Location of Repository

Failure logic modelling: a pragmatic approach

By Oleg Lisagor


The research discipline of model-based system safety assessment, which has emerged in the last two decades, has attracted a significant amount of interest from academia, industry and government agencies. However, the discipline remains largely unorganised with various individual, often conceptually dissimilar, techniques being only categorised and related in an ad hoc fashion.\ud \ud This Thesis identifies a coherent family of model-based safety assessment methods – failure logic modelling – and unifies existing techniques through a single well-defined Metamodel. This Failure Logic Metamodel (FLMM) identifies the key safety engineering concepts captured by failure logic modelling techniques, together with their inter-relationships. Whilst maintaining independence from any individual technique, notation or specification language, the abstract Metamodel has been shown to be instantiable in a third party-specification language (AltaRica Dataflow).\ud \ud The Thesis demonstrates that existing failure logic modelling techniques cannot, without modification, adequately address key pragmatic challenges posed by extant characteristics of modern large-scale and complex safety-critical systems. To address such challenges two key contributions are made through extensions to the metamodel. Firstly, these extensions enable the modelling of reconfigurable systems (including those employing fault accommodation). Secondly, they enable the composition of independently defined models in a variety of settings, such as the composition of models of the same system defined from different viewpoints and composition of models of different systems with un-harmonised interfaces. In addition to these contributions, the general metamodel-based approach adopted by the thesis and proposed has helped identify some significant ‘emergent’ characteristics and limitations of failure logic modelling that, to date, have not been reported.\ud \ud The overall contributions of the Thesis have been evaluated through case studies, peer reviews and direct metamodelling experiments. The findings of these evaluations are presented

Publisher: Computer Science (York)
Year: 2010
OAI identifier: oai:etheses.whiterose.ac.uk:1044

