The mechanical generation of fault trees for reactive systems via retrenchment I: combinational circuits

Banach, Richard; Bozzano, Marco

doi:10.1007/s00165-011-0202-7

Cited by 7 publications

(5 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…7 Now, we see why there was no orange = OFF guard in GearStartMoving_S earlier. If there had been, the second occurrence of GearStartMoving_S would have been disabled in the pilot machine, causing problems.…”

Section: The Nominal Regimementioning

confidence: 96%

“…For this to work, the pilot's handle events are further synchronised with analogical switch events that reset clk_AnSw to the appro- 7 Dealing with this properly in the Conf development caused the majority of the excessive verbosity. 8 It may be argued that the phenomenon being discussed is absent at level 00, so the guard could have been included there, and removed at level 01, but in Event-B refinement, guards are strengthened, so this would have prevented the 00 to 01 development step from being an Event-B refinement.…”

Section: The Nominal Regimementioning

confidence: 99%

“…More up to date treatments include [11,12,14,29]. Applications to mechanised fault tree construction include [7,8].…”

Section: Retrenchment and The Introduction Of Faultsmentioning

confidence: 99%

See 2 more Smart Citations

The landing gear system in multi-machine Hybrid Event-B

Banach

2015

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

A system development case study problem based on a set of aircraft landing gear is examined in Hybrid Event-B (an extension of Event-B that includes provision for continuously varying behaviour as well as the usual discrete changes of state). Although tool support for Hybrid Event-B is currently lacking, the complexity of the case study provides a valuable challenge for the expressivity and modelling capabilities of the Hybrid Event-B formalism. The size of the case study, and in particular, the number of overtly independent subcomponents that the problem domain contains, both significantly exercise the multi-machine and coordination capabilities of the modelling formalism. These aspects of the case study, vital in the development of realistic cyberphysical systems in general, have contributed significant improvements in the theoretical formulation of multi-machine Hybrid Event-B itself.

show abstract

Section: The Nominal Regimementioning

confidence: 96%

Section: The Nominal Regimementioning

confidence: 99%

See 1 more Smart Citation

The landing gear system in multi-machine Hybrid Event-B

Banach

2015

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

show abstract

“…Banach 95,96 developed the reduction method of formal system model evolution into a general structured method for mechanical construction of DFT. On the positive side, automated analysis helped to reduce efforts and prevent errors, especially in the most repetitive and mechanical parts of the analysis.…”

Section: Intelligent Evaluation Of Dftmentioning

confidence: 99%

Integration frameworks and intelligent research in dynamic fault tree: A comprehensive review and future perspectives

Zhu

Jiang

et al. 2023

Quality & Reliability Eng

View full text Add to dashboard Cite

Dynamic fault tree (DFT) is designed to conduct risk assessment studies of complex systems. With the development of intelligent and network technology, risk assessment technology faces a leap forward development. The requirements for improving system safety are being recognized. On the one hand, research on DFT is exploring the integration with different methods. On the other hand, DFT method becomes more intelligent. The purpose of this paper is to identify the feasibility and effectiveness of different integration frameworks. To achieve this goal, a suitable review process is proposed. This paper comprehensively reviews and proposes future perspective the research status of intellectualization in DFT, and focuses on the different types of integration framework of DFT, modeling technology and algorithm optimization, and the support of computer‐aided analysis. Theoretical contributions, frameworks features, and the development process of computer intelligent analysis in the scientific and technical literature are carefully reviewed. Finally, the challenges in future research are summarized to promote the development of intelligent evaluation.

show abstract

“…In this context, faults are represented by contract violations. A different approach to generate hierarchical fault trees is based on retrenchment [BB13a,BB13b]. This framework focuses on the relations between nominal and faulty behaviors, and does not address implementation issues.…”

Section: Fault Tree Analysismentioning

confidence: 99%

Model-based Safety Assessment of a Triple Modular Generator with xSAP

et al. 2021

Self Cite

View full text Add to dashboard Cite

The system design process needs to cope with the increasing complexity and size of systems,motivating the replacement of labor intensivemanual techniques with automated and semi-automated approaches.Recently, formal methods techniques, such as model-based verification and safety assessment, have been increasingly used to model systems under fault and to analyze them, generating artifacts such as fault trees and FMEA tables. In this paper, we show how to apply model-based techniques to a realistic case study from the avionics domain: a high integrity power distribution system, the Triple Modular Generator (TMG). The TMG is composed of a redundant and reconfigurable plant and a controller that must guarantee a high level of reliability. The case study is a significant challenge, from the modeling perspective, since it implements a complex reconfiguration policy, specified via a number of requirements in natural language, including a set of mutually dependent and potentially conflicting priority constraints. Moreover, from the verification standpoint, the controller must be able to handle an exponential number of possible faulty configurations. Our contribution is twofold. First, we formalize and validate the requirements and, using a constraint-based modeling style, we synthesize a correct by construction controller, avoiding the enumeration of all possible fault configurations, as is currently done by manual approaches. Second, we describe a comprehensive methodology and process, supported by the xSAP safety analysis platform that targets the modeling and safety assessment of faulty systems. Using xSAP, we are able to automatically extract minimal cut sets for the TMG. We demonstrate the scalability of our approach by analyzing a parametric version of the TMG case study that contains more than 700 variables and 90 faults.

show abstract

The mechanical generation of fault trees for reactive systems via retrenchment I: combinational circuits

Cited by 7 publications

References 35 publications

The landing gear system in multi-machine Hybrid Event-B

The landing gear system in multi-machine Hybrid Event-B

Integration frameworks and intelligent research in dynamic fault tree: A comprehensive review and future perspectives

Model-based Safety Assessment of a Triple Modular Generator with xSAP

Contact Info

Product

Resources

About