WO2011148891A1 - システムモデルからの静的なフォルトツリー解析のシステムと方法 - Google Patents
システムモデルからの静的なフォルトツリー解析のシステムと方法 Download PDFInfo
- Publication number
- WO2011148891A1 WO2011148891A1 PCT/JP2011/061738 JP2011061738W WO2011148891A1 WO 2011148891 A1 WO2011148891 A1 WO 2011148891A1 JP 2011061738 W JP2011061738 W JP 2011061738W WO 2011148891 A1 WO2011148891 A1 WO 2011148891A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- model
- fault tree
- failure
- tree
- component error
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0218—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
- G05B23/0243—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults model based detection method, e.g. first-principles knowledge model
- G05B23/0245—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults model based detection method, e.g. first-principles knowledge model based on a qualitative model, e.g. rule based; if-then decisions
- G05B23/0248—Causal models, e.g. fault tree; digraphs; qualitative physics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/30—Circuit design
- G06F30/32—Circuit design at the digital level
- G06F30/33—Design verification, e.g. functional simulation or model checking
- G06F30/3323—Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking
Definitions
- the present invention relates to a method and system system for automatically analyzing system reliability from a system configuration, and in particular, using a static fault tree analysis (FTA) model and a system model,
- FFA static fault tree analysis
- the present invention relates to a method and system for quantitatively analyzing the reliability of a computer system.
- FTA fault tree analysis
- Patent Documents 1, 2, and 3 Some other examples of semi-automatic system fault tree analysis using FTA for specific areas and systems are described in Patent Documents 1, 2, and 3.
- the conventional system disclosed in Patent Document 3 uses a nuclear power plant layout (three-dimensional CAD data) as an input, and uses FT diagram DB means. It stores a registered fault tree for that particular device. Given a special top event of the device and the fault tree in the FT diagram DB means, a fault tree can be created for the top event; otherwise it must be manually revised.
- a problem common to these conventional systems and methods eg, US Pat. Nos. 5,099,086) is a formal parameterized system architecture or component error for fully automatic development of fault trees. There is no (fault) model, so conventional systems and methods are generally limited to specific areas and systems.
- the first problem is that manual failure tree development is difficult and error-prone, especially in the case of large and complex system analysis.
- the second problem is that functional dependencies and series dependencies between component events are usually modeled by several dynamic gates, which can cause semantic troubles, Extra costs for system maintenance are required.
- an object of the present invention is to provide a system and method for automatically developing and analyzing a fault tree from a system model.
- Another object of the present invention is to present a model that defines a function dependency and a sequence dependency between events using a standard static logic gate.
- the present invention for solving the above-mentioned problems is a system for analyzing a static fault tree from a system model, a system configuration input means for inputting a system configuration and a system of a top event to be analyzed, a system architecture model, and a component error System model library means for storing a model, and fault tree analysis means for analyzing a fault tree of a system from the top event according to a decomposition rule defined in the component error model, and the system configuration and the top
- An event is a case of a system architecture model and a failure event of a component error model respectively stored in the system model library means, and the system architecture model includes classification and definition of physical and semantic relationships between different components.
- the component error model described above defines a failure event with different components and a Boolean formula relationship that is a decomposition rule covering functional dependency and sequence dependency used for analyzing a failure tree. It is a system that analyzes trees.
- the present invention that solves the above problems is a failure tree analysis method for analyzing a static failure tree from a system model, in which a classification and definition of physical and semantic relationships between different components in the system to be analyzed Component error that defines a system architecture model, a failure event with different components, and a Boolean expression relationship, which is a decomposition rule that covers functional dependencies and sequence dependencies used to analyze the failure tree
- a fault tree analysis method for storing a model and selecting a system top event to be analyzed and analyzing a system fault tree from the top event according to a decomposition rule defined in the component error model.
- the present invention for solving the above-described problems is a program for causing a computer to analyze a static fault tree from a system model, wherein the classification and definition of physical and semantic relationships between different components in the system to be analyzed
- a component error model that defines a system architecture model that is described, fault events with different components, and Boolean formula relationships, which are decomposition rules that cover functional dependencies and sequence dependencies that are used to analyze fault trees
- Boolean formula relationships which are decomposition rules that cover functional dependencies and sequence dependencies that are used to analyze fault trees
- a system failure tree can be automatically developed with respect to the component error model from the case of the system architecture model and the top event.
- FIG. 10 is an explanatory diagram of a processing procedure executed by the reliability analysis support device of Patent Document 3. It is a detailed explanatory view of the FT diagram creation step of Patent Document 3.
