public void IncomingBloodIsContaminated_FaultTree(Model model, string name)
{
SetProbabilities(model);
var analysis = new SafetySharpSafetyAnalysis {
Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.IncomingBloodWasNotOk);
var steps = 6;
var reaProbability = 0.0;
foreach (var mcs in result.MinimalCriticalSets)
{
var mcsProbability = 1.0;
foreach (var fault in mcs)
{
var pFaultInOneStep = fault.ProbabilityOfOccurrence.Value.Value;
var pFault = 1.0 - Math.Pow(1.0 - pFaultInOneStep, steps);
mcsProbability *= pFault;
}
reaProbability += mcsProbability;
}
Console.WriteLine($"Result with fault tree rare event approximation: {reaProbability.ToString(CultureInfo.InvariantCulture)}");
}
protected SafetyAnalysisResults <SafetySharpRuntimeModel> DccaWithMaxCardinality(ModelBase model, Formula hazard, int maxCardinality, ModelCapacity capacity)
{
var analysis = new SafetySharpSafetyAnalysis
{
Backend = (SafetyAnalysisBackend)Arguments[0],
Configuration =
{
ModelCapacity = capacity,
GenerateCounterExample = !SuppressCounterExampleGeneration
}
};
analysis.OutputWritten += message => Output.Log("{0}", message);
if (Heuristics != null)
{
analysis.Heuristics.AddRange(Heuristics);
}
var result = analysis.ComputeMinimalCriticalSets(model, hazard, maxCardinality);
Output.Log("{0}", result);
return(result);
}
public void NoDamagedWorkpieces(Model model)
{
var modelChecker = new SafetySharpSafetyAnalysis {
Configuration = { ModelCapacity = new ModelCapacityByModelDensity(1 << 22, ModelDensityLimit.Medium), GenerateCounterExample = false }
};
var result = modelChecker.ComputeMinimalCriticalSets(model, model.Workpieces.Any(w => w.IsDamaged), maxCardinality: 2);
Console.WriteLine(result);
}
public void FalseAlarm(Model model, string variantName)
{
var analysis = new SafetySharpSafetyAnalysis {
Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.FalseAlarm);
result.SaveCounterExamples($"counter examples/height control/dcca/false alarm/{variantName}");
Console.WriteLine(result);
}
public void ExtracorporealBloodCircuitWorks_ModelChecking()
{
var specification = new ExtracorporealBloodCircuitTestEnvironment();
var analysis = new SafetySharpSafetyAnalysis();
var result = analysis.ComputeMinimalCriticalSets(specification, specification.Dialyzer.MembraneIntact == false);
result.SaveCounterExamples("counter examples/hdmachine");
Console.WriteLine(result);
}
public void AllWorkpiecesCompleteEventually(Model model)
{
var modelChecker = new SafetySharpSafetyAnalysis {
Configuration = { ModelCapacity = new ModelCapacityByModelDensity(1 << 22, ModelDensityLimit.Medium), GenerateCounterExample = false }
};
var result = modelChecker.ComputeMinimalCriticalSets(model,
model.ObserverController._stepCount >= ObserverController.MaxSteps &&
!model.Workpieces.All(w => w.IsDamaged || w.IsDiscarded || w.IsComplete), maxCardinality: 2);
Console.WriteLine(result);
}
public void DialyzingFluidDeliverySystemWorks_ModelChecking()
{
var specification = new DialyzingFluidDeliverySystemTestEnvironment();
var analysis = new SafetySharpSafetyAnalysis();
var result = analysis.ComputeMinimalCriticalSets(specification, specification.Dialyzer.MembraneIntact == false);
result.SaveCounterExamples("counter examples/hdmachine");
Console.WriteLine(result);
}
public void CalculateDcca()
{
var model = new ExampleModelBase();
var analysis = new SafetySharpSafetyAnalysis {
Backend = SafetyAnalysisBackend.FaultOptimizedOnTheFly, Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.ModelComponent.HazardActive);
//result.SaveCounterExamples("counter examples/height control/dcca/collision/original");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
public void Collision(Model model, string variantName)
{
// As collisions cannot occur without any overheight vehicles driving on the left lane, we
// force the activation of the LeftOHV fault to improve safety analysis times significantly
model.VehicleSet.LeftOHV.Activation = Activation.Forced;
var analysis = new SafetySharpSafetyAnalysis {
Heuristics = { new MaximalSafeSetHeuristic(model.Faults, cardinalityLevel: 4) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.Collision);
result.SaveCounterExamples($"counter examples/height control/dcca/collision/{variantName}");
