The invention relates to the determination of a full error description for at least one part of a technical system.
Such a method is known where an error description is determined manually in the form of an error tree for a technical system.
Due to the manual determination of the error description, the uncoordinated and therefore unsystematic compilation of the error description in particular and therefore the possible incompleteness and lack of formally demonstrable correctness of the error tree determined are considerable drawbacks. These drawbacks take on considerable significance in particular in the case of complex safety-critical systems, the development of which has to be subject to high requirements.
A further drawback in the case of manual determination of an error tree can be seen in the fact that it frequently cannot be determined within a planned time and cost frame due to the exceptional complexity of the system to be described. The quality of a manually compiled error tree is therefore doubtful in relation to any proof of safety which may possibly be required. In particular, there is a danger that critical situations within the system are not noticed, which could result in threats to the technical system.
An error tree, as described in DIN 25424-1: Fehlerbaumanalyse, Methoden und Bildzeichen (“Error tree analysis, methods and graphic symbols”), September 1981, means a structure which describes logical relationships between input variables of the error tree, which input variables result in a predefined undesirable result.
Principles relating to error tree analysis are known from DIN 25424-2: Fehlerbaumanalyse; Handrechenverfahren zur Auswertung eines Fehlerbaums (“Error tree analysis; manual calculation method for evaluating an error tree”), April 1990, Berlin, Beuth Verlag GmbH (“DIN 25424-2 reference”). Various methods relating to error tree analysis are also described in DIN 25424-2 reference.
A method of compiling an error tree is known from IEEE Software, pages 48-59, July 1991 (“IEEE reference”), where an attempt is made with the error tree, albeit in an unreliable and incomplete manner, to investigate predefined program code using reference error trees for predefined command types of a computer program.
Furthermore, a method of determining a full error description for a technical system is described in P. Liggesmeyer, O. Mäckel, Automatisierung erweiterter Fehlerbaumanalysen für komplexe technische Systeme (“Automation of expanded error tree analysis for complex technical systems”), at Automatisierungstechnik, Oldenbourg Verlag, pp. 67-76, No. 2, February 2000. In this method, a full error description is determined for the technical system which is described by a stored system description which can be processed by the computer. The system description contains information on elements available in the system and on the links between them. An element error description is determined for each element taken into consideration, using a stored error description which is respectively associated with a reference element. A full error description is determined from the element error descriptions, taking into account information on element links.