Mohamed Ghazel | Institut français des scineces et technologies des transports, de l'aménagement et des réseaux (original) (raw)
Papers by Mohamed Ghazel
Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference
The introduction of satellite-based localization techniques, relying on GNSS (Global Navigation S... more The introduction of satellite-based localization techniques, relying on GNSS (Global Navigation Satellite Systems), for railway operation is a promising, though challenging issue. Such a technical breakthrough aims to achieve a substantial gain for the railway sector in terms of competitiveness. In recent years, several projects have investigated the introduction of GNSS in railways. However, no proposed solution has been proven to fulfill the railway safety requirements. Moreover, traditional safety assessment methods present limitations in dealing with the complexity of such systems, raising the need to set up new approaches to this aim. The work discussed in this paper is part of a general model-driven approach for safety evaluation of GNSS-based localization in railway operation. In particular, we discuss the main features of our model-based approach and we elaborate on the different safety features that can be investigated based on our models. Considering the safety-critical aspect of the localization function, formal verification methods based on model-checking are adopted to provide safety evidence. Concretely, the overall behavior of the system will be expressed in a modular representation based on the timed automata notation supported by the UPPAAL tool. Such a modular approach permits to consider a variety of system architectures in different operational contexts. We also provide an illustration while taking into account a particular viewpoint that focuses on the operational context. This work can be seen as a first attempt towards adopting model-driven techniques for assessing and qualifying GNSS-based localization systems for railway operation.
2018 International Conference on Internet of Things, Embedded Systems and Communications (IINTEC), 2018
The computational method known as Particle Swarm Optimization (PSO) used when searching for a glo... more The computational method known as Particle Swarm Optimization (PSO) used when searching for a global minimum of a function, has a number of parameters that determine its behavior and efficiency in optimizing a given problem. Among these parameters, the population topology and the updating technique of particles have an important impact. In a previous work, we have proposed different strategies to enhance the performance of PSO in its software (SW) implementations. In this paper, we target a combined Hardware/Software (HW/SW) implementation of PSO as a representative case study of metaheuristic resolution approaches. Based on a deep comparison of HW/SW methodologies, we find out that codesign is well appropriate for Internet of Things (IoT) design. Besides, it is worth noticing that codesign methodology has attracted attention of researchers and industrials looking for optimizing time and energy consumption of embedded systems and IoT devices.In this work we propose a new approach of implementing PSO on Field Programmable Gate Array (PFGA) which target different architectures using metaheuristic approaches for solving optimization problems.
L’objectif de ce document est de decrire une demarche de specification d’un systeme de con-trole-... more L’objectif de ce document est de decrire une demarche de specification d’un systeme de con-trole-commande ferroviaire a base de COTS. Par specification, nous entendons un ensemble de modeles decrivant l’architecture logique de commande sous la forme de composants logiques elemen-taires – lorsqu’ils ne sont plus decomposables en sous-composants – ou composites – lorsqu’ils sont constitues par l’assemblage d’autres composants (elementaires ou composites). Qu’ils soient elementaires ou composites, les composants logiques sont caracterises par, au moins : •les fonctions qu’ils supportent, •les proprietes fonctionnelles et/ou de surete qu’ils doivent respecter, •les proprietes d’interfaces (entrees/sorties du composant, type, …) necessaires pour leur as-semblage, •leur contexte d’utilisation (hypotheses caracterisant l’environnement dans lequel est sense s’executer le composant). Selon leur niveau de genericite, les composants (elementaires ou composites) pourront etre archives en biblio...
Dans ce papier, nous nous interessons a l'analyse de la diagnosticabilite des systemes a even... more Dans ce papier, nous nous interessons a l'analyse de la diagnosticabilite des systemes a evenements discrets modelises par des automates a etats finis. En particulier, une variante de l'approche diagnostiqueur initiee par Sampath et co. [1, 2] est presentee. Cette variante repose sur une nouvelle structure qui consiste a separer explicitement les etats normaux de ceux fautifs a l'interieur de chaque noeud du diagnostiqueur. Une telle distinction permet de suivre separement l'evolution des traces normales et fautives dans le diagnostiqueur. Differentes caracteristiques de la nouvelle structure sont ensuite exploitees pour (i) raffiner la condition necessaire et suffisante de la diagnosticabilite [1], (ii) developper une nouvelle condition necessaire verifiable directement sur le diagnostiqueur sans revenir au modele, (iii) proposer une version simplifiee de la condition necessaire et suffisante, et enfin (iv ) developper une procedure systematique pour l'analyse d...
Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021), 2021
Several European railway actors are committed to develop a new train monitoring system that is im... more Several European railway actors are committed to develop a new train monitoring system that is implemented on-board trains, to replace the trackside integrity monitoring function. Having such an on-board integrity monitoring system is key issue toward operation in moving block, namely as in ERTMS Level 3 such an operation allows not only for increasing the capacity of the line, but also for achieving substantial cost saving as various trackside equipment can be removed. Using an on-board control-command system for the train integrity functionality, transfers more responsibility, in terms of train operation safety, from infrastructure managers to railway operators. To ensure the implementation of a safety critical functions, such as the on-board train integrity (OTI) function, a particular care should be paid to its specifications. The present paper falls in this context and proposes formal verification of the OTI specifications to ensure their completeness and correctness, while tackling ambiguity inherent in textual specifications.Model checking is brought into play to check various types of properties automatically, in particular safety properties. This automatic formal verification technique allows for exhaustively checking the system behavior. An extended variant of timed automata that are supported by the UPPAAL tool are used as a modelling notation.
IEEE Access, 2018
The passenger access system (PAS) is a complex mechatronic train onboard module with high reliabi... more The passenger access system (PAS) is a complex mechatronic train onboard module with high reliability and safety requirements. This module fulfills one of the dozen main onboard functions onboard train. Consequently, any related fault occurrence may have a serious impact on the safety and availability of the whole train operation. In this context, developing effective automated monitoring and diagnostic techniques for the PAS, as early as from the design phase of the system, becomes an essential and challenging task. In this paper, we carry out a monitoring study on this system, while considering a sufficiently high-level abstraction perspective that allows for adapting discrete event models representing the behavior of the system. First, we establish a Petri net behavioral model that includes the nominal operating mode as well as various faulty behaviors. Then, based on the established Petri net models, a fault detection approach is used to investigate the diagnosability property and synthesize the diagnosers regarding different predetermined classes of failures. Finally, we show how the outputs of the diagnosability analysis can help make efficient design choices that allow for improving the safety of the whole system. INDEX TERMS Railway safety, fault monitoring, passenger access system, Petri nets, modeling.
IFAC-PapersOnLine, 2018
According to accident/incident statistics, railway level crossing (LX) is one of the most critica... more According to accident/incident statistics, railway level crossing (LX) is one of the most critical points in railways form the safety point of view. In the present paper, causal reasoning analysis of LX accidents is carried out based on Bayesian networks (BNs). In particular, causal structural constraints are introduced to establish BN risk model for the purpose of combining empirical knowledge and statistical data, thus to identify effective causalities and avoid inappropriate structural connections. Moreover, forward and reverse inferences based on the BN risk model are performed to predict LX accident occurrence and quantify the contribution degree of various impacting factors respectively, so as to identify the riskiest factors. Besides, influence strength analysis is further carried out to scrutinize the influence strength of various causal factors on LX accident occurrence. The outcomes of the BN risk model offer significant insights on exploring practical improvement recommendations to improve LX safety.
IFAC-PapersOnLine, 2018
In this paper, we conduct a diagnosis analysis of the passenger access system, while considering ... more In this paper, we conduct a diagnosis analysis of the passenger access system, while considering a high level abstraction perspective that allows for adapting discrete event models to represent the system behavior. Firstly, we establish Petri net behavioral models for the global system functions, including the nominal operating mode and various faulty behaviors. Then, based on the established Petri net models, a diagnoser-based approach is brought into play to investigate the diagnosability of the system regarding the different predetermined classes of failures.
