COMPUTER-IMPLEMENTED METHOD FOR TESTING A TECHNICAL SYSTEM

Abstract

A computer-implemented method for testing a technical system, in particular software, hardware, or an embedded system, in real time. The technical system encompasses a plurality of in particular technical components. The technical system is represented by a fuzzy fault tree topology A.sub.ki. Starting from a fuzzy top event X.sub.k for determining priorities of base events, the following steps are carried out: providing a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1, and carrying out an iterative process, each iteration λ, where λ=1, 2, 3, . . . , n, encompassing the following steps: determining an auxiliary matrix C.sub.ki, taking into account the fuzzy top event X.sub.k, the fuzzy fault tree topology A.sub.id, and the fuzzy membership function matrix W.sub.i.sup.λ, using an iterative algorithm, and determining (the fuzzy membership function matrix W.sub.i.sup.λ+1 based on the auxiliary matrix C.sub.ki, using a maximum likelihood method.

Claims

1. A computer-implemented method for testing a technical system including software, hardware, or an embedded system, in real time, the technical system including a plurality of technical components, and the technical system being represented by a fuzzy fault tree topology A.sub.ki where k=1 and i=1, . . . , (n*n−n)/2, and, starting, from a fuzzy top event X.sub.k for determining priorities of base events, performing the following steps: providing a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1; and carrying out an iterative process, each iteration λ, where λ=1, 2, 3, . . . , n, including the following steps: determining an auxiliary matrix C.sub.ki, taking into account the fuzzy top event X.sub.k, the fuzzy fault tree topology A.sub.ki, and the fuzzy membership function matrix W.sub.i.sup.λ, using an iterative algorithm, and determining the fuzzy membership function matrix W.sub.i.sup.λ+1 based on the auxiliary matrix C.sub.ki, using a maximum likelihood method.

2. The computer-implemented method as recited in claim 1, wherein a priority of the base events is derived from a difference between elements of the fuzzy membership function matrix W.sub.i.sup.1 and elements of the fuzzy membership function matrix W.sub.i.sup.λ+1, the difference being a difference between metric distance of lines of the fuzzy membership function matrix W.sub.i.sup.1 and lines of the fuzzy membership function matrix W.sub.i.sup.λ+1.

3. The computer-implemented method in claim 1, wherein the providing of the fuzzy membership function matrix W.sub.i.sup.λ, where λ=1, takes place by assigning instantaneous values, the instantaneous values being states and/or measuring results of the technical system.

4. The computer-implemented method as recited in claim 1, wherein after a time period elapses, a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1, is again provided, and the iterative process is carried out again based on the instantaneous fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1.

5. The computer-implemented method as recited in claim 1, wherein the auxiliary matrix C.sub.ki is determined iteratively via the following equation: $C_{\mathrm{ki}}=\frac{W_i^{\lambda }{X}_k{A}_{\mathrm{ki}}}{r_k}$ where i=1, 2, . . . n, where $r_k=\underset{i=k}{\overset{n}{.Math.}}{A}_{\mathrm{ki}}{W}_i^{\lambda }$ applies and W.sub.i.sup.λ represents an instantaneous estimate of the fuzzy membership functions, X.sub.k represents the top event, and A.sub.ki represents the fuzzy fault tree topology.

6. The computer-implemented method as recited in claim 1, wherein the fuzzy membership function W.sub.i.sup.λ+1 is determined via $W_i^{\lambda +1}=\frac{1}{q_i}\underset{k=1}{\overset{i}{.Math.}}{c}_{\mathrm{ki}},$ where the following applies:
q.sub.i=Σ.sub.k=1.sup.iA.sub.ki.

7. The computer-implemented method as recited in claim 1, wherein the top event X.sub.k is predefined within the scope of a design of the technical system, based on requirements.

8. The computer-implemented method as recited in claim 1, wherein the top event X.sub.k is represented by a (1×m) vector, where m is a number of elements of the fuzzy membership function, and/or the fuzzy fault tree topology A.sub.ki is represented by a (1×(n.sup.2−n)/2) vector, where n is a number of base events, and/or the fuzzy membership function matrix W is represented by an ((n.sup.2−n)/2×m) matrix.

9. The computer-implemented method as recited in claim 1, wherein the fuzzy fault tree topology A.sub.ki represents linkages between base events via logical, programmable AND operators and/or OR operators.

10. The computer-implemented method as recited in claim 1, wherein the steps of the iterative process are repeated as long as an abort criterion is not yet reached.

11. The computer-implemented method as recited in claim 9, wherein the abort criterion is provided by reaching or exceeding a certain number of iterations.

12. The computer-implemented method as recited in claim 9, wherein the abort criterion is provided by reaching or falling below a certain value of a metric distance, between the fuzzy membership function matrix W.sub.i.sup.λ and the fuzzy membership function matrix W.sub.i.sup.λ+1, for each element of the fuzzy membership function matrix W.sub.i.sup.λ and the fuzzy membership function matrix W.sub.i.sup.λ+2.

