摘要
随着过程复杂性以及人们对过程安全性要求的逐渐提高,采用各种安全性分析技术来提高过程尤其是高风险过程(如医疗过程等)的安全性成为十分迫切的需求。故障树分析技术(Fault Tree Analysis,简称FTA)与故障模式及影响分析技术(Failure Mode and Effect Analysis,简称FMEA)是目前被广泛应用的两种互补的安全性分析技术。因此,本文提出将此两种技术应用于过程的安全性分析及改进,并且针对两种技术的手工分析方式中存在的耗时且易出错的缺点,分别对它们展开了自动化方法的研究。研究工作的具体内容包括:构建Little-JIL过程模型的方法、基于Little-JIL过程模型进行FMEA技术的自动化方法、基于Little-JIL过程模型进行FTA技术的自动化方法、以及基于FMEA与FTA两种安全性分析技术相结合的辅助过程安全性改进的方法。主要研究工作和贡献包括以下五个方面:
1.提出一个基于Little-JIL过程模型的安全性分析及技术改进框架:在用Little-JIL语言对过程建立模型的基础上,采用各种静态分析技术对过程模型进行分析,并最终结合分析结果对过程提出改进措施。
2.提出一种FMEA技术的自动化方法:在用Little-JIL语言为过程建模的基础上,实现对过程模型进行故障模式及影响分析的自动化,自动构建Little-JIL过程模型相应的影响树,通过对影响树的分析捕获过程中潜在的安全隐患。
3.提出一种FTA技术的自动化方法:在用Little-JIL语言对过程进行建模的基础上,提出构建以给定故障事件为顶事件的故障树的自动化算法,并且能够自动计算故障树的最小割集,针对最小割集中的单因素故障事件提出在过程模型中增加一致性校验步骤的方法,提高过程安全性。
4.针对FTA技术的自动化方法中的规模问题与循环缺陷分别提出优化策略:针对规模问题,提出的步骤抽象、步骤删除及单因素事件删除三种优化策略能够删除故障树中大量冗余结点,并保证优化前后故障树完全等价;针对循环缺陷,检测并删除故障树中所有循环,仅删除故障树分析结果中阶数很高的最小割集,提高故障树分析效率,节省时间空间开销。
5.提出FMEA技术与FTA技术相结合的辅助过程安全性改进的方法:对于过程中的任意故障事件,采用故障模式及影响分析技术自底向上分析其在过程中形成的影响链,同时采用故障树分析技术自顶向下分析导致其发生的原因,为其构建相应故障树,结合两者分析结果提出过程安全性改进措施。
最后,本文将提出的框架和自动化方法应用于医疗机构的两个实际过程分析。实践结果表明,本文所提出的方法可系统地分析过程中存在的漏洞与缺陷,辅助过程安全性措施的提出。
本文的研究成果对于过程安全性分析和改进的理论与应用研究具有良好的参考价值和借鉴意义。
Fault Tree Analysis (FTA) and Failure Mode and Effect Analysis (FMEA), two of the most widely used safety analysis techniques, can be combined together to analyze and evaluate safety problems in a process in an attempt to reduce the occurrence of severe hazards or their consequences. This paper focuses on applying these two techniques to process analysis, and finding out defects or weaknesses in processes, and finally leading to improved processes with higher safety. FMEA and FTA techniques are usually manually performed by skilled experts, which may be time-consuming, error-prone, and tedious when applied to complex processes. How to automatically perform FTA and FMEA techniques to analyze processes is the main objective of this paper. We also do research on finding an effective way to combine these two complementary techniques to analyze processes. The details of the above problems discussed in this paper are as follows,
1. Framework of automatic safety analysis techniques for process analysis and improvement. We propose a framework that adopts several static analysis techniques to analysis weaknesses in processes after modeling them in Little-JIL language.
2. Approach and tool support of an automatic FMEA technique. We propose an approach that automatically derives effect trees from Little-JIL processes.
3. Approach and tool support of an automatic FTA technique. We propose an approach that automatically generates fault trees from Little-JIL processes, as well as computes MCSs of each fault tree.
4. Optimization methods of addressing scaling and looping issues. To address the scaling issue, two optimizations are applied before the fault tree is derived, Step Abstract and Step Removal. Another optimization, Single-Cause Event Elimination, is applied after the fault tree is derived. To solve the looping issue, we propose an algorithm that can detect and remove all loops in the fault tree in a simple way.
