Fault-Tree Analysis is a graphical representation of several faults that contributes to generate a failures. This is used by several safety/relalibility evaluation process, such as ARP4761. The following paragraphs explains the mapping rules between an AADL model and its Error-Model Annex into a Fault-Tree representation.
A complete wikipedia article explains the representation format for FTA.
To use the FTA generator, you have to select a system instance and invoke the FTA tool on the root system. A dialog box will ask the error state (in terms of component behavior state) that corresponds to the error, as shown below.
The file is then produced into the reports/ sub-directory, as shown below.
Two types of files are generated:
The mapping into OpenFTA provides a solution to use directly the FTA in a tool available to everyone at no-cost. Even if this tool has some limitation, it is a convenient way to visualize the fault-tree of your system. Once the report is generated it can be used directly within OpenFTA. The figure below shows one example of an exported model.
Most of Fault-Tree Analysis tools are proprietary and use a specific format. Thus, exporting the AADL notation into a tool requires to produce a file using a specific format and would avoid to use another tool. On the other hand, one solution is to use a general-purpose and open file format that can be easily processed to export into specific representation, for each FTA-related tool.
The XML file is composed of one or several XML nodes called event that may contain themselves event children nodes. The event node may have the following attributes:
An example of such an XML file is shown below.
To generate an FTA, we used the composite error behavior, as for the RDB. As a consequence, in order to generate a complete FTA, we need first to define the composite error behavior of the main system instance.