Miaosen Wang,Yuan Xue,Kang Wang

DOI: https://doi.org/10.1155/2022/6424057

2022-05-27

Abstract:Throughout the world, the reliability-based approach to safety design of aircraft systems is quite mature and widely used. However, there are still shortcomings in the reliability-based aircraft system safety analysis method. It cannot dynamically analyze the accident evolution process and lack consideration of the complex situation of multifactor coupling. On the basis of the original aircraft system safety analysis method, this paper innovatively proposes a functional hazard analysis (FHA) method based on the analytic hierarchy process (AHP) and multifactor fuzzy comprehensive assessment (FCA). The purpose is to improve the objectivity and quantification of the FHA method in the safety design of aircraft systems. At the same time, in the terminal airworthiness verification, this paper proposes a repeatable and controllable virtual test flight verification method, which aims to reduce the cost and cycle of the terminal airworthiness verification and expand the coverage of the envelope verification. Finally, combined with the clauses in MIL-HDBK-516B, a case calculation is carried out to verify the feasibility of the proposed method.

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Huixing Fang,Jianqi Shi,Huibiao Zhu,Jian Guo,Kim Guldstrand Larsen,Alexandre David

DOI: https://doi.org/10.1007/s10009-014-0318-1

2014-05-27

International Journal on Software Tools for Technology Transfer

Abstract:For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platform screen door system (PSDS, a subsystem of the subway control system), is modeled with hybrid automata and Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by SpaceEx/PHAVer. The simulation and verification results indicate that the sandwiched situation can be avoided under time interval conditions. We improve the model with four trains and four stations on a subway line and analyze the urgent control scenario for the safety distance requirement. In this paper, the Simulink/Stateflow model is a refinement of the SpaceEx/PHAVer model, which is closer to a final implementation. Moreover, the two models are complementary for some features (e.g.,visualization of simulation, correctness proving by verification), stressing different aspects of the overall system and permitting complementary analysis techniques, i.e., verification versus simulation. We conclude that this integration procedure is competent in verifying subway control systems.

computer science, software engineering

Wenbo Zhang,Xiangkun Meng,Jianyuan Wang,Tieshan Li,Qihe Shan,Fei Teng

DOI: https://doi.org/10.1109/iccss53909.2021.9722016

2021-12-10

Abstract:Automatic crane is a complex system affected by the external environment and the internal components of the system, information fusion, software and hardware combination, and man-machine integration. The improvement of its automation and informatization proposes various challenges in the accident model construction and safety analysis. However, the safety analysis methods based on fault types consider that the occurrence of accidents is linear and ignore the correlation among components of the system. This paper adopts the system-theoretic accident model and process (STAMP) and system-theoretic process analysis (STPA) mode is to implement safety analysis of the automatic crane trolley running system (ACTRs). The paper starts from the identification of system-level losses and hazards, clarifies the function and internal logical control relationships of the system’s components, and then finds potential unsafe control actions (UCAs) and loss scenarios during the trolley running. The results show that the control requirements for the regular operation of the trolley running system can be analyzed in detail. Therefore, the STAMP/STPA can apply to the safety investigation of automatic cranes.

Jin Guo,Zhengguo Xu,Youxian Sun

DOI: https://doi.org/10.1080/00423114.2015.1102297

IF: 3.749

2015-01-01

Vehicle System Dynamics

Abstract:This paper focuses on the safety of railway vehicles. A new semi-active control strategy is proposed based on the skyhook control theory. In view of the main railway vehicle safety performance indicators, the new control strategy aims at reducing the derailment coefficient of railway vehicles by restraining the lateral vibrations of the bogie and the wheelset. Furthermore, to evaluate the improvement of the safety performance brought about by the new control strategy, a complete railway vehicle model is established using the ADAMS/Rail software package. In further co-simulations, five conventional control methods are compared with the proposed approach under the same conditions. Co-simulation results indicate that the new control strategy is effective in improving the safety performance of railway vehicles.

Guoqiang Cai

DOI: https://doi.org/10.18293/vlss2015-052

2015-01-01

Proceedings

Abstract:Safety analysis ensuring the normal operation of an engineering system is important. The existing safety analysis methods are limited to relatively simple fact description and statistical induction level. Besides, many of them enjoy poor generality, and fail to achieve comprehensive safety evaluation given a system structure and collected information. This work describes a new safety analysis method, called a GO-Bayes algorithm. It combines structural modeling of the GO method and probabilistic reasoning of the Bayes method. It can be widely used in system analysis. The work takes a metro vehicle braking system as an example to verify its usefulness and accuracy. Visual implementation by Extendsim software shows its feasibility and advantages in comparison with the Fault Tree Analysis (FTA) method.

