Abstract: Modeling a multi-component control or actuator system using a fault tree is provided, which solves the problem of ring closures included in a fault tree. To identify ring closures, failure propagation paths are back-traced and is checked if the respective failure propagation path forms a ring closure.

Abstract: A method and apparatus for generating a fault tree for a failure mode of a multi-mode system which includes a plurality of system components, the method includes the steps of providing component fault tree elements of the system components, wherein each component fault tree element includes at least one component fault tree mode element, representing a failure-relevant operation mode of the respective system component; selecting at least one component fault tree mode element representing a system state of the system; and generating the fault tree by incorporating the selected component fault tree mode elements the generated fault tree representing a failure behaviour of a system state of the system.

Abstract: A method and an apparatus for providing a safe operation of a technical system including a plurality of system components. The method includes the steps of: a) providing a safety analysis model matured by knowledge about former implementations of the respective system components in different context, b) whereby system components' dependencies are modeled by connecting inports with outports of the respective system components and/or vice versa, c) whereby at least one or a plurality of such in and/or outports are associated with input failure modes and/or output failure modes, d) characterized in automatically uncovering inconsistencies caused by at least one system component to be integrated in connection with at least another system component whereby the input and/or output failure mode of the system component carries the knowledge from another implementation into the context.

Abstract: Techniques of safety assurance using fault trees for identifying dormant system failure states are provided. Both operational failure events, as well as diagnostic failure events are included in a fault tree and the operational failure events are then correlated with the diagnostic failure events, which enables an identification of the dormant system failure states. A component fault tree can be used.

Abstract: Provided is a method for analyzing and designing a physical system architecture of a safety-critical system, wherein a physical system analysis model representing the physical system architecture of the safety-critical system is modified incrementally until calculated failure rates of failure modes of the physical system analysis model are less or equal to failure rates of corresponding failure modes of a functional system analysis model representing a functional system architecture of the safety-critical system.

Abstract: A method for providing an analytical artifact used for development and/or analysis of an investigated technical system of interest comprised of components having associated machine readable functional descriptions including port definitions and component failure modes processed to generate automatically the analytical artifact in response to at least one applied system evaluation criterion.

Abstract: A method for automated qualification of a safety critical system including a plurality of components is provided. A functional safety behavior of each component is represented by an associated component fault tree element. The method includes automatically performing a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined generic fault type data model stored in a database.

Abstract: Techniques of safety assurance using fault trees for identifying dormant system failure states are provided. Both operational failure events, as well as diagnostic failure events are included in a fault tree and the operational failure events are then correlated with the diagnostic failure events, which enables an identification of the dormant system failure states. A component fault tree can be used.

Abstract: An apparatus includes an input that receives a continuous function chart for each component of the investigated safety-critical system. A processor generates a corresponding component fault tree element. Inports and outports of the component fault tree element are generated and interconnected based on unique names of the inputs and outputs of the corresponding continuous function chart of the respective system component. Input failure modes and output failure modes are generated based on generic mapping between connector types of the continuous function chart and failure types of failure modes of the component fault tree element. The input failure modes of a component fault tree element are connected to output failure modes of the component fault tree element via internal failure propagation paths based on interconnected function blocks of the continuous function chart of the respective system component. An output outputs the generated component fault tree of the safety-critical system.

Abstract: A computer-based method for generating a component fault tree for a technical system is provided, including loading a data model of a failure mode and effect analysis for the technical system, generating for each component of the technical system a component element for the component fault tree, wherein component output ports of the component elements are connected to input ports of the component elements, generating for each component of the data model a component fault tree element for the respective component element, wherein each component fault tree element is associated with the respective component element, generating for each failure effect of a failure mode of a component of the data model an output failure mode for the respective component fault tree elements, and generating for each failure mode of the component of the data model a basic event for the respective component fault tree elements.

Abstract: A computer-based method for automated hazard detection for a technical system, the method includes the step of selecting an output failure mode of a component of a component fault tree of the technical system as a top level hazard. The computer-based method includes the step of generating a hazard information tree by means of a subtree of the component fault tree, wherein the subtree is selected by means of the top level hazard, wherein the subtree is modified by removing predefined nodes from the subtree and by enhancing output failure modes of the subtree with information from which component the output failure modes originate, wherein the modified subtree is saved in a memory unit as hazard information tree. The computer-based method includes the step of evaluating the hazard information tree, and providing a control signal comprising a result of the evaluation.

Abstract: A method and an apparatus for providing a safe operation of a technical system including a plurality of system components. The method includes the steps of: a) providing a safety analysis model matured by knowledge about former implementations of the respective system components in different context, b) whereby system components' dependencies are modeled by connecting inports with outports of the respective system components and/or vice versa, c) whereby at least one or a plurality of such in and/or outports are associated with input failure modes and/or output failure modes, d) characterized in automatically uncovering inconsistencies caused by at least one system component to be integrated in connection with at least another system component whereby the input and/or output failure mode of the system component carries the knowledge from another implementation into the context.

Abstract: An apparatus includes an input that receives a continuous function chart for each component of the investigated safety-critical system. A processor generates a corresponding component fault tree element. Inports and outports of the component fault tree element are generated and interconnected based on unique names of the inputs and outputs of the corresponding continuous function chart of the respective system component. Input failure modes and output failure modes are generated based on generic mapping between connector types of the continuous function chart and failure types of failure modes of the component fault tree element. The input failure modes of a component fault tree element are connected to output failure modes of the component fault tree element via internal failure propagation paths based on interconnected function blocks of the continuous function chart of the respective system component. An output outputs the generated component fault tree of the safety-critical system.

Abstract: A method and apparatus for generating a fault tree for a failure mode of a multi-mode system which includes a plurality of system components, the method includes the steps of providing component fault tree elements of the system components, wherein each component fault tree element includes at least one component fault tree mode element, representing a failure-relevant operation mode of the respective system component; selecting at least one component fault tree mode element representing a system state of the system; and generating the fault tree by incorporating the selected component fault tree mode elements the generated fault tree representing a failure behaviour of a system state of the system.

Abstract: A method for automated qualification of a safety critical system including a plurality of components is provided. A functional safety behavior of each component is represented by an associated component fault tree element. The method includes automatically performing a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined generic fault type data model stored in a database.

Abstract: A method for automated generation of at least one test pattern adapted to test a subsystem of a safety critical system comprising the steps of providing a failure propagation model of the safety critical system, selecting components of the subsystem under test as a test scope, and evaluating the test scope failure propagation model of the selected components to extract the test pattern.