Abstract: A computer-implemented method for resolving closed loops in automatic fault tree analysis of a multi-component system includes: a. modeling the multi-component system using a fault tree; b. back-tracing failure propagation paths from an output element of the fault tree; c. checking if the respective failure propagation path contains a closed loop by identifying a downstream element of the respective failure propagation path having a dependency of its output value on an output value of an upstream element; d. setting the input value corresponding to a loop interconnection of each such downstream element to Boolean TRUE; e. identifying any Boolean AND-gate having no Boolean TRUE as output value; cutting off any Boolean TRUE input to any identified Boolean AND-gate between the respective downstream element and the respective upstream element; and f. setting the input value of each respective downstream element corresponding to the loop interconnection to Boolean FALSE.

Abstract: Various embodiments include modeling a component fault tree for a circuit with an input-side and an output-side component. These include using a fault tree corresponding to a hazard for each respective component, obtaining information about the components of the circuit and a connection between components, and connecting the respective fault trees based on the circuit description. Each fault tree includes an input fault mode or a basic event and an output fault mode. The output fault mode and the input fault mode are each assigned to a component terminal. An output fault mode of the input-side component tree is connected to an input fault mode of the output-side component tree if: there is a connection between the assigned terminal of the input-side component and the output-side component and the output fault mode of the input-side component correlates to an input fault mode of the output-side component.

Abstract: Provided is a computer-implemented method for generating a Component Fault and Deficiency Tree of a multi-component system the method including: a. modeling the multi-component system using a Component Fault and Deficiency Tree, b. the Component Fault and Deficiency Tree includes a plurality of component fault and deficiency tree elements associated with the respective components; c. each component fault and deficiency tree element includes at least one inport and at least one outport; d. each component fault and deficiency tree element includes at least two events as internal fault tree logic; e. at least one gate, f. each component fault and deficiency tree element includes at least one mitigation logic; g. at least one Boolean AND-Gate, configured to connect the internal fault tree logic and the at least one mitigation logic; and h. providing the generated Component Fault and Deficiency Tree of the multi-component system as output.

Abstract: A computer-implemented method and device for resolving closed loops in automatic fault tree analysis of a multi-component system is provided. Also provided is a method for resolving closed loops in automatic fault tree analysis of a multi-component system, the closed loops corresponding, for example, to closed-loop control circuitry of a multi-component device. The closed loops are first identified in a top-down approach within failure propagation paths. Next, the loops are resolved by setting each loop interconnection to Boolean TRUE, adjusting the fault tree in a specific way and finally setting each loop interconnection to Boolean FALSE. Embodiments of the invention are relevant for analyzing safety-critical systems. However, the present concepts are not limited to these applications and may be applied to general use cases where fault tree analysis is applicable. The proposed solution advantageously provides a method that features linear complexity.

Abstract: A method for providing an analytical artifact used for development and/or analysis of an investigated technical system of interest comprised of components having associated machine readable functional descriptions including port definitions and component failure modes processed to generate automatically the analytical artifact in response to at least one applied system evaluation criterion.

Abstract: A method for transmitting data from a first sub-system to a second sub-system includes the steps of: providing a dataset by the first sub-system, the dataset having a data structure identifier and a data value; sending the dataset to the second sub-system; receiving the dataset by the second sub-system; checking whether complete assignment information regarding the data structure assigned to the data structure identifier is present in the second sub-system; recovering any missing assignment information from a communication broker in the event that the second sub-system does not contain complete assignment information; and determining the data structure on the basis of the data structure identifier and the assignment information. A corresponding system, a corresponding first sub-system, a corresponding second sub-system and a communication broker are also proposed.

Abstract: Provided is a method and system for identifying and evaluating common cause failures of system components, wherein at least one analytical artifact and machine readable system related to at least one of spatial, topological data and machine readable system related lifecycle data are processed to analyze automatically a susceptibility of system components to common cause failure based on common cause failure influencing factors.

Abstract: One or more ring closures of a fault tree are provided. For each one of the one or more ring closures: at least one respective edge the respective ring closure is replaced in the fault tree by a respective variable to obtain a placeholder fault tree and a normalized representation of the placeholder fault tree is determined.

Abstract: Provided is a method for analyzing and designing a physical system architecture of a safety-critical system, wherein a physical system analysis model representing the physical system architecture of the safety-critical system is modified incrementally until calculated failure rates of failure modes of the physical system analysis model are less or equal to failure rates of corresponding failure modes of a functional system analysis model representing a functional system architecture of the safety-critical system.

Abstract: A computer-implemented method is provided for safety analysis of a technical system including a human object. The method includes: determining a system model of the technical system including the human object; determining for at least one use case of the technical system in accordance with a human interaction of the human object with the technical system; and simulating the technical system in accordance with the system model and the at least one use case. The simulating of the technical system includes tracking of safety hazard events in relation to the human interaction.

