Skip to main content
SpringerLink
Log in
Book cover

ModelEd, TestEd, TrustEd pp 368–389Cite as

Boosting Fault Tree Analysis by Formal Methods

  • Chapter
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10500))

Abstract

Fault trees are a key technique in safety and reliability engineering. Their application includes aerospace, nuclear power, car, and process engineering industries. Various fault tree extensions exist that increase expressiveness while yielding succinct models. Their analysis is a main bottleneck: techniques do not scale and require manual effort. Formal methods have an enormous potential to solve these issues. We discuss a mixture of formal method techniques resulting in a fully automated and scalable approach to analyze Dugan’s dynamic fault trees.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    BDDs are succinct representations for switching functions. In 1990, their use in formal methods, in particular formal verification, has been introduced [11].

  2. 2.

    As failure probabilities are continuous probability distributions, the probability that two or more leaves fail simultaneously is zero.

  3. 3.

    It is fair to say, that some of these effects are also due to a different implementation of the state-space generation process; the compositional approach as realised in the tool DFTCalc [2] is based on the CADP tool-box [19], whereas the monolithic approach is implemented [52] on top of the storm model checker [15].

  4. 4.

    Up to some numerical or simulative evidence.

  5. 5.

    It can be automatically checked whether a DFT satisfies this assumption by encoding it in difference logic, a fragment of linear integer arithmetic, and check this encoding using SMT solvers; for further details see [53].

References

  1. Ammar, M., Hamad, G.B., Mohamed, O.A., Savaria, Y.: Efficient probabilistic fault tree analysis of safety critical systems via probabilistic model checking. In: Proceedins of FDL. IEEE (2016)

    Google Scholar 

  2. Arnold, F., Belinfante, A., Van der Berg, F., Guck, D., Stoelinga, M.: DFTCalc: a tool for efficient fault tree analysis. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 293–301. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40793-2_27

    Chapter  Google Scholar 

  3. Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291–299. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_25

    Chapter  Google Scholar 

  4. Baier, C., Katoen, J.-P.: Principles of Model Checking. MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  5. Boudali, H., Crouzen, P., Stoelinga, M.: A compositional semantics for dynamic fault trees in terms of interactive Markov chains. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 441–456. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75596-8_31

    Chapter  Google Scholar 

  6. Boudali, H., Crouzen, P., Stoelinga, M.I.A.: Dynamic fault tree analysis using input/output interactive Markov chains. In Proceedings of DSN, pp. 708–717 (2007)

    Google Scholar 

  7. Boudali, H., Crouzen, P., Stoelinga, M.I.A.: A rigorous, compositional, and extensible framework for dynamic fault tree analysis. IEEE Trans. Dependable Secure Comput. 7(2), 128–143 (2010)

    Article  Google Scholar 

  8. Bozzano, M., Cimatti, A., Katoen, J.-P., Nguyen, V.Y., Noll, T., Roveri, M.: Safety, dependability and performance analysis of extended AADL models. Comput. J. 54, 754–775 (2011)

    Article  Google Scholar 

  9. Bozzano, M., Cimatti, A., Tapparo, F.: Symbolic fault tree analysis for reactive systems. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 162–176. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75596-8_13

    Chapter  Google Scholar 

  10. Budde, C.E., D’Argenio, P.R., Hermanns, H.: Rare event simulation with fully automated importance splitting. In: Beltrán, M., Knottenbelt, W., Bradley, J. (eds.) EPEW 2015. LNCS, vol. 9272, pp. 275–290. Springer, Cham (2015). doi:10.1007/978-3-319-23267-6_18

    Chapter  Google Scholar 

  11. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: \(10^{20}\) states and beyond. In: Proceedings of LICS, pp. 428–439. IEEE Computer Society (1990)

    Google Scholar 

  12. Clarke, E.M., Emerson, E.A., Jha, S., Sistla, A.P.: Symmetry reductions in model checking. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 147–158. Springer, Heidelberg (1998). doi:10.1007/BFb0028741

    Chapter  Google Scholar 

  13. Crouzen, P., Lang, F.: Smart reduction. In: Giannakopoulou, D., Orejas, F. (eds.) FASE 2011. LNCS, vol. 6603, pp. 111–126. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19811-3_9