5. Approach of combining FTA and FMEA techniques. Both the failure mode and the effect in our automatic FMEA approach can be used as top-events in our automatic FTA approach to automatically generate fault trees for them, which realizes the combination of FMEA and FTA techniques. That is to say, given a failure mode, both effects (bottom-up) and causes (top-down) can be generated for it, and results can be combined to improve processes.
Through applying the proposed framework and automatic techniques in analyzing two real-world medical processes which are adopted by Bayestate medical center in USA, it is proved that our approach can be used to systematically detect safety issues in processes. Subsequent improvement measures will be made to processes, which may lead to improved safety. Our research has directive significance for future work on safety analysis and improvement of processes both theoretically and in practice.
引文
[1]Lloyd D, Lipow M. Reliability:management, methods and mathematics. New Jersey: Prentice-Hall,1962.
[2]Musa JD. Software-Reliability-Engineered testing. IEEE Computer,1996,29(11):61-68.
[3]Musa JD. Software-Reliability-Engineered testing practice (tutorial). Proc. of the International Conference on Software Engineering,1997,628-629.
[4]Musa JD, Ackerman. Quantifying software validation:when to stop testing? IEEE Software, 1989,6(3),19-27.
[5]Walter AS. Economic Control of Quality of Manufactured Product. D. Van Nostrand Co., New York,1931.
[6]Deming WE. Out of the Crisis. M.I.T. PRESS,2000.
[7]Thomas P. The Six Sigma Handbook:The Complete Guide for Greenbelts, Blackbelts, and Managers at All Levels. McGraw-Hill,2003.
[8]Mark CP, Bill C, Chrissis MB, and Weber CV. Capability maturity model for software, version 1.1. Technical Report CMU/SEI-93-TR-024, Software Engineering Institute, Carnegie Mellon University,1993.
[9]Mark CP, Weber CV, Bill C, and Chrissis MB. The Capability Maturity Model:Guidelines for Improving the Software Process. Addison-Wesley,1995.
[10]Wang Q, Xiao JC, Li MS, and Zhang L. A process-agent construction method for software process modeling in SoftPM. Lecture Notes in Computer Science,2006,3966:204-213.
[11]Wise A. Little-JIL 1.5 language report. Department of Computer Science, University of Massachusetts, Technique Report,2008.
[12]Henneman EA, Avrunin GS, Clarke LA, and Osterweil LJ, et.al. Increasing patient safety and e_ciency in transfusion therapy using formal process de_nitions. Transfusion Medicine Review,21(1):49-57,2007.
[13]Christov S, Chen B, Avrunin GS, Clarke LA, and Osterweil LJ. Rigorously de_ning and analyzing medical processes:An experience report. Proc. of the 1st International Workshop on Model-Based Trustworthy Health In-formation Systems,2007.
[14]Raunak MS, Chen B, Elssamadisy A, Clarke LA, and Osterweil LJ. De_nition and analysis of election processes. In SPW/ProSim2006, volume 3966 of LNCS,178-185, Shanghai,2006.
[15]Boose ER, Ellison AM, Osterweil LJ, and Clarke LA, et.al. Ensuring reliable datasets for environmental models and forecasts. In Ecological Infor-matics.2007.
[16]Andrews T, Curbera A, Dholakia H, and Goland Y, et.al. Business process execution languagefor web services, version 1.1,2003.
[17]Leymann F. Web Services Flow Language (WSFL 1.0). IBM Soft-ware Group,2001.
[18]Thatte S. XLANG:Web Services for Business Process Design. Microsoft Corporation,2001.
[19]Booch G. Object-oriented Analysis and Design with Applications. Addison-Wesley Professional,2 edition,1993.
[20]Rumbaugh JR, Blaha MR, Lorensen W, and Eddy F, et.al. Object-Oriented Modeling and Design. Prentice Hall,1990.
[21]Jacobson I, Christerson M, Jonsson P, and Overgaard G. Object Oriented Software Engineering:A Use Case Driven Approach. (ACM Press) Addison-Wesley Professional, 1992.
[22]Petri CA. Kommunikation mit Automaten. Bonn:Institut fur Instrumentelle Mathematik, Schriften des IIM Nr.2,1962.
