Automated qualification of a safety critical system

US 10,241,852 B2
Filed: 03/10/2015
Issued: 03/26/2019
Est. Priority Date: 03/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method for automated qualification of a safety critical system comprising a plurality of components, wherein each component of the plurality of components is a hardware component, a software component, or a hardware and software component, wherein a functional safety behavior of each component of the plurality of components is represented by an associated component fault tree element, the method comprising:

automatically performing, by a processor, a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined fault type data model, stored in a database, wherein the failure port mapping is automatically performed when one of the output failure modes of one of the component fault tree elements has a same failure type as one of the input failure modes of another one of the component fault tree elements; and

qualifying, by the processor, the safety critical system based on the mapped failure modes, wherein qualifying comprises performing a fault tree analysis based on the mapped failure modes and qualifying the safety critical system when results of the fault tree analysis indicate that the failure types of the output failure modes of the component fault tree elements are propagated to either a same failure type or a more general failure type of the input failure modes of the component fault tree elements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automated qualification of a safety critical system including a plurality of components is provided. A functional safety behavior of each component is represented by an associated component fault tree element. The method includes automatically performing a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined generic fault type data model stored in a database.

Citations

23 Claims

1. A method for automated qualification of a safety critical system comprising a plurality of components, wherein each component of the plurality of components is a hardware component, a software component, or a hardware and software component, wherein a functional safety behavior of each component of the plurality of components is represented by an associated component fault tree element, the method comprising:
- automatically performing, by a processor, a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined fault type data model, stored in a database, wherein the failure port mapping is automatically performed when one of the output failure modes of one of the component fault tree elements has a same failure type as one of the input failure modes of another one of the component fault tree elements; and
  
  qualifying, by the processor, the safety critical system based on the mapped failure modes, wherein qualifying comprises performing a fault tree analysis based on the mapped failure modes and qualifying the safety critical system when results of the fault tree analysis indicate that the failure types of the output failure modes of the component fault tree elements are propagated to either a same failure type or a more general failure type of the input failure modes of the component fault tree elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - selecting a component fault tree element of a component of the plurality of components of the safety critical system to be qualified; and
      
      identifying the component fault tree elements connected to the inports and outports of the selected component fault tree element.
  - 3. The method of claim 2, further comprising:
    - identifying within the failure type data model stored in the database names of the failure types of the output failure modes of components connected to the inports of the selected component and names of the failure types of the input failure modes of components connected to the outports of the selected component.
  - 4. The method of claim 3, further comprising:
    - identifying within the failure type data model, the failure types of the output failure modes and the input failure modes of the selected component of the safety critical system to be qualified.
  - 5. The method of claim 4, further comprising:
    - automatically connecting the output failure modes of outports of connected components with input failure modes of inports of the selected component of the safety critical system to be qualified; and
      
      automatically connecting the input failure modes of inports of connected components with output failure modes of outports of the selected component of the safety critical system to be qualified using the identified names of failure types and relations of the predetermined failure type data model stored in the database.
  - 6. The method of claim 1, wherein the automated qualification of the safety critical system is performed when planning the safety critical system, during runtime of the safety critical system, or when planning the safety critical system and during runtime of the safety critical system.
  - 7. The method of claim 1, wherein the failure type data model is a hierarchical failure type data model comprising a plurality of failure type hierarchy levels.
  - 8. The method of claim 1, wherein connections between output failure modes and input failure modes are logic connections representing an information flow, an energy flow or a fluid flow between components of the safety critical system.
  - 9. The method of claim 1, wherein the database is a first database, andwherein component fault tree elements are generated, loaded, or generated and loaded from a component fault tree element library stored in a second database.
  - 10. The method of claim 1, wherein the component fault tree element of a component of the plurality of components comprises an internal fault tree logic modeling a failure propagation from an inport of the component fault tree element to an outport of the component fault tree element depending on internal basic events.
  - 11. The method of claim 10, wherein the internal fault tree logic of a component fault tree element comprises logic gates.
  - 12. The method of claim 1, further comprising providing, by the processor, system-wide safety feedback on the safety critical system, wherein the system-wide safety feedback is indicative of whether the safety critical system is qualified.

