Efficient Anytime Techniques for Model-Based Safety Analysis

  • Marco Bozzano
  • Alessandro Cimatti
  • Alberto Griggio
  • Cristian MattareiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9206)


Safety analysis investigates system behavior under faulty conditions. It is a fundamental step in the design of complex systems, that is often mandated by certification procedures. Safety analysis includes two key steps: the construction of all minimal cut sets (MCSs) for a given property (i.e. the sets of basic faults that may cause a failure), and the computation of the corresponding probability (given probabilities for the basic faults).

Model-based Safety Analysis relies on formal verification to carry out these tasks. However, the available techniques suffer from scalability problems, and are unable to provide useful results if the computation does not complete.

In this paper, we investigate and evaluate a family of IC3-based algorithms for MCSs computation. We work under the monotonicity assumption of safety analysis (i.e. an additional fault can not prevent the violation of the property). We specialize IC3-based routines for parameter synthesis by optimizing the counterexample generalization, by ordering the exploration of MCSs based on increasing cardinality, and by exploiting the inductive invariants built by IC3 to accelerate convergence.

Other enhancements yield an “anytime” algorithm, able to produce an increasingly precise probability estimate as the discovery of MCSs proceeds, even when the computation does not terminate.

A thorough experimental evaluation clearly demonstrates the substantial advances resulting from the proposed methods.


