Example - Linking Models
At present, we have defined both a state machine and the system architecture. If we wish, we can also define fault trees. Any of these models can also reference the others. For example, we may wish to define a top-level fault tree that combines the omission of output from both engines. We can do this using “link nodes”, and selecting the appropriate output deviations:
Linking a fault tree to an output deviation
This enables us to create a fault tree that combines the output of two components defined in a system architecture model:
The resulting fault tree
We can also reference state machine transitions or even other fault trees if we wish. Causes of output deviations can also reference other models in a similar way, as can the triggers of state machine transitions. In this case, we will want our state machine to be triggered by the appropriate output deviations in the system architecture. Below are the triggers for failure of the left pump/engine:
| Source state | Destination state | Trigger |
|---|---|---|
| UseBothTanks | UseLeftTank | O@FuelSystem::ValveRight[out] |
| UseBothTanks | UseRightTank | O@FuelSystem::ValveLeft[out] |
| UseBothTanks | Fail | O@FuelSystem::PumpLeft[out] |
| UseLeftTank | Fail | O@FuelSystem::PumpLeft[out] |
| UseRightTank | Fail | O@FuelSystem::PumpLeft[out] |
Note the format of the trigger here; this syntax is hierarchical and allows any entity in any model to be uniquely referenced.