Safety Science, 2020
Safety is a core issue in the railway operation. In particular, as witnessed by accident/incident... more Safety is a core issue in the railway operation. In particular, as witnessed by accident/incident statistics, railway level crossing (LX) safety is one of the most critical points in railways. In the present paper, a Bayesian network (BN) based framework for causal reasoning related to risk analysis is proposed. It consists of a set of integrated stages, namely risk scenario definition, real field data collection and processing, BN model establishment and model performance validation. In particular, causal structural constraints are introduced to the framework for the purpose of combining empirical knowledge with automatic learning approaches, thus to identify effective causalities and avoid inappropriate structural connections. Then, the proposed framework is applied to risk analysis of LX accidents in France. In details, the BN risk model is established on the basis of real field data and the model performance is validated. Moreover, forward and reverse inferences based on the BN risk model are performed to predict LX accident occurrence and quantify the contribution degree of various impacting factors respectively, so as to identify the riskiest factors. Besides, influence strength and sensitivity analyses are further carried out to scrutinize the influence strength of various causal factors on the LX accident occurrence likelihood and determine which factors the LX accident occurrence is most sensitive to. The main outputs of our study attest that the proposed framework is sound and effective in terms of risk reasoning analysis and offers significant insights on exploring practical recommendations to prevent LX accidents.
International Journal of Critical Computer-Based Systems, 2018
Fault diagnosis of discrete-event systems (DESs) has received a lot of attention in industry and ... more Fault diagnosis of discrete-event systems (DESs) has received a lot of attention in industry and academia during the last two decades. In DES based diagnosis, the two main discussed topics are offline diagnosability analysis and online diagnosis. A pioneering approach that led to the development of various techniques is based on the so-called diagnose. However, this approach suffers from the combinatorial explosion problem due to the exponential complexity of construction. To partially overcome this problem, an efficient approach to construct a symbolic diagnoser is proposed in this paper. The proposed approach consists in constructing a diagnoser based on the symbolic observation graph (SOG), which combines symbolic and enumarative representations. The construction of the diagnoser as well as the verification of diagnosability are performed simultaneously on the fly, which can considerably reduce the state space of the diagnoser and thus the overall running time. To evaluate the efficiency and the scalability of the approach, some experimental results are presented and discussed based on a DES benchmark.
International Journal of Critical Computer-Based Systems, 2018
Fault diagnosis of complex and dynamic systems is a crucial and challenging task, essentially wit... more Fault diagnosis of complex and dynamic systems is a crucial and challenging task, essentially with respect to guaranteeing the reliable, safe and efficient operation of such systems. Most research in this field has been focused on permanent failure diagnosis, i.e., once a fault occurs, the system remains indefinitely faulty. However, experience with fault diagnosis in real-life systems shows that intermittent faults, i.e., faults that can be automatically recovered, are predominant and are among the most challenging kinds of faults to detect and isolate. In this paper, we address the formal verification of intermittent fault diagnosability in discrete-event systems. The system is modelled by a finite state automaton and intermittent faults are defined as faults that can automatically recover once they have occurred. Two definitions of diagnosability, regarding the detection of fault occurrence within a finite delay and the detection of fault occurrence before its recovery, are discussed. The diagnosability is analysed on the basis of the twin-plant structure, which is encoded as a Kripke structure, while diagnosability conditions are formulated using LTL temporal logic.
Asian Journal of Control, 2017
In this paper, a software tool to deal with diagnosis of discrete event systems (DESs) is present... more In this paper, a software tool to deal with diagnosis of discrete event systems (DESs) is presented. This tool called On-the-Fly PEtri-Net-based Diagnosability Analyzer (OF-PENDA) implements the techniques developed in [13] for the diagnosis of DESs modeled by labeled Petri nets (LPNs). This technique aims to cope with the state explosion problem which is a major issue when dealing with diagnosis of DESs. In particular, OF-PENDA implements an incremental and onthe-fly algorithm which makes it possible to analyze (K-)diagnosability without necessarily generating the whole state space of the model. Three aspects for OF-PENDA are discussed in this paper: an overview on the implemented technique is given; some features of the tool are discussed; then two illustrative case studies are processed to show the efficiency in terms of time and memory compared with some existing approaches.
Accident Analysis & Prevention, 2017
Accidents at railway level crossings (LXs) give rise to serious material and human damage. Partic... more Accidents at railway level crossings (LXs) give rise to serious material and human damage. Particularly, collisions between trains and motorized vehicles are the most critical accidents occurring at LXs. It is worth noticing that violations committed by vehicle drivers are the primary cause of such accidents. The present study is a tentative to acquire a better understanding of risky behavior of vehicle drivers while crossing LXs during the closure cycle. Namely, risk analysis based on field measurement conducted at four automated LXs with two half barriers is performed. We focus on vehicle driver behavior during the LX closure cycle while distinguishing between different phases. In fact, the closure cycle is divided into three phases which are "Ph2 Red Flash and Siren", "Ph3 Barriers Coming Down" and "Ph4 Barriers Down"; and vehicle driver behavior in each phase as time increases is scrutinized respectively. Particularly, zigzag scenarios are detected, using an original experimental setting that we have implemented, and analyzed in detail. The main findings based on the analysis demonstrate that the peak of violation rate in the morning is later than the actual rush hour in the morning; a distinct peak of the violation rate shows on Friday, while the violation rate on weekend is fairly low; the relative violation rate of vehicles with high speed decreases continuously as time advances from Ph2 to Ph3 in the daytime; the violation rate during Ph4 decreases as Ph4 duration is prolonged, which contradicts a general speculation that a higher rate of zigzag violations would appear as the duration of Ph4 is extended. These findings open the way towards determining the impacting factors which have an important contribution to the vehicle driver decision-making in this context (e.g., traffic density, time schedule and phase duration). In addition, the outputs of the present study are conducive to identifying potential interventions to improve safety at LXs.
2016 11th International Design & Test Symposium (IDT), 2016
This paper presents a software tool to deal with the diagnosis of discrete-event system modeled b... more This paper presents a software tool to deal with the diagnosis of discrete-event system modeled by labeled Petri nets (LPNs). This tool, called PEtri-Net-based Diagnosability Analyzer (PENDA), is an updated version of the prototype that implements our techniques for (K-)diagnosability analysis of discrete-event models. In order to cope with the state explosion problem that arises when establishing a diagnoser, PENDA implements an incremental and on-the-fly algorithm to analyze (K-)diagnosability while partially building the state space of the LPN. In addition, several improvements have been carried out in the source code to improve the time/memory efficiency of the analysis. The current version shows better performance and allows for handling LPN models encoded in the standard PNML format.
2016 IEEE International Conference on Prognostics and Health Management (ICPHM), 2016
In this paper, a formal verification approach for diagnosability analysis of intermittent faults ... more In this paper, a formal verification approach for diagnosability analysis of intermittent faults is proposed. In this approach, the industrial systems are abstracted as discrete-event systems (DES) and modeled by finite state automata (FSA), then a model-checking framework is set to deal with diagnosability issues. Intermittent faults are defined as faults that can automatically recover once they occur. We first revisit two existing definitions of diagnosability of intermittent faults, regarding the occurrence of faults and their normalization (i.e., disappearance of faults). Then, necessary and sufficient conditions are developed based on the twin plant construction, and reformulated as linear temporal logic (LTL) formulas in order to use model-checking for actual verification. A benchmark is used to illustrate the contributions discussed and to assess the efficiency and the scalability of the proposed approach.1
2016 13th International Workshop on Discrete Event Systems (WODES), 2016
This paper aims to develop a suite of customizable Petri net benchmarks to deal with various issu... more This paper aims to develop a suite of customizable Petri net benchmarks to deal with various issues pertaining to fault diagnosis in discrete event systems. As reported in previous studies, the existing benchmarks generally characterize some of the numerous issues concerning fault diagnosis. This satisfies a specific case study, whereas it may constitute a barrier when performing comparative analysis between different approaches. In order to bridge this gap, we propose to develop a suite of benchmarks based on the same case study, while covering a wide spectrum of diagnosis issues, namely diagnosability according to the original definition, K-diagnosability, diagnosability under fairness conditions, of intermittent faults and in timed context. The benchmark elaborated, based on a level crossing case study, can be enlarged to deal with the combinatorial explosion problem. In addition, it can be extended to integrate additional features. A software tool is provided to generate benchmarks, according to the target issues one seeks to tackle, and the desired size of the model.
Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference
The introduction of satellite-based localization techniques, relying on GNSS (Global Navigation S... more The introduction of satellite-based localization techniques, relying on GNSS (Global Navigation Satellite Systems), for railway operation is a promising, though challenging issue. Such a technical breakthrough aims to achieve a substantial gain for the railway sector in terms of competitiveness. In recent years, several projects have investigated the introduction of GNSS in railways. However, no proposed solution has been proven to fulfill the railway safety requirements. Moreover, traditional safety assessment methods present limitations in dealing with the complexity of such systems, raising the need to set up new approaches to this aim. The work discussed in this paper is part of a general model-driven approach for safety evaluation of GNSS-based localization in railway operation. In particular, we discuss the main features of our model-based approach and we elaborate on the different safety features that can be investigated based on our models. Considering the safety-critical aspect of the localization function, formal verification methods based on model-checking are adopted to provide safety evidence. Concretely, the overall behavior of the system will be expressed in a modular representation based on the timed automata notation supported by the UPPAAL tool. Such a modular approach permits to consider a variety of system architectures in different operational contexts. We also provide an illustration while taking into account a particular viewpoint that focuses on the operational context. This work can be seen as a first attempt towards adopting model-driven techniques for assessing and qualifying GNSS-based localization systems for railway operation.
2018 International Conference on Internet of Things, Embedded Systems and Communications (IINTEC), 2018
The computational method known as Particle Swarm Optimization (PSO) used when searching for a glo... more The computational method known as Particle Swarm Optimization (PSO) used when searching for a global minimum of a function, has a number of parameters that determine its behavior and efficiency in optimizing a given problem. Among these parameters, the population topology and the updating technique of particles have an important impact. In a previous work, we have proposed different strategies to enhance the performance of PSO in its software (SW) implementations. In this paper, we target a combined Hardware/Software (HW/SW) implementation of PSO as a representative case study of metaheuristic resolution approaches. Based on a deep comparison of HW/SW methodologies, we find out that codesign is well appropriate for Internet of Things (IoT) design. Besides, it is worth noticing that codesign methodology has attracted attention of researchers and industrials looking for optimizing time and energy consumption of embedded systems and IoT devices.In this work we propose a new approach of implementing PSO on Field Programmable Gate Array (PFGA) which target different architectures using metaheuristic approaches for solving optimization problems.
L’objectif de ce document est de decrire une demarche de specification d’un systeme de con-trole-... more L’objectif de ce document est de decrire une demarche de specification d’un systeme de con-trole-commande ferroviaire a base de COTS. Par specification, nous entendons un ensemble de modeles decrivant l’architecture logique de commande sous la forme de composants logiques elemen-taires – lorsqu’ils ne sont plus decomposables en sous-composants – ou composites – lorsqu’ils sont constitues par l’assemblage d’autres composants (elementaires ou composites). Qu’ils soient elementaires ou composites, les composants logiques sont caracterises par, au moins : •les fonctions qu’ils supportent, •les proprietes fonctionnelles et/ou de surete qu’ils doivent respecter, •les proprietes d’interfaces (entrees/sorties du composant, type, …) necessaires pour leur as-semblage, •leur contexte d’utilisation (hypotheses caracterisant l’environnement dans lequel est sense s’executer le composant). Selon leur niveau de genericite, les composants (elementaires ou composites) pourront etre archives en biblio...
Dans ce papier, nous nous interessons a l'analyse de la diagnosticabilite des systemes a even... more Dans ce papier, nous nous interessons a l'analyse de la diagnosticabilite des systemes a evenements discrets modelises par des automates a etats finis. En particulier, une variante de l'approche diagnostiqueur initiee par Sampath et co. [1, 2] est presentee. Cette variante repose sur une nouvelle structure qui consiste a separer explicitement les etats normaux de ceux fautifs a l'interieur de chaque noeud du diagnostiqueur. Une telle distinction permet de suivre separement l'evolution des traces normales et fautives dans le diagnostiqueur. Differentes caracteristiques de la nouvelle structure sont ensuite exploitees pour (i) raffiner la condition necessaire et suffisante de la diagnosticabilite [1], (ii) developper une nouvelle condition necessaire verifiable directement sur le diagnostiqueur sans revenir au modele, (iii) proposer une version simplifiee de la condition necessaire et suffisante, et enfin (iv ) developper une procedure systematique pour l'analyse d...
Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021), 2021
Several European railway actors are committed to develop a new train monitoring system that is im... more Several European railway actors are committed to develop a new train monitoring system that is implemented on-board trains, to replace the trackside integrity monitoring function. Having such an on-board integrity monitoring system is key issue toward operation in moving block, namely as in ERTMS Level 3 such an operation allows not only for increasing the capacity of the line, but also for achieving substantial cost saving as various trackside equipment can be removed. Using an on-board control-command system for the train integrity functionality, transfers more responsibility, in terms of train operation safety, from infrastructure managers to railway operators. To ensure the implementation of a safety critical functions, such as the on-board train integrity (OTI) function, a particular care should be paid to its specifications. The present paper falls in this context and proposes formal verification of the OTI specifications to ensure their completeness and correctness, while tackling ambiguity inherent in textual specifications.Model checking is brought into play to check various types of properties automatically, in particular safety properties. This automatic formal verification technique allows for exhaustively checking the system behavior. An extended variant of timed automata that are supported by the UPPAAL tool are used as a modelling notation.
IEEE Access, 2018
The passenger access system (PAS) is a complex mechatronic train onboard module with high reliabi... more The passenger access system (PAS) is a complex mechatronic train onboard module with high reliability and safety requirements. This module fulfills one of the dozen main onboard functions onboard train. Consequently, any related fault occurrence may have a serious impact on the safety and availability of the whole train operation. In this context, developing effective automated monitoring and diagnostic techniques for the PAS, as early as from the design phase of the system, becomes an essential and challenging task. In this paper, we carry out a monitoring study on this system, while considering a sufficiently high-level abstraction perspective that allows for adapting discrete event models representing the behavior of the system. First, we establish a Petri net behavioral model that includes the nominal operating mode as well as various faulty behaviors. Then, based on the established Petri net models, a fault detection approach is used to investigate the diagnosability property and synthesize the diagnosers regarding different predetermined classes of failures. Finally, we show how the outputs of the diagnosability analysis can help make efficient design choices that allow for improving the safety of the whole system. INDEX TERMS Railway safety, fault monitoring, passenger access system, Petri nets, modeling.
IFAC-PapersOnLine, 2018
According to accident/incident statistics, railway level crossing (LX) is one of the most critica... more According to accident/incident statistics, railway level crossing (LX) is one of the most critical points in railways form the safety point of view. In the present paper, causal reasoning analysis of LX accidents is carried out based on Bayesian networks (BNs). In particular, causal structural constraints are introduced to establish BN risk model for the purpose of combining empirical knowledge and statistical data, thus to identify effective causalities and avoid inappropriate structural connections. Moreover, forward and reverse inferences based on the BN risk model are performed to predict LX accident occurrence and quantify the contribution degree of various impacting factors respectively, so as to identify the riskiest factors. Besides, influence strength analysis is further carried out to scrutinize the influence strength of various causal factors on LX accident occurrence. The outcomes of the BN risk model offer significant insights on exploring practical improvement recommendations to improve LX safety.
IFAC-PapersOnLine, 2018
In this paper, we conduct a diagnosis analysis of the passenger access system, while considering ... more In this paper, we conduct a diagnosis analysis of the passenger access system, while considering a high level abstraction perspective that allows for adapting discrete event models to represent the system behavior. Firstly, we establish Petri net behavioral models for the global system functions, including the nominal operating mode and various faulty behaviors. Then, based on the established Petri net models, a diagnoser-based approach is brought into play to investigate the diagnosability of the system regarding the different predetermined classes of failures.
Safety Science, 2020
Safety is a core issue in the railway operation. In particular, as witnessed by accident/incident... more Safety is a core issue in the railway operation. In particular, as witnessed by accident/incident statistics, railway level crossing (LX) safety is one of the most critical points in railways. In the present paper, a Bayesian network (BN) based framework for causal reasoning related to risk analysis is proposed. It consists of a set of integrated stages, namely risk scenario definition, real field data collection and processing, BN model establishment and model performance validation. In particular, causal structural constraints are introduced to the framework for the purpose of combining empirical knowledge with automatic learning approaches, thus to identify effective causalities and avoid inappropriate structural connections. Then, the proposed framework is applied to risk analysis of LX accidents in France. In details, the BN risk model is established on the basis of real field data and the model performance is validated. Moreover, forward and reverse inferences based on the BN risk model are performed to predict LX accident occurrence and quantify the contribution degree of various impacting factors respectively, so as to identify the riskiest factors. Besides, influence strength and sensitivity analyses are further carried out to scrutinize the influence strength of various causal factors on the LX accident occurrence likelihood and determine which factors the LX accident occurrence is most sensitive to. The main outputs of our study attest that the proposed framework is sound and effective in terms of risk reasoning analysis and offers significant insights on exploring practical recommendations to prevent LX accidents.
International Journal of Critical Computer-Based Systems, 2018
Fault diagnosis of discrete-event systems (DESs) has received a lot of attention in industry and ... more Fault diagnosis of discrete-event systems (DESs) has received a lot of attention in industry and academia during the last two decades. In DES based diagnosis, the two main discussed topics are offline diagnosability analysis and online diagnosis. A pioneering approach that led to the development of various techniques is based on the so-called diagnose. However, this approach suffers from the combinatorial explosion problem due to the exponential complexity of construction. To partially overcome this problem, an efficient approach to construct a symbolic diagnoser is proposed in this paper. The proposed approach consists in constructing a diagnoser based on the symbolic observation graph (SOG), which combines symbolic and enumarative representations. The construction of the diagnoser as well as the verification of diagnosability are performed simultaneously on the fly, which can considerably reduce the state space of the diagnoser and thus the overall running time. To evaluate the efficiency and the scalability of the approach, some experimental results are presented and discussed based on a DES benchmark.
International Journal of Critical Computer-Based Systems, 2018
Fault diagnosis of complex and dynamic systems is a crucial and challenging task, essentially wit... more Fault diagnosis of complex and dynamic systems is a crucial and challenging task, essentially with respect to guaranteeing the reliable, safe and efficient operation of such systems. Most research in this field has been focused on permanent failure diagnosis, i.e., once a fault occurs, the system remains indefinitely faulty. However, experience with fault diagnosis in real-life systems shows that intermittent faults, i.e., faults that can be automatically recovered, are predominant and are among the most challenging kinds of faults to detect and isolate. In this paper, we address the formal verification of intermittent fault diagnosability in discrete-event systems. The system is modelled by a finite state automaton and intermittent faults are defined as faults that can automatically recover once they have occurred. Two definitions of diagnosability, regarding the detection of fault occurrence within a finite delay and the detection of fault occurrence before its recovery, are discussed. The diagnosability is analysed on the basis of the twin-plant structure, which is encoded as a Kripke structure, while diagnosability conditions are formulated using LTL temporal logic.
Asian Journal of Control, 2017
In this paper, a software tool to deal with diagnosis of discrete event systems (DESs) is present... more In this paper, a software tool to deal with diagnosis of discrete event systems (DESs) is presented. This tool called On-the-Fly PEtri-Net-based Diagnosability Analyzer (OF-PENDA) implements the techniques developed in [13] for the diagnosis of DESs modeled by labeled Petri nets (LPNs). This technique aims to cope with the state explosion problem which is a major issue when dealing with diagnosis of DESs. In particular, OF-PENDA implements an incremental and onthe-fly algorithm which makes it possible to analyze (K-)diagnosability without necessarily generating the whole state space of the model. Three aspects for OF-PENDA are discussed in this paper: an overview on the implemented technique is given; some features of the tool are discussed; then two illustrative case studies are processed to show the efficiency in terms of time and memory compared with some existing approaches.
Accident Analysis & Prevention, 2017
Accidents at railway level crossings (LXs) give rise to serious material and human damage. Partic... more Accidents at railway level crossings (LXs) give rise to serious material and human damage. Particularly, collisions between trains and motorized vehicles are the most critical accidents occurring at LXs. It is worth noticing that violations committed by vehicle drivers are the primary cause of such accidents. The present study is a tentative to acquire a better understanding of risky behavior of vehicle drivers while crossing LXs during the closure cycle. Namely, risk analysis based on field measurement conducted at four automated LXs with two half barriers is performed. We focus on vehicle driver behavior during the LX closure cycle while distinguishing between different phases. In fact, the closure cycle is divided into three phases which are "Ph2 Red Flash and Siren", "Ph3 Barriers Coming Down" and "Ph4 Barriers Down"; and vehicle driver behavior in each phase as time increases is scrutinized respectively. Particularly, zigzag scenarios are detected, using an original experimental setting that we have implemented, and analyzed in detail. The main findings based on the analysis demonstrate that the peak of violation rate in the morning is later than the actual rush hour in the morning; a distinct peak of the violation rate shows on Friday, while the violation rate on weekend is fairly low; the relative violation rate of vehicles with high speed decreases continuously as time advances from Ph2 to Ph3 in the daytime; the violation rate during Ph4 decreases as Ph4 duration is prolonged, which contradicts a general speculation that a higher rate of zigzag violations would appear as the duration of Ph4 is extended. These findings open the way towards determining the impacting factors which have an important contribution to the vehicle driver decision-making in this context (e.g., traffic density, time schedule and phase duration). In addition, the outputs of the present study are conducive to identifying potential interventions to improve safety at LXs.
2016 11th International Design & Test Symposium (IDT), 2016
This paper presents a software tool to deal with the diagnosis of discrete-event system modeled b... more This paper presents a software tool to deal with the diagnosis of discrete-event system modeled by labeled Petri nets (LPNs). This tool, called PEtri-Net-based Diagnosability Analyzer (PENDA), is an updated version of the prototype that implements our techniques for (K-)diagnosability analysis of discrete-event models. In order to cope with the state explosion problem that arises when establishing a diagnoser, PENDA implements an incremental and on-the-fly algorithm to analyze (K-)diagnosability while partially building the state space of the LPN. In addition, several improvements have been carried out in the source code to improve the time/memory efficiency of the analysis. The current version shows better performance and allows for handling LPN models encoded in the standard PNML format.
2016 IEEE International Conference on Prognostics and Health Management (ICPHM), 2016
In this paper, a formal verification approach for diagnosability analysis of intermittent faults ... more In this paper, a formal verification approach for diagnosability analysis of intermittent faults is proposed. In this approach, the industrial systems are abstracted as discrete-event systems (DES) and modeled by finite state automata (FSA), then a model-checking framework is set to deal with diagnosability issues. Intermittent faults are defined as faults that can automatically recover once they occur. We first revisit two existing definitions of diagnosability of intermittent faults, regarding the occurrence of faults and their normalization (i.e., disappearance of faults). Then, necessary and sufficient conditions are developed based on the twin plant construction, and reformulated as linear temporal logic (LTL) formulas in order to use model-checking for actual verification. A benchmark is used to illustrate the contributions discussed and to assess the efficiency and the scalability of the proposed approach.1
2016 13th International Workshop on Discrete Event Systems (WODES), 2016
This paper aims to develop a suite of customizable Petri net benchmarks to deal with various issu... more This paper aims to develop a suite of customizable Petri net benchmarks to deal with various issues pertaining to fault diagnosis in discrete event systems. As reported in previous studies, the existing benchmarks generally characterize some of the numerous issues concerning fault diagnosis. This satisfies a specific case study, whereas it may constitute a barrier when performing comparative analysis between different approaches. In order to bridge this gap, we propose to develop a suite of benchmarks based on the same case study, while covering a wide spectrum of diagnosis issues, namely diagnosability according to the original definition, K-diagnosability, diagnosability under fairness conditions, of intermittent faults and in timed context. The benchmark elaborated, based on a level crossing case study, can be enlarged to deal with the combinatorial explosion problem. In addition, it can be extended to integrate additional features. A software tool is provided to generate benchmarks, according to the target issues one seeks to tackle, and the desired size of the model.