[23]Osterweil LJ. Software processes are software too. Proc. of International Conference on Software Engineering,2-13,1987.
[24]Emmerich W and Gruhn V. FUNSOFT Nets:a Petri-Net based Software Process Modeling Language. In C. Ghezzi and GC. Roman, editors, Proc. of the 6th ACM/IEEE Int. Workshop on Software Speci_cation and Design (IWSSD),175-184. IEEE Computer Society Press, Como, Italy,1991.
[25]Min SY, Lee HD, and Bae DH. Softpm:A software process management system reconciling formalism with easiness. Information & Soft-ware Technology,42(1):1-16,2000.
[26]Aalst WMP, Hee K. Workflow Management—Models, Methods and Systems. Cambridge: MIT Press,2002.
[27]Bandinelli S, Fuggetta A, Lavazza L, Loi M, Picco GP. Modeling and improving an industrial software process. IEEE Trans. On Software Engineering,1995,21(5):440-454.
[28]Ambriola V, Conradi R, Fuggetta A. Assessing process-centered software engineering environments. ACM Trans, on Software Engineering and Methodology,1997,6(3):283-328.
[29]Pohl K, Weidenhaupt K, Domges R, Haumer P, Jarke M, Klamma R. PRIME—Toward process-integrated modeling environments:ACM Trans. on Software Engineering and Methodology,1999,8(4):343-410.
[30]Gunter CA. Abstracting dependencies between software configuration items. ACM Trans. on Software Engineering and Methodology,2000,9(1):94-131.
[31]Deiters W, Gruhn V. Process management in practice applying the FUNSOFT net approach to large-scale processes. Process Technology/Automated Software Engineering (Special Issue), 1998,5(1):7-25.
[32]Ren AH, Zhou BS, Wang B, Huang LJ. The equivalence verify between visual process modeling language and Petri net. Computer Engineering and Design,2001,22(6):11-18.
[33]National guideline clearinghouse, U.S.A. URL http://www.guideline.gov/
[34]National institute for health and clinical excellence, U.K. URL http://www.nice.org.uk/
[35]Starren JB, Hripcsak G, Jordan D, and Allen B, et.al. Encoding a post-operative coronary artery bypass surgery care plan in the arden syntax. Computers in Biology and Medicine, 24(5):411-417,1994.
[36]Terenziani P, Molino G, and Torchio M. A modular approach for representing and executing clinical guidelines. Artificial Intelligence in Medicine,23(3):249-276,2001.
[37]Boxwala AA, Peleg M, Tu S, and Ogunyemi O, et.al.Shortli_e. Glif3:A representation format for sharable computer-interpretable clinical practice guidelines. Journal of Biomedical Informatics,37(3):147-161,2004.
[38]Peleg M, Boxwala A, Tu S, and Wang D, et.al. Guideline Interchange Format 3.5 Technical Specification. InterMed Collaboratory,2004.
[39]Shahar Y, Miksch S, and Johnson P. The asgaard project:A task-specific framework for the application and critiquing of time-oriented clinical guidelines. Artificial Intelligence in Medicine,14(1-2):29-51,1998.
[40]Sutton DR and Fox J. The syntax and semantics of the PROforma guideline modeling language. Journal of the American Medical Informatics Association,10(5):433C-443,2003.
[41]Musen MA, Tu SW, Das AK, and Shahar Y. Eon:A component-based approach to automation of protocol-directed therapy. Journal of the American Medical Informatics Association,3(6):367C-388,1996.
[42]Quaglini S, Stefanelli M, Lanzola G, and Caporusso V, et.al. Flexible guideline-based patient careflow systems. Artificial Intelligence in Medicine,22(1):65-80,2001.
[43]Johnson PD, Tu S, Booth N, and Sugden B, et.al. Using scenarios in chronic disease management guidelines for primary care. Proc. of the AMIA Symposium,389-393.2000.
[44]National guideline clearinghouse, U.S.A. URL http://www.guideline.gov/
[45]Peleg M, Tu S, Bury J, and Ciccarese P, et.al. Comparing computer-interpretable guideline models:A case-study approach. Journal of the American Medical Informatics Association,10(1):52-68,2003.
[46]Jeff M, Gerlach J. Using the Bridge Design Pattern for OSGi Service Update. Proc.of EuroPLoP,2003.
