Markov Analysis Addon for Capella

Markov analysis is a statistical method used to predict the behaviour of systems that undergo transitions between multiple states over time. The aerospace industry and in general other sectors developing and operating safety critical producs use Markov analysis to evaluate the reliability and availability of systems with various modes of operation or states. ATICA4CAPELLA allows to perform this kind of analysis directly from the State Machines of the system models both at Logical and Physical Architecture layers.

Introduction to Markov Analysis

Markov analysis is a powerful probabilistic tool used in safety assessments, particularly within the aerospace industry, to evaluate the reliability and safety of systems over time. According to the guidelines provided in ARP4761A, a standard for safety assessment of civil airborne systems, Markov analysis is utilized to model and analyze systems that may experience multiple states and transitions, especially when system components may repair and return to service.

A Markov Chain represents a system as a series of states, each with a defined probability of transitioning to another state over a given time period. In the context of safety analysis, these states often represent various operational conditions of a system—ranging from fully operational to complete failure, including intermediate degraded states. The transition rates between these states are typically governed by failure rates, repair rates, or maintenance actions.

In safety-critical systems, understanding how a system transitions between states is crucial for evaluating its reliability and safety performance. Markov analysis provides a framework to calculate the likelihood of the system being in a particular state at a given time, which is essential for predicting system behavior under normal and failure conditions.

ARP4761A recommends Markov analysis for situations where system behaviors are too complex to be accurately modeled by simpler methods like Fault Tree Analysis (FTA) or Reliability Block Diagrams (RBDs). This complexity might arise due to dependencies between components, or the ability of the system to recover from certain failures.

Pre-requisites and configuration

The Markov Analysis Addon of ATICA4CAPELLA extends the functionalities of Capella’s State Machines, enabling additional capabilities to model state transitions, component to system state matrices and all the necessary inputs to run Markov Analysis.

This feature operates at two different layers:

• Model extension: providing additional modeling options to State Machines, Modes and States and State Transitions, directly from Capella and both at Logical and Physical Architecture layers.
• Markov Solver: making use of the open-source project markovsolver4safety by Samuel García Lorente.

The addon provides the required modeling capabilities and includes a bridge to use the solver seamlessly directly from the Capella interface.
The solver could be installed either on the same PC of the user running Capella or alternatively on a different machine (server) providing the required dependencies.

Modelling state machines

Capella’s State Machines already provide the capability to model Modes and States and Transitions, including multiple features to model complex behaviours. ATICA4CAPELLA addon provides an extension to model the probability of activating a State Transition, this being the basic input for Markov Analysis.

– From the State Transition configuration panel, the new property Transition Probability is set to the required value.

– Additionally, the addon provides a new representation, the Modes/States Transition Table that allows to easily visualize transition from/to different states and its associated probability.

• The left column represents the From (source) State/Mode. The top line is the To (target) State/Mode. The number in the intersection is the probability of triggering the transition.
• An empty box means that a transition between those from/to states is not possible. A “0” means that the transition could only be activated with a specific command (the transition cannot be triggered randomly by a failure or unexpected event).

Component to System State Matrix

The proposed workflow to run the Markov analysis consists of four main steps:

• 1) Define state machines and transitions at component level (see previous section).
• 2) Define the system of interest encompassing one or more constituent components and define its target operating modes that are defined as specific combinations of states from the constituent components.
• 3) Define such combinations, by selecting in which state each constituent component is for each system mode.
• 4) Configure mission duration.

State machines and transition at component level

In the following example, two main components form the system of interest: a nominal (active) generator and a backup generator. Their respective State Machines describe the behaviour of each component.

System of interest operational modes and states

The State Machine of the system of interest is initially empty/undefined – with the help of the tool, the user will describe the intended behaviour of the system based on its constituent components. The process starts by running the Markov Analysis command.

This will create two regions on the State Machine, one named System States and the other Operational Modes. A dialog window will appear, presenting two main tables to edit each of these regions.

– The Operational Modes region presents the main outcomes foreseen for the system. In the example, the system is set to operate in three main modes: Operational, No redundancy and No operation.

• The user shall define these modes directly in the table by clicking the Add button on the top right corner.
• The Referenced States and Reliability / availability columns will be initially empty.

– These modes are reached in specific combinations of the constituent components.

• A new combination could be created by clicking the add button and manually selecting the desired combination.
• Alternatively, the next button generates all possible states, by computing all combinations of states of the constituent components (clicking this button will remove the states that may have been created previously). Note that a system with M components and N_i states per component will have up to N₁xN₂x…N_m





• The edit button allows to link the newly created states to the operational modes defined above. This will update simultaneously the Operational Mode column in this table and the Referenced States column in the table above.

By following this process, the behaviour of our System of Interest encompassing multiple components could be completely defined, providing all the required inputs to run the Markov Analysis.

Running Markov Analysis

In the dialog window, select the desired mission duration. Then, the solver will compute the probability of finding the system of interest in each of the operational modes, providing an estimation of the Reliability / Availability of the system.

The analysis is launched after clicking on Finish, the configuration window closes and a new window appears informing about the progress. Here is where the addon makes use of the solver. After completion, the results will be retrieved in the Reliability / Availability column of the operational modes table.

Future work

The current implementation allows to run the Markov analysis and retrieve the numerical results directly in the model.
In future versions, the tool will also generate documentation and provide additional representations and dashboards to retrieve the results from the analysis.

-> The Markov Analysis Addon is distributed under ATICA’s commercial licence – get in touch for additional info and request a demo.