Early integration of safety to the mechatronic system design process by the functional failure identification and propagation framework

The research goal of this paper is to introduce a risk analysis methodology that can be applied at the early concept design phase, whose purpose is to identify fault propagation paths that cross disciplinary boundaries, and determine the combined impact of several faults in software-based automation subsystems, electric subsystems and mechanical subsystems. Specifically, the Functional Failure Identification and Propagation (FFIP) analysis framework is proposed to perform a simulation-based analysis of functional failure propagation. The focus is on risk assessment, the earliest activities of the safety process, in which hazards are identified and safety requirements are derived. It is argued that current risk assessment methods are not sufficient for concurrent integration of the safety process to the design process of a complex mechatronic system. In order to facilitate the integration of risk assessment to such systems at the earliest design stages, the design is expressed with syntax and semantics that is able to describe the propagation of failures throughout the system and especially across the boundaries of the mechatronic domains. A boiling water nuclear reactor (limited to the reactor core and steam outlets) is used as a case study. The results demonstrate the capability to handle several fault propagation paths in one scenario for hazard identification at the early, functional, design stage. Specifically, it is shown that FFIP is able to identify fault propagation paths that cross disciplinary boundaries, and which in turn is able to determine the combined impact of several faults in software-based automation subsystems, electric subsystems and mechanical subsystems. The impact is expressed in degradation or loss of safety related functions.

► Fault propagation path analysis is applied at design time.
► Early mechatronic designs are optimized also from the safety perspective.
► Detect hazards from mechanical, electrical and software fault combinations.
► Detect hazards resulting from faults in several subsystems.