[47]Automotive Industry Action Group. Potential Failure Mode and Effects Analysis:4th edition. Chrysler LLC, Ford Motor Company, General Motors Corporation,2008.
[48]Procedure for performing a failure mode effect and criticality analysis. United States Military Procedure,1980.
[49]Fadlovich E. Performing failure mode and effect analysis. Embedded Technology Magazine, 2007,368-387.
[50]Leveson NG. Safeware:System Safety and Computers. Addison-Wesley,1995.
[51]McDonald M, Musson R, Smith R. The practical guide to defect prevention. Microsoft Press, 2007.
[52]Chrysler LLC, Ford Motor Company, General Motors Corporation. Potential failure mode and effects analysis:4th edition,2008.
[53]Goel A, Graves RJ. Using failure mode effect analysis to increase electronic systems reliability. Proc. of the 30th International Spring Seminar on Electronics Technology,2007, 128-133.
[54]Huang GQ. Failure mode and effect analysis (FMEA) over the WWW. International Journal of Advanced Manufacturing Technology,2000,16(8):603-608.
[55]Ahvenjarvi S. Failure mode and effect analysis of automation systems of ships. Marine and Maritime,2001,4:401-407.
[56]Tay KM. On fuzzy inference system based failure mode and effect analysis (FMEA) methodology. Soft Computing and Pattern Recognition,2009,329-334.
[57]Cicek K, Turan HH, Topcu YI, and Searslan MN. Risk-based preventive maintenance planning using failure mode and effect analysis (FMEA) for marine engine systems. Proc. of the 2nd International Conference on Engineering System Management and Applications,2010.
[58]Park JH, Hoyon PJ. FMEA (Failure Mode and Effect Analysis) for maintence of mail sorting machine. Communications in Computer and Information Science,2009,56:555-562.
[59]Hauland G, Eisinger S. A case of man-technology-organization system relations in helicopter operations offshore as subject matter in a failure mode effect and criticality analysis. Proc. of the European Safety and Reliability Conference,2007,1:35-42.
[60]Ford EC, Gaudette R, Myers L, and Vanderver B. Evaluation of Safety in a Radiation Oncology Setting Using Failure Mode and Effects Analysis. International Journal of Radiation Oncology Biology Physics,2009,74(3):852-858.
[61]Park JY, Song SJ, Lee JH, Kim JH, and Cho HJ. The possible failure mode and effect analysis of membrane electrode assemblies and their potential solutions in direct methanol fuel cell systems for portable applications. International Journal of Hydrogen Energy,2010,35(15): 7982-7990.
[62]Esmaeilian GR, MegatAhmad MMH, Ismail N, Sulaiman S, and Hamedi M. Particular model for improving failure mode and effect analysis (FMEA) by using of overall equipment efficiency (OEE). Proc. of International Symposium on Information Technology,2008,4: 328-333.
[63]Pichard K, Miiller P, and Bertsche B. Multiple failure mode and effects analysis-an approach to risk assessment of multiple failures with FMEA. Proc. of International Symposium on Product Quality and Integrity,2005,457-462.
[64]Grunske L, Lindsay P, Yatapanage N, Winter K. An automated failure mode and effect analysis based on high-level design specification with behavior trees. Integrated formal methods,2005,3771(3):129-149.
[65]Price C, Snooke N. An automated software FMEA. Proc. of the International System Safety Regional Conference,2008.
[66]Hecht H, Menes R. Software FMEA automated and as a design tool. Proc. of the Society of Automotive Engineers,2008.
[67]Snooke N, Price C, Downes C, Aspey C. Automated failure effect analysis for PHM of UAV. Proc. of the International System Safety and Reliability Conference,2008.
[68]Hughes N, Chou EX, Price C, Lee M. Automating mechanical FMEA using functional models. Proc. of the Twelfth International FLAIRS conference,1999.
[69]Kitamura Y, Sasajima M, Washio N, Takafuji S, Koji Y, Mizoguchi R. An ontology-based annotation framework for representing the functionality of engineering devices. Proc. International Design Engineering Technical Conferences & Computers and Information in Engineering Conference,2006.
[70]Bell D, Cox L, Jackson S, Schaefer P. Using causal reasoning for automated failure modes & effects analysis (FMEA). Proc. of Annual Reliability and Maintainability Symposium,1992.