- the static fault tree analysis (FTA) system from the system model of the present invention includes system configuration input means, system model library means, and fault tree analysis (FTA) means.
- a set of a system art model and a component error model and a set of rules for calculating a minimum cut set for a fault tree are stored.
- the system architecture model includes component divisions and relationships between components, which include semantic requirements such as potential physical connections and synthesis, and functional dependencies between components.
- the component error model includes different fault definitions and component conditional events, and covers both functional dependencies between components and sequence dependencies between fault events.
- the component error model theorem functions as a decomposition rule for building (analyzing) a fault tree.
- the minimum cut set (MCS) calculation rule is used to calculate the minimum cut set of the analyzed failure tree.
- fault tree analysis (FTA) means is used to generate and analyze the fault tree of the input system configuration.
- the first embodiment of the present invention includes system configuration input means 110, system model library means 120, and fault tree analysis (FTA) means 130.
- FSA fault tree analysis
- the system model library means 120 further includes system architecture model means 121 and component error model means 122.
- the system configuration input means 110 inputs the system configuration and the top event of the system to be analyzed.
- the system configuration must follow the definition of the system architecture model defined by the system architecture model means 121 described later.
- the system model library means 120 stores a set of system models for fault tree analysis (FTA).
- FTA fault tree analysis
- the system model can be further divided into two groups: a system architecture model and a component error model.
- the system architecture model means 121 stores a set of system architecture models that specify component classifications and attributes. There, the attributes are represented by functions that indicate the composition of the components and the potential physical connections and semantic (functional) relationships between the components.
- the component error model means 122 stores a set of component error models that specify different component failures and conditional events and their logical relationships.
- the theorem defined in the component error model functions as a fault tree decomposition rule.
- Fault tree analysis means 130 decomposes the event from the top event according to the input system configuration and the tree decomposition rule of the fault. That is, the failure tree is analyzed.
- the system configuration is input by the system configuration input means 110 (step A1).
- the user inputs (selects) the top failure event of the system to be analyzed (step A2).
- the top event is decomposed into several sub-events by the fault tree analysis (FTA) means 130 according to a certain decomposition rule defined by the component error model means 122 (step A3).
- FFA fault tree analysis
- step A3 The decomposition of the sub-event (step A3) is repeated until the decomposition rules for the decomposed sub-event are no longer available, that is, until the sub-event is a basic event that can no longer be decomposed.
- the second embodiment of the present invention is an extension of the first embodiment, and the calculation used by the system model library means 120 to calculate the MCS of the fault tree.
- MCS calculating means 123 for storing a rule set is further provided.
- the fault tree analysis (FTA) means 130 of the second embodiment is used for calculation into MCS in addition to the event decomposition described in the first embodiment.
- Steps B1 to B3 are the same as steps A1 to A3 in the first embodiment, respectively.
- the sub-event is converted into an additive standard form (DNF) from which the redundant conjunction of the event is removed using the calculation rule defined by the MCS calculation means 123 (step B4).
- DNF additive standard form
- step B4 For any event in DNF, repeat steps B3 and B4 until it becomes a basic event (ie, it cannot be resolved). Finally, when all events become basic events, the final DNF is output as the MCS of the fault tree.
- this embodiment has the repeated decomposition of events and the calculation to MCS, which can remove redundant nodes of the failure tree in a timely manner, the MCS of the failure tree can be calculated in an efficient manner.
- calculation to MCS is performed after each decomposition of the event, in this embodiment, a complete original fault tree that has not been calculated to MCS cannot be output.
- the third embodiment of the present invention has the means of the second embodiment, but the third embodiment differs from the second embodiment in that the third embodiment is described below.
- the event decomposition step and the MCS calculation step to be described are composed of different processing flows.
- step C3 Although the present embodiment also has an event decomposition (step C3) and calculation to MCS (step C4), the decomposition is repeated until all events become basic events (cannot be decomposed). Will be done only once. Therefore, it is possible to output both the complete original fault tree that has not been reduced and the minimum cut set of the fault tree (step C5).
- the third embodiment does not perform timely disassembly after each disassembly, and therefore spends more time calculating the MSC.
- the effect of the third embodiment is that complete disassembly information is retained, an original fault tree that has not been reduced can be output.
- the first effect is that, given a system configuration or an undesired top event of the system, a top event fault tree and a minimum cut set of fault trees can be automatically generated.
