Coral : a tool for compositional reliability and availability analysis ⋆

Dynamic Fault Trees in Reliability Engineering. Reliability and availability measures, such as system failure probability during a given mission time and system meantime-between-failures, are often important measures to assess in embedded systems design. There exist several techniques and formalisms for reliability/availability assessment. One such formalism is dynamic fault trees (DFT) [6]. DFTs are a graphical, high-level and versatile formalism to analyze the reliability of computer-based systems, describing the failure of a system in terms of the failure of its components. A DFT is comprised of basic events (modeling the failure of physical components) and gates (modeling how component failures induce system failures). DFTs extend standard (or static) fault trees by allowing the modeling of complex system components’ behaviors and interactions. Typically, a DFT is analyzed by first converting it into a continuous-time Markov chain (CTMC) and by then computing the reliability measures from this CTMC. For over a decade now, DFTs have been experiencing a growing success among reliability engineers. Unfortunately, a number of issues remain when using DFTs, most notably: (1) the DFT semantics is rather imprecise and the lack of formality has, in some cases, led to undefined behavior and misinterpretation of the DFT model. (2) DFTs lack modular analysis. That is, even if independent sub-modules exist in a DFT module, these submodules can not always be solved separately. Consequently, DFTs become vulnerable to the well-known state-space explosion problem; that is the size of the underlying CTMC grows exponentially with the number of basic events in the DFT. (3) DFTs also lack modular model-building, i.e. there are some rather severe restrictions on the type of allowed inputs to certain gates which greatly diminish the modeling flexibility and power of DFTs.