Implicit and incremental computation of primes and essential primes of Boolean functions
DAC '92 Proceedings of the 29th ACM/IEEE Design Automation Conference
Symbolic Boolean manipulation with ordered binary-decision diagrams
ACM Computing Surveys (CSUR)
Combining Various Solution Techniques for Dynamic Fault Tree Analysis of Computer Systems
HASE '98 The 3rd IEEE International Symposium on High-Assurance Systems Engineering
Retrenchment: An Engineering Variation on Refinement
B '98 Proceedings of the Second International B Conference on Recent Advances in the Development and Use of the B Method
Model-Based Synthesis of Fault Trees from Matlab-Simulink Models
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Retrenchment and Punctured Simulation
IFM '99 Proceedings of the 1st International Conference on Integrated Formal Methods
The Galileo Fault Tree Analysis Tool
FTCS '99 Proceedings of the Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing
MathSAT: Tight Integration of SAT and Mathematical Decision Procedures
Journal of Automated Reasoning
Engineering and theoretical underpinnings of retrenchment
Science of Computer Programming
A Symbolic Model Checking Framework for Safety Analysis, Diagnosis, and Synthesis
Model Checking and Artificial Intelligence
Symbolic fault tree analysis for reactive systems
ATVA'07 Proceedings of the 5th international conference on Automated technology for verification and analysis
| Hi-index | 0.00 |
For large systems, the manual construction of fault trees is error-prone, encouraging automated techniques. In this paper we show how the retrenchment approach to formal system model evolution can be developed into a versatile structured approach for the mechanical construction of fault trees. The system structure and the structure of retrenchment concessions interact to generate fault trees with appropriately deep nesting. The same interactions fuel a structural approach to hierarchical fault trees, allowing a system and its faults to be viewed at multiple levels of abstraction. We show how this approach can be extended to deal with minimisation, thereby diminishing the post-hoc subsumption workload and potentially rendering some infeasible cases feasible. The techniques we describe readily generalise to encompass timing, allowing glitches and other transient errors to be properly described. Lastly, a mild generalisation to cope with cyclic system descriptions allows the timed theory to encompass systems with feedback.