- the reason is that the input system configuration follows the definition of the system architecture model, so that the failure tree and MCS are developed and calculated according to the failure tree decomposition rules and MCS calculation rules defined by the system model library means, respectively. Because it can be done.
- the second effect is that a standard static logic gate can be used rather than a conventional dynamic gate, and the function dependence between components and the series dependence between fault events can be modeled.
- the reason is that by distinguishing between internal and external component failure events, functional dependencies between different components can be displayed with standard OR gates, introducing extra dependent conditional events. This is because the series dependency between component failure events can be handled by a standard AND gate.
- FIG. 6 shows one highly reliable network configuration. The system configuration will be described below.
- the system is composed of two servers s1 and s2, where s2 is a spare that operates when s1 fails, and s1 is a primary (operating) server.
- Each server has two network cards, and each network card is a c11 (primary) card and c12 (standby) for the primary s1, and c21 (primary) and c22 (standby) for the standby s2.
- the two hubs are connected to the network cards c11, c12, c21, c22.
- FIG. 1 An example system architecture model written in UML format is shown in FIG. 1
- This system architecture model is stored in the system architecture model means 121 and can be expressed in a different format for one embodiment.
- the UML graphic format of FIG. 7 is merely an example for ease of reading. Some annotations of FIG. 7 are as follows.
- the component may be a composite component, hardware, or software.
- the hardware component may be a bus, memory, processor, or device, and functions as an essential component or a spare component.
- the primary component is an essential component having at least one spare component.
- Composite hardware composite HW is both a composite component and a hardware component.
- Composite hardware consists of one or several (sub) hardware components, and in general its functionality depends on all essential subcomponents working well, ie not going down. (Definition of failure event down will be described later in FIG. 9). Therefore, as shown in FIG. 7, the relationship “depAll” actually represents a kind of vertical functional dependency between the composite component and the sub-hardware component, and is a sub-relationship of the physical decomposition relationship “consists”. .
- Hardware components are not connected to the bus, or are connected to several buses, and it is generally necessary for the hardware components to have access to any of the undisabled (connected) buses. Therefore, as shown in FIG. 7, the relationship “reqAny” actually represents a kind of horizontal function dependency between the hardware and the bus and is a sub-relationship of the physical connection relationship “connects”.
- Primary has one or several spares, and the spare supports one or several primaries simultaneously. However, it should be noted that a spare can always replace at most one primary (ie, the first failed primary) at any given time.
- a replacement relationship can be used to represent two primary sequence incidents supported by the same one backup. For example, there are two primary components P1 and P2 sharing the same one spare S, and the top event is defined as P2 failing before P1 fails (if P1 fails, the spare S Means that the system composed of P1 and P2 fails because it cannot operate on behalf of P1).
- conditional event replacement S, P2
- the above series dependency between P1 failure and P2 failure is a standard rather than a conventional PAND gate, as shown in FIG. It can be expressed as a static AND gate.
- FIG. 8 represents an exemplary formal architecture model of a network server written in Maude, a formal specification programming language. Some notations in FIG. 8 are as follows (line numbers added for readability):
- the items described in lines 4 to 9 are definitions of data type (kind) and subtype.
- the server is a complex hardware component.
- the subtype relationship is represented by the symbol “ ⁇ ”.
- the item described in the line 10 is the definition of the predicate “existNWCard” and indicates whether or not a network card is present in the set of hardware components.
- FIG. 9 shows an exemplary component error model written in Maude and stored in the component error model means 122.
- the expression defined in FIG. 9 functions as a decomposition rule for developing a fault tree.
- “Failed” described in line 2 is a (primary) internal failure of the component, for example, a failure.
- the “disabled” described in line 3 is caused by other functionally dependent components, such as (secondary) of other functionally dependent components, for example, components that are typically caused by memory failures. External faults are disabled by the bus because the memory requires an accessible bus.
- Lines 6 to 8 contain variable declaration statements for expressions.
- Lines 9 and 10 are expressions that define the meaning of non-functioning, ie, the composite component is down when and only when any of its dependent sub-essential components are down (any composite component is its sub-component That the non-composite component does not function when and only if it fails or is disabled, under the assumption that it must connect to other peripheral components via The formula to be defined is described. These two theorems indicate the vertical and horizontal function dependencies, respectively.
- Line 11 contains an expression that defines the meaning of disable, that is, an expression that defines that a component is disabled only when all required buses stop functioning. Since the bus connection is temporary and interacts, the case component separation of the bus component and the non-bus component and the second parameter of the auxiliary function “$ allFunctionless” are used to remove the cyclic dependency.
