research-article

Open access

Cut Set Analysis using Behavior Trees and model checking

Authors:

Peter A. Lindsay,

Nisansala Yatapanage,

Kirsten WinterAuthors Info & Claims

Formal Aspects of Computing, Volume 24, Issue 2

Pages 249 - 266

https://doi.org/10.1007/s00165-011-0181-8

Published: 01 March 2012 Publication History

Abstract

Safety analysis can be labour intensive and error prone for system designers. Moreover, even a relatively minor change to a system’s design can necessitate a complete reworking of the system safety analysis. This paper proposes the use of Behavior Trees and model checking to automate Cut Set Analysis (CSA) : that is, the identification of combinations of component failures that can lead to hazardous system failures. We demonstrate an automated incremental approach to CSA, in which models are extended incrementally and previous results incorporated in such a way as to significantly reduce the time and effort required for the new analysis. The approach is demonstrated on a case study concerning the hydraulics systems for the Airbus A320 aircraft.

References

References

[1]

Bahill AT, Alford M, Bharathan K, Clymer JR, Dean DL, Duke J, Hill G, LaBudde EV, Taipale EJ, and Wymore AW The design-methods comparison project IEEE Trans Syst Man Cybern Part C Appl Rev 1998 28 1 80-103

Digital Library

[2]

Bozzano M, Cavallo A, Cifaldi M, Valacca L, Villafiorita A (2003) Improving safety assessment of complex systems: An industrial case study. In: Araki K, Gnesi S, Mandrioli D (eds) Proc. Int. Symp. of Formal Methods Europe (FME). LNCS, vol 2805. Springer, Heidelberg, pp 208–222

[3]

Bieber P, Castel C, Seguin C (2002) Combination of fault tree analysis and model checking for safety assessment of complex system. In: Grandoni F (ed) Proc. 4th European Dependable Computing Conference (EDCC). LNCS, vol 2485. Springer, Berlin, pp 19–31

[4]

Broy M, Kruger IH, Pretschner A, and Salzmann C Engineering automotive software Proc IEEE 2007 95 2 356-373

[5]

Bozzano M, Villafiorita A (2003) Improving system reliability via model checking: the FSAP/NuSMV-SA safety analysis platform. In: Proc. Int. Conf. on Computer Safety, Reliability, and Security (SAFECOMP). LNCS, vol 2788. Springer, Berlin, pp 49–62

[6]

Bozzano M and Villafiorita A The FSAP/NuSMV-SA safety analysis platform Int J Softw Tools Technol Transf (STTT) 2007 9 5-24

[7]

Cimatti A, Clarke E, Giunchiglia F, Roveri M (1999) NuSMV: A new symbolic model verifier. In: Proc. Int. Conf. on Computer Aided Verfication (CAV). LNCS, vol 1633. Springer, Berlin, pp 495–499

[8]

Cichocki T, Górski J (2001) Formal support for fault modelling and analysis. In: Voges U (ed) Proc. Int. Conf. on Computer Safety, Reliability and Security (SAFECOMP). LNCS, vol 2187. Springer, Berlin, pp 190–199

[9]

Clarke EM, Grumberg O, McMillan KL, Zhao X (1995) Efficient generation of counterexamples and witnesses in symbolic model checking. In: Proc. 32nd ACM/IEEE Design Automation Conference (DAC). ACM, New York, pp 427–432.

[10]

Clarke E, Grumberg O, and Peled D Model checking 2000 Cambridge MIT Press

Digital Library

[11]

Conmy P, McDermid J (2001) High level failure analysis for Integrated Modular Avionics. In: Proc. 6th Australian Workshop on Safety Critical Systems and Software (SCS), Australian Computer Society, Sydney, pp 13–21

[12]

Cha S, Son H, Yoo J, Jee E, and Seong PH Systematic evaluation of fault trees using real-time model checker UPPAAL Reliab Eng Syst Saf 2003 82 1 11-20

[13]

de Moura L, Owre S, Rueß H, Rushby J, Shankar N, Sorea M, Tiwari A (2004) SAL 2. In: Rajeev Alur and Doron Peled (eds) Proc. Int. Conf. on Computer-Aided Verification (CAV 2004). LNCS, vol 3114. Springer, Berlin, pp 496–500

[14]

Dromey RG (2003) From requirements to design: Formalizing the key steps. In: Proc. 1st Int. Conf. on Software Engineering and Formal Methods (SEFM), IEEE Computer Society, Washington, pp 2–13

[15]

