scholarly journals Efficient SMT-Based Analysis of Failure Propagation

2021 ◽  
pp. 209-230
Author(s):  
Marco Bozzano ◽  
Alessandro Cimatti ◽  
Anthony Fernandes Pires ◽  
Alberto Griggio ◽  
Martin Jonáš ◽  
...  
Keyword(s):  
Safety Assessment ◽  
Hazard Analysis ◽  
Aircraft Design ◽  
Modern Approach ◽  
Safety Requirements ◽  
Failure Propagation ◽  
Important Challenge ◽  
Failure Conditions ◽  
Model Failure

AbstractThe process of developing civil aircraft and their related systems includes multiple phases of Preliminary Safety Assessment (PSA). An objective of PSA is to link the classification of failure conditions and effects (produced in the functional hazard analysis phases) to appropriate safety requirements for elements in the aircraft architecture. A complete and correct preliminary safety assessment phase avoids potentially costly revisions to the design late in the design process. Hence, automated ways to support PSA are an important challenge in modern aircraft design. A modern approach to conducting PSAs is via the use of abstract propagation models, that are basically hyper-graphs where arcs model the dependency among components, e.g. how the degradation of one component may lead to the degraded or failed operation of another. Such models are used for computing failure propagations: the fault of a component may have multiple ramifications within the system, causing the malfunction of several interconnected components. A central aspect of this problem is that of identifying the minimal fault combinations, also referred to as minimal cut sets, that cause overall failures.In this paper we propose an expressive framework to model failure propagation, catering for multiple levels of degradation as well as cyclic and nondeterministic dependencies. We define a formal sequential semantics, and present an efficient SMT-based method for the analysis of failure propagation, able to enumerate cut sets that are minimal with respect to the order between levels of degradation. In contrast with the state of the art, the proposed approach is provably more expressive, and dramatically outperforms other systems when a comparison is possible.

Predicting the certification basis for airliner air-to-air refuelling

2015 ◽  
Vol 119 (1220) ◽  
pp. 1175-1192 ◽  
Author(s):  
R. J. Spencer
Keyword(s):  
Structural Integrity ◽  
Hazard Analysis ◽  
Aircraft Design ◽  
System Level ◽  
Handling Qualities ◽  
Close Proximity ◽  
Testing Techniques ◽  
Economic Necessity ◽  
Failure Conditions ◽  
Certification Requirements

Abstract The premise is that in the future civil Air-to-Air Refuelling (AAR) will become an economic necessity if popular mass air travel is to continue. What is attempted is to provide a contemporary view of how such future operations could be safely undertaken. The intention is to predict the certification basis for demonstrating safe AAR operation of Cruiser-Feeder concepts. The necessary systems and aircraft functions are treated very much as they are today when civil certifying a large aeroplane type. The compliance demonstration required for environmental conditions, flight envelope, systems providing the necessary functionality, structural integrity, weight and balance are discussed. Applicable existing civil certification requirements are identified and where necessary expanded in scope to accommodate AAR operation. Where contemporary material does not supply appropriate guidance then corresponding safety criteria are proposed to address the deficiency. Lessons learnt from military AAR include the drive for interoperability. This has resulted in extensive efforts to standardise equipment and systems, which are equally applicable to civil AAR. Extremely useful advisory material exists, ranging from flight testing techniques to related safety. The importance of ensuring the consistency of failure condition categorisation at system and aircraft level is highlighted. The treatment of failures when two aircraft are in close proximity is something not considered by civil functional hazard analysis. The concept of AAR as an additional flight phase is introduced and affected system safety analyses identified. Examples of failure conditions that are not catastrophic at system level, but potentially could be at aircraft level during AAR are provided. Rendezvous scenarios are described to illustrate their influence on the certification basis. Combining such considerations with the factors that influence aircraft design leads to ramifications for handling qualities, performance and fuel system design. A viable and certifiable AAR configuration is consequently proposed. Consideration is given to treating operational certification in a progressive manner similar to existing LROPS (Long Range Operations).