- Lines 12 to 15 show an expression that defines the meaning of down, that is, the primary component goes down when and only when the primary component itself does not function and any of its spares fail, and the non-primary component goes down. Is defined as the same as a non-primary component not functioning for convenience. The reason why the reserve did not work for the primary component is because the reserve does not work or other previously supported primary components are working. Finally, the operation of the spare for the primary component is the same as the primary does not work and the spare is placed on the primary (conditional event).
- FIG. 10 shows some exemplary rules for the MCS calculation means 123. Some notations are as follows.
- Lines 1 to 4 contain variable declaration statements for the following expressions. It should be noted that the sort FaultEvent is a subsort of Bool.
- Line 5 describes an expression for converting a logical expression (Boolean formula) into DNF.
- Line 6 contains an expression that removes unnecessary conditional event replacement in the final MCS. What this equation means is that there are two primary components that share the same spare, and there are two conjunctions stating that both primary components do not work, and the spare is If the words are replaced by the first and second primary components, it means that these two conjunctions can be unified into one conjunction consisting of only two primary components.
- Lines 7 to 9 describe an expression for removing a redundant cut set (conjunction) and obtaining a minimum cut set of a fault tree.
- the logical representation of the exemplary network configuration is formatted as shown in FIG. (Corresponding to step A1 in FIG. 2).
- the functional relationship can be derived from the physical connection and simplified. For example, assuming that a composite component depends on all of its sub-essential components, the functional relationship “depAll” can be used if the engineer does not accidentally introduce the required sub-components that are no longer needed into the composite component or for other reasons. By removing the spare components in “consists”, it can be derived in a simple manner from the physical disassembly connection “consists” of the composite components.
- the logical representation of the example configuration is composed of two main parts.
- One is the constant value definition of the component, that is, the name and type of the component case represented by lines 4-11.
- the constant value definition for line 4 states that “sys” is an example of a composite component, ie, an exemplary network system.
- the other is the relationship between these components and is represented by the equations of lines 12-26.
- the equation of line 12 states that the exemplary network system, “sys”, depends on the primary server s1.
- the final MCS of the fault tree with two top events is 12 (corresponding to steps B5 and C3 in FIGS. 4 and 5, respectively).
- each unit is configured by hardware, but may be configured by a program and a CPU that perform the same operation as the operation of each unit.
- System configuration input means for inputting the system configuration and the system of the top event to be analyzed;
- System model library means for storing a system architecture model and a component error model;
- a fault tree analyzing means for analyzing a fault tree of a system from the top event according to a decomposition rule defined in the component error model;
- the system configuration and the top event are a system architecture model case and a component error model failure event respectively stored in the system model library means,
- the system architecture model describes the classification and definition of physical and semantic relationships between different components
- the component error model includes a failure tree that defines a failure event with different components and a Boolean expression relationship that is a decomposition rule that covers functional dependency and sequence dependency used for analyzing the failure tree.
- System to analyze
- the system model library means stores an MCS calculation rule for calculating a minimum cut set of a fault tree, removes a redundant cut set of events based on the MCS calculation rule, and calculates a minimum cut set Appendix 1 of fault tree analysis system having calculation means.
- a failure tree analysis method for analyzing a static failure tree from a system model A system architecture model that describes the classification and definition of physical and semantic relationships between different components in the system to be analyzed, different failure events of components, and functional dependencies and sequence dependencies that are used to analyze failure trees. And a component error model that defines a Boolean expression relationship that is a decomposition rule that covers Select the system top event to analyze, A fault tree analysis method for analyzing a fault tree of a system from the top event according to a decomposition rule defined in the component error model.
- Appendix 4 The failure tree according to appendix 3, wherein a MCS calculation rule for calculating a minimum cut set of a failure tree is stored, a redundant cut set of an event is removed based on the MCS calculation rule, and a minimum cut set is calculated. analysis method.
- Appendix 5 A program that causes a computer to analyze a static fault tree from a system model, A system architecture model that describes the classification and definition of physical and semantic relationships between different components in the system to be analyzed, different failure events of components, and functional dependencies and sequence dependencies that are used to analyze failure trees. Processing for storing a component error model that defines a Boolean expression relationship that is a decomposition rule that covers A program for causing a computer to execute processing for analyzing a tree of a system failure from a selected top event according to a decomposition rule defined in the component error model.
- Appendix 6 The program according to appendix 5, which causes a computer to execute a process of removing a redundant cut set of an event and calculating a minimum cut set based on an MCS calculation rule for calculating a minimum cut set of a fault tree.