Dromey RG (2005) Genetic design: Amplifying our ability to deal with requirements complexity. In: Scenarios: Models, Transformations and Tools. LNCS, vol 3466. Springer, Berlin, pp 95–108

[16]

Dromey RG Climbing over the “no silver bullet” brick wall IEEE Softw 2006 23 120 118-119

[17]

Emerson EA van Leeuwen J Temporal and modal logic Handbook of Theoretical Coomputer Science, vol B 1990 Amsterdam Elsevier Science Publishers

[18]

Fenelon P, McDermid JA, Nicholson M, and Pumfrey DJ Towards integrated safety analysis and design ACM Comput Rev 1994 2 1 21-32

Digital Library

[19]

Gasser P-M (2007) A320 hydraulics. http://pmgasser.ch/airbus_memos/downloads/A320_HYD.pdf

[20]

Grunske L, Lindsay PA, Yatapanage N, Winter K (2005) An automated failure mode and effect analysis based on high-level design specification with Behavior Trees. In: Judi Romijn, Graeme Smith, and Jaco van de Pol (eds) Proc. of Int Conf. on Integrated Formal Methods (IFM 2005). LNCS, vol 3771. Springer, Berlin, pp 129–149

[21]

Heimdahl MPE, Choi Y, and Whalen MW Deviation analysis: a new use of model checking Autom Softw Eng 2005 12 3 321-347

Digital Library

[22]

Heitmeyer C, Kirby James, Labaw Bruce, Archer Myla, and Bharadwaj Ramesh Using abstraction and model checking to detect safety violations in requirements specifications IEEE Trans Softw Eng 1998 24 11 927-947

Digital Library

[23]

Jerker H and Simin N-T Formal verification of fault tolerance in safety-critical reconfigurable modules Int J Softw Tools Technol Transfer 2005 7 268-279

[24]

Leveson NG Safeware: system safety and computers 1995 Boston Addison-Wesley

[25]

Lindsay PA (2010) Behavior trees: from systems engineering to software engineering. In: Proc. Software Eng. and Formal Methods (SEFM), Pisa. IEEE Computer Society, Washington, pp 21–30

[26]

Lindsay PA, Winter K, Yatapanage N (2010) Safety assessment using Behavior Trees and model checking. In: Proc. Software Eng. and Formal Methods (SEFM), Pisa. IEEE Computer Society, Washington, pp 181–190

[27]

Lindsay P, Winter K, Yatapanage N (2011) The A320 hydraulics case study. http://www.itee.uq.edu.au/~dccs/CSA

[28]

Meriweather J (2011) A320 hydraulic and fuel controls. http://www.meriweather.com/320/over/hydfuel.html

[29]

Ortmeier F, Schellhorn G (2007) Formal Fault Tree Analysis—practical experiences. Electronic Notes in Theoretical Computer Science, 185:139–151, 2007. Proc. 6th Int. Workshop on Automated Verification of Critical Systems (AVoCS 2006)

[30]

Ortmeier F, Thums A, Schellhorn G, Reif W (2004) Combining formal methods and safety analysis: The ForMoSA approach. In: Integration of Software Specification Techniques for Applications in Engineering. Lecture Notes in Computer Science, vol 3147. Springer, Berlin, pp 474–493

[31]

Papadopoulos Y, Maruhn M (2001) Model-based synthesis of fault trees from Matlab-Simulink models. In: Proc. Int. Conf. on Dependable Systems and Networks (DSN 2001). IEEE Computer Society, Washington, pp 77–82

[32]

Powell D (2007) Requirements evaluation using Behavior Trees—findings from industry. In: Industry track of Australian Software Engineering Conference (ASWEC). http://www.behaviorengineering.org

[33]

Rauzy A Mode automata and their compilation into fault trees Reliab Eng Syst Saf 2002 78 1 1-12

[34]

Rauzy A and Dutuit Y Exact and truncated computations of prime implicants of coherent and non-coherent fault trees within Aralia Reliab Eng Syst Saf 1997 58 2 127-144

[35]

Reese JD, Leveson NG (1997) Software deviation analysis. In: Proc. 19th Int. Conf. on Software Engineering (ICSE). ACM Press, New York, pp 250–261

[36]

Rae A, Lindsay P (2004) A behaviour-based method for fault tree generation. In: Int. System Safety Conference, System Safety Society, VA, pp 289–298

[37]

Society for Automotive Engineers (1996) Certification considerations for highly-integrated or complex aircraft systems. Aerospace Recommended Practice ARP 4754

