The Functional Failure Identification and Propagation (FFIP) framework has been proposed in prior work to study the reliability of early phase designs of complex systems. For the specified functionality, a model of mechanical, electrical and software components has been defined to support simulation and discovery of fault propagation paths. The advantage of this approach has been the possibility to identify unreliable designs before high cost design commitments have been made. However, a weakness is that the results are specific to the component model that is created for the purpose of running the FFIP simulations; it is unclear how the results would change if different modeling choices would have been made. Further, the usefulness of the method in design has been limited to evaluating reliability rather than actively finding more robust design alternatives. In order to address these weaknesses, the FFIP component model needs to incorporate a capability to describe design alternatives. The feature modeling syntax and semantics, which has been successfully used by software engineers to describe customer variations in product lines, is applied here to specify alternative mechanical, electrical and software features of a cyber-physical system. In the concept phase, all plausible design alternatives are described with a feature model. FFIP analyses can be performed for each valid configuration of this model, and all alternatives that are found unreliable are removed. The result is a restricted feature model, comprising significantly fewer design alternatives, that is delivered as source information for the detailed design phase. A toolchain for performing these analyses is presented, integrating open source feature modeling and configuration tools to the FFIP environment. The methodology is illustrated with a case study from boiling water nuclear reactor design.

This content is only available via PDF.
You do not currently have access to this content.