- the system model library means for defining a system architecture model, a component error model, and an MCS calculation rule according to the decomposition rules and reduction rules defined by the system model library means, and a fault tree
- FSA fault tree analysis
- System Configuration Input Unit 120 System Model Library Unit 130 Fault Tree Analysis (FTA) Unit 121 System Architecture Model Unit 122 Component Error Model Unit 123 MCS Calculation Unit
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
Description
を有し、前記システム構成と前記頂上事象とは、前記システムモデルライブラリ手段にそれぞれ記憶されたシステムアーキテクチャモデルの事例とコンポーネントエラーモデルの故障事象であり、前記システムアーキテクチャモデルは、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述され、前記コンポーネントエラーモデルは、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義している故障の木を解析するシステムである。
システム構成と、解析する頂上事象のシステムとを入力するシステム構成入力手段と、
システムアーキテクチャモデルとコンポーネントエラーモデルとを記憶するシステムモデルライブラリ手段と、
前記コンポーネントエラーモデルで定義された分解ルールに従い、前記頂上事象からシステムの故障の木を解析するフォルトツリー解析手段と
を有し、
前記システム構成と前記頂上事象とは、前記システムモデルライブラリ手段にそれぞれ記憶されたシステムアーキテクチャモデルの事例とコンポーネントエラーモデルの故障事象であり、
前記システムアーキテクチャモデルは、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述され、
前記コンポーネントエラーモデルは、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義している
故障の木を解析するシステム。
前記システムモデルライブラリ手段は、故障の木の最小カットセットを算出するためのMCS算出ルールを記憶し、前記MCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出するMCS算出手段を
有する付記1に故障の木解析システム。
システムモデルから静的な故障の木を解析する故障の木解析方法であって、
解析するシステムにおける、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述されシステムアーキテクチャモデルと、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義しているコンポーネントエラーモデルとを記憶し、
解析するシステムの頂上事象を選択し、
前記コンポーネントエラーモデルで定義された分解ルールに従い、前記頂上事象からシステムの故障の木を解析する
故障の木解析方法。
故障の木の最小カットセットを算出するためのMCS算出ルールを記憶し、前記MCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出する
付記3に記載の故障の木解析方法。
コンピュータに、システムモデルから静的な故障の木を解析させるプログラムであって、
解析するシステムにおける、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述されシステムアーキテクチャモデルと、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義しているコンポーネントエラーモデルとを記憶する処理と、
前記コンポーネントエラーモデルで定義された分解ルールに従い、選択した頂上事象からシステムの故障の木を解析する処理と
をコンピュータに実行させるプログラム。
故障の木の最小カットセットを算出するためのMCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出する処理を
をコンピュータに実行させる付記5に記載のプログラム。
120 システムモデルライブラリ手段
130 フォルトツリー解析(FTA)手段
121 システムアーキテクチャモデル手段
122 コンポーネントエラーモデル手段
123 MCS算出手段
Claims (6)
- システムモデルから静的な故障の木を解析するシステムにおいて、
システム構成と、解析する頂上事象のシステムとを入力するシステム構成入力手段と、
システムアーキテクチャモデルとコンポーネントエラーモデルとを記憶するシステムモデルライブラリ手段と、
前記コンポーネントエラーモデルで定義された分解ルールに従い、前記頂上事象からシステムの故障の木を解析するフォルトツリー解析手段と
を有し、
前記システム構成と前記頂上事象とは、前記システムモデルライブラリ手段にそれぞれ記憶されたシステムアーキテクチャモデルの事例とコンポーネントエラーモデルの故障事象であり、
前記システムアーキテクチャモデルは、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述され、
前記コンポーネントエラーモデルは、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義している
故障の木を解析するシステム。 - 前記システムモデルライブラリ手段は、故障の木の最小カットセットを算出するためのMCS算出ルールを記憶し、前記MCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出するMCS算出手段を
有する請求項1に故障の木解析システム。 - システムモデルから静的な故障の木を解析する故障の木解析方法であって、
解析するシステムにおける、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述されシステムアーキテクチャモデルと、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義しているコンポーネントエラーモデルとを記憶し、
解析するシステムの頂上事象を選択し、
前記コンポーネントエラーモデルで定義された分解ルールに従い、前記頂上事象からシステムの故障の木を解析する
故障の木解析方法。 - 故障の木の最小カットセットを算出するためのMCS算出ルールを記憶し、前記MCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出する
請求項2に記載の故障の木解析方法。 - コンピュータに、システムモデルから静的な故障の木を解析させるプログラムであって、