[71]Wang YF, Wu JY, Chang CT. Automatic hazard analysis of batch operations with Petri nets. Reliability Engineering & System Safety,2002,76(1):91-104.
[72]Teoh PC, Case K. Failure modes and effects analysis through knowledge modeling. Journal of Materials Processing Technology,2004,153(3):253-260.
[73]Papadopoulos Y, Parker D, Grante C. A method and toll support for model-based semi-automated failure modes and effects analysis of engineering designs. Proc. of the 9th Australian Workshop on Safety Related Programmable Systems,2004.
[74]Hamann R, Uhlig A, Papadopoulos Y, and Walker M. Semi automatic failure analysis based on simulation models. Proc. of the ASME 27th International Conference on Offshore Mechanics and Arctic Engineering,2008.
[75]Bluvband Z, Polak R, Grabov P. Bouncing failure analysis (BFA):the unified FTA-FMEA methodology. Proc. of Reliability and Maintainability Symposium,2005.
[76]Gofuku A, Koide SJ, and Shimada N. Fault tree analysis and failure mode effects analysis based on multi-level flow modeling and causality estimation. Proc. of SCIE-ICASE International Joint Conference,2006,497-500.
[77]Lutz RR, Woodhouse RM. Bi-directional analysis for certification of safety-critical software. Proc. of International Software Assurance Certification Conference,1999.
[78]Whipple T, Roberson M. System improvements utilizing FMEA and fault tree analysis. Proc. of 19th Annual International Conference-Emergency Planning Preparedness, Prevention and Response,2004,235-242.
[79]Mocko G, Paasch R. Incorporating uncertainty in diagnostic analysis of mechanical systems. Proc. of Design Engineering Technical Conferences and Computers and Information in Engineering Conference,2002.
[80]Zhang H, Liu BB. Integrated analysis of software FMEA and FTA. Proc. of International Conference on Information Technology and Computer Science,2009.
[81]Rath F. Tools for developing a quality management program:proactive tools (process mapping, value stream mapping, fault tree analysis, and failure mode and effects analysis). International Journal of Radiation Oncology Biology Physics,2008,71(1):187-190.
[82]Gofuku A, Koide SJ, and Shimada N. Fault tree analysis and failure mode effects analysis based on multi-level flow modeling and causality estimation. Proc. of SCIE-ICASE International Joint Conference,2006,497-500.
[83]Vesely WE, Goldberg FF, Roberts NH, Haasl DF. Fault tree handbook, Systems and reliability research. Office of nuclear regulatory research, U.S. nuclear regulatory commission, 1981.
[84]Shu MH, Cheng CH, and Chang JR. Using intuitionistic fuzzy sets for fault-tree analysis on printed circuit board assembly. Microelectronics Reliability,2006,46(12):2139-2148.
[85]Chen YL, Zhang TJ. Research on the application of fuzzy fault tree analysis method in the machinery equipment fault diagnosis. Proc. of International Asia Conference on Informatics in Control, Automation and Robotics,2010,1:84-87.
[86]Khan FI, Iqbal A, Ramesh N, and Abbasi SA. SCAP:A new methodology for safety management based on feedback from credible accident-probabilistic fault tree analysis system. Journal of Hazardous Materials,2001,87(1-3):23-56.
[87]Batzias F, Siontorou CG. Investigating the causes of biosensor SNR decrease by means of fault tree analysis. Proc. of the 21st IEEE Instrumentation and Measurement Technology Conference,2004,2:1465-1470.
[88]Liang XL, Zhao YX, and Zhou ZH. Research on application of fuzzy fault tree analysis in the electronic equipment fault diagnosis. Proc. of International Conference on Computer and Automation Engineering,2010,2:65-67.
[89]Wu T, Tu GY, Bo ZQ, and Klimek A. Fuzzy set theory and fault tree analysis based method suitable for fault diagnosis of power transformer. Proc. of International Conference on Intelligent Systems Applications to Power Systems, ISAP,2007.
[90]Batzias FA, Siontorou CC. Investigating the causes of biosensor SNR decrease by means of fault tree analysis. IEEE Transactions on Instrumentation and Measurement,2005,54(4): 1395-1406.