Qiong Song,Guoqiang Cai,Limin Jia

DOI: https://doi.org/10.1109/liss.2016.7854553

2016-01-01

Abstract:This paper based on the theory of reliability centered maintenance (RCM) techniques aimed to verify the analysis results obtained by GO-Bayes method. This paper addresses the problem of establishing Monte Carlo simulation model to simulate the braking system. Metro vehicle braking system has been selected as it is one of the most complex and high-technology systems among all devices of train vehicles with high requirement on safety. As a whole, GO-Bayes analytical method has the accurate results which are consistent with Monte Carlo simulation, with the increase of simulation, its results will be closer to analytical calculated value.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Chuchu Fan,Bolun Qi,Sayan Mitra

DOI: https://doi.org/10.48550/arXiv.1704.06406

2017-04-21

Systems and Control

Abstract:We present an overview of recently developed data-driven tools for safety analysis of autonomous vehicles and advanced driver assist systems. The core algorithms combine model-based, hybrid system reachability analysis with sensitivity analysis of components with unknown or inaccessible models. We illustrate the applicability of this approach with a new case study of emergency braking systems in scenarios with two or three vehicles. This problem is representative of the most common type of rear-end crashes, which is relevant for safety analysis of automatic emergency braking (AEB) and forward collision avoidance systems. We show that our verification tool can effectively prove the safety of certain scenarios (specified by several parameters like braking profiles, initial velocities, uncertainties in position and reaction times), and also compute the severity of accidents for unsafe scenarios. Through hundreds of verification experiments, we quantified the safety envelope of the system across relevant parameters. These results show that the approach is promising for design, debugging and certification. We also show how the reachability analysis can be combined with statistical information about the parameters, to assess the risk level of the control system, which in turn is essential, for example, for determining Automotive Safety Integrity Levels (ASIL) for the ISO26262 standard.

Hu Jianbo,Zheng Lei,Xu Shukui

DOI: https://doi.org/10.21629/jsee.2018.06.20

IF: 1.363

2018-01-01

Journal of Systems Engineering and Electronics

Abstract:The wheel brake system safety is a complex problem which refers to its technical state, operating environment, human factors, etc., in aircraft landing taxiing process. Usually, professors consider system safety with traditional probability techniques based on the linear chain of events. However, it could not comprehensively analyze system safety problems, especially in operating environment, interaction of subsystems, and human factors. Thus, we consider system safety as a control problem based on the system-theoretic accident model, the processes (STAMP) model and the system theoretic process analysis (STPA) technique to compensate the deficiency of traditional techniques. Meanwhile, system safety simulation is considered as system control simulation, and Monte Carlo methods are used which consider the range of uncertain parameters and operation deviation to quantitatively study system safety influence factors in control simulation. Firstly, we construct the STAMP model and STPA feedback control loop of the wheel brake system based on the system functional requirement. Then four unsafe control actions are identified, and causes of them are analyzed. Finally, we construct the Monte Carlo simulation model to analyze different scenarios under disturbance. The results provide a basis for choosing corresponding process model variables in constructing the context table and show that appropriate brake strategies could prevent hazards in aircraft landing taxiing.

automation & control systems,engineering, electrical & electronic,operations research & management science

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Ming Chai,Xinyi Zhang,Bernd-Holger Schlingloff,Tao Tang,Hongjie Liu

DOI: https://doi.org/10.1016/j.ress.2023.109621

IF: 7.247

2024-01-01

Reliability Engineering & System Safety

Abstract:Automatic train control systems are complex and software-intensive cyber–physical systems. Hazard prediction at runtime for such systems has emerged as an essential research topic. Since hazards in train operations have a wide range of causal factors, the current monitoring approaches based on pre-programmed safety properties are generally ineffective in guaranteeing system safety. This paper proposes a reachable set-based runtime verification approach. In this approach, top-level train operation hazards are predicted directly by analysing all possible time-position states of the train from an observation. First, the train operation model is formalised with the parametric hybrid automata (PHA) to capture the discrete-continuous mixed and multi-variant features of train operations. Then, a model refinement algorithm is proposed based on an over-approximation linearisation method to reduce the computational complexity. The reachable set of the refined model is computed with the well-developed tool SpaceEx. We prove that this approximation approach does not compromise the hazard prediction ability. Furthermore, with a concrete example of the Beijing Yizhuang metro line, we analyse the feasibility of the approach in practice. The results indicate that the approach has high performance and accuracy for predicting train operation hazards and improves the safety of train operations.