13. An apparatus for automated qualification of a safety critical system having a plurality of components, wherein each component of the plurality of components is a hardware component, a software component, or a hardware and software component, wherein a functional safety behavior of each component of the plurality of components is represented by an associated component fault tree element, the apparatus comprising:
- a memory storing a database; and
  
  a processor in communication with the memory and configured to;
  
  automatically perform a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined failure type data model stored in the database, wherein the failure port mapping is automatically performed when one of the output failure modes of one of the component fault tree elements has a same failure type as one of the input failure modes of another of the component fault tree elements; and
  
  qualify the safety critical system based on the mapped failure modes, wherein the qualification of the safety critical system based on the mapped failure modes comprises performance of a fault tree analysis based on the mapped failure modes and qualification of the safety critical system when results of the fault tree analysis indicate that the failure types of the output failure modes of the component fault tree elements are propagated to either a same failure type or a more general failure type of the input failure modes of the component fault tree elements.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13, wherein the processor is further configured to:
    - select a component fault tree element of a component of the plurality of components of the safety critical system to be qualified; and
      
      identify the component fault tree elements connected to inports and outports of the selected component fault tree element.
  - 15. The apparatus of claim 14, wherein the processor is further configured to:
    - identify within the failure type data model stored in the database names of the failure types of the output failure modes of components connected to the inports of the selected component; and
      
      identify names of the failure types of the input failure modes of components connected to the outports of the selected component.
  - 16. The apparatus of claim 15, wherein the processor is further configured to identify within the failure type data model the failure types of the output failure modes and the input failure modes of the selected component of the safety critical system to be qualified.
  - 17. The apparatus of claim 16, wherein the processor is further configured to:
    - automatically connect the output failure modes of outports of connected components with input failure modes of inports of the selected component of the safety critical system to be qualified; and
      
      automatically connect the input failure modes of inports of connected components with output failure modes of outports of the selected component of the safety critical system to be qualified using the identified names of failure types and relations of the predetermined failure type data model stored in the database.
  - 18. The apparatus of claim 13, wherein the automated qualification of the safety critical system is performed when planning the safety critical system, during runtime of the safety critical system, or when planning the safety critical system and during runtime of the safety critical system.
  - 19. The apparatus of claim 13, wherein the processor is further configured to provide system-wide safety feedback on the safety critical system, wherein the system-wide safety feedback is indicative of whether the safety critical system is qualified.

20. A safety critical system comprising:
- a plurality of components, wherein each component of the plurality of components is a hardware component, a software component, or a hardware and software component, wherein the safety critical system is qualifiable by an apparatus for automated qualification,wherein a functional safety behavior of each component of the plurality of components is represented by an associated component fault tree element, the apparatus comprising a memory storing a database, and a processor in communication with the memory and configured to automatically perform a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined failure type data model stored in the database and qualify the safety critical system based on the mapped failure modes, wherein the failure port mapping is automatically performed when one of the output failure modes of one of the component fault tree elements has a same failure type as one of the input failure modes of another one of the component fault tree elements, wherein the qualification of the safety critical system comprises performance of a fault tree analysis based on the mapped failure modes and qualification of the safety critical system when results of the fault tree analysis indicated that the failure types of the output failure modes of the component fault tree elements are propagated to either a same failure type or a more general failure type of the input failure modes of the component fault tree elements.
- View Dependent Claims (21, 22)
- - 21. The safety critical system of claim 20, wherein the safety critical system is a safety critical embedded system comprising hardware components, software components, or the hardware components and the software components.
  - 22. The safety critical system of claim 20, wherein the qualification of the safety critical system is performed when planning the safety critical system, during runtime of the safety critical system, or when planning the safety critical system and during runtime of the safety critical system.

23. A non-transitory computer-readable storage medium storing instructions executable by one or more processors to automatically qualify a safety critical system comprising a plurality of components, wherein each component of the plurality of components is a hardware component, a software component, or a hardware and software component, wherein a functional safety behavior of each component of the plurality of components is represented by an associated component fault tree element, the instructions comprising:
- automatically performing a failure port mapping of output failure modes to input failure modes of component fault tree elements based on a predetermined fault type data model, stored in a database, wherein the failure port mapping is automatically performed when one of the output failure modes of one of the component fault tree elements has a same failure type as one of the input failure modes of another one of the component fault tree elements; and
  
  qualifying the safety critical system based on the mapped failure modes, wherein qualifying comprises performing a fault tree analysis based on the mapped failure modes and qualifying the safety critical system when results of the fault tree analysis indicated that the failure types of the output failure modes of the component fault tree elements are propagated to either a same failure type or a more general failure type of the input failure modes of the component fault tree elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Hofig, Kai, Zeller, Marc
Primary Examiner(s)
Contino, Paul

Application Number

US14/644,119
Publication Number

US 20160266952A1
Time in Patent Office

1,477 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/004   Error avoidance G06F11/07 a...

G06F 11/008   Reliability or availability...

G06F 11/0736   in functional embedded syst...

G06F 11/0751   Error or fault detection no...

G06F 11/079   Root cause analysis, i.e. e...

Automated qualification of a safety critical system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Automated qualification of a safety critical system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links