Abstract
In this chapter, the authors propose an algorithm for the reduction of fault tree expressions that are generated from failure behavioral models. The significance of the sequencing of events is preserved during the generation and all along the reduction process, thus allowing full qualitative analysis. Thorough and detailed analysis results should positively impact the design of condition monitoring and failure prevention mechanisms. A behavioral model of a robotic system that exhibits sequence-dependent failures is used in the study.
TopIntroduction
The use of robotics systems is widespread and spans a variety of application areas. From healthcare, to manufacturing, to nuclear power plants, to space missions, these systems are typically conceived to perform difficult, dangerous or critical tasks. The nature of such tasks—e.g., surgery operations, radioactive waste clean-up or space mining—places high demands on the dependability (reliability, safety, availability, and maintainability) of robotics systems.
The preoccupations in the dependability of robotics systems are not new. Fault Tree Analysis (FTA, Vesely 1981) and Failure Modes and Effects Analysis (FMEA, IEEE Std.352 1987) are among the most often used techniques in various domains of robotics. For instance, Visinsky, Walker, and Cavallaro (1993) describe the use of FTA for robots operating in remote and hazardous environments. Other fields of application include industrial robots like in (Karbasian, Mehr, & Agharajabi, 2012), and modular and swarm robots like in (Murray, Liu, Winfield, Timmis, & Tyrrell, 2012).
The widespread use of FTA in the dependability assessment of complex systems is mainly due to the flexibility and ease of use of the fault trees. These are static (i.e., ‘pure’ Boolean) models, and therefore enable the use of efficient Boolean calculus in the elimination of component failures that are irrelevant to the total failure of the system. This logical reduction (known as qualitative analysis) simplifies the process to produce overall probabilities of system hazards (i.e., quantitative analysis). Nevertheless, such convenience comes with the loss of the significance of the sequencing of failure events—i.e., the dynamic features often exhibited by modern systems cannot be captured by combinatorial models like this type of fault trees.
Robotics systems are certainly not an exception when it comes to sequence-dependent failures. For example, preclusion of the dynamic aspects due to the use of static fault trees in the analysis of modular robotic systems is clearly noted in (Murray et al., 2012). To overcome such drawback, an alternative can be the utilization of fault trees that are extended with capabilities to capture the dynamic features. A well-known example is the Dynamic Fault Tree (DFT) approach (Dugan, Bavuso, & Boyd, 1992). This method was primarily conceived for quantitative analysis, which is often state-based—i.e., Markov analysis which is based on state transition diagrams (Markov models) is the DFT most prominent solving technique. That is, the full power of the Boolean methods was sacrificed here, especially when it comes to analyzing the dynamic parts of the system at the level of the fault tree (i.e., reducing the DFT).
Theoretically, some later research efforts have provided workarounds to the question of FTA with dynamic aspects. To deal with it, a technique which is relevant to this chapter consists of extending the Boolean methods with temporal logic calculus. In this connection, a set of temporal laws that enable qualitative analysis of fault trees extended with dynamic features can be found in (Walker & Papadopoulos, 2009). In the same vein, the algebraic formalism in (Merle, Roussel, Lesage, & Bobbio, 2010) proposes formal descriptions of dynamic behaviors and provides proofs of a number of theorems useful for the qualitative analysis of this type of fault trees. The latter approach also deals with the corresponding probabilistic algebraic analysis.
In practice, automation of such advanced FTA as part of integrated dependability and systems engineering processes requires an automated generation and synthesis of these fault trees from failure behavioral models that are linked to the system specifications. The work in (Mahmud, Walker, & Papadopoulos, 2012) describes a suitable approach to generating and synthesizing fault trees that preserve the significance of the event-order from hierarchical models. Application areas for this approach include the automotive domain (Chen, Mahmud, Walker, Feng, Lönn, & Papadopoulos, 2013) and real-time performance-critical distributed computer systems in general (Mahmud, & Mian, 2013; Mian, Bottaci, Papadopoulos, Sharvia, & Mahmud, 2015). More details about integration in an extended FTA through a Model-Based development process can be found in (Kolagari, Chen, Lanusse, Librino, Lönn, Mahmud, Mraidha, Reiser, Torchiaro, Tucci-Piergiovanni, Wägemann, & Yakymets, 2015).
Key Terms in this Chapter
EAST-ADL: EAST-ADL is an electronic architecture and software technology architecture description language for automotive embedded systems, which was developed by a consortium of universities and automotive companies. The language was further refined within the framework of the model-based analysis and engineering of novel architectures for dependable electric vehicles (MAENAD) EU FP7 project. Aspects covered by EAST-ADL include vehicle features, functions, requirements, variability, dependability, software components, hardware components and communication.
Fault Tree Analysis: Fault tree analysis (FTA) postulates a hazard (top event of the fault tree) which must be avoided. It then reasons backward to identify all logical combinations of events which could lead the system to that hazard. FTA can be quantitative by combining figures for component failure rates to calculate overall probabilities of system hazards. It can also be qualitative by eliminating the component failures that are irrelevant to the total failure of the system, and thereby attempting to produce minimal failure scenarios. FTA is widely practiced in reliability engineering and in high-hazard industries.
Fault-Tolerance Systems: Fault-tolerance enables a system to continue its intended operation in the event of faults in some parts of it. Fault-tolerance systems rely typically on redundant units. The redundant components can be active and operating in parallel, or passive but switched into active use upon failure of the primary units. They can also be designed to be shared by a number of functionally identical systems.
AADL: AADL is an architecture analysis and design language standardized in 2004 by the Society of Automotive Engineers. It is used in the specification and analysis of the software and hardware architecture of real time embedded systems. AADL is mainly devoted to performance-critical aerospace and automotive systems.
Dynamic Fault Tree: Dynamic fault tree (DFT) was invented in response to a shortage in modelling sequence-dependent failures by using standard combinatorial fault trees. It thus added capabilities for capturing the dynamic aspects exhibited by modern complex systems. The DFT is designed primarily for quantitative analysis, in general by using Markov techniques. However, there has been less focus on qualitative analysis at the level of the DFT, i.e. determination of its (minimal) cut-sequences.
State Automata to Fault Trees: State automata to fault trees with order-dependent behaviors (SAFORA) is a top-down deductive synthesis approach that computes expressions of global failure conditions from the dysfunctional behavior local to the components of the system (described as hierarchical state machines). The purpose is to accurately analyze the reliability of architectures and the technique is suitable for complex systems featuring dynamic aspects.
Failure Mode and Effects Analysis: Failure mode and effects analysis (FMEA) is commonly known (and often used) as a bottom-up analysis technique. It proceeds by analyzing the system components individually, or sometimes collectively, to inductively derive the consequences of their failures on the system. FMEA aims at addressing those effects and the technique is widely practiced in reliability engineering in high-hazard industries.