Formal Probabilistic Analysis of Dynamic Fault Trees in HOL4

TL;DR

This paper presents a formal, theorem-proving approach in HOL4 for analyzing dynamic fault trees, enabling precise probabilistic reasoning about system failures without sampling errors.

Contribution

It formalizes DFT gates and their probabilistic behaviors in HOL4, allowing exact verification of failure probabilities and properties.

Findings

Formalization of DFT gates in HOL4.

Verification of probabilistic properties using Lebesgue integrals.

Application to a Cardiac Assist System fault analysis.

Abstract

Dynamic Fault Trees (DFTs) is a widely used failure modeling technique that allows capturing the dynamic failure characteristics of systems in a very effective manner. Simulation and model checking have been traditionally used for the probabilistic analysis of DFTs. Simulation is usually based on sampling and thus its results are not guaranteed to be complete, whereas model checking employs computer arithmetic and numerical algorithms to compute the exact values of probabilities, which contain many round-off errors. Leveraging upon the expressive and sound nature of higher-order-logic (HOL) theorem proving, we propose, in this work, a formalization of DFT gates and their probabilistic behavior as well as some of their simplification properties in HOL. This formalization would allow us to conduct the probabilistic analysis of DFTs by verifying generic mathematical expressions about their behavior in HOL. In particular, we formalize the AND, OR, Priority-AND, Functional DEPendency, Hot SPare, Cold SPare and the Warm SPare gates and also verify their corresponding probabilistic expressions in HOL. Moreover, we formally verify an important property, Pr(X<Y), using the Lebesgue integral as this relationship allows us to reason about the probabilistic properties of Priority-AND gate and the Before operator. We also formalize the notion of conditional densities in order to formally verify the probabilistic expressions of the Cold SPare and the Warm SPare gates. For illustrating the usefulness of our formalization, we use it to formally analyze the DFT of a Cardiac Assist System.