解析するシステムにおける、異なるコンポーネント間の物理的及び意味的関係の区分と定義とが記述されシステムアーキテクチャモデルと、コンポーネントの異なる故障事象と、故障の木を解析に用いられる機能依存性と系列依存性とを網羅する分解ルールであるブール論理式関係とを定義しているコンポーネントエラーモデルとを記憶する処理と、
前記コンポーネントエラーモデルで定義された分解ルールに従い、選択した頂上事象からシステムの故障の木を解析する処理と
をコンピュータに実行させるプログラム。 - 故障の木の最小カットセットを算出するためのMCS算出ルールに基づいて、事象の冗長カットセットを除去し、最小カットセットを算出する処理を
をコンピュータに実行させる請求項5に記載のプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012517252A JPWO2011148891A1 (ja) | 2010-05-24 | 2011-05-23 | システムモデルからの静的なフォルトツリー解析のシステムと方法 |
US13/699,359 US20130073271A1 (en) | 2010-05-24 | 2011-05-23 | Static fault tree analysis system and method from system models |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010-117945 | 2010-05-24 | ||
JP2010117945 | 2010-05-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011148891A1 true WO2011148891A1 (ja) | 2011-12-01 |
Family
ID=45003881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/061738 WO2011148891A1 (ja) | 2010-05-24 | 2011-05-23 | システムモデルからの静的なフォルトツリー解析のシステムと方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20130073271A1 (ja) |
JP (1) | JPWO2011148891A1 (ja) |
WO (1) | WO2011148891A1 (ja) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012113582A (ja) * | 2010-11-26 | 2012-06-14 | Nec Corp | 故障の木の最小カットセットを効率的に評価する方法とシステム |
CN102707712A (zh) * | 2012-06-06 | 2012-10-03 | 广州山锋测控技术有限公司 | 电子装备故障诊断方法和系统 |
WO2013085025A1 (ja) * | 2011-12-09 | 2013-06-13 | 日本電気株式会社 | 最小カットセット評価システム、最小カットセット算出方法及びプログラム |
WO2014043667A1 (en) * | 2012-09-17 | 2014-03-20 | Siemens Corporation | Logic based approach for system behavior diagnosis |
JP5454826B2 (ja) * | 2011-02-22 | 2014-03-26 | 日本電気株式会社 | 故障の木システム信頼性分析システム、故障の木システム信頼性分析方法及びプログラム |
CN103729289A (zh) * | 2013-11-29 | 2014-04-16 | 北京广利核系统工程有限公司 | 一种利用图式标明hpd逻辑可靠性的方法 |
CN106094783A (zh) * | 2016-05-30 | 2016-11-09 | 重庆大学 | 一种液氢加注系统故障诊断和实时报警方法 |
KR20180135422A (ko) * | 2017-06-12 | 2018-12-20 | 지멘스 악티엔게젤샤프트 | 유휴 시스템 고장 상태들을 식별하기 위한 결함 트리들을 사용하는 안전 보장 |
CN109491812A (zh) * | 2018-10-11 | 2019-03-19 | 西北工业大学 | 基于区间模型的系统局部可靠性灵敏度分析方法 |
CN112069649A (zh) * | 2020-07-21 | 2020-12-11 | 武汉交通职业学院 | 一种基于模型驱动架构(mda)的电动汽车eps系统可靠性评估方法 |
CN113348418A (zh) * | 2018-12-18 | 2021-09-03 | 西门子工业软件有限责任公司 | 用于生成组合不同抽象层的多组件系统的混合层故障树的计算机实现的方法 |
CN114118790A (zh) * | 2021-11-25 | 2022-03-01 | 中电科航空电子有限公司 | 基于SysML民用通信导航系统安全性分析方法及系统 |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014184823A1 (en) * | 2013-05-15 | 2014-11-20 | Nec Corporation | System, method, and program for identifying persistent components and persistent systems |
US20140359366A1 (en) * | 2013-05-28 | 2014-12-04 | Jean-Pascal Schwinn | Method and Engineering Apparatus for Performing a Three-Dimensional Analysis of a Technical System |
US20160170868A1 (en) * | 2014-12-16 | 2016-06-16 | Siemens Aktiengesellschaft | Method and apparatus for the automated testing of a subsystem of a safety critical system |
US10558513B2 (en) * | 2015-01-30 | 2020-02-11 | Hitachi Power Solutions Co., Ltd. | System management apparatus and system management method |
US10241852B2 (en) * | 2015-03-10 | 2019-03-26 | Siemens Aktiengesellschaft | Automated qualification of a safety critical system |
WO2016173624A1 (en) * | 2015-04-28 | 2016-11-03 | Siemens Aktiengesellschaft | Method and apparatus for generating a fault tree for a failure mode of a complex system |
CN105138428B (zh) * | 2015-08-22 | 2018-03-06 | 西安电子科技大学 | 基于前驱依赖的故障恢复方法 |