Console.WriteLine(result);
}
public void CalculateDcca()
{
var model = new SimpleBayesianExampleModel();
var analysis = new SafetySharpSafetyAnalysis
{
Backend = SafetyAnalysisBackend.FaultOptimizedOnTheFly,
Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.Component.Hazard);
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
public void FalseAlarmOriginalDesign(
[Values(SafetyAnalysisBackend.FaultOptimizedStateGraph, SafetyAnalysisBackend.FaultOptimizedOnTheFly)] SafetyAnalysisBackend backend)
{
var model = Model.CreateOriginal();
var analysis = new SafetySharpSafetyAnalysis {
Backend = backend, Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.FalseAlarm);
result.SaveCounterExamples("counter examples/height control/dcca/false alarm/original");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
public void TankDepleted()
{
var model = new Model();
var result = SafetySharpSafetyAnalysis.AnalyzeHazard(model, model.Tank.IsDepleted);
result.SaveCounterExamples("counter examples/pressure tank/dcca/tank depleted");
Console.WriteLine(result);
result.IsComplete.Should().BeTrue();
result.MinimalCriticalSets.ShouldAllBeEquivalentTo(new[]
{
// The tank depleted hazard has two singleton minimial critical set
new[] { model.Sensor.SuppressIsEmpty },
new[] { model.Pump.SuppressPumping }
});
}
private static void Dcca(Model model)
{
var safetyAnalysis = new SafetySharpSafetyAnalysis
{
Configuration =
{
CpuCount = 1,
ModelCapacity = new ModelCapacityByModelDensity(1 << 20, ModelDensityLimit.Medium),
GenerateCounterExample = false
},
FaultActivationBehavior = FaultActivationBehavior.ForceOnly,
Heuristics = { RedundancyHeuristic(model), new SubsumptionHeuristic(model.Faults) }
};
var result = safetyAnalysis.ComputeMinimalCriticalSets(model, model.ObserverController.ReconfigurationState == ReconfStates.Failed);
Console.WriteLine(result);
}
public void DialysisFinishedAndBloodNotCleaned_ModelChecking(
[Values(SafetyAnalysisBackend.FaultOptimizedStateGraph, SafetyAnalysisBackend.FaultOptimizedOnTheFly)] SafetyAnalysisBackend backend)
{
var specification = new Model();
var analysis = new SafetySharpSafetyAnalysis
{
Backend = backend,
Configuration = { ModelCapacity = new ModelCapacityByModelDensity(1310720, ModelDensityLimit.Medium) }
};
var result = analysis.ComputeMinimalCriticalSets(specification, specification.BloodNotCleanedAndDialyzingFinished);
result.SaveCounterExamples("counter examples/hdmachine_unsuccessful");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
public void IncomingBloodIsContaminated_ModelChecking(
[Values(SafetyAnalysisBackend.FaultOptimizedStateGraph, SafetyAnalysisBackend.FaultOptimizedOnTheFly)] SafetyAnalysisBackend backend)
{
var specification = new Model();
var analysis = new SafetySharpSafetyAnalysis
{
Backend = backend,
Heuristics = { new MaximalSafeSetHeuristic(specification.Faults) },
Configuration = { ModelCapacity = new ModelCapacityByModelDensity(1310720, ModelDensityLimit.Medium) }
};
var result = analysis.ComputeMinimalCriticalSets(specification, specification.IncomingBloodWasNotOk);
result.SaveCounterExamples("counter examples/hdmachine_contamination");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
private void Dcca(Model model, FaultActivationBehavior activation, params IFaultSetHeuristic[] heuristics)
{
var modelChecker = new SafetySharpSafetyAnalysis
{
Configuration =
{
ModelCapacity = new ModelCapacityByModelDensity(1 << 16, ModelDensityLimit.Medium),
CpuCount = 4,
GenerateCounterExample = false
}
};
modelChecker.Heuristics.AddRange(heuristics);
modelChecker.FaultActivationBehavior = activation;
var result = modelChecker.ComputeMinimalCriticalSets(model, model.ObserverController.Unsatisfiable);
Console.WriteLine(result);
Assert.AreEqual(0, result.Exceptions.Count);
}
public void CollisionOriginalDesign(
[Values(SafetyAnalysisBackend.FaultOptimizedStateGraph, SafetyAnalysisBackend.FaultOptimizedOnTheFly)] SafetyAnalysisBackend backend)
{
var model = Model.CreateOriginal();
// As collisions cannot occur without any overheight vehicles driving on the left lane, we
// force the activation of the LeftOHV fault to improve safety analysis times significantly
model.VehicleSet.LeftOHV.Activation = Activation.Forced;