Suggested articles



  1. (1996). A Constraint-Based Nurse Rostering System Using a Redundant Modeling Approach, doi
  2. (1994). A Development of Hazard Analysis to aid Software Design, doi
  3. (2003). A Fault-Tree Semantics to Model Software-Controlled Systems. Softwaretechnik-Trends,
  4. (2006). a Framework for Integrated Safety Analysis of Functional, Geometrical and Human Aspects,
  5. A New Component Concept for Fault Trees, doi
  6. A Scientific Approach to Engineering Design. Design Studies, doi
  7. (2004). A Systematic Approach to Safety Case Management, doi
  8. (2004). A Timed Extension for AltaRica. Fundamenta Informaticae,
  9. (2010). accessed: 1
  10. (2007). Achieving Integrated Process and Product Safety Arguments, doi
  11. (2004). Advanced Simulation Capabilities for Multi-Systems with AltaRica,
  12. Aircraft Safety Process, doi
  13. Airlines Electronics Engineering Committee (ARINC), Avionics Application Software: Standard Interface doi
  14. Airlines Electronics Engineering Committee (ARINC), Specification 664, Part 1: Aircraft Data Network,
  15. (2003). AltaRica-OCAS: L’Atelier de Sûreté de Fonctionnement de Dassault Aviation (Presentation),
  16. (1999). AltaRica: Constraint Automata as a Description Language.
  17. (1993). An Integrated Toolset for Software Safety Analysis. doi
  18. (2005). Analysis Techniques for System Safety. doi
  19. Application of Safety Analyses in Model Driven Development, doi
  20. (1999). Arguing Safety - A Systematic Approach to Managing Safety Cases (PhD Thesis),
  21. (2009). Assessment of Safety Critical Systems: New Model Based Safety Analysis Technique (Industrial Project Report),
  22. (2005). Automatic Generation of Analyzable Failure Propagation Models from Component-Level Failure Annotations, doi
  23. (2007). Behavioral Fault Modelling for Model-based Safety Analysis, doi
  24. (1999). Bi-directional Analysis for Certification of Safety-Critical Software,
  25. (2005). Cause Analysis: Coupling of Functional and Geometrical Models. Dissemination Presentation,
  26. (2007). Cecilia Workshop (c)
  27. (2002). Combination of Fault Tree Analysis and Model Checking for Safety Assessment of Complex System, doi
  28. (2006). Commission (IEC), Analysis techniques for system reliability – Procedure for failure mode and effects analysis (FMEA) (IEC 60812). doi
  29. (2005). Comparing the SEI's Views and Beyond Approach for Documenting Software Architectures with ANSI-IEEE 1471-2000,
  30. Component-Based Abstraction in Fault Tree Analysis, doi
  31. (2009). Component-Based Modelling of Systems for Automated Fault Tree Generation. Reliability Engineering and System Safety, doi
  32. (2005). Compositional Analysis and Verification Approaches to Safety Analysis and Systems Modelling,
  33. (2004). Compositional Hazard Analysis of UML Components and Deployment Models, doi
  34. (2010). Consortium. ASSERT Project Website. Available from: http://www.assert-project.net/ [Last accessed: 1
  35. (2010). Consortium. ESACS Project Website. Available from: www.esacs.org [Last accessed: 1
  36. (2010). Consortium. ISAAC Project Website. Available from: http://www.isaacfp6.org/ [Last accessed: 1
  37. (2007). Dependability Modeling with the Architecture Analysis & Design Language (AADL),
  38. (1999). Dependency Modelling using Fault Tree Analysis,
  39. (2008). Designing Embedded Systems Using Heterogeneous Rich Components,
  40. Designing Safe, Reliable Systems Using Scade, doi
  41. (2005). Developing AFDX Solutions. Application Note AC221,
  42. (2002). Deviation Analysis Through Model Checking, doi
  43. (2002). Documenting Software Architectures: Views and Beyond. doi
  44. (1992). Dynamic Fault-Tree Models for Fault-Tolerant Computer Systems. doi
  45. (2006). Eclipse Development Tools for Epsilon, in Eclipse Summit Europe, Eclipse Modelling Symposium.
  46. (2010). Eclipse Modelling Framework web pages. [Web Page]; Available from: http://www.eclipse.org/modeling/emf/ [Last accessed: 2
  47. (2010). Emfatic Article in Eclipse Wiki. Available from: http://wiki.eclipse.org/Emfatic [Last accessed: 2
  48. (1997). Engineering Design: A Systematic Approach. doi
  49. (2010). Epsilon Home Page. Available from: http://www.eclipse.org/gmt/epsilon/ [Last accessed: 2
  50. (2003). ESACS: an Integrated Methodology for Design and Safety Analysis of Complex Systems,
  51. European Aviation Safety Agency, Paragraph 1309: Equipment, Systems and Installations
  52. (1998). European Committee for Electrotechnical Standardization, Railway Applications - Safety Related Electronic Systems for Signalling (CENELEC ENV 50129).
  53. (1000). European Organisation for the Safety of Air Navigation (EUROCONTROL), Air Navigation System Safety Assessment Methodology doi
  54. (1995). Experience with the application of HAZOP to computer-based systems, doi
  55. (2007). Experiments in Model-Based Safety Analysis: Flight Controls, doi
  56. (2002). Failure Modes and Effects Analysis of Software-Based Automation Systems,
  57. (1999). Fault Tree Analysis - A History, doi
  58. (2007). Formal Assessment Techniques for Embedded Safety Critical Systems,
  59. (2003). Hierarchical Modelling and Verification of Timed Systems in Timed AltaRica,
  60. Hierarchically Performed Hazard Origin and Propagation Studies, doi
  61. (2001). High Level Failure Analysis for Integrated Modular Avionics,
  62. (1999). Identifying and Assessing Process Industry Hazards. (4th ed).
  63. Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform, doi
  64. (2004). Inc, Human-Usable Textual Notation (HUTN) Specification
