State-Event-Fault-Trees - A Safety Analysis Model for Software Controlled Systems

Safety models for software-controlled systems should be intuitive, compositional and have the expressive power to model both software and hardware behaviour. Moreover, they should provide quantitative results for failure or hazard probabilities. Fault Trees are an accepted and intuitive model for safety analysis, but they are incapable of expressing state dependencies or temporal order of events. We propose to enrich Fault Trees with State/Event semantics. We use a graphical notation that is similar to Statecharts. Our model subsumes deterministic state machines that are suited to describe software behaviour and Markov Chains that model probabilistic failures. We allow exponentially distributed probabilistic events, deterministic delays and triggered events. The model is compositional and joins components by ports. Quantitative evaluation is achieved by translating the component models to Deterministic and Stochastic Petri Nets (DSPNs) and using an existing tool for analysis. We introduce the model and the analysis procedure and provide a small case study of a fire alarm system, completed by an outlook on our tool project ESSaRel.

[1]  David Coppit,et al.  Developing a low-cost high-quality software tool for dynamic fault-tree analysis , 2000, IEEE Trans. Reliab..

[2]  Janusz Górski Extending Safety Analysis Techniques with Formal Semantics , 1994 .

[3]  Giuliana Franceschinis,et al.  Exploiting Petri nets to support fault tree based dependability analysis , 1999, Proceedings 8th International Workshop on Petri Nets and Performance Models (Cat. No.PR00331).

[4]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[5]  Janusz Górski,et al.  Timing Aspects of Fault Tree Analysis of Safety Critical Systems , 1997 .

[6]  Falko Bause,et al.  Quantitative Evaluation of Computing and Communication Systems , 1995, Lecture Notes in Computer Science.

[7]  John A. McDermid,et al.  An integrated tool set for software safety analysis , 1993, J. Syst. Softw..

[8]  G. S. Hura,et al.  The use of Petri nets to analyze coherent fault trees , 1988 .

[9]  Bran Selic,et al.  Real-time object-oriented modeling , 1994, Wiley professional computing.

[10]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[11]  Marco Ajmone Marsan,et al.  On Petri nets with deterministic and exponentially distributed firing times , 1986, European Workshop on Applications and Theory of Petri Nets.

[12]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[13]  Janusz Górski,et al.  Towards A Common Safety Description Model , 1991 .

[14]  Reinhard German,et al.  Transient Analysis of Deterministic and Stochastic Petri Nets with TimeNET , 1995, MMB.

[15]  Peter Liggesmeyer,et al.  A New Component Concept for Fault Trees , 2003, SCS.

[16]  B. Kaiser,et al.  Extending the expressive power of fault trees , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[17]  Felix Redmill,et al.  Technology and Assessment of Safety-Critical Systems , 1994, Springer London.

[18]  J. Dugan,et al.  A modular approach for analyzing static and dynamic fault trees , 1997, Annual Reliability and Maintainability Symposium.

[19]  Grzegorz Rozenberg Advances in Petri Nets 1987 , 1986, Lecture Notes in Computer Science.

[20]  Gianfranco Ciardo,et al.  Analysis of deterministic and stochastic Petri nets , 1993, Proceedings of 5th International Workshop on Petri Nets and Performance Models.

[21]  Gerhard Schellhorn,et al.  Formal Fault Tree Semantics , 2002 .