US10061670B2 (en) * | 2015-12-28 | 2018-08-28 | Siemens Aktiengesellschaft | Method and apparatus for automatically generating a component fault tree of a safety-critical system |
US10558766B2 (en) * | 2015-12-31 | 2020-02-11 | Palo Alto Research Center Incorporated | Method for Modelica-based system fault analysis at the design stage |
DE112016006545T5 (de) * | 2016-04-08 | 2018-11-15 | Mitsubishi Electric Corporation | Informationsverarbeitungsvorrichtung, Informationsverarbeitungsverfahren und Informationsverarbeitungprogramm |
EP3260940A1 (en) * | 2016-06-21 | 2017-12-27 | Siemens Aktiengesellschaft | Method and apparatus for automated hazard detection |
US10684614B2 (en) * | 2016-07-27 | 2020-06-16 | Skyworks Solutions, Inc. | Flexible planning model for fabrication with high volume and high mixture |
CN107037802B (zh) * | 2016-10-28 | 2018-01-26 | 华中科技大学 | 一种过程控制系统信息安全防护的异常检测方法 |
CN111124879A (zh) * | 2019-10-31 | 2020-05-08 | 中国航天系统科学与工程研究院 | 一种基于故障树的待验属性提取方法、介质及设备 |
CN112580189B (zh) * | 2020-11-19 | 2022-12-02 | 中海石油(中国)有限公司天津分公司 | 用于ups供电系统获取故障树底事件结构重要度的方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0784995A (ja) * | 1993-09-17 | 1995-03-31 | Hitachi Ltd | 故障診断支援システム |
JP2000235507A (ja) * | 1999-02-16 | 2000-08-29 | Toshiba Corp | システムの信頼性設計装置及び方法並びにシステムの信頼性設計用ソフトウェアを記録した記録媒体 |
-
2011
- 2011-05-23 US US13/699,359 patent/US20130073271A1/en not_active Abandoned
- 2011-05-23 JP JP2012517252A patent/JPWO2011148891A1/ja active Pending
- 2011-05-23 WO PCT/JP2011/061738 patent/WO2011148891A1/ja active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0784995A (ja) * | 1993-09-17 | 1995-03-31 | Hitachi Ltd | 故障診断支援システム |
JP2000235507A (ja) * | 1999-02-16 | 2000-08-29 | Toshiba Corp | システムの信頼性設計装置及び方法並びにシステムの信頼性設計用ソフトウェアを記録した記録媒体 |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012113582A (ja) * | 2010-11-26 | 2012-06-14 | Nec Corp | 故障の木の最小カットセットを効率的に評価する方法とシステム |
JP5454826B2 (ja) * | 2011-02-22 | 2014-03-26 | 日本電気株式会社 | 故障の木システム信頼性分析システム、故障の木システム信頼性分析方法及びプログラム |
US8909991B2 (en) | 2011-02-22 | 2014-12-09 | Nec Corporation | Fault tree system reliability analysis system, fault tree system reliability analysis method, and program therefor |
WO2013085025A1 (ja) * | 2011-12-09 | 2013-06-13 | 日本電気株式会社 | 最小カットセット評価システム、最小カットセット算出方法及びプログラム |
JPWO2013085025A1 (ja) * | 2011-12-09 | 2015-04-27 | 日本電気株式会社 | 最小カットセット評価システム、最小カットセット算出方法及びプログラム |
CN102707712A (zh) * | 2012-06-06 | 2012-10-03 | 广州山锋测控技术有限公司 | 电子装备故障诊断方法和系统 |
WO2014043667A1 (en) * | 2012-09-17 | 2014-03-20 | Siemens Corporation | Logic based approach for system behavior diagnosis |
CN104756028A (zh) * | 2012-09-17 | 2015-07-01 | 西门子公司 | 用于系统行为诊断的基于逻辑的方法 |
CN103729289A (zh) * | 2013-11-29 | 2014-04-16 | 北京广利核系统工程有限公司 | 一种利用图式标明hpd逻辑可靠性的方法 |
CN106094783B (zh) * | 2016-05-30 | 2018-07-17 | 重庆大学 | 一种液氢加注系统故障诊断和实时报警方法 |
CN106094783A (zh) * | 2016-05-30 | 2016-11-09 | 重庆大学 | 一种液氢加注系统故障诊断和实时报警方法 |
KR20180135422A (ko) * | 2017-06-12 | 2018-12-20 | 지멘스 악티엔게젤샤프트 | 유휴 시스템 고장 상태들을 식별하기 위한 결함 트리들을 사용하는 안전 보장 |
KR101967327B1 (ko) | 2017-06-12 | 2019-04-09 | 지멘스 악티엔게젤샤프트 | 유휴 시스템 고장 상태들을 식별하기 위한 결함 트리들을 사용하는 안전 보장 |
US10359773B2 (en) | 2017-06-12 | 2019-07-23 | Siemens Aktiengeselschaft | Safety assurance using fault trees for identifying dormant system failure states |