var analysis = new SafetySharpSafetyAnalysis {
Backend = backend, Heuristics = { new MaximalSafeSetHeuristic(model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(model, model.Collision);
result.SaveCounterExamples("counter examples/height control/dcca/collision/original");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
}
public void TankRupture()
{
var model = new Model();
var result = SafetySharpSafetyAnalysis.AnalyzeHazard(model, model.Tank.IsRuptured);
result.SaveCounterExamples("counter examples/pressure tank/dcca/tank rupture");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
result.IsComplete.Should().BeTrue();
result.MinimalCriticalSets.ShouldAllBeEquivalentTo(new[]
{
// The tank rupture hazard has only one single minimial critical set consisting of the following to faults
new[] { model.Sensor.SuppressIsFull, model.Timer.SuppressTimeout }
});
orderResult.OrderRelationships[result.MinimalCriticalSets.Single()].Single().FirstFault.Should().Be(model.Sensor.SuppressIsFull);
orderResult.OrderRelationships[result.MinimalCriticalSets.Single()].Single().SecondFault.Should().Be(model.Timer.SuppressTimeout);
}
private SafetyAnalysisResults <SafetySharpRuntimeModel> Dcca(Model model, Formula hazard, bool enableHeuristics, bool stopOnFirstException)
{
var safetyAnalysis = new SafetySharpSafetyAnalysis
{
Configuration =
{
CpuCount = 4,
ModelCapacity = new ModelCapacityByModelDensity(1 << 20, ModelDensityLimit.Medium),
GenerateCounterExample = false
},
FaultActivationBehavior = FaultActivationBehavior.ForceOnly,
StopOnFirstException = stopOnFirstException
};
if (enableHeuristics)
{
safetyAnalysis.Heuristics.Add(RedundancyHeuristic(model));
safetyAnalysis.Heuristics.Add(new SubsumptionHeuristic(model.Faults));
}
return(safetyAnalysis.ComputeMinimalCriticalSets(model, hazard));
}
public void Collision(
[Values(SafetyAnalysisBackend.FaultOptimizedStateGraph, SafetyAnalysisBackend.FaultOptimizedOnTheFly)] SafetyAnalysisBackend backend)
{
var model = new Model();
var result = SafetySharpSafetyAnalysis.AnalyzeHazard(model, model.PossibleCollision, backend: backend);
result.SaveCounterExamples("counter examples/railroad crossing/dcca/collision");
var orderResult = SafetySharpOrderAnalysis.ComputeOrderRelationships(result);
Console.WriteLine(orderResult);
result.IsComplete.Should().BeTrue();
result.MinimalCriticalSets.ShouldAllBeEquivalentTo(new[]
{
new[] { model.TrainController.Odometer.OdometerPositionOffset },
new[] { model.TrainController.Odometer.OdometerSpeedOffset },
new[] { model.CrossingController.Sensor.BarrierSensorFailure },
new[] { model.CrossingController.TrainSensor.ErroneousTrainDetection },
new[] { model.CrossingController.Motor.BarrierMotorStuck, model.TrainController.Brakes.BrakesFailure },
new[] { model.Channel.MessageDropped, model.TrainController.Brakes.BrakesFailure }
});
}
/// <summary>
/// Executes a DCCA and returns a list of McsRandomVariables that represent the DCCA results limited by the given faults.
/// A minimal critical set which contains faults that are not in the given list of faults will be ignored.
/// An empty minimal critical set will not be created as a random variable because it would not make sense regarding the probability theory.
/// </summary>
public IList <McsRandomVariable> FromDccaLimitedByFaults(Func <bool> hazard, ICollection <FaultRandomVariable> faults)
{
var analysis = new SafetySharpSafetyAnalysis
{
Backend = SafetyAnalysisBackend.FaultOptimizedOnTheFly,
Heuristics = { new MaximalSafeSetHeuristic(_model.Faults) }
};
var result = analysis.ComputeMinimalCriticalSets(_model, new ExecutableStateFormula(hazard));
var mcsVariables = new List <McsRandomVariable>();
// Create a random variable for every nonempty critical set
foreach (var criticalSet in result.MinimalCriticalSets.Where(set => set.Count > 0))
{
var mcs = new MinimalCriticalSet(criticalSet);
var mcsName = $"mcs_{string.Join("_", mcs.Faults.Select(fv => fv.Name))}";
var faultVariables = faults.Where(fv => mcs.Faults.Contains(fv.Reference)).ToList();
mcsVariables.Add(new McsRandomVariable(mcs, faultVariables, mcsName));
}
GC.Collect();
return(mcsVariables.Where(
criticalSet => criticalSet.FaultVariables.Count == criticalSet.Reference.Faults.Count
).ToList());
}
