Introducing EMFTA, a libre, Eclipse-Based Fault-Tree Analysis tool
A Fault-Tree Analysis (or FTA) is a popular safety analysis recommended by several well-known practices and standards, such as ARP4761. A FTA shows the relation between a fault and its potential contributors (error events) using a simple binary logic (and/or gates). This is nothing else than a convenient representation of the relation between error events. In case you are not familiar with the notation, you can have a look at the related wikipedia page, it explains it in more details. When working with collaborators in safety-critical industries during the last months (avionics, automotive, aerospace, medical), I faced the same issue: most of FTA tools are commercial and there is no good open-source/free alternative. This is not completely true, there is one: OpenFTA. If this is pretty cool to have a FTA open-source program but the graphical interface looks like Windows 3.1 and the code is clearly no longer maintained and outdated. OpenFTA also relies on old image processing libraries (jpeg), which makes it very difficult to compile with the last JDK. Last thing: this is a standalone tool and as most of our modeling tools (i.e. OSATE) are running under Eclipse, it would be cool to have an Eclipse-based tool.
So, in fact, there was a real need for a good integrated Fault Analysis Tool. I had a good project to work on then.
Introducing EMFTA
So, one night, I decided to put my brain at work and design a new FTA tool, EMFTA (which is a joke - EMF stands for Eclipse Modeling Framework). This is an Eclipse-based Fault-Tree Analysis tool that relies on Sirius, a framework to represent EMF models. The nice aspect of Sirius is it allows you to have several representations of an EMF model while maintaining their consistency: if you change one representation, it will then modify the model and the changes will be reflected in the other representations. For example, in EMFTA, there are two representations: the graphical tree (good to see the decomposition of error events - see above) and table (to edit events information - see below). When you change one representation (e.g. the table), it automatically update the graphical representation (e.g. the tree). Synchronizing the same model across different tools/framework can be challenging and Sirius do a good work for that.
Features
In a nutshell, EMFTA is nothing else than a EMF model to represent a Fault-Tree and its different components (gates, events) associated with a Sirius project to provide the graphical representation. Actually, the current version rely on the latest stable version of Sirius. In addition to providing a viewer and editor for Fault-Tree, EMFTA provides the following capabilities:
- Generation of cutset from the FTA: it creates a CSV reports containing the different cutset of your Fault Tree
- Generation of FTA model from AADL models annotated with the EMV2 annex: creating the Fault Tree from an architecture model associated with an EMV2 annex. There was already a bridge for OpenFTA, the plugin now supports the export to EMFTA
Fault-Tree Analysis - Table Representation
Installation and Bugreport
As the project is still starting, the documentation is still minimal. But you have general installation instruction on the general github project page here: https://github.com/juli1/emfta. Use also the github project to submit a bug. If you want to contribute to the source code, submit a pull request or even contact me (I promise I won't bite).
Future
This tool is yet still a prototype but I plan to improve it during the following months. It could be a first step to a real open-source Fault-Tree Analysis tool. Looking forward, I plan to make it more user-friendly but also introduce a simulation tool that would then produce probability of error occurence (e.g. what is the probability of an error occurrence considering the different cutset and associated probabilities). Also, having this technology connected with AADL, we can leverage such a notation for a security perspective and generate an Attack Tree, which would re-use the Fault-Tree notation for to describe the different attack vector that would then contribute to an attack.