The correct operation of complex critical systems increasingly relies on the ability to detect and recover from faults. The design of Fault Detection, Isolation and Recovery (FDIR) sub-systems is highly challenging, due to the complexity of the underlying system, the number of faults to be considered and their dynamics. Existing industrial practices for FDIR are often based on ad-hoc solutions, that are conceived and developed late in the design process, and do not consider the software- and system-level RAMS analyses data (e.g., FTA and FMEA).
In this paper we propose the FAME process: a novel, model-based, integrated process for FDIR design, that addresses the shortcomings of existing practices. This process aims at enabling a consistent and timely FDIR conception, development, verification and validation. The process is supported by the FAME environment, a model-based toolset that encompasses a wide range of formal analyses, and supports the FDIR design by providing functionality to define mission and FDIR requirements, fault propagation modeling, and automated synthesis of FDIR models. The FAME process and environment have been developed within an ESA-funded study, and have been thoroughly evaluated by the industrial partners on a case study derived from the ExoMars project.