Retrenchment, and the Generation of Fault Trees for Static, Dynamic and Cyclic Systems

  • Richard Banach
  • Marco Bozzano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4166)


For large systems, the manual construction of fault trees is error-prone, encouraging automated techniques. In this paper we show how the retrenchment approach to formal system model evolution can be developed into a versatile structured approach for the mechanical construction of fault trees. The system structure and the structure of retrenchment concessions interact to generate fault trees with appropriately deep nesting. The same interactions fuel a structural approach to hierarchical fault trees, allowing a system and its faults to be viewed at multiple levels of abstraction. We show how this approach can be extended to deal with minimisation, thereby diminishing the post-hoc subsumption workload and potentially rendering some infeasible cases feasible. The techniques we describe readily generalise to encompass timing, allowing glitches and other transient errors to be properly described. Lastly, a mild generalisation to cope with cyclic system descriptions allows the timed theory to encompass systems with feedback.


Model Check Parallel Composition Fault Tree Binary Decision Diagram Fault Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tewari, A.: Modern Control Design With MATLAB and SIMULINK. Wiley, Chichester (2002)Google Scholar
  2. 2.
    Anand, A., Somani, A.K.: Hierarchical Analysis of Fault Trees with Dependencies, using Decomposition. In: Proc. Annual Reliability and Maintainability Symposium, pp. 69–75 (1998)Google Scholar
  3. 3.
    Banach, R.: Retrenchment and system properties (submitted)Google Scholar
  4. 4.
    Banach, R., Cross, R.: Safety requirements and fault trees using retrenchment. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 210–223. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Banach, R., Jeske, C.: Output retrenchments, defaults, stronger compositions, feature engineering (submitted)Google Scholar
  6. 6.
    Banach, R., Poppleton, M.: Engineering and theoretical underpinnings of retrenchment (submitted)Google Scholar
  7. 7.
    Banach, R., Poppleton, M.: Retrenchment: An engineering variation on refinement. In: Bert, D. (ed.) B 1998. LNCS, vol. 1393, pp. 129–147. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Banach, R., Poppleton, M.: Retrenchment and punctured simulation. In: Araki, Gallway, Taguchi (eds.) Proc. IFM 1999, pp. 457–476. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Banach, R., Poppleton, M.: Sharp retrenchment, modulated refinement and punctured simulation. Form. Asp. Comp. 11, 498–540 (1999)MATHCrossRefGoogle Scholar
  10. 10.
    Banach, R., Poppleton, M.: Retrenching partial requirements into system definitions: A simple feature interaction case study. Requirements Engineering Journal 8, 266–288 (2003)CrossRefGoogle Scholar
  11. 11.
    Bozzano, M., Bruttomesso, R., Cimatti, A., Junttila, T., van Rossum, P., Schulz, S., Sebastiani, R.: Mathsat: Tight Integration of SAT and Mathematical Decision Procedures. Journal of Automated Reasoning, Special Issue on SAT (to appear, 2006)Google Scholar
  12. 12.
    Bozzano, M., Cavallo, A., Cifaldi, M., Valacca, L., Villafiorita, A.: Improving safety assessment of complex systems: An industrial case study. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 208–222. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Bozzano, M., Villafiorita, A.: Improving system reliability via model checking: The FSAP/NuSMV-SA safety analysis platform. In: Anderson, S., Felici, M., Littlewood, B. (eds.) SAFECOMP 2003. LNCS, vol. 2788, pp. 49–62. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Bozzano, M., Villafiorita, A.: Integrating fault tree analysis with event ordering information. In: Proc. ESREL 2003, pp. 247–254 (2003)Google Scholar
  15. 15.
    Bozzano, M., Villafiorita, A., et al.: ESACS: An integrated methodology for design and safety analysis of complex systems. In: Proc. ESREL 2003, pp. 237–245 (2003)Google Scholar
  16. 16.
    Bryant, R.E.: Symbolic Boolean Manipulation with Ordered Binary Decision Diagrams. ACM Computing Surveys 24(3), 293–318 (1992)CrossRefGoogle Scholar
  17. 17.
    Coudert, O., Madre, J.C.: Implicit and Incremental Computation of Primes and Essential Primes of Boolean Functions. In: Proc. Design Automation Conference (DAC 1992), pp. 36–39. IEEE Computer Society Press, Los Alamitos (1992)Google Scholar
  18. 18.
    Coudert, O., Madre, J.C.: Fault Tree Analysis: 1020 Prime Implicants and Beyond. In: Proc. Annual Reliability and Maintainability Symposium (RAMS 1993) (1993)Google Scholar
  19. 19.
    Dutuit, Y., Rauzy, A.: A Linear-time algorithm to find modules in fault trees. IEEE Transactions on Reliability 45(3), 422–425 (1996)CrossRefGoogle Scholar
  20. 20.
    The FSAP/NuSMV-SA platform,
  21. 21.
    Nuruzzaman, M.: Modeling And Simulation In SIMULINK For Engineers And Scientists. Authorhouse (2005)Google Scholar
  22. 22.
    Manian, R., Dugan, J.B., Coppit, D., Sullivan, K.J.: Combining Various Solution Techniques for Dynamic Fault Tree Analysis of Computer Systems. In: Proc. High-Assurance Systems Engineering Symposium (HASE 1998), pp. 21–28. IEEE, Los Alamitos (1998)Google Scholar
  23. 23.
  24. 24.
    Papadopoulos, Y.: Safety-directed system monitoring using safety cases. Ph.D thesis, Department of Computer Science, University of York, Tech. Rep. YCST-2000-08 (2000)Google Scholar
  25. 25.
    Papadopoulos, Y., Maruhn, M.: Model-Based Synthesis of Fault Trees from Matlab-Simulink Models. In: Proc. Conference on Dependable Systems and Networks (DSN 2001), pp. 77–82 (2001)Google Scholar
  26. 26.
    Papadopoulos, Y., McDermid, J., Sasse, R., Heiner, G.: Analysis and Synthesis of the behaviour of complex programmable electronic systems in conditions of failure. Reliability Engineering and System Safety 71(3), 229–247 (2001)CrossRefGoogle Scholar
  27. 27.
    Rauzy, A.: New Algorithms for Fault Trees Analysis. Reliability Engineering and System Safety 40(3), 203–211 (1993)CrossRefGoogle Scholar
  28. 28.
    Rauzy, A., Dutuit, Y.: Exact and Truncated Computations of Prime Implicants of Coherent and Non-Coherent Fault Trees within Aralia. Reliability Engineering and System Safety 58(2), 127–144 (1997)CrossRefGoogle Scholar
  29. 29.
    Sullivan, K.J., Dugan, J.B., Coppit, D.: The Galileo Fault Tree Analysis Tool. In: Proc. Symposium on Fault-Tolerant Computing (FTCS 1999), pp. 232–235. IEEE, Los Alamitos (1999)Google Scholar
  30. 30.
    Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault tree handbook. Technical Report NUREG-0492, Systems and Reliability Research Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission (1981)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Richard Banach
    • 1
  • Marco Bozzano
    • 2
  1. 1.School of Computer ScienceUniversity of ManchesterManchesterUK
  2. 2.ITC-IRSTPovo, TrentoItaly

Personalised recommendations