A comparison of fault trees and the Dynamic Flowgraph Methodology for the analysis of FPGA-based safety systems part 2: Theoretical investigations

摘要

The use of Field Programmable Gate Arrays (FPGAs) in safety-critical systems means that these systems must undergo a detailed reliability and safety analysis. Fault Tree Analysis (FTA) is a well-known method of reliability analysis, while the Dynamic Flowgraph Methodology (DFM), is a modern analysis method that includes time-dependent dynamic properties and was created to model and analyze digital control systems. This paper expands on previous work to examine the fundamental theoretical differences between common FTA methods such as: MOCUS, Binary Decision Diagrams (BDDs), and the "Method of Generalized Consensus" employed by DFM for Multiple-Valued Logic (MVL) systems. This was accomplished using a simplified feed water system. It was found that common FTA methods will not apply the necessary logical reduction operations to reduce MVL systems, resulting in many implicants being returned, and several Prime Implicants (PIs) being missed. Dynamic tests were performed showing that FTA could not explicitly include sink states and dynamic consistency rules in the model, as DFM does. Lastly, the original test system was modified and run for multiple time steps. Differences in dynamic top event probabilities, PIs, and the Fussel-Vesely importance measure are discussed, as are the potential advantages of DFM regarding FPGA-based systems.