Abstract—Failure mode and effects analysis (FMEA) is a technique to reason about possible system hazards that result from system or system component failures. Traditionally, FMEA does not take the probabilities with which these failures may occur into account. Recently, this shortcoming was addressed by integrating stochastic model checking techniques into the FMEA process. A further improvement is the integration of techniques for the generation of counterexamples for stochastic models, which we propose in this paper. Counterexamples facilitate the redesign of a potentially unsafe system by providing information which components contribute most to the failure of the entire system. The usefulness of this novel approach to the FMEA process is illustrated by applying it to the case study of an airbag system provided by our industrial partner, the TRW Automotive GmbH. I.

Abstract. In recent years, several approaches to generate probabilistic counterexamples have been proposed. The interpretation of stochastic counterexamples, however, continues to be problematic since they have to be represented as sets of paths, and the number of paths in this set may be very large. Fault trees (FTs) are a well-established industrial technique to represent causalities for possible system hazards resulting from system or system component failures. In this paper we suggest a method to automatically derive FTs from counterexamples, including a mapping of the probability information onto the FT. We extend the structural equation approach by Pearl and Halpern, which is based on Lewis counterfactuals, so that it serves as a justification for the causality that our proposed FT derivation rules imply. We demonstrate the usefulness of our approach by applying it to an industrial case study. 1

The generation of counterexamples for probabilistic model checking has been an area of active research over the past five years. Tangible outcome of this research are novel directed and heuristic algorithms for efficient generation of probabilistic counterexamples, such as K ∗ and XBF. In this paper we present an empirical evaluation of the efficiency of these algorithms and the well-known Eppstein’s algorithm. We will also evaluate the effect of optimisations applied to Eppstein, K ∗ and XBF. Additionally, we will show, how information produced during model checking can be used to guide the search for counterexamples. This is a first step towards automatically generating heuristic functions. The experimental evaluation of the various algorithms is done by applying them to one case study, knwon from the literature on probabilistic model checking and one case study taken from the automotive industry.

With the increasing complexity in software and electronics in safety-critical systems new challenges to lower the costs and decrease time-to-market, while preserving high assurance have emerged. During the safety assessment process, the goal is to minimize the risk and particular, the impact of probable faults on system level safety. Every potential fault must be identified and analysed in order to determine which faults that are most important to focus on. In this paper, we extend our earlier work on formal qualitative analysis with a quantitative analysis of fault tolerance. Our analysis is based on design models of the system under construction. It further builds on formal models of faults that have been extended for estimated occurence probability allowing to analyse the system-level failure probability. This is done with the help of the probabilistic model checker PRISM. The extension provides an improvement in the costly process of certification in which all forseen faults have to be evaluated with respect to their impact on safety and reliability. We demonstrate our approach using an application from the avionic industry: an Altitude Meter System. 1

Abstract—Probabilistic properties are considered as the most important requirements for a variety of software systems, since they are used to formulate extra-functional requirements such as reliability, availability, safety, security and performance requirements. Currently, several probabilistic logics have been proposed to specify such important properties. However, due to the inherent complexity of the underlying temporal logics, these probabilistic logics are rather complex and software developers have problems using them to correctly specify the intended properties. To overcome this problem, we define a formal and graphical property specification language called Probabilistic Timed Property Sequence Charts (PTPSC) which is a probabilistic extension of Property Sequence Charts (PSC). We illustrate the use of PTPSC in the context of a vehicle-tovehicle communication device for avoiding traffic accidents.

The forthcoming standard ISO 26262 defines processes and techniques in support of a safe design and implementation of automotive systems. We comment on the recommendations that this standard provides with respect to the use of semi-formal and formal methods, including formal verification, during various stages of the proposed safety process. We illustrate how the QuantUM method and tool that we have developed in order to open UML-type system architecture models to formal analysis using stochastic model checking can be applied in support of the safety requirements imposed by the standard. 1