Safety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard.

• Cafta Software Download
• Fault Tree Analysis

Standards such as mandate several analyses, such as (FHA) and (FMEA). One popular type of safety analysis is (FTA), which provides a graphical representation of all contributors to a failure (e.g., error events and propagations).

In this blog post, I present the concepts of the FTA and introduce a new tool to design and analyze fault trees. Fault-Tree Analysis NotationFTA is a top-down safety analysis method. Unlike FMEA, which is a bottom-up method that shows the impact of every failure throughout the architecture, FTA defines a tree. The failure under analysis is the tree's root node and all related contributing factors are its leaf nodes.FTA's logic includes gates that show the logical relationship (AND, OR) between error events in the tree.

This representation captures the fact that a fault depends on several failures. For example, a redundant system with two sensors will fail if both sensors are not working.Figure 1 shows an FTA that represents the condition of a failure of a computer.

Cafta Software Download

The computer crashes if one of the following conditions is triggered (that is, the error events act as an OR gate):. unhandled interrupt. broken device.

software errorSoftware error (failure condition 3) is then refined into sub-events. A software error occurs if both of the following conditions are triggered (that is, the error events act as an AND gate):. The program attempts to divide by zero.

There is no recovery handlerThis type of failure model is helpful for manually analyzing system safety and computing the probability of a failure according to all of its contributors.Figure 1 - Example of a fault treeShortcoming of Existing ToolsSeveral FTA tools are currently on the market. Unfortunately, most of them are released under a commercial license, which reduce their accessibility and evaluation to the research community.

Licensing commercial tools is often expensive and beyond the budget for many researchers, so we wanted to create an open-source tool that was freely available to software developers of safety-critical systems. While some open-source FTA projects do exist, they have limited capabilities and are not actively maintained, so that old bugs were not fixed and these program might not work on new operating systemsWe wanted to make an FTA tool that is open-source, easy to use, available on most popular platforms (such as Windows, Mac OS and Linux), and that can be easily integrated in, our AADL modeling environment. These reasons motivated us to write our own FTA editor: EMFTA, which is written using the (EMF) framework, the, and Java code.

Thanks to the Sirius framework the tool provides a different set of visualization and analysis capabilities than other current FTA tools. Finally, EFTA is completely integrated into the Eclipse platform and can be easily interfaced with the OSATE modeling framework.The EMFTA EditorEMFTA editor uses two major components of the Eclipse platform: the for defining an FTA meta-model and, a framework to auto-generate graphical representation from EMF models. The EMFTA tool is currently integrated stable release of the tool environment,. The source code for EMFTA is released under the and is openly accessible on the.Tree and Table RepresentationsEMFTA provides several different ways to visualize and represent a fault tree model, including a tree diagram and a table representation that is convenient for editing. Figure 2 shows the table representation of the graphic diagram of the FTA that appeared in Figure 1.The tool automatically synchronizes the different representations of the model. A value modified in the table is automatically updated in the tree, and vice-versa.Figure 2 - Table View of the Fault TreeAnalysis CapabilitiesEMFTA provides three ways to analyze and check fault trees.

Probability consistency checking. EMFTA browses the tree and checks that all probabilities are consistent with the tree hierarchy.

EMFTA also verifies that the probability of an error event is consistent with its leaves and their underlying conditions. Automatically computing the probabilities of all error events. To enable this type of checking, engineers must specify the probabilities of all of the leaves in the fault tree. EMFTA then automatically computes the probabilities of all other error events up to the root node of the tree. Automatically computing the number of events to trigger a specific error. EMFTA provides all combinations of errors that are sufficient to trigger the failure of the root node. Figure 3 shows the cut set for the FTA that was illustrated in Figure 1.

Fault Tree Analysis

Three combinations of failures are sufficient to trigger the root failure. The tool also gives the probability for each cut set.Figure 3 - Cut set of the computer systemEMFTA includes optimization features that automatically remove useless error events-for example, if they are referenced in several parts of the tree hierarchy. It can even refactor the tree by re-organizing shared events with respect to their fault logic.Such capabilities are especially useful when working on important fault trees because manual analysis is prone to error and very time consuming. By automating these capabilities, we increase confidence in the probabilities produced and reduce analysis time.Wrapping UpFTA is a major component of system analysis and is prescribed by safety standards, such as.

Previous tool support was mostly commercial and therefore less accessible, which reduced opportunities to use such analysis for research and educational projects. By creating EMFTA and making it available it to the public via the open source software community, we hope to bridge this gap and provide opportunities for members of the research and academic communities to learn and use FTA.Beyond the EMFTA editor, we also hope to automatically generate fault trees from architecture models designed with AADL. Since EMFTA was not available at that time, we had to rely on older, unsupported tools. We updated our FTA generator and are now generating fault trees that can be visualized and edited with EMFTA. We plan to present all of these new features in an upcoming tutorial at the on October 2, 2016.Resources. EMFTA github repository:.

OSATE download.

Fault Tree AnalysisThis quick subject guide provides an overview of the basic conceptsin fault tree analysis (FTA, system analysis) as it applies to systemreliability, and offers a directory of some other resources on the subject. History of Fault Tree Analysis (FTA)Fault Tree Analysis (FTA) is another technique for reliability andsafety analysis. Bell Telephone Laboratories developed the concept in1962 for the US Air Force for use with the Minuteman system. It waslater adopted and extensively applied by the Boeing Company. Fault treeanalysis is one of many symbolic 'analytical logic techniques' foundin operations research and in system reliability. Other techniques includereliability block diagrams (RBDs).

What is a Fault Tree Diagram (FTD)?Fault tree diagrams (or negative analytical trees) are logic blockdiagrams that display the state of a system (top event) in terms ofthe states of its components (basic events). Like reliability blockdiagrams (RBDs), fault tree diagrams are a graphical design technique,and as such provide an alternative methodology to RBDs.An FTD is built top-down and in term of events rather than blocks.It uses a graphic 'model' of the pathways within a system that can leadto a foreseeable, undesirable loss event (or a failure). The pathwaysconnect contributory events and conditions, using standard logicsymbols (AND, OR, etc.). The basic constructs in a fault tree diagramare gates and events, where the events have an identical meaning asa block in an RBD and the gates are the conditions.

Fault Trees and Reliability Block DiagramsThe most fundamental difference between fault tree diagrams and RBDs is that you work in the'success space' in an RBDwhile you work in the 'failure space' in a fault tree. In other words, the RBD looks at success combinations while the faulttree looks at failure combinations. In addition, fault trees have traditionally been used to analyze fixed probabilities (i.e.,each event that composes the tree has a fixed probability of occurring) while RBDs may include time-varying distributions forthe blocks' success or failure, as well as for other properties such as repair/restoration distributions. Drawing Fault Trees: Gates and EventsFault trees are built using gates and events (blocks).

The two mostcommonly used gates in a fault tree are the AND and ORgates. As an example, consider two events (called input events) that can lead to another event (called theoutput event).