[91]Lee CL, Shu MH. Fault-tree analysis of intuitionistic fuzzy sets for liquefied natural gas terminal emergency shut-down system. Proc. of International Conference on Intelligent Information Hiding and Multimedia Signal Processing,2007,2:574-577.
[92]Huang HZ, Yuan X, and Yao XS. Fuzzy fault tree analysis of railway traffic safety. Proc. of the Conference on Traffic and Transportation Studies,2000,107-112.
[93]Renjith VR, Lakshmana G, and Bhasi AB. Two-dimensional fuzzy fault tree analysis for chlorine release from a chlor-alkali industry using expert elicitation. Journal of Hazardous Materuaks,2010,183(1-3):103-110.
[94]Wu R, Xin D. Application of fuzzy fault tree analysis on burning and blasting of LPG tank. Proc. of International Conference on Logistics Systems and Intelligent Management,2010,2: 1093-1096.
[95]Marquez FP. Binary decision diagrams applied to fault tree analysis. Proc. of International Conference on Railway Condition Monitoring,2008,116-122.
[96]Li ZJ, Yuan Y, and Wu B W. Reliability evaluation of flood releasing structures power supply of hydroelectric power station by fault tree analysis. Proc. of Asia-Pacific Power and Energy Engineering Conference,2010.
[97]Huang HZ, Tong X, and Zuo MJ. Posbist fault tree analysis of coherent systems. Reliability Engineering and System Safety,2004,84(2):141-148.
[98]Beresh R, Ciufo J, and Anders G. Basic fault tree analysis for use in protection reliability. International Journal of Reliability and Safety,2008,2(1-2):64-78.
[99]Sun HY, Hauptman M, and Lutz R. Integrating product-line fault tree analysis into AADL models. Proc. of IEEE International Symposium on High Assurance Systems Engineering, 2007,15-22.
[100]Towhidnejad M, Wallace D, Gallo Jr., and Albert M. Application of fault tree analysis to object oriented software design. Proc. of International Conference on Software Engineering and Applications,2003,7:844-848.
[101]Towhidnejad M, Shen L, and Hiburn T. Application of software fault tree analysis to an airport ground control system. Proc. of International Conference on Software Engineering Research and Practice,2008,67-71.
[102]Bian XQ, Mou CH, Yan ZP, and Xu J. Simulation model and fault tree analysis for AUV. Proc. of International Conference on Mechatronics and Automation,2009,4452-4457.
[103]Ferdous R, Khan FI, Veitch B, and Amyotte PR. Methodology for computer-aided fault tree analysis. Process Safety and Environmental Protection,2007,85(1B):70-80.
[104]Miao ZQ, Wang ZJ. Fault-tree analysis on computer security system using intuitionistic fuzzy sets. Proc. of 4th International Conference on Computer Science and Education,2009, 459-463.
[105]Process assessment, part 1:concepts and vocabulary. ISO/IEC 15504-1 Information Technology,2003.
[106]Schwarzblat M. PC-FTA:An expert system for fault tree construction. Proc. of the International Conference on PSAM,1991,793-798.
[107]Takahashi H. Development of expert system to support system reliability analysis. Proc. of the International Conference on PSAM,1991,929-934.
[108]Xie G. TREE_EXPERT:A tree-based expert system for fault tree construction. Reliability Engineering and System Safety.1993,40(3):295-309.
[109]Zhang XJ, Miao Q, Fan XF, and Wang D. Dynamic Fault Tree analysis based on Petri nets. Proc. of 8th International Conference on Reliability, Maintainability and Safety,2009, 138-142.
[110]Tian P, Wang JC, Zhang W, and Liu JB. A fault tree analysis based software system reliability allocation using genetic algorithm optimization. Proc. of World Congress on Software Engineering,2009,2:194-198.
[111]Dehlinger J, Lutz R. Evaluating the reusability of product-line software fault tree analysis for a safety-critical system. Proc. of 11th International Conference on Software Reuse,2009, 5791:160-169.
[112]Boudali H, Crouzen P, and Stoelinga M. A rigorous, compositional, and extensible framework for dynamic fault tree analysis. IEEE Transactions on Dependable and Secure Computing,2010,7(2):128-143.
[113]Renjith VR, Lakshmana G, and Bhasi AB. Two-dimensional fuzzy fault tree analysis for chlorine release from a chlor-alkali industry using expert elicitation. Journal of Hazardous Materuaks,2010,183(1-3):103-110.