engineering, industrial,operations research & management science

Liangliang Sun,Yan-Fu Li,Enrico Zio

DOI: https://doi.org/10.1115/1.4051940

2022-01-01

Abstract:As autonomous vehicle (AV) intelligence for controllability continues to develop, involving increasingly complex and interconnected systems, the maturity level of AV technology increasingly depends on the systems reliability level, also considering the interactions among them. Hazard analysis is typically used to identify potential system risks and avoid loss of AV system functionality. Conventional hazard analysis methods are commonly used for traditional standalone systems. New hazard analysis methods have been developed that may be more suitable for AV system-of-systems complexity. However, a comprehensive comparison of hazard analysis methods for AV systems is lacking. In this study, the traditional hazard analysis methods, hazard and operability (HAZOP) and failure mode and effects analysis (FMEA), as well as the most recent methods, like functional resonance analysis method (FRAM) and system-theoretic process analysis (STPA), are considered for implementation in the automatic emergency braking system. This system is designed to avoid collisions by utilizing the surrounding sensors to detect objects on the road, warning drivers with alerts about any collision risk, and actuating automatic partial/full braking through calculated adaptive braking deceleration. The objective of this work is to evaluate the methods with the unified theory of acceptance and use of technology (UTAUT) approach, in terms of their applicability to AV technologies. The advantages of HAZOP, FMEA, FRAM, and STPA, as well as the possibility of combining them to achieve systematic risk identification in practice, are discussed.

Wei Guodong,Yuan Lei,Ma Lianchuan

DOI: https://doi.org/10.1088/1742-6596/1654/1/012079

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract Under the new situation, high-speed maglev transportation has gradually become the new development direction of the railway field in the future. Its vehicle operation control system (VOCS for short) as a key subsystem has a great impact on the safety and stability of the entire high-speed maglev train control system. The high-speed maglev VOCS has the characteristics of complex system structure and frequent interaction between its modules. Finding hidden safety hazards and design errors in the system design and development process and ensuring the safety and efficiency of system design and development has become an important task of related projects. On this background, modelling and simulation of typical scenarios of high-speed maglev VOCS are absolutely necessary in the early stage of project development, drawing on the traditional wheel-rail vehicle system simulation verification research results, with the help of advanced computer simulation methods. Using Simulink / Stateflow tools for the parking point stepping functional scenario as an example, the validity and correctness of the high-speed maglev VOCS were verified to ensure the operation safety of the high-speed maglev train through.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.

Rui Zhang,Hua Cong,Yuanhong Liu,Fuzhou Feng,Rui ZHANG,Hua CONG,Yuanhong LIU,Fuzhou FENG

DOI: https://doi.org/10.1117/12.2317557

2018-03-05

Abstract:Aiming at the problem that the complicated structure and the shortage of fault statistics information in hydraulic systems, a multi value testability analysis method based on simulation model is proposed. Based on the simulation model of AMESim, this method injects the simulated faults and records variation of test parameters ,such as pressure, flow rate, at each test point compared with those under normal conditions .Thus a multi-value fault-test dependency matrix is established. Then the fault detection rate (FDR) and fault isolation rate (FIR) are calculated based on the dependency matrix. Finally the system of testability and fault diagnosis capability are analyzed and evaluated, which can only reach a lower 54%(FDR) and 23%(FIR). In order to improve testability performance of the system,. number and position of the test points are optimized on the system. Results show the proposed test placement scheme can be used to solve the problems that difficulty, inefficiency and high cost in the system maintenance.

Yan Zhang,Jin Shi,Tian Zhang,Xiangwei Liu,Zhuzhong Qian

DOI: https://doi.org/10.1016/j.pmcj.2015.07.008

IF: 3.848

2015-01-01

Pervasive and Mobile Computing

Abstract:Cyber–Physical Systems (CPS) are hybrid, safety-critical systems. For finding safety or security hazard in the design phase, modeling for CPS and checking their properties become very important. We focus on the compatibility, i.e., two systems can work together, and behavioral nonexistent consistency, i.e., forbidden behaviors do not occur in a system. Hybrid interface automata (HIA), which extend from interface automata and is not input-enabled, are introduced to model CPS. The compatibility of HIA is checked under an optimistic approach, which means if there is an environment in which two HIA cannot reach an illegal location, namely, at the location one cannot accept the input send by the other, they are compatible. Based on a scenario that specifies forbidden behaviors, behavioral nonexistent consistency is boundedly checked by transforming it to an unconstrained dynamic programming, and solving the programming by a genetic algorithm. The method can directly apply to nonlinear hybrid model. It relaxes a restriction on the form of the system dynamic in traditional algorithms. An experiment and simulation validate our algorithms.

JIANG Hui,BU Lei,LI Xuandong

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0548

2013-01-01

Abstract:The behavior of hybrid system is very complex. It consists of both discrete transition and continuous timed behavior. Therefore, the safety verification of hybrid automata is very difficult. Even for the class of linear hybrid automata, the reachability verification problem is undecidable. Most existing techniques compute the state space of linear hybrid automata through polyhedral computation, which is not suitable for large scale system. This paper presents a new tool to transform the linear hybrid automata into an equivalent transition system. Then, this tool can use the invariant generation studies on transition system to answer the reachability problem of linear hybrid automata. The experimental results indicate that the performance of this tool is nice and it can be applied to large systems.