Abstract: A computer-based method for generating a component fault tree for a technical system is provided, including loading a data model of a failure mode and effect analysis for the technical system, generating for each component of the technical system a component element for the component fault tree, wherein component output ports of the component elements are connected to input ports of the component elements, generating for each component of the data model a component fault tree element for the respective component element, wherein each component fault tree element is associated with the respective component element, generating for each failure effect of a failure mode of a component of the data model an output failure mode for the respective component fault tree elements, and generating for each failure mode of the component of the data model a basic event for the respective component fault tree elements.

Abstract: A method and an apparatus for providing a safe operation of a technical system including a plurality of system components. The method includes the steps of: a) providing a safety analysis model matured by knowledge about former implementations of the respective system components in different context, b) whereby system components' dependencies are modeled by connecting inports with outports of the respective system components and/or vice versa, c) whereby at least one or a plurality of such in and/or outports are associated with input failure modes and/or output failure modes, d) characterized in automatically uncovering inconsistencies caused by at least one system component to be integrated in connection with at least another system component whereby the input and/or output failure mode of the system component carries the knowledge from another implementation into the context.

Abstract: The embodiments relate to methods and systems for supporting a global effect analysis of a technical system. The embodiments include providing a meta-model stored in a computer readable storage medium, where the meta-model comprises at least one assembly of the technical system comprising parts having an associated set of failure mode elements, and where each failure mode element has an associated local effect element. The embodiments also include clustering local effect elements within global effect elements to generate a global effect tree stored within the meta-model.

Abstract: An apparatus includes an input that receives a continuous function chart for each component of the investigated safety-critical system. A processor generates a corresponding component fault tree element. Inports and outports of the component fault tree element are generated and interconnected based on unique names of the inputs and outputs of the corresponding continuous function chart of the respective system component. Input failure modes and output failure modes are generated based on generic mapping between connector types of the continuous function chart and failure types of failure modes of the component fault tree element. The input failure modes of a component fault tree element are connected to output failure modes of the component fault tree element via internal failure propagation paths based on interconnected function blocks of the continuous function chart of the respective system component. An output outputs the generated component fault tree of the safety-critical system.

Abstract: A method and apparatus for generating a fault tree for a failure mode of a multi-mode system which includes a plurality of system components, the method includes the steps of providing component fault tree elements of the system components, wherein each component fault tree element includes at least one component fault tree mode element, representing a failure-relevant operation mode of the respective system component; selecting at least one component fault tree mode element representing a system state of the system; and generating the fault tree by incorporating the selected component fault tree mode elements the generated fault tree representing a failure behaviour of a system state of the system.

Abstract: A method for analyzing functional failures of a technical system using a processor to compute a meta data model, including the following steps is provided. A first step of gathering at least one failure mode for each component of a system dataset describing the technical system. A second step of associating at least one effect and at least one related maintenance task with each failure mode to mitigate and/or to dissolve the effect in the meta data model. A third step of computing failure probabilities of said technical system based on the meta data model, while the technical system is in the specific situation.

Abstract: A method for a reusable reliability centered maintenance of a technical system is provided, by executing the following steps: In a first step the meta data model is segmented in three sections to structure datasets of at least one database, wherein the first section comprises a collaborative dataset about components and at least one dominant failure mode associated with the components, the second section comprises a reusable dataset about at least one preventive maintenance task, the third section comprises a product dataset. In a second step at least one component instance is created for the third section by selecting at least one component of the components to describe said technical system. In a third step it is checked, if the preventive maintenance task is a valid task to prevent the dominant failure mode of the dominant failure mode instance for said technical system.

Abstract: A method is provided for starting up a function implemented in distributed manner on a number of computation devices in a control system having at least two computation devices coupled via a data communication connection. Output parameters are provided for a number of output variables of the respective computation device, wherein the output variables form function variables for the function. For each input variable of one of the computation devices that has an associated output variable from one of the further computation devices, the output parameters of the output variables are checked for correspondence with prescribed input parameters of the respective input variables. The function is started-up if the output parameters of the output variables correspond to the prescribed input parameters of the respective input variables.

