Back to top

Example - Linking Models

At present, we have defined both a state machine and the system architecture. If we wish, we can also define fault trees. Any of these models can also reference the others. For example, we may wish to define a top-level fault tree that combines the omission of output from both engines. We can do this using “link nodes”, and selecting the appropriate output deviations:

Linking a fault tree to an output deviation
Linking a fault tree to an output deviation

This enables us to create a fault tree that combines the output of two components defined in a system architecture model:

The resulting fault tree
The resulting fault tree

We can also reference state machine transitions or even other fault trees if we wish. Causes of output deviations can also reference other models in a similar way, as can the triggers of state machine transitions. In this case, we will want our state machine to be triggered by the appropriate output deviations in the system architecture. Below are the triggers for failure of the left pump/engine:

Source state Destination state Trigger
UseBothTanks UseLeftTank O@FuelSystem::ValveRight[out]
UseBothTanks UseRightTank O@FuelSystem::ValveLeft[out]
UseBothTanks Fail O@FuelSystem::PumpLeft[out]
UseLeftTank Fail O@FuelSystem::PumpLeft[out]
UseRightTank Fail O@FuelSystem::PumpLeft[out]

Note the format of the trigger here; this syntax is hierarchical and allows any entity in any model to be uniquely referenced.

Next: Synthesis
Back to overview