metaFMEA-A Framework for Reusable FMEAs

  • Kai Höfig
  • Marc Zeller
  • Lars Grunske
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8822)


Failure mode and effects analysis (FMEA), is a widely used deductive failure analysis for safety critical systems. Since modern safety critical systems tend to increased complexity, automation and tool support have a long history in research and industry. Whereas compact embedded systems can be analyzed using FMEA in a manually maintained table using for example a spreadsheet application, complex systems easily result in an unmanageable long table especially when larger development teams are involved. During the application of the methodology in industry, two central problems were observed. First, textually described effects are interpreted differently and lead to inconsistencies. Second, one component often is used multiple times in a system, e.g. in electronic circuits where huge circuits are build using a small number of electronic devices. Each implementation of a component results in the same failure modes in a FMEA. Manually inserting them is error prone and adding a new failure mode to an existing component can be very time consuming. Therefore, we describe here a meta model that is capable to solve the aforementioned problems of different inconsistencies and analyze the benefits of this meta model in a tool implementation along with a case study.


FMEA FMEDA model-based safety engineering 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adler, R., Förster, M., Trapp, M.: Determining Configuration Probabilities of Safety-Critical Adaptive Systems. In: 21st International Conference on Advanced Information Networking and Applications (AINA 2007), pp. 548–555. IEEE Computer Society (2007)Google Scholar
  2. 2.
    Amari, S., Dill, G., Howald, E.: A new approach to solve dynamic fault trees. In: Annual Reliability and Maintainability Symposium, pp. 374–379 (2003)Google Scholar
  3. 3.
    Bechta-Dugan, J., Bavuso, S., Boyd, M.: Dynamic fault-tree models for fault-tolerant computer systems. IEEE Transactions on Reliability 41(3), 363–377 (1992)CrossRefGoogle Scholar
  4. 4.
    Bondavalli, A., Majzik, I., Mura, I.: Automated Dependability Analysis of UML Designs. IEEE International Symposium on Object-oriented Real-time distributed Computing 2 (1999)Google Scholar
  5. 5.
    Boulanger, J.L., Dao, V.Q.: Experiences from a model-based methodology for embedded electronic software in automobile. pp. 1–6 (April 2008)Google Scholar
  6. 6.
    Bozzano, M., Cimatti, A., Katoen, J.-P., Nguyen, V.Y., Noll, T., Roveri, M.: The COMPASS approach: Correctness, modelling and performability of aerospace systems. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 173–186. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Bozzano, M., Cimatti, A., Katoen, J.P., Nguyen, V.Y., Noll, T., Roveri, M.: Safety, dependability and performance analysis of extended aadl models. Comput. J. 54(5), 754–775 (2011)CrossRefGoogle Scholar
  8. 8.
    Bretschneider, M., Holberg, H.J., Bode, E., Bruckner, I.: Model-based safety analysis of a flap control system. In: Proc. 14th Annual INCOSE Symposium (2004)Google Scholar
  9. 9.
    CENELEC EN 50126,128,129: CENELEC (European Committee for Electro-technical Standardisation): Railway Applications – the specification and demonstration of Reliability, Availability, Maintainability and Safety, Railway Applications – Software for Railway Control and Protection Systems, Brussels (2000)Google Scholar
  10. 10.
    Cichocki, T., Górski, J.: Failure mode and effect analysis for safety-critical systems with software components. In: Koornneef, F., van der Meulen, M.J.P. (eds.) SAFECOMP 2000. LNCS, vol. 1943, pp. 382–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Cichocki, T., Górski, J.: Formal support for fault modelling and analysis. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 190–199. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    David, P., Idasiak, V., Kratz, F.: Towards a Better Interaction Between Design and Dependability Analysis: FMEA Derived From UML/SysML Models. In: Safety, Reliability and Risk Analysis: Theory, Methods and Applications, pp. 2259–2266 (January 2008)Google Scholar
  13. 13.
    Dehlinger, J., Dugan, J.B.: Analyzing dynamic fault trees derived from model-based system architectures. Nuclear Engineering and Technology: An International Journal of the Korean Nuclear Society 40(5), 365–374 (2008)CrossRefGoogle Scholar
  14. 14.
    Domis, D., Trapp, M.: Integrating Safety Analyses and Component-Based Design. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 58–71. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Elmqvist, J., Nadjm-Tehrani, S.: Safety-Oriented Design of Component Assemblies using Safety Interfaces. Formal Aspects of Component Software (2006)Google Scholar
  16. 16.
    Ganesh, P., Dugan, J.: Automatic Synthesis of Dynamic Fault Trees from UML SystemModels. In: 13th International Symposium on Software Reliability Engineering, ISSRE (2002)Google Scholar
  17. 17.
    Giese, H., Tichy, M., Schilling, D.: Compositional hazard analysis of uml component and deployment models. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 166–179. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Grunske, L.: Towards an Integration of Standard Component-Based Safety Evaluation Techniques with SaveCCM. In: Hofmeister, C., Crnković, I., Reussner, R. (eds.) QoSA 2006. LNCS, vol. 4214, pp. 199–213. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Grunske, L., Colvin, R., Winter, K.: Probabilistic model-checking support for FMEA. In: Fourth International Conference on the Quantitative Evaluaiton of Systems (QEST 2007), pp. 119–128. IEEE Computer Society (2007)Google Scholar
  20. 20.
    Grunske, L., Kaiser, B.: Automatic generation of analyzable failure propagation models from component-level failure annotations. In: Fifth International Conference on Quality Software (QSIC 2005), Melbourne, September 19-20, pp. 117–123. IEEE Computer Society (2005)Google Scholar
  21. 21.
    Grunske, L., Kaiser, B., Papadopoulos, Y.: Model-driven safety evaluation with state-event-based component failure annotations. In: Heineman, G.T., Crnković, I., Schmidt, H.W., Stafford, J.A., Ren, X.-M., Wallnau, K. (eds.) CBSE 2005. LNCS, vol. 3489, pp. 33–48. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Güdemann, M., Ortmeier, F.: A framework for qualitative and quantitative formal model-based safety analysis. In: 12th IEEE High Assurance Systems Engineering Symposium, HASE 2010, San Jose, CA, USA, November 3-4, pp. 132–141. IEEE Computer Society Press (2010)Google Scholar
  23. 23.
    Güdemann, M., Ortmeier, F., Reif, W.: Using Deductive Cause-Consequence Analysis (DCCA) with SCADE. In: Saglietti, F., Oster, N. (eds.) SAFECOMP 2007. LNCS, vol. 4680, pp. 465–478. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Heimdahl, M.P.E., Choi, Y., Whalen, M.W.: Deviation analysis: A new use of model checking. Automated Software Engineering 12(3), 321–347 (2005)CrossRefGoogle Scholar
  25. 25.
    IEC61508: International Standard IEC 61508, International Electrotechnical Commission (IEC) (1998)Google Scholar
  26. 26.
    ISO 26262: ISO/DIS 26262- Road vehicles – Functional safety (2009)Google Scholar
  27. 27.
    Joshi, A., Miller, S.P., Whalen, M., Heimdahl, M.P.E.: A proposal for model-based safety analysis. In: 24th AIAA/IEEE Digital Avionics Systems Conference (2005)Google Scholar
  28. 28.
    Joshi, A., Vestal, S., Binns., P.: Automatic Generation of Static Fault Trees from AADL Models. In: DSN Workshop on Architecting Dependable Systems. LNCS. Springer (2007)Google Scholar
  29. 29.
    Kaiser, B.: State/Event Fault Trees: A Safety and Reliability Analysis Technique for Software-Controlled Systems. Ph.D. thesis, Technische Universität Kaiserslautern, Fachbereich Informatik (2005)Google Scholar
  30. 30.
    Kaiser, B., Gramlich, C.: State-event-fault-trees – A safety analysis model for software controlled systems. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 195–209. Springer, Heidelberg (2004), doi:10.1016/j.ress.2006.10.010CrossRefGoogle Scholar
  31. 31.
    Kaiser, B., Liggesmeyer, P., Mäckel, O.: A new component concept for fault trees. In: SCS 2003: Proceedings of the 8th Australian workshop on Safety critical systems and software, pp. 37–46. Australian Computer Society, Inc., Darlinghurst (2003)Google Scholar
  32. 32.
