Abstract—Fault trees theories have been used in years
because they can easily provide a concise representation of
failure behavior of general non-repairable fault-tolerant
systems. But the defect of traditional fault trees is lack of
accuracy when modeling dynamic failure behavior of certain
systems with fault-recovery process. A solution to this problem
is called behavioral decomposition. A system will be divided
into several dynamic or static modules, and each module can
be further analyzed using BDD or Markov Chains separately.
In this paper, we will show a decomposition scheme that
independent subtrees of a dynamic module are detected and
solved hierarchically for saving computation time of solving
Markov Chains without losing unacceptable accuracy when
assessing components sensitivities. In the end, we present our
analyzing software toolkit that implements our enhanced
Index Terms—Dynamic fault tree, Markov model, Reliability
analysis, Sensitivity analysis
For the recent forty-years, fault trees have been widely
used for hardware systems reliability analysis. It provides
an intuitive and easy-to-specified representation of the
failure behavior of a system, and hence has been supported
by a rich body of research since 1960s. Traditional static
fault trees represent what combination of component
failures could cause the whole system to fail by Boolean
gates such as AND, OR, Voting gates and usually be solved
by Binary Decision Diagram (BDD) solution. When the
concept of fault trees analysis was applied on software or
embedded systems in early 1980s, researchers noted that
some dynamic behavior of the system failure mechanisms
cannot be modeled by traditional static fault trees. Those
failure mechanisms are usually associated with sequence-
dependent events, spares and dynamic redundancy
management, and priorities of failure events. For this reason,
many modelers turned to Markov Chains for reliability
assessment of software-involved systems and suffered from
its computational complexity. In order to overcome this
difficulty, the concept of Dynamic Fault Trees (DFT), which
was first introduced by Dugan , is to try adding
sequential notion into the traditional fault tree approach and
applying the linear modularization algorithm  to divide
the whole fault tree into several independent sub-trees.
Those independent sub-trees are further identified as static
or dynamic . Finally, we translate and solve those
dynamic modules by Markov Chains and leave other static
modules to traditional BDD solution.
Once the Markov models have been built, numerical
transient analysis will be applied for the transient state
probabilities [6, 7]. Two most common methods to compute
transient individual Markov state probabilities are: (1)
Differential-equations-based method like Runge-Kutta
method, and (2) Markov-chain-specific probabilistic
methods such as the Randomization method. The
computational complexities of these methods are: O(KN3) =
O(K(np)3) = O(K(n3p)), where N is the size of the Markov
states in the order of np, p is the number of possible status of
each basic event, and n is the number of the basic events of
the dynamic fault tree, and K stands for the number of
iterations or time-steps. K depends on the desired accuracy
and mission time .
In order to reduce the state space of a Markov model, one
straightforward approach called decomposition scheme 
has been proposed. In such scheme, independent subtrees of
a fault tree are detected and solved hierarchically. An
independent subtree is replaced by a single event whose
probability of occurrence represents the probability of the
occurrence of the subtree. Once the independent subtrees
are separated, they are translated into corresponding
Markov models individually
computational complexity of overall system Markov state
decreases significantly. However, such approach has a
drawback that once the state space of a Markov model has
been reduced, it is difficult to evaluate the component
sensitivities of the eliminated basic events. Thus, in Dugan’s
fault tree analysis algorithm, modularization techniques will
not be applied to the subtree whose top-level node is a
dynamic gate [2, 10].
In this paper, we demonstrate an improved decomposition
scheme where the dynamic subtrees can be modularized and
thus the state space of the result Markov model is reduced.
Even though, our approach still has the capability of
evaluating the component sensitivities of the eliminated
basic events. In Section II, we begin with stating a
motivating example for this paper. Section III explains how
the improved decomposition algorithm works and the
detailed manipulations of each phase with the example in
Section II. Section IV shows the theoretical efficiency gain
and the actual difference of computational time costs
between the traditional approach and the improved one.
Finally, we present our analyzing software toolkit that
implements our enhanced methodology in Section V.
