Abstract

ABSTRACT: In train control systems, more and more (electro-)mechanical devices are substituted by software based devices. To sustain the high level safety standards for these embedded systems, we propose the integration of fault tree analysis and formal methods. This combines two important safety analysis methods from the involved domains of engineering and software development. Our approach proposes to build a formal model of the system together with fault trees, which investigate the safety critical aspects by breaking them down to software and hardware requirements. The events of fault trees are formalized with respect to the model. Formal completeness and correctness conditions are given, using Interval Temporal Logic with continuous semantics. They define a formal semantics of fault trees, which allows cause-consequence relations between events in addition to boolean decomposition. The semantics is therefore suitable for dynamic systems. We will prove, that the conditions guarantee, that the fault tree is a correct and complete analysis of the causes of the considered fault. I.