regression i nnew FTA generation

[juli1]

There is a regression in the new FTA generation. Consider the following FTA. The fault of the actuators depend on an error from the sensor. The previous generator followed the flow of the state machine and used the transition. The new code just stop at the state. The code should also process the state machine, see what events triggers the state machine and show the common error.

There is the model.

package fault_tree::common_error public

with ErrorLibrary;

data mydata end mydata;

device sensor features valueout : out data port mydata; annex EMV2{ use types ErrorLibrary; use behavior ErrorLibrary::FailStop; error propagations valueout : out propagation {LateDelivery}; flows ef0 : error source valueout{LateDelivery}; end propagations; }; end sensor;

system computing features valuein : in data port mydata; valueout1 : out data port mydata; valueout2 : out data port mydata; annex EMV2{ use types ErrorLibrary; use behavior ErrorLibrary::FailStop; error propagations valuein : in propagation {LateDelivery}; valueout1 : out propagation {ServiceError}; valueout2 : out propagation {ServiceError}; flows ef0 : error path valuein{LateDelivery} -> valueout1{ServiceError}; ef1 : error path valuein{LateDelivery} -> valueout2{ServiceError}; end propagations; }; end computing;

device actuator features valuein : in data port mydata; annex EMV2{** use types ErrorLibrary; use behavior ErrorLibrary::FailStop; error propagations valuein : in propagation {ServiceError}; flows ef0 : error sink valuein{ServiceError}; end propagations;

component error behavior
transitions
    t0 : operational -[valuein{ServiceError}]-> failstop;
end component;

**}; end actuator;

system main end main;

system implementation main.i subcomponents s0 : device sensor; c0 : system computing; a0 : device actuator; a1 : device actuator; connections conn0 : port s0.valueout -> c0.valuein; conn1 : port c0.valueout1 -> a0.valuein; conn2 : port c0.valueout2 -> a1.valuein; annex EMV2{** use types ErrorLibrary; use behavior ErrorLibrary::FailStop;

composite error behavior
states
    [a0.failstop and a1.failstop ]-> failstop;
end composite;

**}; end main.i;

end fault_tree::common_error;

[reteprelief]

The generator does the right thing. The state machine of computing is not associated with any outgoing propagation, thus, it is not picked up. You need to add an outgoing propagation condition, e.g., component error behavior propagations p1: FailStop-[]-> valueout1{ServiceOmission}; p2: FailStop-[]-> valueout2{ServiceOmission}; io1: all-[valuein{LateDelivery}]-> valueout1{ServiceOmission}; io2: all-[valuein{LateDelivery}]-> valueout2{ServiceOmission}; end component;

In the case of the actuator, the state is directly referenced by the composite and there we trace back to the error event. In the case of the sensor the state machine is also ignored since no outgoing propagation condition is specified.

In my example of computing above, you have to specify that the state affects the out propagation. You also have to specify that the incoming propagation affects the outgoing one, effectively saying the same thing as the flow. I currently do not check to see if the incoming propagations are not handled in the component error behavior to then drop to the flow and do so only for those not handled by the component error behavior specification.

[juli1]

If you look, the composite references the state Failstop in the actuator. The actuator goes into the failstop when it receives a serviceerror on valuein. This serviceerror in valuein is propagated by the computing through a flow path. And originates from a LateDelivery on the output port.

In fact, both actuators will then fail because of the same error in the sensor.

When parsing the composite state machine, the generator originally analyzed the state machine and see if there is any error flow that trigger a transition to that state. And then, add this incoming error event as an Error Event in the FTA. We should analyze the error behavior, not only the propagations.

This is the piece of code that is actually missing. On that example, it will show a common error for the actuators.

[juli1]

case closed