In order to have a comparison to the traditional dynamic
fault tree analysis methodology, we use the same example, a
cardiac assist system presented in [12-13]. This system is
designed to treat both electrical and mechanical failures of
the heart. Electrical failure can cause the heart to beat
abnormally, where as mechanical heart failure reduces the
heart’s ability to generate the blood pressure.
and therefore, the
Reliability and Sensitivity Analysis of Embedded
Systems with Modular Dynamic Fault Trees
Hsiang-Kai Lo*, Chin-Yu Huang*, Yung-Ruei Chang**, Wei-Chih Huang*, and Jun-Ru Chang*
*Department of Computer Science
National Tsing Hua University
**Institute of Nuclear Energy Research
Atomic Energy Council
Fig. 9. The architecture of DyFA
Fig. 10. The fault tree view of DyFA
Fig. 11. The Markov model view of DyFA
Fig. 12. The result view of DyFA
Y. Dutuit, A. Rauzy, “A Linear Time Algorithm to Find Modules of
Fault Trees,” IEEE Transactions on Reliability, vol. 45, no. 3, 1996,
R. Gulati, J.B. Dugan, “A Modular Approach for Analyzing Static
and Dynamic Fault Trees,” IEEE Proceedings of the Reliability and
Maintainability Symposium, 1997, pp 57-63.
J.B. Dugan, S.J. Bavuso, M.A. Boyd, “Dynamic Fault-Tree Models
for Fault-Tolerant Computer System,” IEEE Transactions on
Reliability, vol. 41, 1992, pp 363-377.
R. Manian, D.W. Coppit, K.J. Sullivan, J.B. Dugan, “Bridging the
Gap Between Systems and Dynamic Fault Tree Models,” IEEE
Proceedings of the Reliability and Maintainability Symposium, Jan
1999, pp 105-111.
J.B. Dugan, K.J. Sullivan, D.W. Coppit, “Developing a Low-Cost
High-Quality Software Tool for Dynamic Fault-Tree Analysis,”
IEEE Transactions on Reliability, vol. 49, March 2000, pp 49-59.
A. Reibman, K.S. Trivedi, “Numerical Transient Analysis of
Markov Models,” Computers and Operations Research, vol. 15, no.
1, 1998, pp 19-36.
K.S. Trivedi, Probability and Statistics with Reliability, Queuing,
and Computer Science Applications. Prentice-Hall, Englewood
S. Amari, G. Dill, E. Howald, “A New Approach To Solve Dynamic
Fault Trees,” IEEE Proceedings of the Reliability and
Maintainability Symposium, 2003, pp 374-379.
A. Anand, A.K. Somani, “Hierarchical Analysis of Fault Trees with
Dependencies, using Decomposition,” IEEE Proceedings of the
Reliability and Maintainability Symposium, 1998, pp 69-75.
M.A. Boyd, “Dynamic Fault Tree Models: Techniques for Analysis
of Advanced Fault Tolerant Computer Systems,” Ph.D. Dissertation,
Department of Computer Science, Duke University, 1991.
R.E. Tarjan, “Depth first search and linear graph algorithms,” SIAM
J. Comput.., vol. 1, 1972, pp 146-160.
Y. Ou, J.B. Dugan, “Sensitivity Analysis of Modular Dynamic Fault
Trees,” Computer Performance and Dependability Symposium,
2000. IPDS 2000. Proceedings. IEEE International , 27-29 March
2000, pp 35-43.
Y.J. Ren, J.B. Dugan, “Optimal Design of Systems Using Static and
Dynamic Fault Trees,” IEEE Transactions on Reliability, vol. 3,
December, 1998, pp 234-244.
S.D. Cohen, A.C. Hindmarsh. “CVODE, a Stiff/Nonstiff ODE
Solver in C,” Computers in Physics March/April 1996.
R. Manian, J.B. Dugan, D. Coppit and K.J. Sullivan, “Combining
Various Solution Techniques for Dynamic Fault Tree Analysis of
Computer Systems,” High-Assurance
Symposium, 1998. Proceedings. Third IEEE International , 13-14
Nov. 1998, pp 21-28.