[38]

Society for Automotive Engineers (1996) Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment. Aerospace Recommended Practice ARP 4761

[39]

Storey N Safety-critical computer systems 1996 Boston Addison-Wesley

Digital Library

[40]

Vesely W et al (2002) Fault Tree Handbook with Aerospace Applications. NASA, http://www.hq.nasa.gov/office/codeq/doctree/fthb.pdf

[41]

Wen L, Dromey RG (2004) From requirements change to design change: a formal path. In: Proc. 2nd Int. Conf. on Software Engineering and Formal Methods (SEFM). IEEE Computer Society, Washington, pp 104–113

[42]

Yeh YC (1998) Design considerations in Boeing 777 fly-by-wire computers. In: Proc. 3rd Int. High-Assurance Systems Engineering (HASE) Symposium, IEEE, Washington, pp 64–72

Cited By

Haijun XQi Z(2017)Simulation and real time analysis of network protection tripping strategy based on behavior treesCluster Computing10.1007/s10586-017-1207-722:S3(5269-5278)Online publication date: 13-Oct-2017
https://doi.org/10.1007/s10586-017-1207-7
Kromodimoeljo SLindsay P(2015)Automatic Generation of Minimal Cut SetsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.184.3184(33-47)Online publication date: 10-Jun-2015
https://doi.org/10.4204/EPTCS.184.3
Ahmed KWen LSattar AFarid R(2015)Semantic Network ModelProceedings of the 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS.2015.31(194-197)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1109/ICECCS.2015.31
Show More Cited By

Recommendations

Traceability and model checking to support safety requirement verification
FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Ensuring safety-critical software safety requires strict verification of the conformance between safety requirements and programs. Formal verification techniques, such as model checking and theorem proving, can be used to partially realize this ...
An automated failure mode and effect analysis based on high-level design specification with behavior trees
IFM'05: Proceedings of the 5th international conference on Integrated Formal Methods

Formal methods have significant benefits for developing safety critical systems, in that they allow for correctness proofs, model checking safety and liveness properties, deadlock checking, etc. However, formal methods do not scale very well and demand ...
Safety Assessment Using Behavior Trees and Model Checking
SEFM '10: Proceedings of the 2010 8th IEEE International Conference on Software Engineering and Formal Methods

This paper demonstrates the use of Behavior Trees and model checking to assess system safety requirements for a system containing substantial redundancy. The case study concerns the hydraulics systems for the Airbus A320 aircraft, which are critical for ...

Comments

Information & Contributors

Information

Published In

cover image Formal Aspects of Computing

Formal Aspects of Computing Volume 24, Issue 2

Mar 2012

142 pages

ISSN:0934-5043

EISSN:1433-299X

Issue’s Table of Contents

© British Computer Society 2011.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 March 2012

Accepted: 14 April 2011

Revision received: 14 April 2011

Received: 15 January 2011

Published in FAC Volume 24, Issue 2

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
101
Total Downloads

Downloads (Last 12 months)68
Downloads (Last 6 weeks)11

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Haijun XQi Z(2017)Simulation and real time analysis of network protection tripping strategy based on behavior treesCluster Computing10.1007/s10586-017-1207-722:S3(5269-5278)Online publication date: 13-Oct-2017
https://doi.org/10.1007/s10586-017-1207-7
Kromodimoeljo SLindsay P(2015)Automatic Generation of Minimal Cut SetsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.184.3184(33-47)Online publication date: 10-Jun-2015
https://doi.org/10.4204/EPTCS.184.3
Ahmed KWen LSattar AFarid R(2015)Semantic Network ModelProceedings of the 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS.2015.31(194-197)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1109/ICECCS.2015.31
Yatapanage NWinter K(2015)Next-preserving branching bisimulationTheoretical Computer Science10.1016/j.tcs.2015.05.013594:C(120-142)Online publication date: 23-Aug-2015
https://dl.acm.org/doi/10.1016/j.tcs.2015.05.013
Ahmed KNewton MWen LSattar ACrnkovic IChechik MGrünbacher P(2014)Formalisation of the integration of behavior treesProceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering10.1145/2642937.2642945(779-784)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2642937.2642945
Ahmed KWen LSattar A(2014)iRE: A semantic network based interactive requirements engineering framework2014 Second World Conference on Complex Systems (WCCS)10.1109/ICoCS.2014.7060963(171-177)Online publication date: Nov-2014
https://doi.org/10.1109/ICoCS.2014.7060963

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents