Automating the failure modes and effects analysis of safety critical systems

Failure modes and effects analysis (FMEA) is a classical system safety analysis technique which is currently widely used in the automotive, aerospace and other safety critical industries. In the process of an FMEA, analysts compile lists of component failure modes and try to infer the effects of those failure modes on the system. System models, typically simple engineering diagrams, assist analysts in understanding how the local effects of component failures propagate through complex architectures and ultimately cause hazardous effects at system level. Although there is software available that assists engineers in performing clerical tasks, such as forming tables and filling in data, the intelligent part of an FMEA process remains a manual and laborious process. Thus, one of the main criticisms of FMEA is that the time taken to perform the analysis can often exceed the period of the design and development phases and therefore the analysis de facto becomes a mere deliverable to the customer and not a useful tool capable of improving the design. Difficulties naturally become more acute as systems grow in scale and complexity. To address those difficulties, a body of work is looking into the automation and simplification of FMEA (Renovell et al., 1985). To mechanically infer the effects of component failures in a system, several approaches have been proposed which use domain specific qualitative or quantitative fault simulation. These approaches are restricted to particular application domains such as the design of electrical or electronic circuits. Limitations in scope but also difficulties with the efficiency and scalability of algorithms seem to have so far limited the industrial take-up of this automated FMEA technology which is still under development. In this paper, we propose a new approach to the automatic synthesis of FMEAs which builds upon recent work towards automating fault tree analysis (Papadopoulos et al., 2001). In this approach, FMEAs are built from engineering diagrams that have been augmented with information about component failures. The proposed approach is generic, i.e. not restricted to an application domain, and potentially applicable to a range of widely used engineering models. The models that provide the basis for the analysis identif- y the topology of the system, i.e. the system components and the material energy and data transactions among those components. Models can also be hierarchically structured and record in different layers the decomposition of subsystems into more basic components. We should note that this type of structural models include piping and instrumentation diagrams, data flow diagrams and other models commonly used in many areas of engineering design.