Software Safety Using Fault Tree Analysis Technique

Instrumentation and Control (I C) systems are very often subject of probabilistic examination either within separate structural reliability analysis or Probabilistic Safety Assessment of a whole technological complex (e.g. Nuclear Power Plant). Use of programmable components in the design of these systems represents a challenge and utilizes the methods, which have been developed for components with a different behaviour. The typical method used for above mentioned examination is Fault Tree Analysis (FTA) (Vesely et al., 1981). The way of software faults modelling within Fault Trees vary a lot between particular models and there is no generally accepted modelling technique. 

Software System Hazard Analysis This type of analysis is conducted similar to a hardware system hazard analysis (SHA), analyzing software functional processing steps to determine whether they may have any particular hazardous effect on the system. The analysis utilizes a hazard-risk index to illustrate the severity of each potential failure. The main advantage to this method is in its ability to positively identify safety-critical hardware and software functions as well as consider the effect of the human element in system software operations. The results of the software SHA, which identifies single-point failures or errors within a system, can often be used to assist in the development of a software fault tree analysis or, to some degree, a system FMEA. However, as with the other various SWHA techniques briefly described above, this method is also time-consuming and costly to perform. 

Soft Tree Also known as Software Fault Tree Analysis, a system safety technique used to evaluate a single loss event and/or the effect of simultaneous failures with a software system on that single loss, or top event. 

Used in conjunction with ISA-TR84.00.04-2005 Part 1, the example set forth in this technical report is provided to illustrate howto apply ANSI/ISA-84.00.01-2004 Parts 1-3 (lEC 61511 Mod). It is intended to demonstrate one method to meet the requirements of the standards. The reader should be aware that ANSI/ISA-84.00.01-2004 Parts 1-3 (lEC 61511 Mod) is performance based, and that many approaches can be used to achieve compliance. Some of the methods applied in this example include what-if and HAZOP techniques for hazard and risk analysis, LOPA for allocation of safety functions to protection layers, fault tree analysis for SIL verification, and ladder logic to document the application software requirements. Other techniques and tools could be utilized at each of these steps in the safety lifecycle to meet the requirements of the standards. 

Fault trees are commonly used in safety critical industries such as aerospace. Their power is in being able to communicate complex failures in a simple graphical format which is relatively easy to learn. They can be applied to either potential failures or retrospectively in investigating actual failures. FTA has subtle limitations however especially when one needs to systematically identify aU possible causes of a particular hazard - for this, an alternative technique needs to supplement the analysis. Fault trees are also notoriously difficult to apply to complex software. 

Code analysis Code analysis goes into the very heart of the software system and verifies that the coded program actually accomplishes what it is designed to do. Software fault trees and Petri-Nets are used, as well as various other techniques. Some of the other tools used are code logic analysis, code data analysis, code interface analysis, measurement of complexity, code constraint analysis, safe subsets of programming languages, and formal methods and safety-critical considerations. 

---