In verifying a safety-critical system, one usually begins by building a model of the basic system and of its safety mechanisms. If the basic system model does not reflect reality, the verification results are misleading. We show how a model of a system can be compared with the system’s fault trees to help validate the failure behaviour of the model. To do this, the meaning of fault trees are formalised in temporal logic and a consistency relation between models and fault trees is defined. An important practical feature of the technique is that it allows models and fault trees to be compared even if some events in the fault tree are not found in the system model.
|Title of host publication||SAFECOMP '93|
|Subtitle of host publication||The 12th International Conference on Computer Safety, Reliability and Security|
|Number of pages||10|
|Publication status||Published - 1993|