Antoine Rauzy

Exact and truncated computations of prime implicants of coherent and non-coherent fault trees within Aralia

Abstract Aralia is a Binary Decision Diagram (BDD) package extended to handle fault trees. It is currently developed at the University of Bordeaux as a part of a partnership between university laboratories and several French companies. BDDs are the state of the art data structure to handle boolean functions. They have been recently used with success in the framework of safety and reliability analysis. The aim of this paper is to present how prime implicants (minimal cuts) of coherent and non-coherent fault trees are computed within Aralia. The used algorithms are mainly those proposed by J. C. Madre and O. Coudert on the one hand and A. Rauzy on the other hand. We introduce the notion of minimal p-cuts that is a sound extension of the notion of minimal cuts to the case of non-coherent fault trees. We propose two BDD based algorithms to compute them. We show how to modify these algorithms in order to compute only prime implicants (or minimal p-cuts) whose orders are less than a given constant or whose probabilities are greater than a given threshold. We report experiments showing that this improves significantly the methodology for this allows fast, accurate and incremental approximations of the desired result.

Efficient algorithms to assess component and gate importance in fault tree analysis

Abstract One of the principal activities of risk assessment is either the ranking or the categorization of structures, systems and components with respect to their risk-significance or their safety-significance. Several measures, so-called importance factors, of such a significance have been proposed for the case where the support model is a fault tree. In this article, we show how binary decision diagrams can be use to assess efficiently a number of classical importance factors. This work completes the preliminary results obtained recently by Andrews and Sinnamon, and the authors. It deals also with the concept of joint reliability importance.

New insights into the assessment of k-out-of-n and related systems

k-out-of-n and related systems have received much attention in the recent past years. Hundreds of articles were devoted to various methods to assess them. In this article, we show that there exist very efficient algorithms to compute the reliability of k-out-of-n, l-to-h-out-of-n and consecutive k-out-of-n systems. k-within-r-out-of-n systems are intrinsically much harder. We study the performance of binary decision diagrams (BDDs) on these systems. Then, we propose a new approximation scheme. This algorithm is much more efficient in practice than already proposed methods.

A snapshot of methods and tools to assess safety integrity levels of high-integrity protection systems

In the oil industry, high-integrity protection systems tend to replace traditional safety systems. In this paper, a snapshot is provided of the methods and tools designed by the authors to evaluate efficiently safety integrity levels of high-integrity protection systems, as required by IEC 61508 and 61511 standards. These standards provide rigorous processes to build the safety of safety-instrumented systems. They are very efficient from an organizational point of view. However, difficulties arise with definitions and probabilistic calculations. To overcome these difficulties, the existing methods and tools were extended. These extensions are presented by means of simple examples. The focus is on the treatment of high-integrity protection systems working in low-demand mode (that is, with less than one demand per year according to the standards), e.g. systems such as high-integrity pressure protection systems. Some indications for safety systems working in continuous mode are given. Some practical conclusions are drawn from the various experiments performed. First, fault trees, when properly used, are very efficient for low-demand safety systems. Second, multi-phase Markov processes provide accurate results, even if only very small systems are tractable with this approach. Finally, behavioural modelling coupled with Monte Carlo simulation on Petri nets is both efficient and accurate. From the authors’ point of view, these approaches are simpler to handle than the informative formulae proposed in the present issue of IEC 61508 and 61511 standards.

Toward an efficient implementation of the MOCUS algorithm

MOCUS is probably the most famous algorithm to compute minimal cutsets of fault trees. It was proposed by Fussell and Vesely in 1972. It is now the core method of many fault-tree assessment tools. Despite its wide use, textbooks and articles give very few details about how to implement it. This paper describes data structures as well as several improvements and heuristics that make MOCUS very efficient. Experiments on a benchmark of the 1819 event-tree sequences that were generated during a PSA study are reported. Advantages and drawbacks of MOCUS and Binary Decision Diagrams are discussed.

Efficient bottom-up abstract interpretation of prolog by means of constraint solving over symbolic finite domains (extended abstract)

The subject of this paper is Abstract Interpretation of logic programs, based on Constraint Solving over Finite Domains. More specifically, we use Toupie, a Constraint language based on the μ-calculus. Fixpoint computation is the basic execution mechanism of this language. Therefore it is very convenient and efficient for Abstract Interpretation of logic programs. The following topics are covered in this paper. 1) The semantics and implementation of Toupie are described. 2) A class of abstract domains for logic programs is defined. This class can be viewed as an extension of the domain Prop ([9]) to a limited class of first order formulas with equality. It happens that the elements of this domain coincide with the objects manipulated by Toupie, i.e. 0+ formulas. 3) Transformation rules which allow the transformation of flat logic programs into Toupie programs are given. Execution of the Toupie programs on this abstract domains provides a correct bottom-up abstract interpretation of the corresponding logic programs, i.e. a complete description of the success patterns for the program. 4) An experimental evaluation of the resulting analysis tool was performed and is thoroughly described. The system was used to analyse the benchmark programs used for the same purpose in [13, 14]. Four different instances of the generic domain were evaluated: two variants of Prop and two domains for simple (but useful) type analyses. The results show that the system is very efficient and accurate on the benchmark programs. This seems to demonstrate that the proposed approach to abstract interpretation provides a versatile alternative to previous proposals for a significant class of analyses.

A realistic involvement of formal methods

In this article, we report a real‐life application of so‐called ‘Formal Methods’. The part of the project we were involved in was to verify that an embedded circuit satisfies a safety property. We describe the circuit as well as the mathematical and computer tools we used. We discuss methodological issues and we present some of the various experiments we performed. Finally, we draw some general conclusions about the practicability of formal verification techniques. Copyright