Concepts definitions

General

In Eclipse Safety Framework, the user may have to manage all the functionnal datas of his system in addition of the dysfunctionnal datas related to the system analysis. It is important  to define concepts used in order to understand the different features available. In a general manner, the functional concepts are used during the design step of the system, the dysfunctional concepts are used during the local analysis of each elementary component.  

Functional Concepts

Block img

A block is considered as the lowest level componant of the system. It is not possible to change his internal structure but it is possible to add input and output ports.

By default , a block is created with an input (Default In ? in green) and an output (Default Out ? in red) ports. The behaviour can be modified through the preferences of the application : Window > Preferences > Repositories > Default Ports.

img

Input Port img and Output Portimg

A port can be added to a block or to a container. It represents the functionnal interface of the parent element. The direction (in or out) defines the direction of the data flows linked to it.

Note that the direction of the port has specific colors to be identified easily: Input in green and output in red. 

img

Data Link img

The Data links are used in order to link ports between blocks or even containers. A data link symbolises a simple flow between two elements, and there are not typified.

img

Container img

A container represents a more complex part of the system. It can be considered has a sub-system and can manage input and output ports as an elementary block does, but its behaviour is like a white box. A container can content several blocks or containers, and allows the hierarchical management of the system modelling.

img

Inner Block img

Inner block is not a specitif concept. This term refers to all blocks belonging to a parent container and being at a lower level than the current one.

Inner Container img

As for the inner block, inner container is not a specific concept. In fact this term refers to all containers belonging to a parent container and being at a lower level than the current one.

Dysfunctional Concepts

System Failure img

Eclipse Safety Framework allows to configure dysfunctional mode impacting all the blocks of the model. Those events can be - for example - electromagnetic interferences or an increase in the temperature,... Those events are then usable in the dysfunctional equation of each block during the local analysis.

By default, a "System failure" is created for each new model. this behaviour can be modified in the preferences of Eclipse Safety Framework through the menu Window > Preferences > Repositories. In  addition, the creation of new system events can be done at the model level, not at the elementary blocks level.

Local Events img

In parallel of system failure, Eclipse Safety Framework allows to design internal failure into a block. These local events cannot be reused for other blocks analysis. 

By default, a local event "Internal failure" is created within each new block. This behaviour can be modified in the preferences of Eclipse Safety Framework through the menu Window > Preferences > Repositories.

Failure Mode img

A failure mode specifies how the related element ( Port or Barrier) fails. By default, three failure modes are available :

The several default failure modes can be modified in the preferences of Eclipse Safety Framework through the menu Window > Preferences > Repositories.

It is also possbile to add specific failure modes considered as sub-group of Erroneous failure mode. The nature of these failure modes is important because it has an impact on the propagation. (Cf. § Propagation Rules).

In addition, a failure mode No effect is available. It can be used as a "stub" to indicate that an analysis is volontary partial. This failure mode doesn't propagate on any others. (Cf. § Propagation Rules).

Barriers img


When a barrier is used in the local analysis of a block, it correponds to an implicit barrier. Therefore, a barrier symbolises an inner system that allows to reduce the failure probability at the current block's outputs. (Inner controls, defensive programming...).

In order to design the barrier failures, each one has his own failure modes. Therefore, when a barrier is created, the default failure modes defined in the SA Preferences are created as well.

Propagation Link img

Propagation link aims to link several elements of the local analysis and indicates how a failure is propagated within a block. Propagation link is oriented and allows only certain types of element as source and target.

The source of a propagation link can be:

The target of a propagation link can be:

Logic Gates:  And img and Or img

Logic gates factor the failure propagation within a block by combining propagation link with a boolean logic.

The AND-Gate allows to combine several failure to indicate that the failure propagation can be done only if all the entries of the AND-gate are failing.

The OR-gate is more limited, it indicates that the failure propagates if at least one of the entries is failing. Nevertherles, this factorization can be usefull to simplify the representation of a complex set of flows in the current block.

Feared Event

A feared event can be triggered by a failure of the system under study. The feared event is not the failure itself but the consequence of this failure.

Feared events are grouped inside a feared event Library.

Family of Feared event

Feared events can be grouped by family. This group represents a set but not a composition. Therefore, a single feared event can be part of several families.