13. A non-transitory computer-readable storage medium on which is stored a computer program including computer-readable instructions for testing a technical system including software, hardware, or an embedded system, in real time, the technical system including a plurality of technical components, and the technical system being represented by a fuzzy fault tree topology A.sub.ki where k=1 and i=(n*n−n)/2, and, the computer program, when executed by a computer, causing the computer to perform, starting, from a fuzzy top event X.sub.k for determining priorities of base events, the following steps: providing a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1; and carrying out an iterative process, each iteration λ, where λ=1, 2, 3, . . . , n, including the following steps: determining an auxiliary matrix X.sub.ki, taking into account the fuzzy top event X.sub.k, the fuzzy fault tree topology A.sub.ki, and the fuzzy membership function matrix W.sub.i.sup.λ, using an iterative algorithm, and determining the fuzzy membership function matrix W.sub.i.sup.λ+1 based on the auxiliary matrix C.sub.ki, using a maximum likelihood method.

14. A device for testing a technical system in real time, the technical system including software, hardware, or an embedded system, the technical system including a plurality of technical components, and the technical system being represented by a fuzzy fault tree topology A.sub.ki where k=1 and i=1, . . . , (n*n−n)/2, and, the device configured to, starting, from a fuzzy top event X.sub.k for determining priorities of base events: provide a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1; and carry out an iterative process, each iteration λ, where λ=1, 2, 3, . . . , n, including: determination of an auxiliary matrix C.sub.ki, taking into account the fuzzy top event X.sub.k, the fuzzy fault tree topology A.sub.ki, and the fuzzy membership function matrix W.sub.i.sup.λ, using an iterative algorithm, and determination of the fuzzy membership function matrix W.sub.i.sup.λ+1 based on the auxiliary matrix C.sub.ki, using a maximum likelihood method.

15. The device as recited in claim 14, wherein the device is a control unit of the technical system and is configured as an embedded real-time microcontroller application.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0034] FIG. 1 shows a schematic illustration of steps of a method according to one specific embodiment of the present invention in a flowchart.

[0035] FIG. 2 shows a schematic illustration of a fuzzy fault tree topology of a technical system, in accordance with an example embodiment of the present invention.

[0036] FIG. 3 shows a schematic illustration of a device according to one specific embodiment of the present invention in a block diagram.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

[0037] FIG. 1 shows a schematic illustration of steps of a method 100 in a flowchart. Method 100 is a method for testing a technical system 200 (cf. FIG. 3), in particular software, hardware, or an embedded system, in real time.

[0038] Technical system 200 includes a plurality of in particular technical components. A schematic illustration of a fuzzy fault tree topology 210 is shown in FIG. 2.

[0039] A fuzzy top event 220 is situated at the top of fuzzy fault tree topology 210. Fuzzy top event 220 represents an undesirable event, for example the total failure of the technical system.

[0040] Fuzzy top event 220 is ascertained within the scope of a hazard analysis, for example, and predefined by so-called requirements which describe the requirements for the reliability of technical system 200.

[0041] According to FIG. 1, five base events 230 are illustrated by way of example. Linkages between base events 230 are represented by logical AND operators and/or OR operators 240.

[0042] In method 100, technical system 200 as fuzzy fault tree topology A.sub.ki is represented by a (1×(n.sup.2−n)/2) vector, where n is the number of base events. Fuzzy top event 220 as fuzzy top event X.sub.k is represented by a (1×m) vector, where m is the number of elements of the fuzzy membership function of top event X.sub.k.

[0043] Base events 230 are represented in a fuzzy membership function matrix W.sub.i.sup.λ by an ((n.sup.2−n)/2×m) matrix.

[0044] The membership functions are provided in particular as triangular or trapezoidal membership functions.

[0045] Starting from fuzzy top event X.sub.k, the following steps are carried out according to method 100 for determining priorities of base events:

providing 110 a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1, and
carrying out 120 an iterative process, each iteration λ, where λ=1, 2, 3, . . . , n, encompassing the following steps:
determining 122 an auxiliary matrix C.sub.ki, taking into account fuzzy top event X.sub.k, fuzzy fault tree topology A.sub.ki, and fuzzy membership function matrix W.sub.i.sup.λ, using an iterative algorithm, and determining 124 fuzzy membership function matrix W.sub.i.sup.λ+1 based on auxiliary matrix C.sub.ki, using a maximum likelihood method.

[0046] Auxiliary matrix C.sub.ki is iteratively determined via the following equation:

[00005]$C_{\mathrm{ki}}=\frac{W_i^{\lambda }{X}_k{A}_{\mathrm{ki}}}{r_k}$

where i=1, 2, . . . n,
where

[00006]$r_k=\underset{i=k}{\overset{n}{.Math.}}{A}_{\mathrm{ki}}{W}_i^{\lambda }$

applies and W.sub.i.sup.λ represents the instantaneous estimate of the fuzzy membership functions, X.sub.k represents the fuzzy top event, and A.sub.ki represents the fuzzy fault tree topology.