    Chapter  Google Scholar 

  14. D’Argenio, P.R., Hartmanns, A., Legay, A., Sedwards, S.: Statistical approximation of optimal schedulers for probabilistic timed automata. In: Ábrahám, E., Huisman, M. (eds.) IFM 2016. LNCS, vol. 9681, pp. 99–114. Springer, Cham (2016). doi:10.1007/978-3-319-33693-0_7

    Chapter  Google Scholar 

  15. Dehnert, C., Junges, S., Katoen, J.P., Volk, M.: A Storm is coming: a modern probabilistic model checker. In: Majumdar, R., Kunĉak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 592–600. Springer, Cham (2017). doi:10.1007/978-3-319-63390-9_31

    Chapter  Google Scholar 

  16. Dugan, J.B., Bavuso, S.J., Boyd, M.A.: Dynamic fault-tree models for fault-tolerant computer systems. IEEE Trans. Reliab. 41(3), 363–377 (1992)

    Article  MATH  Google Scholar 

  17. Eisentraut, C., Hermanns, H., Zhang, L.: On probabilistic automata in continuous time. In: Proceedings of LICS, pp. 342–351. IEEE CS (2010)

    Google Scholar 

  18. Esteve, M.-A., Katoen, J.-P., Nguyen, V.Y., Postma, B., Yushtein, Y.: Formal correctness, safety, dependability, and performance analysis of a satellite. In: Proceedings of ICSE, pp. 1022–1031. IEEE Computer Society (2012)

    Google Scholar 

  19. Garavel, H., Lang, F., Mateescu, R., Serwe, W.: CADP 2011: a toolbox for the construction and analysis of distributed processes. Int. J. Softw. Tools Technol. Transfer 15(2), 89–107 (2013)

    Article  MATH  Google Scholar 

  20. Ge, D., Lin, M., Yang, Y., Zhang, R., Chou, Q.: Quantitative analysis of dynamic fault trees using improved sequential binary decision diagrams. Reliab. Eng. Syst. Safe 142, 289–299 (2015)

    Article  Google Scholar 

  21. Ghadhab, M., Junges, S., Katoen, J.P., Kuntz, M., Volk, M.: Model-based safety analysis for vehicle guidance systems. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 3–19. Springer, Cham (2017). doi:10.1007/978-3-319-66266-4_1

    Chapter  Google Scholar 

  22. Ghamarian, A.H., de Mol, M., Rensink, A., Zambon, E., Zimakova, M.: Modelling and analysis using GROOVE. STTT 14(1), 15–40 (2012)

    Article  Google Scholar 

  23. Guck, D., Hatefi, H., Hermanns, H., Katoen, J.-P., Timmer, M.: Analysis of timed and long-run objectives for Markov automata. LMCS, 10(3) (2014)

    Google Scholar 

  24. Guck, D., Katoen, J.-P., Stoelinga, M.I.A., Luiten, T., Romijn, J.: Smart railroad maintenance engineering with stochastic model checking. In: Proceedings of RAILWAYS. Civil-Comp Proceedings, vol. 104, pp. 299–314. Civil-Comp Press (2014)

    Google Scholar 

  25. Guck, D., Spel, J., Stoelinga, M.: DFTCalc: reliability centered maintenance via fault tree analysis (tool paper). In: Butler, M., Conchon, S., Zaïdi, F. (eds.) ICFEM 2015. LNCS, vol. 9407, pp. 304–311. Springer, Cham (2015). doi:10.1007/978-3-319-25423-4_19

    Chapter  Google Scholar 

  26. Gulati, R., Dugan, J.B.: A modular approach for analyzing static and dynamic fault trees. In: Proceedings of RAMS, pp. 57–63 (1997)

    Google Scholar 

  27. Heidelberger, P.: Fast simulation of rare events in queueing and reliability models. ACM Trans. Model. Comput. Simul. 5(1), 43–85 (1995)

