Non deterministic Repairable Fault Trees for computing optimal repair strategy

In this paper, the Non deterministic Repairable Fault Tree (NdRFT) formalism is proposed: it allows to model failure modes of complex systems as well as their repair processes. The originality of this formalism with respect to other Fault Tree extensions is that it allows to face repair strategies optimization problems: in an NdRFT model, the decision on whether to start or not a given repair action is non deterministic, so that all the possibilities are left open. The formalism is rather powerful allowing to specify which failure events are observable, whether local repair or global repair can be applied, and the resources needed to start a repair action. The optimal repair strategy can then be computed by solving an optimization problem on a Markov Decision Process (MDP) derived from the NdRFT. A software framework is proposed in order to perform in automatic way the derivation of an MDP from a NdRFT model, and to deal with the solution of the MDP

Semantics of Non-Deterministic Repairable Fault Trees

Fault Tree Analysis is a popular technique used to support the design of critical systems. In a prior work, fault tree semantics have been developed for Non-Deterministic Dynamic FaultTrees that introduces non-determinism to the recovery actions to solve the problem of spare races and improve system reliability. However the existing work only deals with permanent faults. The focus of the thesis work is extending the formalism of NonDeterministic Dynamic Fault Trees to support the notion of repair and develop semantics for Non-Deterministic Repairable Fault Trees to achieve higher availability of system. It includes formalizing the gate semantics and adapting the algorithms for analyzing the fault tree. Furthermore, the thesis work also adapts the minimization algorithms to produce a more compact version of the Recovery Automaton with fewer state

A Modular Approach to Non-deterministic Dynamic Fault Trees

Dynamic Fault Trees (DFTs) are powerful tools for deriving fault-tolerant system designs. However, deterministic approaches to DFTs suffer from semantic struggles with problems such as spare races. In this paper, we discuss the added complexity in the state-space representation of a non-deterministic DFT model and propose a modularized approach for synthesizing recovery automata. Finally, we give an implementation and evaluate it on the Fault tree FOResT (FFORT) benchmark. The results show that non-deterministic semantics with modularization can scale for literature case studies

Fault Tree Analysis: a survey of the state-of-the-art in modeling, analysis and tools

Fault tree analysis (FTA) is a very prominent method to analyze the risks related to safety and economically critical assets, like power plants, airplanes, data centers and web shops. FTA methods comprise of a wide variety of modelling and analysis techniques, supported by a wide range of software tools. This paper surveys over 150 papers on fault tree analysis, providing an in-depth overview of the state-of-the-art in FTA. Concretely, we review standard fault trees, as well as extensions such as dynamic FT, repairable FT, and extended FT. For these models, we review both qualitative analysis methods, like cut sets and common cause failures, and quantitative techniques, including a wide variety of stochastic methods to compute failure probabilities. Numerous examples illustrate the various approaches, and tables present a quick overview of results

Synthesizing FDIR Recovery Strategies for Space Systems

Dynamic Fault Trees (DFTs) are powerful tools to drive the design of fault tolerant systems. However, semantic pitfalls limit their practical utility for interconnected systems that require complex recovery strategies to maximize their reliability. This thesis discusses the shortcomings of DFTs in the context of analyzing Fault Detection, Isolation and Recovery (FDIR) concepts with a particular focus on the needs of space systems. To tackle these shortcomings, we introduce an inherently non-deterministic model for DFTs. Deterministic recovery strategies are synthesized by transforming these non-deterministic DFTs into Markov automata that represent all possible choices between recovery actions. From the corresponding scheduler, optimized to maximize a given RAMS (Reliability, Availability, Maintainability and Safety) metric, an optimal recovery strategy can then be derived and represented by a model we call recovery automaton. We discuss dedicated techniques for reducing the state space of this recovery automaton and analyze their soundness and completeness. Moreover, modularized approaches to handle the complexity added by the state-based transformation approach are discussed. Furthermore, we consider the non-deterministic approach in a partially observable setting and propose an approach to lift the model for the fully observable case. We give an implementation of our approach within the Model-Based Systems Engineering (MBSE) framework Virtual Satellite. Finally, the implementation is evaluated based on the FFORT benchmark. The results show that basic non-deterministic DFTs generally scale well. However, we also found that semantically enriched non-deterministic DFTs employing repair or delayed observability mechanisms pose a challenge

Computing Optimal Repair Strategies by Means of NdRFT Modeling and Analysis

International audienceIn this paper, the Non-deterministic Repairable Fault Tree (NdRFT) formalism is proposed: it allows the modeling of failures of complex systems in addition to their repair processes. Its originality with respect to other Fault Tree extensions allows us to address repair strategy optimization problems: in an NdRFT model, the decision as to whether to start or not a given repair action is non-deterministic, so that all the possibilities are left open. The formalism is rather powerful, it allows: the specification of self-revealing events, the representation of components degradation, the choice among local repair, global repair, preventive maintenance, and the specification of the resources needed to start a repair action. The optimal repair strategy with respect to some relevant system state function, e.g. system unavailability, can then be computed by solving an optimization problem on a Markov Decision Process derived from the NdRFT. Such derivation is obtained by converting the NdRFT model into an intermediate formalism called Markov Decision Petri Net (MDPN). In the paper, the NdRFT syntax and semantics are formally described, together with the conversion rules to derive from the NdRFT the corresponding MDPN model. The application of NdRFT is illustrated through examples