Abstract Computational Grids process large, computationally intensive prob-lems on small data sets. In contrast, Data Grids process large computational problems that in turn require evaluating, mining and producinglarge amounts of data. Replication, creating geographically disparate identical copies of data, is regarded as one of the major optimisationtechniques for reducing data access costs. In this paper, several replication algorithms are discussed. Thesealgorithms were studied using the Grid simulator: OptorSim. OptorSim provides a modular framework within which optimisation strate-gies can be studied under different Grid configurations. The goal is to explore the stability and transient behaviour of selected optimisationtechniques. We detail the design and implementation of OptorSim andanalyse various replication algorithms based on different Grid workloads. 1 Introduction Within the Grid community much work has been done on providing the basic infrastructure for a typical Grid environment. Globus [3], Condor [1] and recently the EU DataGrid [2] have contributed substantially to core Grid

Safety critical systems are becoming more complex, both in the type of functionality they provide and in the way they are demanded to interact with their environment. Such growing complexity requires an adequate increase in the capability of safety engineers to assess system safety, including analyzing the bahaviour of a system in degraded situations. Formal verification

Abstract. The complexity of embedded controllers is steadily increasing. This trend, stimulated by the continuous improvement of the computational power of hardware, demands for a corresponding increase in the capability of design and safety engineers to maintain adequate safety levels. The use of formal methods during system design has proved to be effective in several practical applications. However, the development of certain classes of applications, like, for instance, avionics systems, also requires the behaviour of a system to be analysed under certain degraded situations (e.g., when some components are not working as expected). The integration of system design activities with safety assessment and the use of formal methods, although not new, are still at an early stage. These goals are addressed by the ESACS project, a European-Union-sponsored project grouping several industrial companies from the aeronautic field. The ESACS project is developing a methodology and a platform the ESACS platform that helps safety engineers automating certain phases of their work. This paper reports on the application of the ESACS methodology and on the use of the ESACS platform to a case study, namely, the Secondary Power System of the Eurofighter Typhoon aircraft.

Fault tree analysis is a traditional and well-established technique for analyzing system design and robustness. Its purpose is to identify sets of basic events, called cut sets, which can cause a given top level event, e.g., a system malfunction, to occur. In this paper we present an algorithm that extracts ordering information, i.e., finds out possible ordering constraints which are required to hold between basic events in a cut set. The algorithm is completely automatic, and has been incorporated into a more general framework, based on model checking techniques, for automatic fault tree generation and analysis.

Abstract. Fault tree analysis is a traditional and well-established technique for analyzing system design and robustness. Its purpose is to identify sets of basic events, called cut sets, which can cause a given top level event, e.g. a system malfunction, to occur. Generating fault trees is particularly critical in the case of reactive systems, as hazards can be the result of complex interactions involving the dynamics of the system and of the faults. Recently, there has been a growing interest in model-based fault tree analysis using formal methods, and in particular symbolic model checking techniques. In this paper we present a broad range of algorithmic strategies for efficient fault tree analysis, based on binary decision diagrams (BDDs). We describe different algorithms encompassing different directions (forward or backward) for reachability analysis, using dynamic cone of influence techniques to optimize the use of the finite state machine of the system, and dynamically pruning of the frontier states. We evaluate the relative performance of the different algorithms on a set of industrial-size test cases. 1

The manual construction of fault trees for complex systems is an error-prone and time-consuming activity, encouraging automated techniques. In this paper we show how the retrenchment approach to formal system model evolution can be developed into a versatile structured approach for the mechanical construction of fault trees. The system structure and the structure of retrenchment concessions interact to generate fault trees with appropriately deep nesting. The same interactions fuel a structural approach to hierarchical fault trees, allowing a system and its faults to be viewed at multiple levels of abstraction. We show how this approach can be extended to deal with minimisation, thereby diminishing the post-hoc subsumption workload and potentially rendering some infeasible cases feasible.