    Article  MATH  Google Scholar 

  28. Hermanns, H.: Interactive Markov Chains: The Quest for Quantied Quality. LNCS, vol. 2428. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  29. Hermanns, H., Katoen, J.-P.: The how and why of interactive Markov chains. In: de Boer, F.S., Bonsangue, M.M., Hallerstede, S., Leuschel, M. (eds.) FMCO 2009. LNCS, vol. 6286, pp. 311–337. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17071-3_16

    Chapter  Google Scholar 

  30. Junges, S., Guck, D., Katoen, J.-P., Rensink, A., Stoelinga, M.: Fault trees on a diet: automated reduction by graph rewriting. Formal Asp. Comput. 29(4), 651–703 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  31. Junges, S., Guck, D., Katoen, J.-P., Stoelinga, M.I.A.: Uncovering dynamic fault trees. In: Proceedings of DSN, pp. 299–310. IEEE CS (2016)

    Google Scholar 

  32. Kabir, S.: An overview of fault tree analysis and its application in model based dependability analysis. Expert Syst. Appl. 77, 114–135 (2017)

    Article  Google Scholar 

  33. Kahn, H., Harris, T.E.: Estimation of particle transmission by random sampling. In: Monte Carlo Method; Proceedings of the Symposium National Bureau of Standards Applied Mathematics Series, 29, 30 June and 1 July 1949, vol. 12, pp. 27–30 (1951)

    Google Scholar 

  34. Katoen, J.-P.: The probabilistic model checking landscape. In: Proceedings of LICS, pp. 31–45. ACM (2016)

    Google Scholar 

  35. Katoen, J.-P., Zapreev, I.S., Hahn, E.M., Hermanns, H., Jansen, D.N.: The ins and outs of the probabilistic model checker MRMC. Perform. Eval. 68(2), 90–104 (2011)

    Article  Google Scholar 

  36. Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: Proceedings of HASE, pp. 25–32. IEEE (2017)

    Google Scholar 

  37. Kwiatkowska, M.Z.: Model checking for probability and time: from theory to practice. In: Proceedings of LICS, pp. 351–360. IEEE Computer Society (2003)

    Google Scholar 

  38. Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22110-1_47

    Chapter  Google Scholar 

  39. Larsen, K.G., Legay, A.: On the power of statistical model checking. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9953, pp. 843–862. Springer, Cham (2016). doi:10.1007/978-3-319-47169-3_62

    Chapter  Google Scholar 

  40. Montani, S., Portinale, L., Bobbio, A., Codetta-Raiteri, D.: Automatically translating dynamic fault trees into dynamic Bayesian networks by means of a software tool. In: Proceedings of ARES, pp. 804–809 (2006)

    Google Scholar 

  41. Morio, J., Pastel, R., Le Gland, F.: An overview of importance splitting for rare event simulation. Eur. J. Phys. 31(5), 1295–1303 (2010)

    Article  Google Scholar 

  42. Musk, E.: (2015). https://twitter.com/elonmusk/status/615185689999765504

  43. Durga Rao, K., Gopika, V., Sanyasi Rao, V.V.S., Kushwaha, H.S., Verma, A.K., Srividya, A.: Dynamic fault tree analysis using Monte Carlo simulation in probabilistic safety assessment. Reliab. Eng. Syst. Safe 94(4), 872–883 (2009)

    Article  Google Scholar 

  44. Ruijters, E., Guck, D., Drolenga, P., Peters, M., Stoelinga, M.: Maintenance analysis and optimization via statistical model checking. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 331–347. Springer, Cham (2016). doi:10.1007/978-3-319-43425-4_22

    Chapter  Google Scholar 

  45. Ruijters, E., Guck, D., Drolenga, P., Stoelinga, M.: Fault maintenance trees: reliability centered maintenance via statistical model checking. In: Proceedings of RAMS. IEEE (2016)

    Google Scholar 

  46. Ruijters, E., Guck, D., van Noort, M., Stoelinga, M.: Reliability-centered maintenance of the electrically insulated railway joint via fault tree analysis: a practical experience report. In: Proceedings of DSN, pp. 662–669. IEEE (2016)

