Abstract

Usually, fault tree analyses are performed manually. They are based on documents that describe the system. Considerable knowledge, system insight, and overview is necessary to consider many failure modes, and dependencies between system components and their functionality at a time. Often, the behavior is too complicated to fully comprehend all possible failure consequences. Manual fault tree analysis is error-prone, costly and not necessarily complete. Formal risk analysis, an approach for automatically generating a fault tree from finite state machine-based descriptions of a system, is presented. The generated fault tree is complete with respect to all failures assumed possible. It is the basis for subsequent improvements of the system design and quantitative analysis of safety and liveness requirements in the presence of failures. A case study of formal risk analysis, the automatic generation of a fault tree for all sensor failures of a production cell's elevating rotary table, is discussed.