class CBP(Tree):
medium = S(
'environment failure (not enough light,\nno clear line of sight, ...)')
sender = S('missing color blob')
receiver = hw.Camera.failure
failure = F('color blob\nprotocol failure')
failure << (medium | sender | receiver)
class StandingStill(Tree):
with F('no initial position from LPS') as no_initial_lps:
user = S('user did not\nenable LPS')
no_initial_lps << (proto.LPS.failure | user)
with F('wheels do not turn') as wheel_fault:
blocked = S('wheels blocked')
wheel_fault << (hw.Motor.failure | blocked)
bad_setup = S('bad setup')
software = software_bug()
failure = T('standing still')
failure << (no_initial_lps | bad_setup | software | wheel_fault
| hw.EPuck.failure | RunIntoWall.failure | Escort.hang)
class Power(Tree):
supply = P('faulty power supply', failure_rate=1e-6)
grid = P('electricity grid outage', failure_rate=2.25e-5)
wiring = S('power not\nconnected')
failure = F('power supply failure')
failure << (supply | grid | wiring)
class Victim404(Tree):
not_placed_in = S('user did not place\nthe victim in the maze')
unsolvable = S('unsolvable maze')
rhr_hangs = F('right-hand follower\ndrives in circles')
rhr_hangs << (P('right-hand follower\ncan drive in circles',
failure_rate=inf) & P('path-pruning fails', failure_rate=0)
& S('maze is not\n1-outerplanar'))
drift = F('lost orientation')
drift << (proto.LPS.failure
& P('approximation algorithm\nis way off', failure_rate=1e-3)
& P('drift from real orientation\ndoes not stabilize',
failure_rate=1e-5))
failure = T('victim cannot be found')
failure << (VictimSilent.failure | proto.SOS.receiver() | rhr_hangs | drift
| not_placed_in | unsolvable)
class SpuriousMovements(Tree):
turn = F('does not\nstop turning\nwhile sensing\nangle to victim')
turn << (VictimSilent.failure.as_leaf() | hw.ExtBoard.failure)
badcolor = S("Tin Bot's physical color\nis not hardcoded color")
failure = T('spurious movements\n(e.g., spin around, drive circles, ...)')
failure << (proto.LPS.failure.as_leaf() | software_bug() | badcolor
| Proximity.failure() | Uncooperative.failure.as_leaf() | turn)
class EPuck(Tree):
board = P('primary controller board failure', failure_rate=1e-10)
controller = P('primary controller failure', failure_rate=1e-12)
not_turned_on = S('user did not turn\non the E-Puck')
memory_fault = P('memory fault', failure_rate=1e-11)
failure = F('E-Puck failure')
failure << (board | controller | Battery.failure | not_turned_on
| memory_fault)
class Battery(Tree):
defect = P('primary battery defect', failure_rate=1e-8)
not_charged = S('battery not charged')
switch = P('primary power switch failure', failure_rate=0.5)
# Q: Why don't we include 'wiring'?
# A: Because that's already handled in things such as 'controller board' etc.
failure = F('power failure')
failure << (defect | not_charged | switch)
failure_no_switch = F('power failure')
failure_no_switch << (defect() | not_charged())
class IgnoreVictim(Tree):
conflict = F('conflicting data\nabout victim')
conflict << (hw.EPuck.memory_fault() | S('user moved\nvictim')
| Uncooperative.failure.as_leaf())
late = P('too high min-distance\nfor sensing again', failure_rate=1e-4)
no_triang = F('triangulation fails')
no_triang << (late | software_bug())
overwrite = F('information gets overwritten\nbefore E-Puck picks it up')
overwrite << Uncooperative.design()
failure = T('not using information\nabout victim')
failure << (hw.ExtBoard.failure.as_leaf() | conflict | no_triang
| overwrite)
class LPS(Tree):
medium = hw.Bluetooth.medium
sender = hw.Raspberry.failure
receiver = hw.Bluetooth.receiver
with F('LPP link down') as link_down:
service_outage = S('simulated LPS\nservice outage (NR1)')
# Raspberry board failure includes Bluetooth sender failure
link_down << (service_outage | medium | receiver)
with F('LPS sends no data') as no_data:
no_data << (CBP.failure | sender)
failure = F('LPP failure')
failure << (link_down | no_data)
class Proximity:
failure = P('primary proximity\nsensor fault', failure_rate=1e-1)
sparse_walls = S('walls do not\nmeet requirements')
software = P('software failure\n(overzealous escort-ignoring)',
failure_rate=1e-3)
false_negative = F('obstacle\nnot detected')
false_negative << (failure | sparse_walls | software)
crash_rhr = P('RHR crashes\ninto wall', failure_rate=1e-1)
crash_path = P('path follower crashes\ninto wall', failure_rate=1e-2)
crash_some = F('some component crashes\ninto wall')
crash_some << (crash_rhr | crash_path)
avoid_dog = P('avoidance watchdog fails', failure_rate=0)
avoid_sys = F('avoidance system fails')
avoid_sys << (avoid_dog & crash_some)
collision = F('collision with obstacle')
collision << (avoid_sys | false_negative)
hang = F(
'picked up victim\nthrough the wall\n(paper does not shield magnetic fields)'
)
hang << (magnet_trigger_acc & Proximity.sparse_walls())
open_space = F('picked up victim\nwith physical contact')
open_space << (Proximity.false_negative & recognition
& magnet_trigger_acc())
unintentional = F('picking up the victim\nwas accidental')
# hang is best instantiated for "standing still"
unintentional << (hang.as_leaf() | open_space)
# This is in the OR-case of nearly everything (not only of RunIntoWall)
bad_firmware = S('bad firmware or\nwrong program uploaded')
# Fault-Trees
class RunIntoWall(Tree):
failure = T('run into walls')
failure << (Proximity.collision | bad_firmware)
class EscortNoLED(Tree):
led = P('primary indicator LED failure', failure_rate=1e-5)
with F('not aware of escorting') as not_aware:
not_aware << (hw.EPuck.memory_fault() | Escort.unintentional)