Abstract: Provided is a computer-implemented method for generating a Component Fault and Deficiency Tree of a multi-component system the method including: a. modeling the multi-component system using a Component Fault and Deficiency Tree, b. the Component Fault and Deficiency Tree includes a plurality of component fault and deficiency tree elements associated with the respective components; c. each component fault and deficiency tree element includes at least one inport and at least one outport; d. each component fault and deficiency tree element includes at least two events as internal fault tree logic; e. at least one gate, f. each component fault and deficiency tree element includes at least one mitigation logic; g. at least one Boolean AND-Gate, configured to connect the internal fault tree logic and the at least one mitigation logic; and h. providing the generated Component Fault and Deficiency Tree of the multi-component system as output.

Abstract: Provided is a device for ensuring safe operation of a technical system configured to generate a smart contract including a condition to be fulfilled for safe operation of a technical system, to store smart contract data of the smart contract in a distributed ledger, and to determine if the technical system fulfills the condition using the smart contract.

Abstract: Provided is a system for safety analysis of failure behavior for a unit including two or more components with at least one inport for receiving failure data and one outport for transmitting failure data, wherein for the analysis of the failures data of the components and/or the unit a safety contract is used, and wherein the safety contract is generated automatically by a model-based safety analysis model comprising separate SAM modules which are related to the components of the unit.

Abstract: A method for generating a fault tree of a multi-component system is provided. The multicomponent system includes a logical-functional system layer and a physical system layer as different layers of abstraction. The physical system layer may correspond, for example, to software and/or hardware implementing the functional aspects of the logical-functional system layer. The method first provides a logical-functional fault tree for the logical-functional system layer and a physical fault tree for the physical system layer, the latter having elements corresponding to elements in the logical-functional fault tree. Next, a mixed-layer fault tree is generated by combining aspects of both fault trees in a systematic way. The disclosed is particularly relevant for analyzing safety-critical systems. However, the present concepts are not limited to these applications and may be applied to general use cases where fault tree analysis is applicable.

Abstract: A computer-implemented method for determining automatically a machine safety and/or a product quality of a flexible cyber-physical production system with a configuration adaptable during a production process including production steps executed by machines forming equipment of a physical factory of the cyber-physical production system to produce a product according to a product recipe, wherein the machine safety and/or product quality are calculated during runtime of the flexible cyber-physical production system by processing a meta-model of the flexible cyber-physical production system stored in a computer readable storage medium, is provided.

Abstract: Sensitivity analysis of failure events associated with components of a technical system is provided. It is possible to determine, for a plurality of components of a technical system configured in accordance with at least one initial design, importance values which are indicative of a dependency of at least one non-functional specification of a plurality of non-functional specifications of the technical system configured in accordance with the at least one initial design on a change of the technical system with respect to the components of the plurality of components. The method further includes determining a further design of the technical system based on the at least one initial design, the importance values, and a predefined function describing a joint quality score of the plurality of non-functional specifications for the technical system being configured in accordance with a respective design of the technical system.

Abstract: The computer-implemented method for testing a technical system having a plurality of technical components includes: providing a safety model modeling a safety relevant functionality of the technical system, providing a test model describing test cases for testing the technical system, linking elements of the safety model with elements of the test model for enabling a tracing between the test cases of the test model and the safety-relevant functionality of the safety model, testing the technical system using at least one of the test cases generated based on the test model linked with the safety model, and analyzing the testing for providing coverage criteria for the safety-relevant functionality. Further, a computer program product, a computerized device and an arrangement having a technical system and a computerized device are suggested.

Abstract: The computer-implemented method for testing a technical system having a plurality of technical components includes: providing a safety model modeling a safety relevant functionality of the technical system, providing a test model including test cases for testing the technical system, linking elements of the safety model with elements of the test model for enabling a tracing between the test cases of the test model and the safety-relevant functionality of the safety model, generating test parameters for at least one certain test case of the test cases and/or a new test case for the test model using the safety model linked to the test model, and testing the technical system using the certain test case and/or the new test case. Further, a computer program product, a computerized device and an arrangement having a technical system and a computerized device are provided.

Abstract: Provided is a computer-implemented method for controlling an operation of a technical system automatically, including at least the steps of: acquiring information about a modified configuration of at least one sub-system included in the technical system; generating a virtual model of the technical system including the at least one sub-system with the modified configuration for an evaluation of the operation; adjusting the virtual model to provide a control instruction for the operation of the technical system, wherein the adjusted virtual model is configured to compare an evaluation value acquired from the evaluation with a target requirement in a cryptographic and to derive the control instruction based on the comparison; and controlling the operation of the technical system based on the control instruction.

Abstract: Various embodiments include modeling a component fault tree for a circuit with an input-side and an output-side component. These include using a fault tree corresponding to a hazard for each respective component, obtaining information about the components of the circuit and a connection between components, and connecting the respective fault trees based on the circuit description. Each fault tree includes an input fault mode or a basic event and an output fault mode. The output fault mode and the input fault mode are each assigned to a component terminal. An output fault mode of the input-side component tree is connected to an input fault mode of the output-side component tree if: there is a connection between the assigned terminal of the input-side component and the output-side component and the output fault mode of the input-side component correlates to an input fault mode of the output-side component.