ESACS: an integrated methodology for design and safety analysis of complex systems

The continuous increase of system complexity – stimulated by the higher complexity of the functionality provided by software-based embedded controllers and by the huge improvement in the computational power of hardware – requires a corresponding increase in the capability of design and safety engineers to maintain adequate safety and reliability levels. Emerging techniques, like formal methods, have the potential of dealing with the growing complexity of such systems and are increasingly being used for the development of critical systems (e.g., aircraft systems, nuclear plants, railways systems), where at stake are not only delays in delivering products and economical losses, but also environmental hazards and public confidence. However, the use of formal methods during certain critical system development phases, e.g. safety analysis, is still at an early stage. In this paper we propose a new methodology, based on these novel techniques and supported by commercial and state-of-the-art tools, whose goal is to improve the safety analysis practices carried out during the development and certification of complex systems. The key ingredient of our methodology is the use of formal methods during both system development and safety analysis. This allows for a tighter integration of safety assessment and system development activities, fast system prototyping, automated safety assessment since the early stages of development, and tool-supported verification and validation. more thorough verification of the system’s correctness with respect to the requirements, by using automated procedures. However, the use of formal methods for safety analysis purposes is still at an early stage. Moreover, even when formal methods are applied during system development, the information linking the design and the safety assessment phases is often carried out by means of informal specifications. The link between design and safety analysis may be seen as an “over the wall process” (Fenelon et al., 1994). A solution to the issues mentioned above is to perform the safety assessment analysis in some automated way, directly from a formal system model originating from the design and safety engineer. This approach is being developed and investigated within the ESACS project (Enhanced Safety Assessment for Complex Systems), an European Union sponsored project in the area of safety analysis, involving several research institutions and leading companies in the fields of avionics and aerospace. The methodology developed within the ESACS project is supported by state-of-the-art and commercial tools for system modeling and traditional safety analysis tools and is being trialed on a set of industrial case studies. Outline of the paper. This paper is structured as follows. In the next section we present the ESACS approach and illustrate its use through a simple example. In section 3 we present the architecture of the ESACS platform. Finally, in section 4 we draw some conclusions and discuss related work.

[1]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[2]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[3]  Olivier Coudert,et al.  Fault tree analysis: 10/sup 20/ prime implicants and beyond , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[4]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[5]  Jonathan P. Bowen,et al.  Industrial-Strength Formal Methods in Practice , 1999, Formal Approaches to Computing and Information Technology (FACIT).

[6]  Olivier Coudert,et al.  Fault Tree Analysis: 1020 Prime Implicants and Beyond , 1993 .

[7]  Antoine Rauzy,et al.  The AltaRica Formalism for Describing Concurrent Systems , 1999, Fundam. Informaticae.

[8]  M. Bozzano,et al.  Integrating Fault Tree Analysis with Event Ordering Information ∗ , 2003 .

[9]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[10]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[11]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[12]  Peter Liggesmeyer,et al.  Improving system reliability with automatic fault tree generation , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[13]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[14]  Pierre Bieber,et al.  Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System , 2002, EDCC.

[15]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .