pith. sign in

arxiv: 1907.09920 · v1 · pith:TTRNLNUVnew · submitted 2019-07-23 · 💻 cs.SE · cs.LO

Proof of Compositionality of CFT Correctness

Simon Greiner , Peter Munk , Arne Nordmann This is my paper

Pith reviewed 2026-05-24 17:11 UTC · model grok-4.3

classification 💻 cs.SE cs.LO
keywords component fault treescompositionalityformal proofcorrectnesssafety analysismodular verification
0
0 comments X

The pith

Component fault tree correctness is compositional, established by a formal proof of the central theorem.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This technical report supplies the formal proof for the theorem that the correctness of component fault trees is compositional. The prior publication discussed the idea but deferred the proof to this report. A sympathetic reader would care because compositionality means that verifying each component separately suffices to guarantee correctness of the overall system, which matters for scaling safety analysis to large designs. If the proof holds, it supports modular construction of fault trees without sacrificing the ability to reason about system-level behavior from component-level properties.

Core claim

The paper proves that if each component fault tree is correct relative to its local specification, then the system-level fault tree obtained by composition is correct relative to the composed specification.

What carries the argument

The central theorem on compositionality of CFT correctness, established by a formal proof that links component-level correctness to system-level correctness.

If this is right

  • Verification effort for a system can be divided along component boundaries while preserving overall guarantees.
  • Modular safety models remain sound when components are assembled according to the composition rules.
  • Changes to one component require only local re-verification rather than full system re-analysis.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The result would allow tool builders to implement separate checking routines for components and then combine their outcomes automatically.
  • If the prior definitions turn out to match common industrial practice, the proof would directly justify existing workflows that already treat components independently.
  • The same compositionality argument might extend to other modular safety artifacts such as component FMEAs if their semantics can be aligned with the CFT model.

Load-bearing premise

The definitions, semantics, and notion of correctness for component fault trees stated in the prior publication correctly capture the intended system behavior.

What would settle it

A concrete counterexample in which every component fault tree satisfies its local correctness condition yet the composed fault tree fails to satisfy the system-level condition, or a specific step in the proof that does not hold under the stated definitions.

read the original abstract

In the paper Compositionality of Component Fault Trees, we present a discussion of the compositionality of correctness of component fault trees. In this technical report, we present the formal proof of the central theorem of the aforementioned publication.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. This technical report supplies the formal proof of the central theorem on the compositionality of correctness for component fault trees (CFTs), as discussed in the authors' prior publication on the topic.

Significance. If the proof holds, it supplies a rigorous foundation for compositional reasoning about CFT correctness. This is valuable in model-based safety analysis because it supports modular verification: local correctness of component models implies global correctness of the composed system, which can improve scalability for safety-critical software and systems.

minor comments (2)
  1. The report would be more self-contained if it restated the key definitions, semantics, and correctness notion from the prior publication rather than assuming the reader has immediate access to them.
  2. A short proof sketch or high-level strategy at the beginning of the proof section would improve readability before the detailed formal steps.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their positive evaluation of the technical report and for recommending acceptance. The report is intended to supply the formal proof of the central compositionality theorem referenced in our prior publication on component fault trees.

Circularity Check

0 steps flagged

Minor self-citation to prior definitions; central proof independent

full rationale

The technical report supplies the formal proof of the compositionality theorem stated in the authors' prior publication. The derivation chain rests on semantics and correctness notions imported from that prior work, but the proof steps themselves constitute new formal content rather than a reduction of the target claim to a fitted parameter, self-definition, or unverified self-citation. No load-bearing step collapses by construction to the inputs; the structure is consistent with a low circularity burden (score 2) as the proof targets an externally stated claim.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Only the abstract is available, so the ledger is populated with minimal standard background; no free parameters, invented entities, or paper-specific axioms are identifiable from the given information.

axioms (1)
  • standard math Standard mathematical logic and set theory underpin the formal proof
    Any formal proof in logic relies on these background results.

pith-pipeline@v0.9.0 · 5544 in / 959 out tokens · 20853 ms · 2026-05-24T17:11:32.423849+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.