    Lipaczewski, M., Struck, S., Ortmeier, F.: Using tool-supported model based safety analysis - progress and experiences in saml development. In: 14th International IEEE Symposium on High-Assurance Systems Engineering, HASE 2012, Omaha, NE, USA, October 25-27, pp. 159–166. IEEE Computer Society (2012)Google Scholar
  33. 33.
    Lisagor, O., McDermid, J.A., York, U.K., Pumfrey, D.J.: Towards a Practicable Process for Automated Safety Analysis. In: 24th International System Safety Conference (2006)Google Scholar
  34. 34.
    Mahmud, N., Walker, M., Papadopoulos, Y.: Compositional synthesis of temporal fault trees from state machines. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 429–435 (August 2011)Google Scholar
  35. 35.
    McDermid, J., Kelly, T.: Software in Safety Critical Systems: Achievement and Prediction, University of York, UK (2006)Google Scholar
  36. 36.
    de Miguel, M.A., Briones, J.F., Silva, J.P., Alonso, A.: Integration of safety analysis in model-driven software development. IET Software 2(3), 260–280 (2008)CrossRefGoogle Scholar
  37. 37.
    Papadopoulos, Y., Maruhn, M.: Model-Based Automated Synthesis of Fault Trees from Matlab.Simulink Models. In: International Conference on Dependable Systems and Networks (2001)Google Scholar
  38. 38.
    Papadopoulos, Y., McDermid, J.A., Sasse, R., Heiner, G.: Analysis and synthesis of the behaviour of complex programmable electronic systems in conditions of failure. Int. Journal of Reliability Engineering and System Safety 71(3), 229–247 (2001)CrossRefGoogle Scholar
  39. 39.
    Papadopoulos, Y., Parker, D., Grante, C.: Automating the failure modes and effects analysis of safety critical systems. In: Int. Symp. on High-Assurance Systems Engineering (HASE 2004), pp. 310–311. IEEE Comp. Society (2004)Google Scholar
  40. 40.
    Rae, A., Lindsay, P.: A behaviour-based method for fault tree generation. In: Proceedings of the 22nd International System Safety Conference, pp. 289–298 (2004)Google Scholar
  41. 41.
    Rugina, A.-E., Kanoun, K., Kaâniche, M.: A System Dependability Modeling Framework Using AADL and GSPNs. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds.) Architecting Dependable Systems IV. LNCS, vol. 4615, pp. 14–38. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  42. 42.
    Szabo, G., Ternai, G.: Automatic Fault Tree Generation as a Support for Safety Studies of Railway Interlocking Systems. In: IFAC Symposium on Control in Transportation Systems (2009)Google Scholar
  43. 43.
    Walker, M., Papadopoulos, Y., Parker, D., et al.: Semi-automatic fmea supporting complex systems with combinations and sequences of failures. SAE Int. J. Passeng. Cars - Mech. Syst. 2(1), 791–802 (2009)CrossRefGoogle Scholar
  44. 44.
    Walker, M., Papadopoulos, Y.: Qualitative temporal analysis: Towards a full implementation of the fault tree handbook. Control Engineering Practice 17(10), 1115–1125 (2009), Scholar
  45. 45.
    Wolforth, I., Walker, M., Grunske, L., Papadopoulos, Y.: Generalizable safety annotations for specification of failure patterns. Softw., Pract. Exper. 40(5), 453–483 (2010)Google Scholar
  46. 46.
    Wolforth, I., Walker, M., Papadopoulos, Y.: A language for failure patterns and application in safety analysis. In: IEEE Conference on Dependable Computing Systems (DEPCOSA 2008). IEEE Computer Society (2008)Google Scholar
  47. 47.
    Wolforth, I., Walker, M., Papadopoulos, Y., Grunske, L.: Capture and reuse of composable failure patterns. IJCCBS 1(1/2/3), 128–147 (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Kai Höfig
    • 1
  • Marc Zeller
    • 1
  • Lars Grunske
    • 2
  1. 1.Corporate TechnologySiemens AGMünchenGermany
  2. 2.Institute of Software TechnologyUniversity of StuttgartStuttgartGermany

Personalised recommendations