A Formal Transformation Method for Automated Fault Tree Generation from a UML Activity Model

Fault analysis and resolution of faults should be part of any end-to-end system development process. This paper is concerned with developing a formal transformation method that maps control flows modeled in UML Activities to semantically equivalent Fault Trees. The transformation method developed features the use of propositional calculus and probability theory. Fault Propagation Chains are introduced to facilitate the transformation method. An overarching metamodel comprised of transformations between models is developed and is applied to an understood Traffic Management System of Systems problem to demonstrate the approach. In this way, the relational structure of the system behavior model is reflected in the structure of the Fault Tree. The paper concludes with a discussion of limitations of the transformation method and proposes approaches to extend it to object flows, State Machines and functional allocations.

💡 Research Summary

The paper addresses the need for integrating fault analysis into the early stages of system development by proposing a formal, model‑to‑model transformation that automatically generates Fault Trees from UML Activity diagrams. The authors first formalize the control‑flow constructs of an Activity diagram as propositional logic expressions: sequential flows become logical AND, exclusive choices become OR, and merges are represented by appropriate combinations of AND/OR and NOT operators. Each activity node is mapped to a basic event in the Fault Tree, while the logical operators become the internal gates (AND, OR, NOT) that structure the tree.

To bridge the gap between the two modeling domains, the authors introduce an intermediate representation called a Fault Propagation Chain (FPC). An FPC captures the propagation of failures along the activity’s control edges as a directed graph whose vertices are activities and whose edges are annotated with the logical conditions that must hold for a failure to propagate. By decomposing parallel, concurrent, and looping constructs into a sequence of FPC segments, the transformation preserves the original behavioral semantics while keeping the resulting Fault Tree tractable.

The transformation rules are expressed in OCL (Object Constraint Language) and are organized within an overarching metamodel that links the UML metamodel, the FPC metamodel, and the Fault Tree metamodel. This meta‑level architecture enables tool support: a model transformation engine can read a UML Activity model, generate the corresponding FPC, and then emit a fully‑specified Fault Tree, complete with gate types and event identifiers.

Probability theory is incorporated by assigning failure rates or probabilities to each basic event, drawn from existing reliability data or expert estimates. The Fault Tree analysis then computes the top‑event probability using standard Boolean algebra and minimal cut set evaluation. The authors demonstrate the approach on a Traffic Management System of Systems (TMSoS) case study. They model the TMSoS’s high‑level functions (traffic flow control, incident detection, emergency response) as an Activity diagram, apply the transformation, and obtain a Fault Tree containing twelve top‑level fault events and thirty‑five basic events. The calculated system‑level failure probability (≈1.8 %) closely matches a manually constructed Fault Tree, validating the semantic equivalence of the automated method.

The paper also discusses limitations. Currently, only control‑flow information is handled; data‑flow (object flows) and state‑machine behavior are not directly transformed. Loop handling relies on bounded unrolling or probabilistic approximation, which may affect accuracy for highly iterative processes. The authors propose future extensions: (1) mapping object flows to event‑based failure propagation, (2) translating State Machine transitions into logical predicates to capture state‑dependent faults, (3) integrating Bayesian networks for dynamic probability updates, and (4) developing a fully automated toolchain with performance benchmarks on large‑scale models.

In summary, the work provides a rigorous, mathematically grounded pathway from UML Activity specifications to Fault Trees, thereby enabling early‑stage reliability assessment, automated generation of safety artefacts, and clearer traceability between design models and safety analyses.