[0047] In the iterative process, fuzzy membership function matrix W.sub.i.sup.λ+1 is iteratively determined via

[00007]$W_i^{\lambda +1}=\frac{1}{q_i}\underset{k=1}{\overset{i}{.Math.}}{c}_{\mathrm{ki}},$

where the following applies:

[00008]$q_i=\underset{k=1}{\overset{i}{.Math.}}{A}_{\mathrm{ki}}.$

[0048] The priority of the base events is derived from the difference between the elements of fuzzy membership function matrix W.sub.i.sup.1 and the elements of fuzzy membership function matrix W.sub.i.sup.λ+1. Iteration λ+1 is advantageously the last iteration of the iterative process. Thus, fuzzy membership function matrix W.sub.i.sup.λ+1 is the last matrix computed using the iterative process. Fuzzy membership function matrix W.sub.i.sup.λ+1 is then compared to original fuzzy membership function matrix W.sub.i.sup.1, and the priority of the base events is derived based on the difference between the two matrices. For the two matrices, namely, fuzzy membership function matrix W.sub.i.sup.1 and fuzzy membership function matrix W.sub.i.sup.λ+1, the metric distance between the lines is advantageously compared for each line. The base event with the greatest difference is advantageously the base event having the highest priority. The base event with the smallest difference is advantageously the base event having the lowest priority. For the components of the technical system, via the priorities of the base events an analysis may be made concerning to what extent the component is important or critical for the safety or the risk of failure of the technical system. Based on the analysis, the technical system may advantageously be adapted to reduce the likelihood of failure or to increase product safety. The method may be used even during the development of technical systems, in particular for designing the components. In addition, the method may be used during operation of technical systems. For example, safety-relevant decisions may then be made as a function of the ascertained priorities.

[0049] According to one specific embodiment of the present invention, it is provided that the provision of fuzzy membership function matrix W.sub.i.sup.λ, where λ=1, takes place by assigning instantaneous values, in particular states and/or measuring results of the technical system. The technical system is, for example, a technical system of a vehicle. Values and/or measuring results are, for example, sensor values and/or values or states of components of the technical system. For example, in particular temperature-dependent sensitivities or time-dependent likelihoods of failure of components may be involved.

[0050] According to one specific embodiment of the present invention, it is provided that after a time period elapses, a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1, is again provided, and the iterative process is carried out again based on instantaneous fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1. The new provision of fuzzy membership function matrix W.sub.i.sup.λ takes place, for example, by providing a value table encompassing, for example, values and/or states of components of the technical system. The value table includes, for example for a certain time period, values and/or states of the components at various points in time. In addition, the provision of fuzzy membership function matrix W.sub.i.sup.λ may also take place by again measuring values and/or states of components of the technical system. For example, it is conceivable for the time period after which a fuzzy membership function matrix W.sub.i.sup.λ of the base events, where λ=1, is provided again to be in the range of approximately 1 ms to 10 ms, so that the iterative process is carried out again every 1 ms to 10 ms.

[0051] According to one specific embodiment of the present invention, it is provided that the steps of the iterative process are repeated as long as an abort criterion is not yet reached.

[0052] According to one specific embodiment of the present invention, it is provided that an abort criterion is provided by reaching or exceeding a certain number of iterations. The number of iterations may advantageously be predefined arbitrarily. For a use of the method that is not time-critical, in particular in the development of the technical system, for example a greater number of iterations may be run through. For a time-critical use of the method, in particular during operation of the technical system, a smaller number of iterations may be run through.

[0053] According to one specific embodiment of the present invention, it is provided that an abort criterion is provided by reaching or falling below a certain value of the difference between fuzzy membership function matrix W.sub.i.sup.λ and fuzzy membership function matrix W.sub.i.sup.λ+1, in particular for each element of fuzzy membership function matrix W.sub.i.sup.λ and fuzzy membership function matrix W.sub.i.sup.λ+1. The difference between one fuzzy membership function matrix and the next becomes smaller with increasing iteration.

[0054] FIG. 3 shows a device 300 for testing technical system 200. Device 300 is designed to carry out method 100 according to the specific embodiments of the present invention.

[0055] Device 300 includes a computing device 310 with which a memory device 320, for example, may be associated, in particular for at least temporarily storing at least one computer program and/or data, in particular data to be processed with the aid of computing device 310. It is further preferred that a computer program PRG1 may be stored in memory device 320 for at least temporarily controlling an operation of device 300, in particular for carrying out method 100 according to the specific embodiments of the present invention.

[0056] Computing device 310 is a microprocessor, for example. Memory device 320 includes at least one of the following elements: a volatile memory, in particular a working memory (RAM), and a nonvolatile memory, in particular a flash memory.

[0057] According to one specific embodiment of the present invention, it is provided that device 300 is a control unit of technical system 200 and is designed as an embedded real-time microcontroller application for carrying out method 100 according to the specific embodiments.

[0058] The iterative algorithm of method 100 advantageously requires comparatively little computing time, so that an embedded real-time microcontroller application is thus made possible.