Automated Fault Tree Generation from Requirement Structures

The increasing complexity of today’s vehicles gives drivers help with everything from adaptive cruise control to warning lights for low fuel level. But the increasing functionality also increases the risk of failures in the system. To prevent system failures, different safety analytic methods can be used, e.g., fault trees and/or FMEA-tables. These methods are generally performed manually, and due to the growing system size the time spent on safety analysis is growing with increased risk of human errors. If the safety analysis can be automated, lots of time can be saved. This thesis investigates the possibility to generate fault trees from safety requirements as well as which additional information, if any, that is needed for the generation. Safety requirements are requirements on the systems functionality that has to be fulfilled for the safety of the system to be guaranteed. This means that the safety of the truck, the driver, and the surroundings, depend on the fulfillment of those requirements. The requirements describing the system are structured in a graph using contract theory. Contract theory defines the dependencies between requirements and connects them in a contract structure. To be able to automatically generate the fault tree for a system, information about the system’s failure propagation is needed. For this a Bayesian network is used. The network is built from the contract structure and stores the propagation information in all the nodes of the network. This will result in a failure propagation network, which the fault tree generation will be generated from. The failure propagation network is used to see which combinations of faults in the system can violate the safety goal, i.e., causing one or several hazards. The result of this will be the base of the fault tree. The automatic generation was tested on two different Scania systems, the fuel level display and the dual circuit steering. Validation was done by comparing the automatically generated trees with manually generated trees for the two systems showing that the proposed method works as intended. The case studies show that the automated fault tree generation works if the failure propagation information exists and can save a lot of time and also minimize the errors made by manually generating the fault trees. The generated fault trees can also be used to validate written requirements to by analyzing the fault trees created from them.