Reasoning with failures
This addresses safety analysis challenges for engineers in industries like power plants, but it appears incremental as it builds on existing fault tree methods with a new modeling approach.
The paper tackles the problem of accurately analyzing the impact of complex controller software on Safety Instrumented Systems (SIS) in major hazard facilities, by introducing a formal model for faults and failure modes to improve safety analysis.
Safety Instrumented Systems (SIS) protect major hazard facilities, e.g. power plants, against catastrophic accidents. An SIS consists of hardware components and a controller software -- the ``program''. Current safety analyses of SIS' include the construction of a fault tree, summarising potential faults of the components and how they can arise within an SIS. The exercise of identifying faults typically relies on the experience of the safety engineer. Unfortunately the program part is often too complicated to be analysed in such a ``by hand" manner and so the impact it has on the resulting safety analysis is not accurately captured. In this paper we demonstrate how a formal model for faults and failure modes can be used to analyse the impact of an SIS program. We outline the underlying concepts of \emph{Failure Mode Reasoning} and its application in safety analysis, and we illustrate the ideas on a practical example.