Model-based fault injection for safety analysis

Method for automatic injection of faults into a formal model

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

In model-based fault injection, user-specified faults may be (automatically) injected into the nominal model (i.e., without faults) of the system of interest (see Figure 3.2). In this approach, the user can specify the faults to be injected manually, or by picking them from a predefined library. For instance, the xSAP tool [MBI1] provides libraries to specify the most common failure patterns (e.g., stuck-at faults, non-deterministic faults, ramp-down, etc.), to specify their dynamics (e.g., permanent faults, sporadic faults, etc.) and to instantiate them using specific parameters. The resulting model after fault injection is called extended model and can be analysed using safety assessment techniques to produce artefacts such as FTs and FMEA tables. In xSAP, both the nominal and the extended model are written in the SMV language, and the extended model is generated automatically using the given fault specifications. Similar techniques can be used to analyse the effectiveness of fault detection, isolation, and recovery procedures. Faults to be injected may include different classes of faults (HW/SW/functional) at different levels of abstraction.

Method Strengths A listof the strengths of the method

Automated fault injection enables fault specification using a library and the automatic generation of the extended model, thus preventing modelling errors due to manual activities.
Improvement of the communication between the system engineer and safety experts, by facilitating understanding of the logic and the eventual failures of the system.
Achievement of a systematic and comprehensive safety assessment that allows to early identify the greatest number of possible critical problems related to the impact of failures on the functionality of the system.
The method facilitates the safety assessment analysis (e.g., FTA, FMEA) on different variants of a given model, obtained by enabling only a specific subset of possible faults, thus supporting incremental verification and trade-off analyses.

Method Limitations The limitations of the method

Tool support usability can be improved, e.g., editing and customization of fault libraries.
The automated analysis, in presence of a high number of faults, may be subject to the state-explosion problem, impacting the effectiveness of verification.

Method References Bibliography references to papers about the method.

[MBI1] B. Bittner, M. Bozzano, R. Cavada, A. Cimatti, M. Gario, A. Griggio, C. Mattarei, A. Micheli and G. Zampedri. The xSAP Safety Analysis Platform. In Proceedings of TACAS 2016. Eindhoven, The Netherlands, April 2-8, 2016.
[MBI2] M.Bozzano, A.Cimatti, J.-P.Katoen, V. Y.Nguyen, T.Noll and M.Roveri. Safety, Dependability, and Performance Analysis of Extended AADL Models. The Computer Journal, 54(5):754-775, 2011.
[MBI3] M. Bozzano, A. Cimatti, J.-P. Katoen, P. Katsaros, K. Mokos, V.Y. Nguyen, T. Noll, B. Postma and M. Roveri. Spacecraft Early Design Validation using Formal Methods. Reliability Engineering & System Safety 132:20-35. December 2014.

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.