Causality and Temporal Dependencies in the Design of Fault Management Systems

Reasoning about causes and effects naturally arises in the engineering of safety-critical systems. A classical example is Fault Tree Analysis, a deductive technique used for system safety assessment, whereby an undesired state is reduced to the set of its immediate causes. The design of fault management systems also requires reasoning on causality relationships. In particular, a fail-operational system needs to ensure timely detection and identification of faults, i.e. recognize the occurrence of run-time faults through their observable effects on the system. Even more complex scenarios arise when multiple faults are involved and may interact in subtle ways. In this work, we propose a formal approach to fault management for complex systems. We first introduce the notions of fault tree and minimal cut sets. We then present a formal framework for the specification and analysis of diagnosability, and for the design of fault detection and identification (FDI) components. Finally, we review recent advances in fault propagation analysis, based on the Timed Failure Propagation Graphs (TFPG) formalism.Comment: In Proceedings CREST 2017, arXiv:1710.0277

An Effective Fixpoint Semantics for Linear Logic Programs

In this paper we investigate the theoretical foundation of a new bottom-up semantics for linear logic programs, and more precisely for the fragment of LinLog that consists of the language LO enriched with the constant 1. We use constraints to symbolically and finitely represent possibly infinite collections of provable goals. We define a fixpoint semantics based on a new operator in the style of Tp working over constraints. An application of the fixpoint operator can be computed algorithmically. As sufficient conditions for termination, we show that the fixpoint computation is guaranteed to converge for propositional LO. To our knowledge, this is the first attempt to define an effective fixpoint semantics for linear logic programs. As an application of our framework, we also present a formal investigation of the relations between LO and Disjunctive Logic Programming. Using an approach based on abstract interpretation, we show that DLP fixpoint semantics can be viewed as an abstraction of our semantics for LO. We prove that the resulting abstraction is correct and complete for an interesting class of LO programs encoding Petri Nets.Comment: 39 pages, 5 figures. To appear in Theory and Practice of Logic Programmin

Basin scale assessment of landslides geomorphological setting by advanced InSAR analysis

An extensive investigation of more than 90 landslides affecting a small river basin in Central Italy was performed by combining field surveys and remote sensing techniques. We thus defined the geomorphological setting of slope instability processes. Basic information, such as landslides mapping and landslides type definition, have been acquired thanks to geomorphological field investigations and multi-temporal aerial photos interpretation, while satellite SAR archive data (acquired by ERS and Envisat from 1992 to 2010) have been analyzed by means of A-DInSAR (Advanced Differential Interferometric Synthetic Aperture Radar) techniques to evaluate landslides past displacements patterns. Multi-temporal assessment of landslides state of activity has been performed basing on geomorphological evidence criteria and past ground displacement measurements obtained by A-DInSAR. This step has been performed by means of an activity matrix derived from information achieved thanks to double orbital geometry. Thanks to this approach we also achieved more detailed knowledge about the landslides kinematics in time and space

Probabilistic Model-Based Safety Analysis

Model-based safety analysis approaches aim at finding critical failure combinations by analysis of models of the whole system (i.e. software, hardware, failure modes and environment). The advantage of these methods compared to traditional approaches is that the analysis of the whole system gives more precise results. Only few model-based approaches have been applied to answer quantitative questions in safety analysis, often limited to analysis of specific failure propagation models, limited types of failure modes or without system dynamics and behavior, as direct quantitative analysis is uses large amounts of computing resources. New achievements in the domain of (probabilistic) model-checking now allow for overcoming this problem. This paper shows how functional models based on synchronous parallel semantics, which can be used for system design, implementation and qualitative safety analysis, can be directly re-used for (model-based) quantitative safety analysis. Accurate modeling of different types of probabilistic failure occurrence is shown as well as accurate interpretation of the results of the analysis. This allows for reliable and expressive assessment of the safety of a system in early design stages

Symbolic Model Checking and Safety Assessment of Altarica models

Altarica is a language used to describe critical systems. In this paper we present a novel approach to the analysis of Altarica models, based on a translation into an extended version of NuSMV. This approach opens up the possibility to carry out functional verification and safety assessment with symbolic techniques. An experimental evaluation on a set of industrial case studies demonstrates the advantages of the approach over currently available tools.

Conceptual model and flow numerical simulation of aquifer contaminated by chlorinated solvents in rho (mi)

The geological and hydrogeological characterization of a multilayer aquifer contaminated by organochlorinated compounds has been carried out in the industrial area of Rho (Milan, Italy). The hydrogeological setting is characterized by the presence of several aquifers overlying each other, separated by silty-clayey levels, whose presence and thickness tends to increase with depth. The “first aquifer”, 35 m thick, is separated by a clayey level, located at 5-9 m below ground level varying in thickness between 0.5 and 2 m, from a perched aquifer of local interest, indicated as “shallow aquifer”. Groundwater flows towards SSE in both shallow and deeper aquifer, with a mean 0.6% hydraulic gradient, showing highest values (+2 m) of the hydraulic head of the shallow aquifer, allowing possible seep- age from the shallow aquifer to the deeper one, taking into account the small thickness of the aquitard. Geological, hydrogeological and hydrogeochemical data have been included in a GIS and they have been used to interpolate geometry, thickness and piezometric surface of the shallow aquifer, of the aquitard and of the first aquifer. By scarcity of the experimental data, hydraulic coefficient evaluation has been integrated starting from grain size classes on single vertical boreholes. Space distribution of k has been derived by geostatistical tools, after validation of k classes referring to available investigation data. Two groundwater flow mathematical models have been developed for the multilayer aquifer at different scales; a large scale model (LSM) and a fine scale one (FSM). After calibration and validation, the LSM sufficiently agrees with experimental data, offering the possibility to simulate regional flowpaths, both in shallow and first aquifer. Shallow aquifer heterogeneity appears significant in groundwater flow influence, allowing simulation of local flowpaths differently oriented from main groundwater flow direction.Heterogeneities in the first aquifer have not been reproduced in numerical models, assigning an average value of hydraulic conductivity to the layer, considered as an homogeneous aquifer for groundwater flow simulation. At the FSM scale, a deeper characterization of the first aquifer it seems necessary, because simple uniform values of k cannot correctly simulate local water table variations and real flowpath directions. It can be inferred that this FSM can be used only to simulate shallow aquifer and seepage towards the first aquifer. Meanwhile, the FSM model cannot be used to assess final fate of the contaminant in the first aquifer. Models support field data about the seepage from the shallow to the first aquifer, of both groundwater and dissolved contaminants, showing vertical transfer by particle tracking through the thinaquitard, which can explain high contaminant concentrations found in the first aquifer

Inferring Sensor Placement Using Critical Pairs and Satisfiability Modulo Theory

Industrial fault diagnosis exhibits the perennial problem of reasoning with partial and real-valued information. This is mainly due to the fact that in real-world applications, industrial systems are only instrumented insofar, as sensor information is required for their functioning. However, such instrumentation leaves out much information that would be useful for fault diagnosis. This is problematic since consistency-based fault diagnosis uses available information and computes intermediate values within a system description. These values are then used to compare expected normal behaviour to actual observed values. In the past, this was done only for Boolean circuits. Recently, satisfiability modulo non-linear arithmetic (SMT) formulations have been developed that allow the calculation of real values, instead of only Boolean ones. Leveraging those formulations, we in this article present a novel method to infer missing sensor values using an SMT system description and the notion of critical pairs. We show on a running example and also empirically that we can infer novel measurements for five process industrial systems. We conclude that, although SMT calculations accumulate some error, we can infer novel optimal measurements for all systems