Abstract: A method for supporting failure mode and effects analysis includes storing a meta-model in a computer-readable storage medium. The meta-model includes generic parts of technical systems, generic failure modes, and associations between the generic parts and the generic failure modes. The associations indicate, for each generic part, one or more generic failure modes associated with the generic part. Each generic failure mode identifies a type of failure for a respective generic part. A processor instantiates the generic parts and the generic failure modes to generate part instances and failure mode instances specifying a technical system. The part instances and the failure mode instances are stored, such as in the computer-readable storage medium.

Abstract: A method for automated qualification of a safety critical system including a plurality of components is provided. A functional safety behavior of each component is represented by an associated component fault tree element. The method includes automatically performing a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined generic fault type data model stored in a database.

Abstract: An apparatus and method for analyzing availability of a system including subsystems each having at least one failure mode with a corresponding failure effect on the system are provided. The apparatus includes a degraded mode tree generation unit configured to automatically generate a degraded mode tree. The degraded mode tree includes at least one degraded mode element representing a degraded system state of the system that deviates from a normal operation state of the system based on a predetermined generic system meta model stored in a database including Failure Mode and Effects Analysis elements representing subsystems, failure modes, failure effects, and diagnostic measures. The apparatus also includes a processor configured to evaluate the generated degraded mode tree for calculation of the availability of the system.

Abstract: A safety apparatus for providing a safe operation of a subsystem within a safety critical system, SCS is disclosed herein. The safety apparatus includes: a system communication interface for communication with components of the subsystem and other subsystems of the safety critical system; a backend communication interface for communication with a safety cloud backend; an integrated identifier memory storing a unique identifier of the subsystem; and an authorization control unit configured to perform a handshake authorization procedure with another target subsystem of the safety critical system via the system communication interface, and with the safety cloud backend via the backend communication interface to get authorization for the subsystem to execute a safety critical function on the target subsystem of the safety critical system based on the unique identifiers of both subsystems.

Abstract: A method for automated recertification of a safety critical system with at least one altered functionality is provided. The method includes providing a failure propagation model of the safety critical system. The method also includes updating the failure propagation model of the safety critical system according to the at least one altered functionality using inner port dependency traces between inports and outports of a failure propagation model element representing the at least one altered functionality. The method includes calculating top events of the updated failure propagation model, and comparing the calculated top events with predetermined system requirements to recertify the safety critical system.

Abstract: A method for automated generation of at least one test pattern adapted to test a subsystem of a safety critical system comprising the steps of providing a failure propagation model of the safety critical system, selecting components of the subsystem under test as a test scope, and evaluating the test scope failure propagation model of the selected components to extract the test pattern.

Abstract: The embodiments relate to methods and systems for supporting a global effect analysis of a technical system. The embodiments include providing a meta-model stored in a computer readable storage medium, where the meta-model comprises at least one assembly of the technical system comprising parts having an associated set of failure mode elements, and where each failure mode element has an associated local effect element. The embodiments also include clustering local effect elements within global effect elements to generate a global effect tree stored within the meta-model.

Abstract: A method for supporting failure mode and effects analysis includes storing a meta-model in a computer-readable storage medium. The meta-model includes generic parts of technical systems, generic failure modes, and associations between the generic parts and the generic failure modes. The associations indicate, for each generic part, one or more generic failure modes associated with the generic part. Each generic failure mode identifies a type of failure for a respective generic part. A processor instantiates the generic parts and the generic failure modes to generate part instances and failure mode instances specifying a technical system. The part instances and the failure mode instances are stored, such as in the computer-readable storage medium.

Abstract: A method for integrated model-based safety analysis includes integrating a safety analysis model into a system development model of a safety-critical system. The system development model includes model components. The safety analysis model models a failure logic separately for each of the model components. The method includes representing dependencies among the model components with a design structure matrix. The design structure matrix represents each of the model components with a row and a column and shows dependencies between model components with corresponding entries. The method also includes sequencing the design structure matrix, and identifying at least one dependency loop and loop components in the sequenced design structure matrix. The loop components are part of the at least one dependency loop.