Abstract
Safety Instrumented Systems (SIS) protect major hazard facilities, e.g. power plants, against catastrophic accidents. An SIS consists of hardware components and a controller software – the “program”. Current safety analyses of SIS’ include the construction of a fault tree, summarising potential faults of the components and how they can arise within an SIS. The exercise of identifying faults typically relies on the experience of the safety engineer. Unfortunately the program part is often too complicated to be analysed in such a “by hand” manner and so the impact it has on the resulting safety analysis is not accurately captured. In this paper we demonstrate how a formal model for faults and failure modes can be used to analyse the impact of an SIS program. We outline the underlying concepts of Failure Mode Reasoning and its application in safety analysis, and we illustrate the ideas on a practical example.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In this paper the term program refers to the software code run by SIS CPU; also known in safety standards as SIS Application Program [16].
- 2.
Note that in Fig. 2b the FMR analysis would produce a different result, i.e. \((o \text { being} \textsf {f}~\text {by fault}) \Rightarrow (i_1 \text { reads too low}) \wedge (i_2 \text { reads too low})\).
- 3.
In our abstract model we use a single type \(\mathcal{V}\) for simplicity of presentation.
- 4.
Note here that we are distinguishing the types in the example.
- 5.
More precisely we would define failure modes separately on inputs and outputs, and indeed this is what happens in practice. To simplify the presentation however we assume that there is a single partition which serves to define failure modes on a single set, without distinguishing between inputs and outputs.
- 6.
Recall that for simplicity we assume that the function modes \({\mathcal {P}}\) applies to both functions f and g.
- 7.
We do not treat non-termination nor partial functions.
References
Berghammer, R., Zierer, H.: Relational algebraic semantics of deterministic and nondeterministic programs. Theoret. Comput. Sci. 43, 123–147 (1986)
Bobrow, D.G.: Qualitative reasoning about physical systems: an introduction. Artif. Intell. 24(1–3), 1–5 (1984)
Bozzano, M., Cimatti, A., Mattarei, C., Tonetta, S.: Formal safety assessment via contract-based design. In: Cassez, F., Raskin, J.-F. (eds.) ATVA 2014. LNCS, vol. 8837, pp. 81–97. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11936-6_7
Clarke, E.M., Henzinger, T.A., Veith, H., Bloem, R.: Handbook of model checking, vol. 10. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-10575-8
Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)
Crama, Y., Hammer, P.L.: Boolean Functions: Theory, Algorithms, and Applications. Cambridge University Press, Cambridge (2011)
Harel, D.K.D., Tiuryn, J.: Dynamic Logic. Foundations of Computing. MIT Press, Cambridge (2000)
Davis, R.: Diagnostic reasoning based on structure and behavior. Artif. Intell. 24(1–3), 347–410 (1984)
De Kleer, J., Brown, J.S.: A qualitative physics based on confluences. Artif. Intell. 24(1–3), 7–83 (1984)
de Moura, L., Bjørner, N.: Satisfiability modulo theories: an appetizer. In: Oliveira, M.V.M., Woodcock, J. (eds.) SBMF 2009. LNCS, vol. 5902, pp. 23–36. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10452-7_3
Dijkstra, E.W.: A Discipline of Programming, vol. 1. Prentice-Hall, Englewood Cliffs (1976)
Fantechi, A., Gnesi, S.: On the adoption of model checking in safety-related software industry. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 383–396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24270-0_28
Feiler, P., Delange, J.: Automated fault tree analysis from aadl models. ACM SIGAda Ada Lett. 36(2), 39–46 (2017)
Genesereth, M.R.: The use of design descriptions in automated diagnosis. Artif. Intell. 24(1–3), 411–436 (1984)
IEC: Programmable controllers - Part 3: Programming languages (2013)
IEC: Functional safety-Safety instrumented systems for the process industry sector - Part 1: Framework, definitions, system, hardware and application programming requirements (2016)
Jahanian, H.: Failure mode reasoning. In: 2019 4th International Conference on System Reliability and Safety (ICSRS), pp. 295–303. IEEE (2019)
Jahanian, H., McIver, A.: Reasoning with failures. arXiv preprint arXiv:2007.10841 (2020)
Jahanian, H., Parker, D., Zeller, M., McIver, A., Papadopoulos, Y.: Failure mode reasoning in model based safety analysis. In: 7th International Symposium on Model-Based Safety and Assessment (2020)
Kabir, S.: An overview of fault tree analysis and its application in model based dependability analysis. Expert Syst. Appl. 77, 114–135 (2017)
Kaiser, B., Liggesmeyer, P., Mäckel, O.: A new component concept for fault trees. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software, vol. 33, pp. 37–46. ACS Inc. (2003)
Lahtinen, J., Valkonen, J., Björkman, K., Frits, J., Niemelä, I., Heljanko, K.: Model checking of safety-critical software in the nuclear engineering domain. Reliab. Eng. Syst. Saf. 105, 104–113 (2012)
Li, S., Li, X.: Study on generation of fault trees from altarica models. Proc. Eng. 80, 140–152 (2014)
Mac Lane, S.: Categories for the Working Mathematician. Springer, Heidelberg (1978). https://doi.org/10.1007/978-1-4757-4721-8
McIver, A.K., Morgan, C., Sanders, J.W.: Application-oriented program semantics. In: South African Computer Society (SAICSIT) (1997)
Morgan, C.: Of wp and CSP. In: Feijen, W.H.J., van Gasteren, A.J.M., Gries, D., Misra, J. (eds.) Beauty is Our Business. Texts and Monographs in Computer Science, pp. 319–326. Springer, New York (1990). https://doi.org/10.1007/978-1-4612-4476-9_37
Papadopoulos, Y., McDermid, J.A.: Hierarchically performed hazard origin and propagation studies. In: Felici, M., Kanoun, K. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 139–152. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48249-0_13
Reiter, R.: A theory of diagnosis from first principles. Artif. Intell. 32(1), 57–95 (1987)
Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29–62 (2015)
Sharvia, S., Papadopoulos, Y.: Integrating model checking with HiP-HOPS in model-based safety analysis. Reliab. Eng. Syst. Saf. 135, 64–80 (2015)
Siemens: Industrial software S7 F/FH Systems - Configuring and Programming. Siemens (2015)
Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault tree handbook (NUREG-0492). US Nuclear Regulatory Commission (1981)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Jahanian, H., McIver, A. (2020). Reasoning with Failures. In: Lin, SW., Hou, Z., Mahony, B. (eds) Formal Methods and Software Engineering. ICFEM 2020. Lecture Notes in Computer Science(), vol 12531. Springer, Cham. https://doi.org/10.1007/978-3-030-63406-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-63406-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63405-6
Online ISBN: 978-3-030-63406-3
eBook Packages: Computer ScienceComputer Science (R0)