    Google Scholar 

  47. Ruijters, E., Reijsbergen, D., de Boer, P.T., Stoelinga, M.: Rare event simulation for dynamic fault trees. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 20–35. Springer, Cham (2017). doi:10.1007/978-3-319-66266-4_2

    Chapter  Google Scholar 

  48. Ruijters, E., Stoelinga, M.: Better railway engineering through statistical model checking. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 151–165. Springer, Cham (2016). doi:10.1007/978-3-319-47166-2_10

    Chapter  Google Scholar 

  49. Ruijters, E., Stoelinga, M.I.A.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15–16, 29–62 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  50. Sullivan, K.J., Dugan, J.B., Coppit, D.: The Galileo fault tree analysis tool. In: Proceedings of FTCS, pp. 232–235 (1999)

    Google Scholar 

  51. Timmer, M., Katoen, J.-P., van de Pol, J., Stoelinga, M.: Confluence reduction for Markov automata. Theoret. Comput. Sci. 655, 193–219 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  52. Volk, M., Junges, S., Katoen, J.-P.: Advancing dynamic fault tree analysis - get succinct state spaces fast and synthesise failure rates. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 253–265. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_20

    Chapter  Google Scholar 

  53. Volk, M., Junges, S., Katoen, J.-P.: Fast dynamic fault tree analysis by model checking techniques. IEEE Trans. Ind. Inform. (2017 to appear). doi:10.1109/TII.2017.2710316

  54. Yuge, T., Yanagi, S.: Quantitative analysis of a fault tree with priority AND gates. Reliab. Eng. Syst. Safe 93(11), 1577–1583 (2008)

    Article  Google Scholar 

Download references

Acknowledgement

We thank the anonymous reviewers for their valuable feedback. A big thanks goes to our co-workers on fault trees in academia: Hichem Boudali, Pepijn Crouzen, Dennis Guck, Sebastian Junges, Viet Yen Nguyen, Bart Postma, Enno Ruijters, and Matthias Volk, and to our industrial partners: Peter Drolenga (NS/NedTrain), Jaap van Ekris (Delta Pi), Bob Huisman (NS), Madji Ghadhab (BMW), Gea Kolk (Movares), Matthias Kuntz (BMW), Martijn van Noort (ProRail), Margot Peters (NS/NedTrain), Wietske Postma (Nuclear Research Group), Judi Romijn (Movares), and Yuri Yushstein (ESA).

We thank Ed Brinksma for his guidance and inspiration over the many years. This survey paper is a birthday salute to him. His belief in formal methods, especially the elegance of compositionality and his strong view on narrowing the gap between formal methods and industrial practice have influenced our work to an enormous extent. About 25 years ago, Ed was one of the creative minds to aim at developing a framework for the integrated modelling and analysis of functional and performance aspects of reactive systems. This survey gives a short account about what one can achieve along these lines in a by tradition completely different research field—reliability analysis. Last but not least, we thank Ed for his eloquence, his view on culture, art, books, and good food. And, as a Rector Magnificus of the University of Twente, his role in establishing a branch of Starbucks on campus, almost next to our offices.

Author information

Authors and Affiliations

  1. RWTH Aachen University, Aachen, Germany

    Joost-Pieter Katoen

  2. University of Twente, Enschede, The Netherlands

    Joost-Pieter Katoen & Mariëlle Stoelinga

Authors
  1. Joost-Pieter Katoen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mariëlle Stoelinga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joost-Pieter Katoen .

Editor information

Editors and Affiliations

  1. RWTH Aachen University, Aachen, Germany

    Joost-Pieter Katoen

  2. University of Twente, Enschede, The Netherlands

    Rom Langerak

  3. University of Twente, Enschede, The Netherlands

    Arend Rensink

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Katoen, JP., Stoelinga, M. (2017). Boosting Fault Tree Analysis by Formal Methods. In: Katoen, JP., Langerak, R., Rensink, A. (eds) ModelEd, TestEd, TrustEd. Lecture Notes in Computer Science(), vol 10500. Springer, Cham. https://doi.org/10.1007/978-3-319-68270-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68270-9_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68269-3

  • Online ISBN: 978-3-319-68270-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation