Abstract:

TRS is a safety-critical aero-engine system. In response to the inadequacies of conventional safety analysis techniques in addressing the complexities associated with multilevel coupling and cross-linking of multiple systems concerning system interaction and closed-loop design specifications, this study proposes a method that integrates STPA and MBSA. By establishing a whole-process analysis framework from system requirement capture to verification, an overall system model was constructed through the use of SysML to reveal the architectural principles. The STPA method was employed to define 4 types of system-level losses (accidents) and 8 types of system-level hazards, construct a TRS feedback control structure model, identify 11 unsafe control actions (UCAs), derive causal scenarios, and assign respective safety levels. Using the model checking tool new symbolic model verifier (NuSMV), fault and nominal models were constructed to verify critical system safety properties. The results demonstrate that the proposed model possesses logical integrity and correctness, and indicate that the probability of "Thrust Reverser Non-Command Open in Air," as determined from minimal cut set, is 1.95×10^-10 per flight hour, thereby meeting the safety requirement of a failure probability of less than 10^-9 per flight hour.

Key words: aero-engine, systems-theoretic process analysis(STPA), model based safety analysis(MBSA), thrust reverser system(TRS), safety analysis, systems modeling language(SysML)