Formal methods Safety analysis Fault tree IC3 Parameter synthesis 


  1. 1.
    Leveson, N.G.: Safeware: System Safety and Computers. Addison-Wesley, Boston (1995)Google Scholar
  2. 2.
    Storey, N.: Safety Critical Computer Systems. Addison-Wesley, Boston (1996)Google Scholar
  3. 3.
    Bozzano, M., Villafiorita, A.: Design and Safety Assessment of Critical Systems, an Auerbach Book. CRC Press (Taylor and Francis), Boca Raton (2010)CrossRefGoogle Scholar
  4. 4.
    Bozzano, M., Villafiorita, A., et al.: ESACS: an integrated methodology for design and safety analysis of complex systems. In: Proceedings of ESREL 2003, pp. 237–245 (2003)Google Scholar
  5. 5.
    Bieber, P., Bougnol, C., Castel, C., Christophe Kehren, J.P., Metge, S., Seguin, C.: Safety assessment with AltaRica. In: Jacquart, R. (ed.) Building the Information Society. IFIP International Federation for Information Processing, vol. 156, pp. 505–510. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Bozzano, M., Cavallo, A., Cifaldi, M., Valacca, L., Villafiorita, A.: Improving safety assessment of complex systems: an industrial case study. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 208–222. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  7. 7.
    Joshi, A., Miller, S., Whalen, M., Heimdahl, M.: A proposal for model-based safety analysis. In: Proceedings of DASC. IEEE Computer Society (2005)Google Scholar
  8. 8.
    Bozzano, M., Cimatti, A., Tapparo, F.: Symbolic Fault Tree Analysis for Reactive Systems. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 162–176. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  9. 9.
    Bozzano, M., Cimatti, A., Katoen, J.P., Nguyen, V., Noll, T., Roveri, M.: Safety, dependability and performance analysis of extended AADL models. Comput. J. 54(5), 754–775 (2011)CrossRefGoogle Scholar
  10. 10.
    Bozzano, M., Cimatti, A., Katoen, J.-P., Nguyen, V.Y., Noll, T., Roveri, M.: The COMPASS approach: correctness, modelling and performability of aerospace systems. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 173–186. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    xSAP: The xSAP safety analysis platform.
  12. 12.
    Bittner, B., Bozzano, M., Cavada, R., Cimatti, A., Gario, M., Griggio, A., Mattarei, C., Micheli, A., Zampedri, G.: The xSAP safety analysis platform. In: 1504.07513
  13. 13.
    Cavada, R., Cimatti, A., Dorigatti, M., Griggio, A., Mariotti, A., Micheli, A., Mover, S., Roveri, M., Tonetta, S.: The nuXmv symbolic model checker. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 334–342. Springer, Heidelberg (2014) Google Scholar
  14. 14.
    Morel, M.: Model-based safety approach for early validation of integrated and modular avionics architectures. In: Ortmeier, F., Rauzy, A. (eds.) IMBSA 2014. LNCS, vol. 8822, pp. 57–69. Springer, Heidelberg (2014) Google Scholar
  15. 15.
    Batteux, M., Prosvirnova, T., Rauzy, A., Kloul, L.: The altarica 3.0 project for model-based safety assessment. In: 11th IEEE International Conference on Industrial Informatics, INDIN 2013, Bochum, Germany, 29–31 July 2013, pp. 741–746. IEEE (2013)Google Scholar
  16. 16.
    Bozzano, M., Villafiorita, A.: Integrating fault tree analysis with event ordering information. In: Proceedings of ESREL 2003, pp. 247–254 (2003)Google Scholar
  17. 17.
    Majdara, A., Wakabayashi, T.: Component-based modeling of systems for automated fault tree generation. Reliab. Eng. Syst. Saf. 94(6), 1076–1086 (2009)CrossRefGoogle Scholar
  18. 18.
    Abdulla, P.A., Deneux, J., Stålmarck, G., Ågren, H., Åkerlund, O.: Designing safe, reliable systems using scade. In: Margaria, T., Steffen, B. (eds.) ISoLA 2004. LNCS, vol. 4313, pp. 115–129. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  19. 19.
    Bozzano, M., Cimatti, A., Lisagor, O., Mattarei, C., Mover, S., Roveri, M., Tonetta, S.: Safety assessment of AltaRica models via symbolic model checking. Sci. Comput. Program. 98(4), 464–483 (2015)CrossRefGoogle Scholar
  20. 20.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  21. 21.
    Böde, E., Peikenkamp, T., Rakow, J., Wischmeyer, S.: Model based importance analysis for minimal cut sets. In: Cha, S.S., Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 303–317. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  22. 22.
    Cimatti, A., Griggio, A., Mover, S., Tonetta, S.: Parameter synthesis with IC3. In: Proceedings of FMCAD, pp. 165–168. IEEE (2013)Google Scholar
  23. 23.
    SAE: ARP4761 Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, December 1996Google Scholar
  24. 24.
    Vesely, W., Stamatelatos, M., Dugan, J., Fragola, J., Minarick III, J., Railsback, J.:Fault Tree Handbook with Aerospace Applications. NASA Headquarters,Washington DC (2002)Google Scholar
  25. 25.
    Bozzano, M., Cimatti, A., Mattarei, C., Tonetta, S.: Formal safety assessment via contract-based design. In: Cassez, F., Raskin, J.-F. (eds.) ATVA 2014. LNCS, vol. 8837, pp. 81–97. Springer, Heidelberg (2014) Google Scholar
  26. 26.
    Coudert, O., Madre, J.: Fault tree analysis: \(10^{20}\) prime implicants and beyond. In: Proceedings of RAMS (1993)Google Scholar
  27. 27.
    MISSA: The MISSA Project. Accessed 28 Jan 2015
  28. 28.
    Bozzano, M., Villafiorita, A.: The FSAP/NuSMV-SA safety analysis platform. STTT 9(1), 5–24 (2007)CrossRefGoogle Scholar
  29. 29.
    Biere, A., Heljanko, K., Wieringa, S.: AIGER (2011).
  30. 30.
    SAE: AIR 6110. Contiguous Aircraft/ System Development Process Example, December 2011Google Scholar
  31. 31.
    Bozzano, M., Cimatti, A., Pires, A.F., Jones, D., Kimberly, G., Petri, T., Robinson, R., Tonetta, S.: A formal account of the AIR6110 wheel brake system. In: Proceedings of CAV, LNCS 9206 (2015)Google Scholar
  32. 32.
    Abío, I., Nieuwenhuis, R., Oliveras, A., Rodríguez-Carbonell, E.: A parametric approach for smaller and better encodings of cardinality constraints. In: Proceedings of CP (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Marco Bozzano
    • 1
  • Alessandro Cimatti
    • 1
  • Alberto Griggio
    • 1
  • Cristian Mattarei
    • 1
    Email author
  1. 1.Fondazione Bruno KesslerTrentoItaly

Personalised recommendations