CN109491812A (zh) * | 2018-10-11 | 2019-03-19 | 西北工业大学 | 基于区间模型的系统局部可靠性灵敏度分析方法 |
CN109491812B (zh) * | 2018-10-11 | 2022-01-04 | 西北工业大学 | 基于区间模型的系统局部可靠性灵敏度分析方法 |
CN113348418A (zh) * | 2018-12-18 | 2021-09-03 | 西门子工业软件有限责任公司 | 用于生成组合不同抽象层的多组件系统的混合层故障树的计算机实现的方法 |
CN112069649A (zh) * | 2020-07-21 | 2020-12-11 | 武汉交通职业学院 | 一种基于模型驱动架构(mda)的电动汽车eps系统可靠性评估方法 |
CN112069649B (zh) * | 2020-07-21 | 2023-08-18 | 武汉交通职业学院 | 一种基于mda的电动汽车eps系统可靠性评估方法 |
CN114118790A (zh) * | 2021-11-25 | 2022-03-01 | 中电科航空电子有限公司 | 基于SysML民用通信导航系统安全性分析方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
US20130073271A1 (en) | 2013-03-21 |
JPWO2011148891A1 (ja) | 2013-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011148891A1 (ja) | システムモデルからの静的なフォルトツリー解析のシステムと方法 | |
Mhenni et al. | SafeSysE: A safety analysis integration in systems engineering approach | |
Mhenni et al. | Automatic fault tree generation from SysML system models | |
Baudry et al. | Barriers to systematic model transformation testing | |
Joshi et al. | Automatic generation of static fault trees from AADL models | |
Kabir et al. | A model-based extension to HiP-HOPS for dynamic fault propagation studies | |
Jung et al. | A software fault tree analysis technique for formal requirement specifications of nuclear reactor protection systems | |
US9047165B1 (en) | Multiversion model versioning system and method | |
Stewart et al. | AADL-Based safety analysis using formal methods applied to aircraft digital systems | |
Chen et al. | Formal modeling and validation of stateflow diagrams | |
Mhenni | Safety analysis integration in a systems engineering approach for mechatronic systems design | |
Huang et al. | A framework for reliability-aware embedded system design on multiprocessor platforms | |
Buckl et al. | FTOS: Model-driven development of fault-tolerant automation systems | |
Cámara et al. | Synthesis and quantitative verification of tradeoff spaces for families of software systems | |
Rugina et al. | An architecture-based dependability modeling framework using AADL | |
Bozzano et al. | Formal Methods for Aerospace Systems: Achievements and Challenges | |
Lipaczewski et al. | Using tool-supported model based safety analysis--Progress and experiences in SAML development | |
Friedrich et al. | Knowledge engineering for configuration systems | |
US10970183B1 (en) | System and method for improving model performance | |
Domis et al. | Integrating variability and safety analysis models using commercial UML-based tools | |
Junges et al. | Fault Trees on a Diet: —Automated Reduction by Graph Rewriting— | |
Adler et al. | Graphically notated fault modeling and safety analysis in the context of electric and electronic architecture development and functional safety | |
Gaudel et al. | Enforcing software engineering tools interoperability: An example with aadl subsets | |
Nasser et al. | An Ontology-based Software Test Generation Framework. | |
Dong et al. | Overview: System architecture virtual integration based on an AADL model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11786590 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012517252 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13699359 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11786590 Country of ref document: EP Kind code of ref document: A1 |