[1]Society of Automotive Engineers, ARP4761:Aerospace Recommended Practice: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment[S].
[2]Papadopoulos Y, McDermid J A. Hierarchically performed hazard origin and propagation studies[C]// Proceedings of SAFECOMP ’99. 1999:139-152.
[3]Joshi A, Miller A T, Heimdahl M P E. Mode confusion analysis of a flight guidance system using formal methods[C]// Proceedings of the 22rd Digital Avionics Systems Conference (DASC'03). 2003: 2.D.1-1-2.D.1-11.
[4]Antoine Rauzy. AltaRica Description.[EB/OL]. http://www.lix.polytechnique.fr/~rauzy/, 2012-09-19.
[5]IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic SafetyRelated Systems[S].
[6]Adeline R, Darfeuil P, Humbert S, et al. Toward a methodology for the AltaRica Modelling of MultiPhysical Systems[DB/OL]. http://www.lix.polytechnique.fr/~rauzy/altarica/AdelineDarfeuilHumbertSeguinCardoso2010TowardAMethodology.pdf, 2014-06-08.
[7]Liu S, McDermid J A. A modeloriented approach to safety analysis using fault trees and a support system[J]. Journal of Systems and Software, 1996,35(2):151-164.
[8]Dotti F L, Iliasov A, Ribeiro L, et al. Modal systems: Specification, refinement and realization [C]// Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software. 2009:601-619.
[9]JeanCharles Chaudemar, Eric Bensana, Charles Castel, et al. EventB Models for Operational Safety Analysis: Unmanned Aerial Vehicle Case Study[EB/OL]. http://www.lix.polytechnique.fr/~rauzy/altarica/AltaRica.html/, 2014-03-19.
[10]Laibinis L, Troubitsyna E. Fault tolerance in a layered architecture: A general specication pattern in B[C]// Proceedings of the 2nd International Conference on Software Engineering and Formal Methods. 2004:346-355.
[11]Abrial J R. The BBook Assigning Program to Meanings[M]. Cambridge University Press, 1996.
[12]Gallier J H. Logic for Computer Science: Foundations of Automatic Theorem Proving[M]. Harper & Row Publishers, 1986.
[13]Toure F, Baina K, Benali K. An efficient algorithm for workflow graph structural verification[C]//Proceedings of the OTM 2008 Confederated International Conferenees, CooPIS:DOA, GADA, IS, and ODBASE. Part I. 2008:392-408.
[14]He X. PZ netsa formal method integrating Petri nets with Z[J]. Information and Software Technology, 2001,43(1):1-18.
[15] Pumfrey D J. The principled design of computer system safety analyses[D].York: University of York, 1999.
[16]Walker M, Bottaci L, Papadopoulos Y. Compositional temporal fault tree analysis[C]//Proceedings of the 26th International Conference on Computer Safety, Reliability, and Security. 2007,4680:106-119.
[17]Papadopoulos Y, Parker D, Grante C. Automating the failure modes and effects analysis of safety critical systems[C]// Proceedings of the 8th IEEE International Symposium on High Assurance Systems Engineering. 2004:1530-1534.
|