  65. (2008). Incremental Safety Assessment: Theory and Practice,
  66. (1994). Information Technology - Open Systems Interconnection - Basic Reference Model: The Basic Model (ISO/IEC 7498-1). doi
  67. (2008). Integrating Safety Analyses and Component-Based Design, doi
  68. (2000). Integrating Safety Analysis Techniques, Supporting Identification of Common Cause Failures (PhD Thesis),
  69. (2008). Integration of Formal Fault Analysis
  70. (1999). Issues in the Conduct of PSSA,
  71. (2010). Laboratoire Bordelais de Recherche en Informatique. AltaRica Project Website. Available from: http://altarica.labri.fr/ [Last accessed: 1
  72. (2010). Lessons Learnt About System Safety Assessment Based on Scade Models (Presentation), in Model-based Safety Assessment (Journées MISSA).
  73. (1995). Limitations of Formal Methods and an Approach to Improvement, doi
  74. (1987). LUSTRE: A Declarative Language for Programming Synchronous Systems, doi
  75. (2002). MATrA: Meta-modelling Approach to Traceability for Avionics (PhD Thesis),
  76. (2002). Mode Automata and Their Compilation into Fault Trees. Reliability Engineering and System Safety, doi
  77. (2006). Model-Based Safety Analysis, doi
  78. (2001). Model-Based Synthesis of Fault Trees from MatlabSimulink Models, doi
  79. (2003). Model-Driven Development: A Metamodeling Foundation. doi
  80. (2006). Multi-Dimensional Model Based Engineering for Performance Critical Computer Systems Using AADL, doi
  81. (1992). New Directions in Software Safety: Causal Modelling as an Aid to Integration,
  82. (2008). Non-coherent Modelling in Compositional Fault Tree Analysis, doi
  83. (1983). Noncoherent Structure Theory: A Review of its Role in Fault Tree Analysis,
  84. NuSMV2: An OpenSource Tool for Symbolic Model Checking, doi
  85. (1974). On a 'Buzzword': Hierarchical Structure, doi
  86. (2006). On the Partial Translation of Lustre Programs into the AltaRica Language and Vice Versa,
  87. (2008). On the Use of Non-Coherent Fault Trees in Safety and Security Studies. Reliability Engineering and System Safety, doi
  88. (2001). Performing Failure Analysis for IMA as a Separate System,
  89. (1994). Power-Hierarchy of Dependability-Model Types. doi
  90. Probabilistic Failure Propagation and Transformation Analysis, doi
  91. Rational Statemate Webpage. Available from: http://www-
  92. (2006). Report on the Serious Incident to Airbus A319-111, Registration G-EZAC near Nantes,
  93. Requirements Specification for Process Control Systems. doi
  94. (2006). Retrenchment, and the Generation of Fault Trees for Static, Dynamic and Cyclic Systems, doi
  95. (2000). Retrenchment, Refinement and Simulation, doi
  96. Safety Analysis of Computer Resource Management Software
  97. Safety-Directed System Monitoring Using Safety Cases
  98. (1995). Safeware: System Safety and Computers. doi
  99. (2010). SCADE Design Verifier Webpage. Available from: http://www.esterel-technologies.com/products/scade-suite/design-verifier [Last accessed: 1
  100. (2010). SCADE Suite Webpage. Available from: http://www.estereltechnologies.com/products/scade-suite/ [Last accessed: 1
  101. (1996). Software Deviation Analysis (PhD Thesis),
  102. (1997). Software Deviation Analysis, doi
  103. (2007). Software Reliability Association, Guidelines for Safety Analysis of Vehicle Based Programmable Systems
  104. (2001). Software Safety: Why is there no Consensus?, doi
  105. (2008). SPEEDS Methodology – a White Paper,
  106. State-Event-Fault-Trees – A Safety Analysis Model for Software Controlled Systems, doi
  107. (1987). Statecharts: A Visual Formalism for Complex Systems. doi
  108. (1988). Statemate: a Working Environment for the Development of Complex Reactive Systems, doi
  109. (2010). System Safety Assessment Based on Formal Models: Lessons Learnt by Alenia Aeronautica (Presentation), in Model-based Safety Assessment (Journées MISSA).
  110. (2002). Temporal Fault Trees. doi
  111. (2006). The AltaRica Data-Flow Language in Use: Modelling of Production Availability of a Multi-State System. Reliability Engineering and System Safety, doi
  112. (2002). The AltaRica DataFlow Language: Syntax,
  113. (2000). The AltaRica Formalism for Describing Concurrent Systems. Fundamenta Informaticae,
  114. (1993). The Limits of Safety: Organizations, Accidents and Nuclear Weapons. doi
  115. (2003). The Pragmatics of Model-Driven Development. doi
  116. (1999). The Principled Design of Computer System Safety Analyses (D.Phil Thesis),
  117. The Use of Not Logic in Fault Tree Analysis. doi
  118. (2010). The Why-Because Analysis Homepage. Available from: http://www.rvs.unibielefeld.de/research/WBA/ [Last accessed: 2
  119. (2000). To Not or not to Not!, doi
  120. (2006). Towards a Practicable Process for Automated Safety Analysis,
  121. Towards a Unified Model-Based Safety Assessment, doi
  122. (2008). Towards Compositional Safety Analysis via Semantic Representation of Component Failure Behaviour,
  123. (2006). Towards Safety Analysis of Highly Integrated Technologically Heterogeneous Systems – A Domain-Based Approach for Modelling System Failure Logic,
  124. (2010). What are the Differences Between a Vocabulary, a Taxonomy, a Thesaurus, an Ontology, and a Meta-model? ; On-line Article. Available from: http://infogrid.org/wiki/Reference/PidcockArticle [Last accessed: 1
  125. (2003). White Paper on Approaches to Safety Engineering,
  126. (2009). Work Package 4 Development Description Report - Issue A,

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.