10]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[11]  Janusz Górski,et al.  Towards A Common Safety Description Model , 1991 .

[12]  Gianfranco Ciardo,et al.  Analysis of deterministic and stochastic Petri nets , 1993, Proceedings of 5th International Workshop on Petri Nets and Performance Models.

[13]  Kerstin Buchacker,et al.  Combining Fault Trees And Petri Nets To Model Safety-Critical Systems , 1999 .

[14]  Reinhard German,et al.  Transient Analysis of Deterministic and Stochastic Petri Nets with TimeNET , 1995, MMB.

[15]  Marco Ajmone Marsan,et al.  On Petri nets with deterministic and exponentially distributed firing times , 1986, European Workshop on Applications and Theory of Petri Nets.

[16]  Janusz Górski Extending Safety Analysis Techniques with Formal Semantics , 1994 .

[17]  Bernhard Kaiser,et al.  State-Event-Fault-Trees - A Safety Analysis Model for Software Controlled Systems , 2004, SAFECOMP.

[18]  David Coppit,et al.  Developing a low-cost high-quality software tool for dynamic fault-tree analysis , 2000, IEEE Trans. Reliab..

[19]  W E Vesely,et al.  Fault Tree Handbook , 1987 .