Experience with fault injection experiments for FMEA

Fault analysis in industrial equipment has been usually performed using classical techniques such as failure modes and effects analysis (FMEA) and fault tree analysis (FTA). Model-based fault analysis has been used during the last several years in order to overcome the limitations of classical methods when complex industrial equipment has to be analyzed. In railway and automotive sectors, the development and validation of new products are based on hardware-in-the-loop (HIL) platforms. In this chapter, a methodology to enhance classical FMEAs is presented. Based on HIL simulations, the objective is to improve the results of the fault analysis with quantitative information about the effects of each fault mode. In this way, the impact of the fault analysis in the design of the traction system, the development of new diagnostic functionalities and in the maintenance tasks will increase.

show abstract

“…Apart from the aforementioned shortcomings, the following limitations have been also identified by other authors [8,9,17,18]:…”

Section: Limitationsmentioning

confidence: 99%

Model-Based Fault Analysis for Railway Traction Systems

Olmo¹,

Garramiola²,

Poza³

et al. 2018

Modern Railway Engineering

View full text Add to dashboard Cite

show abstract

“…Model-based SW-FMEA in this sense has been proposed recently [14,9]. Executable models enable the analysis of software behavior either by simulation, where potential execution traces are sampled and analyzed, or by exhaustive and systematic analysis of the whole state space.…”

Section: Software Fmeamentioning

confidence: 99%

“…The work in [9] is based on the simulation of executable software models with model-level fault injection. An earlier approach, similar to the one presented in this paper, uses model checking (a technique for systematic formal analysis) to detect the violation of the system-level specification in case active faults are present [14]. Similar techniques are used for the analysis of fault tolerance mechanisms.…”

Section: Software Fmeamentioning

confidence: 99%

See 1 more Smart Citation

Model Checking-based Software-FMEA: Assessment of Fault Tolerance and Error Detection Mechanisms

Molnár

Majzik

2017

Period. Polytech. Elec. Eng. Comp. Sci.

View full text Add to dashboard Cite

Failure Mode and Effects Analysis (FMEA) is a systematic IntroductionThe risk of failure is one of the main concerns of safetycritical systems. Certification requires the systematic analysis of potential failures, their causes and effects, and the evaluation of risk mitigation techniques used to reduce the chance and the severity of system-level failures.One of the first systematic techniques for failure analysis was Failure Mode and Effect Analysis (FMEA) [2]. FMEA is often the first step in reliability analysis, as it collects the potential failure modes of subsystems, their root causes and their effects on the whole system. Together with criticality analysis (often treated as part of FMEA, sometimes emphasized by the term FMECA), the output of FMEA serves as the basis of other qualitative and quantitative analyses, as well as design decisions regarding risk mitigation techniques.FMEA is usually applied at the hardware and communication level, where it requires a qualified analyst to collect postulated component failures and identify their effects on other components and the system level. In case of software (SW-FMEA), failure modes originate in different types of programming faults, commonly referred to as bugs. Due to the complex nature of software and the many types of potential bugs, it is much harder to collect failure modes and deduce their potential effects, so an automated mechanism is desired. This paper presents a way of automated SW-FMEA with the use of executable software models. Assuming a set of predefined fault types (programming faults) and a specification of safe behavior at the system level, the proposed approach applies model checking to systematically generate execution traces leading from fault activations to states that violate the specification of safe behavior (system-level failures). These traces can be used to understand and demonstrate fault propagation through the system and also as test sequences to reveal actual faults in the final product.Our approach improves existing model checking-based SW-FMEA by optimizing fault activations and using monitor components instead of a formal specification. The optimization helps in scaling the solution to apply it on more complex systems and situations, whereas using a monitor instead of formal

show abstract

“…The aim of slicing is to reduce (prior to model checking) a large model to a bisimilar slice which can be model checked instead of the original model, to combat the state explosion problem inherent to model checking. Based on our past experience in the domain of safety analysis, e.g., [8,9,10] we found that there are many cases in which the temporal logic formula of interest includes the next-step operator, and hence these formulas must be preserved by the slice. In the second part of this paper we introduce the resulting new slicing approach for the Behavior Tree modelling notation which is a graphical formal notation that supports the user in capturing informal requirements [11,12].…”

Section: Introductionmentioning

confidence: 99%

Next-preserving branching bisimulation

Yatapanage

Winter

2015

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

Bisimulations are in general equivalence relations between transition systems which assure that certain aspects of the behaviour of the systems are the same. For many applications it is not possible to maintain such an equivalence unless non-observable (stuttering) behaviour is ignored. However, existing bisimulation relations which permit the removal of non-observable behaviour are unable to preserve temporal logic formulas referring to the next step operator. In this paper we propose a novel bisimulation relation, called next-preserving branching bisimulation, which accomplishes this, maintaining the validity of formulas with the next step, while still allowing non-observable behaviour to be reduced. Based on van Glabbeek and Weijland's notion of branching bisimulation with explicit divergence, we define the novel relation for which we prove the preservation of full CTL * . As an example for its application we show how this definition gives rise to an advanced slicing procedure for temporal logics, a technique in which a system model is reduced to a slice which can be used as a substitute in verification and debugging. The result is a novel procedure for generating a slice that is next-preserving branching bisimilar to the original model. Hence, we can assure that any temporal logic property is preserved in a slice that is created with respect to that property, and consequently the verification on the slice is sound.

show abstract

Experience with fault injection experiments for FMEA

Cited by 33 publications

References 29 publications

Model-Based Fault Analysis for Railway Traction Systems

Model-Based Fault Analysis for Railway Traction Systems

Model Checking-based Software-FMEA: Assessment of Fault Tolerance and Error Detection Mechanisms

Next-preserving branching bisimulation

Contact Info

Product

Resources

About