Using Data Consistency Assumptions to Show System Safety
Systems cannot usually be proved safe unless some failure assumptions are made. Here we prove that the water level in a generic boiler system is always within its safe range by assuming that device failures result in inconsistent readings. Key parts of our approach are a failure-reporting strategy that determines failures from consistency conditions, and a level-calculation strategy that gives a best estimate of boiler level in light of the reported failures. These strategies are generic and could be used in other safety-critical applications.
KeywordsConsistency Condition Safety Property Boiler System Recovery Block Data Fusion Model
Unable to display preview. Download preview PDF.
- T. Anderson and P.A. Lee, editors. Fault Tolerance: Principles and Practice. Prentice Hall, 1981.Google Scholar
- Flaviu Cristian. A rigorous approach to fault-tolerant programming. IEEE Transactions on Software Engineering, SE-11(1), January 1985.Google Scholar
- Specification for a software program for a boiler water content monitor and control system. Institute for Risk Research, 1992.Google Scholar
- Leslie Lamport. The temporal logic of actions. Technical Report 79, Digital Systems Research Center, 1991.Google Scholar
- B. Randall. System structure for software fault tolerance. IEEE Transactions on Software Engineering, SE1(2), 1975.Google Scholar