US 11,853,048 B2
Control method and device that resolves closed loops in automatic fault tree analysis of a multi-component system
Francesco Montrone, Riemerling (DE); Kai Höfig, Rohrdorf (DE); and Marc Zeller, Munich (DE)
Assigned to SIEMENS AKTIENGESELLSCHAFT, Munich (DE)
Appl. No. 15/734,332
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed May 9, 2019, PCT No. PCT/EP2019/061917
§ 371(c)(1), (2) Date Dec. 2, 2020,
PCT Pub. No. WO2019/233700, PCT Pub. Date Dec. 12, 2019.
Claims priority of application No. 18176423 (EP), filed on Jun. 7, 2018.
Prior Publication US 2021/0223766 A1, Jul. 22, 2021
Int. Cl. G05B 23/02 (2006.01)
CPC G05B 23/0248 (2013.01) [G05B 23/0275 (2013.01); G05B 2219/24085 (2013.01)] 3 Claims
OG exemplary drawing
 
1. A computer-implemented method performed by a processor, comprising:
analyzing a multi-component safety-critical system comprising closed-loop circuitry of a closed-loop controller using a fault tree to identify a system failure, a cause of the system failure, and an impact to safety as a result of the system failure, wherein, prior to the analyzing, arbitrary circular logics of the fault free are removed from the fault tree by:
modeling the multi-component system using a fault tree, the fault tree comprising elements associated with components of the multi-component system and interconnections between the elements associated with functional dependencies between the components;
back-tracing failure propagation paths from an output element of the fault tree via the interconnections towards one or more input elements of the fault tree;
checking, for all failure propagation paths, if the respective failure propagation path contains a closed loop associated with the closed-loop circuitry of the closed-loop controller to control a component of the multi-component safety critical system by identifying a downstream element of the respective failure propagation path having a dependency of its output value on an output value of an upstream element of the failure propagation path;
setting the input value corresponding to a loop interconnection of each such downstream element to Boolean TRUE;
replacing any Boolean AND-gate having, independently of the specific values of the input elements, Boolean TRUE as output value with a Boolean OR-gate between the respective downstream element and the respective upstream element;
cutting off any Boolean TRUE input to any Boolean AND-gate remaining between the respective downstream element and the respective upstream element; and
setting the input value of each respective downstream element corresponding to the loop interconnection to Boolean FALSE;
automatically optimizing the multi-component safety-critical system with regards to at least one of reliability, availability, maintainability, and safety, as a function of the analyzing; and
in response to the automatically optimizing, controlling a component of the multi-component safety critical system with the closed-loop controller by outputting a control signal to the component.