[114]Papadopoulos Y, Parker D, Grante C. Automating the failure modes and effects analysis of safety critical systems. Proc. of the Eighth IEEE International Symposium on High Assurance Systems Engineering,2004.
[115]Liggesmeyer P, Rothfelder M. Improving system reliability with automatic fault tree generation. Fault-Tolerant Computing,1998,90-99.
[116]Majdara A, Wakabayashi T. Automated fault tree construction for a sample chemical plant. Journal of Risk and Reliability,2010,224(3),207-216.
[117]Cha SS, Leveson NG, Shimeall TJ. Safety verification in murphy using fault tree analysis. Proc. of the 10th International Conference on Software Engineering, Singapore,1988, 377-386.
[118]Ratan V, Partridge K, Reese J, et al. Safety analysis tools for requirements specifications. Proc. of the Eleventh Annual Conference,1996,149-160.
[119]Object Management Group. OMG unified modeling language (OMG UML), version 2.1.2, 2007.
[120]Pai GJ, Dugan JB. Automatic synthesis of dynamic fault trees from UML system models. Proc. of the 13th International Symposium on Software Reliability Engineering,2002, 243-248.
[121]McKelvin ML, Eirea G, Pinello C, et al. A formal approach to fault tree synthesis for the analysis of distributed fault tolerant systems. Proc. of the 5th ACM International Conference on Embedded Software,2005,237-246.
[122]Friedman MA. Automated software fault-tree analysis of pascal programs. Proc. of Reliability and Maintainability Symposium,1993,458-461.
[123]Liggesmeyer P, Rothfelder M. Improving system reliability with automatic fault tree generation. Proc. of the 28th Annual International Symposium on Fault-Tolerant Computing, 1998.
[124]Bozzano M, Villafiorita A. Improving system reliability via model checking:the fasp/nusmv-sa safety analysis platform. Proc. of the International Conference on Computer Safety, Reliability and Security,2003,49-62.
[125]Corbett J. Bandera intermediate representation(bir) specification version 0.6.1999.
[126]Bandera website.URL http://bandera.projects.cis.ksu.edu/
[127]Iosif R, Dwyer MB, and Hatcli J. Translating java for multiple model checkers:The bandera back-end. Formal Methods in System Design,26(2):137-180,2005.
[128]Briggs P. Register Allocation via Graph Coloring. Ph.D. thesis, Rice University, Houston, Texas,1992.
[129]Russell SJ and Norvig P. Artificial Intelligence:A Modern Approach. Prentice Hall,2nd edition,2002.
[130]Gantt HL, Wages W. Engineering Magazine Co., New York,1916. Reprinted by Hive Publishing Company, Easton, Maryland,1973.
[131]Chen B, Avrunin GS, and Henneman EA, et al., Analyzing Medical Processes. International Conference on Software Engineering, Germany,623-632,2008.
[132]李明树,杨秋松,翟健.软件过程建模方法研究.软件学报,2009,20(3):524-545.
[133]袁兆山等译.软件工程Java语言实现,第一版.北京:机械工业出版社,2003.
[134]Montangero C, Derniame JC, Kaba BA, Warboys B. The software process:modeling and technology. Proc. of the Software Process:Principles, Methodology, Technology,1999.1-14.
[135]SEI. CMMI for Development:edition 1.2. Improving Processes for Better Products. CMU: SEI,2006.
[136]葛季栋,顾庆,胡昊,吕建.一种基于对象网的多视角软件过程模型.软件学报,2008,19(6):1363-1378.
[137]Takahashi H. Development of expert system to support system reliability analysis. Proc. of the International Conference on PS AM,1991,929-934.
[138]Andrews JD. The use of NOT logic in fault tree analysis. Quality and Reliability Engineering International,17(3):143-150,2001.
[139]Prescott RR, Andrews JD. Analysis of non-coherent fault trees using ternary decision diagrams. Proceedings of the Institution of Me- chanical Engineers, Part O:Journal of Risk and Reliability,222(2):127-138,2008.
[140]Coudert O, Madre JC. Fault tree analysis:1020 prime implicants and beyond,1993.
[141]Espresso website.URL http://embedded.eecs.berkeley.edu/pubs/downloads/espresso/.