Conformity Assessment of the ITER Vacuum Vessel With the Requirements of the French Order for Nuclear Pressure Equipment

2010 ◽  
Author(s):  
Andre´ Weyn ◽  
Guy Vast ◽  
Erick Ru¨tze ◽  
Willy Wijns
Keyword(s):  
Structural Strength ◽  
Hazard Analysis ◽  
Vacuum Vessel ◽  
Requirements Definition ◽  
Safety Requirements ◽  
Fabrication Tolerances ◽  
Definition Of ◽  
The Impact ◽  
Service Inspection

The ITER Vacuum Vessel (VV) is a nuclear pressure equipment according to the French Order of December 12th 2005. Therefore the VV manufacturer (the ITER Organization) must demonstrate that the applicable essential safety requirements and radioprotection requirements are satisfied. The paper describes several aspects requiring particular attention from the start in order to assure that the VV will finally comply with the legal requirements. - definition of responsibilities; - fixation of the design; - hazard analysis and uncertainties; - in-service inspection requirements; - classification of all VV parts; - material specifications; - structural strength evaluation; - fabrication tolerances; - assessment of the RCC-MR Code; - alternatives to meet the ESR and RPR. It’s important that all participants to the project have a good understanding of the applicable legislation and are aware of the impact of their decisions on the final conformity of the VV with the essential safety requirements and radioprotection requirements.

Deriving Safety-Related Scenarios to Support Architecture Evaluation

2011 ◽  
pp. 31-54 ◽  
Author(s):  
Dingding Lu ◽  
Robyn R. Lutz ◽  
Carl K. Chang
Keyword(s):  
System Development ◽  
Hazard Analysis ◽  
Unified Modeling Language ◽  
Use Cases ◽  
System Safety ◽  
System Decomposition ◽  
Unified Modeling ◽  
Safety Requirements ◽  
Analysis Process ◽  
Architectural Evaluation

This chapter introduces an analysis process that combines the different perspectives of system decomposition with hazard analysis methods to identify the safety-related use cases and scenarios. It argues that the derived safety-related use cases and scenarios, which are the detailed instantiations of system safety requirements, serve as input to future software architectural evaluation. Furthermore, by modeling the derived safety-related use cases and scenarios into UML (Unified Modeling Language) diagrams, the authors hope that visualization of system safety requirements will not only help to enrich the knowledge of system behaviors but also provide a reusable asset to support system development and evolution.

scholarly journals A Novel Hazard Analysis and Risk Assessment Approach for Road Vehicle Functional Safety through Integrating STPA with FMEA

2020 ◽  
Vol 10 (21) ◽  
pp. 7400
Author(s):  
Lei Chen ◽  
Jian Jiao ◽  
Tingdi Zhao
Keyword(s):  
Risk Assessment ◽  
Process Analysis ◽  
Hazard Analysis ◽  
International Standards ◽  
Functional Safety ◽  
Road Vehicles ◽  
Effect Analysis ◽  
Automotive Safety ◽  
Safety Requirements ◽  
Assessment Approach

ISO26262: 2018 is an international functional safety standard for electrical and/or electronic (E/E) systems within road vehicles. It provides appropriate safety requirements for road vehicles to avoid unreasonable residual risk according to automotive safety integrity levels (ASILs) derived from hazard analysis and risk assessment (HARA) required in the ISO26262 concept phase. Systems theoretic process analysis (STPA) seems to be designed specifically to deal with hazard analysis of modern complex systems, but it does not include risk evaluation required by most safety related international standards. So we integrated STPA into Failure Mode and Effect Analysis (FMEA) template to form a new method called system theoretic process analysis based on an FMEA template, STPAFT for shot, which could not only meet all the requirements of the concept phase in ISO26262, but also make full use of the advantages of the two methods. Through the focus of FMEA on low-level components, STPAFT can obtain more detailed causal factors (CFs), which is very helpful for derivation of safety goals (SGs) and the functional safety requirements (FSRs) in the concept phase of ISO26262. The application of STPAFT is described by the case study of fuel level estimation and display system (FLEDS) to show how the concept phase of ISO26262 could be supported by STPAFT.

Sign in / Sign up

Export Citation Format

Share Document