Francesco Montrone

Marc Zeller, Francesco Montrone

Fault Tree analysis is a widely used failure analysis methodology to assess a system in terms of safety or reliability in many industrial application domains. However, with Fault Tree methodology there is no possibility to express a temporal sequence of events or state-dependent behavior of software-controlled systems. In contrast to this, Markov Chains are a state-based analysis technique based on a stochastic model. But the use of Markov Chains for failure analysis of complex safety-critical systems is limited due to exponential explosion of the size of the model. In this paper, we present a concept to integrate Markov Chains in Component Fault Tree models. Based on a component concept for Markov Chains, which enables the association of Markov Chains to system development elements such as components, complex or software-controlled systems can be analyzed w.r.t. safety or reliability in a modular and compositional way. We illustrate this approach using a case study from the automotive domain.

Kai Hoefig, Andreas Joanni, Marc Zeller et al.

The importance of mission or safety critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model driven development is currently one of the key approaches to cope with increasing development complexity, in general. Applying similar concepts to reliability, availability, maintainability and safety (RAMS) analysis activities is a promising approach to extend the advantages of model driven development to safety engineering activities aiming at a reduction of development costs, a higher product quality and a shorter time-to-market. Nevertheless, many model-based safety or reliability engineering approaches aim at reducing the analysis complexity but applications or case studies are rare. Therefore we present here a large scale industrial case study which shows the benefits of the application of component fault trees when it comes to complex safety mechanisms. We compare the methodology of component fault trees against classic fault trees and summarize benefits and drawbacks of both modeling methodologies.