Safety analysis of heterogeneous-multiprocessor control system software

Abstract

Fault trees and Petri nets are two widely accepted graphical tools used in the safety analysis of software. Because some software is life and property critical, thorough analysis techniques are essential. Independently Petri nets and fault trees serve limited evaluation purposes. This thesis presents a technique that converts and links Petri nets to fault trees and fault trees to Petri nets. It enjoys the combinational benefits of both analysis tools. Software Fault Tree Analysis and timed Petri nets facilitate software safety analysis in heterogeneous multiprocessor control systems. Analysis use a Petri net to graphically organize the selected software. A fault tree supports a hazardous condition with subsequent leaf node paths that lead to the hazard. Through the combination of Petri nets and fault trees, an analyst can determine a software fault if he can reach an undesired Petri net state, comparable with the fault tree root fault, from an initial marking. All transitions leading to the undesired state from the initial marking must be enabled and the states must be marked that represent the leaf nodes of the fault tree path. It is not the intention of this thesis to suggest that an analyst be replaced by an automated tool. There must be analyst interaction focusing the analyst's insight and experience on the hazards of a system. This method is proposed only as a tool for evaluation during the overall safety analysis.