A fast BDD algorithm for large coherent fault trees analysis

Although a binary decision diagram (BDD) algorithm has been tried to solve large fault trees until quite recently, they are not efficiently solved in a short time since the size of a BDD structure exponentially increases according to the number of variables. Furthermore, the truncation of If–Then–Else (ITE) connectives by the probability or size limit and the subsuming to delete subsets could not be directly applied to the intermediate BDD structure under construction. This is the motivation for this work.This paper presents an efficient BDD algorithm for large coherent systems (coherent BDD algorithm) by which the truncation and subsuming could be performed in the progress of the construction of the BDD structure. A set of new formulae developed in this study for AND or OR operation between two ITE connectives of a coherent system makes it possible to delete subsets and truncate ITE connectives with a probability or size limit in the intermediate BDD structure under construction. By means of the truncation and subsuming in every step of the calculation, large fault trees for coherent systems (coherent fault trees) are efficiently solved in a short time using less memory. Furthermore, the coherent BDD algorithm from the aspect of the size of a BDD structure is much less sensitive to variable ordering than the conventional BDD algorithm.     

How dependent basic events with interval-valued probabilities affect fault tree analysis

This paper studies the effect of the dependence state between basic events (BEs) on fault tree analysis (FTA) when the probabilities of events are characterized by interval values. The well-known Frèchent bounds are extended for modeling six different types of dependence states between BEs. Three indices, called average dependence effect (ADE), location effect (LE) and size effect (SE), are defined for evaluating the effect of the dependence states between BEs on the probability of top event (TE) and identifying influential and non-influential dependence states. Then, the proposed method is applied to fault tree (FT) examples, thereby explaining the dependence problem in FTA. To further verify the practicability of the method, FTA of the unilateral asymmetric movement failure of an aircraft flap mechanism is performed. The results show that: (i) the opposite and negative dependence contribute to the reliability of a parallel system while the perfect and positive dependence reduce it, (ii) the perfect and positive dependence contribute to the reliability of a series system while the opposite and negative dependence reduce it, and (iii) parallel systems are more reliable than series systems regardless of the dependence between BEs.     

Improved accuracy in quantitative fault tree analysis

The fault tree diagram defines the causes of the system failure mode or ‘top event’ in terms of the component failures and human errors, represented by basic events. By providing information which enables the basic event probability to be calculated, the fault tree can then be quantified to yield reliability parameters for the system. Fault tree quantification enables the probability of the top event to be calculated and in addition its failure rate and expected number of occurrences. Importance measures which signify the contribution each basic event makes to system failure can also be determined. Owing to the large number of failure combinations (minimal cut sets) which generally result from a fault tree study, it is not possible using conventional techniques to calculate these parameters exactly and approximations are required. The approximations usually rely on the basic events having a small likelihood of occurrence. When this condition is not met, it can result in large inaccuracies. These problems can be overcome by employing the binary decision diagram (BDD) approach. This method converts the fault tree diagram into a format which encodes Shannon's decomposition and allows the exact failure probability to be determined in a very efficient calculation procedure. This paper describes how the BDD method can be employed in fault tree quantification. © 1997 John Wiley & Sons, Ltd.     

故障树分析法在某型飞机火控系统故障诊断中的应用

故障树分析法是系统安全、可靠性分析研究中常用的一种方法。基于故障树分析法与专家系统相结合的某型飞机火控系统故障诊断仪,以机载火控系统不工作为顶事件,建立了故障树,并对故障树作了定性分析,本系统不但具有故障诊断能力,还具有较强的自学习的功能。结果表明,故障树分析法是机载火控系统故障诊断的一种有效方法。     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

A fault tree analysis strategy using binary decision diagrams

The use of binary decision diagrams (BDDs) in fault tree analysis provides both an accurate and efficient means of analysing a system. There is a problem, however, with the conversion process of the fault tree to the BDD. The variable ordering scheme chosen for the construction of the BDD has a crucial effect on its resulting size and previous research has failed to identify any scheme that is capable of producing BDDs for all fault trees. This paper proposes an analysis strategy aimed at increasing the likelihood of obtaining a BDD for any given fault tree, by ensuring the associated calculations are as efficient as possible. The method implements simplification techniques, which are applied to the fault tree to obtain a set of ‘minimal’ subtrees, equivalent to the original fault tree structure. BDDs are constructed for each, using ordering schemes most suited to their particular characteristics. Quantitative analysis is performed simultaneously on the set of BDDs to obtain the top event probability, the system unconditional failure intensity and the criticality of the basic events.     

Quantification of sequential failure logic for fault tree analysis

Fault tree analysis (FTA) is generally accepted as an efficient method for analyzing system failures. It is well known that a fault tree (FT) is equivalent to a minimal cut set fault tree with all minimal cut-AND structures. The minimal cut-AND structure is an AND conjunction of an output and all inputs that compose a minimal cut set. For the structure, the failed state of the output becomes true when all failed states of inputs exist simultaneously. There are cases where the output of the minimal cut-AND structure depends not only on all failed states of inputs but also on the sequence of occurrences of those failures. This sequential failure logic (SFL) is equivalently expressed with Priority-AND gates in FTA, where inputs to the gates have constant failure and repair rates. A probabilistic model for analysis of SFL was proposed and equations with multiple integration for arbitrary number of inputs were derived from the model. However, it is usually difficult to solve the multiple integration when the number of inputs exceeds a certain range. This paper presents analytical solutions of the probability that the output is in a failed state at time t and the statistically expected number of failures of the output per unit time at time t for the special case where inputs are characterized by common failure and repair rates. In addition, the analysis of FT involving SFL is demonstrated by means of software Mathematica.     

Development of measures to estimate truncation error in fault tree analysis

The fault tree quantification uncertainty from the truncation error has been of great concern for the reliability evaluation of large fault trees in the probabilistic safety analysis (PSA) of nuclear plants. The truncation limit is used to truncate cut sets of the gates when quantifying the fault trees. This paper presents measures to estimate the probability of the truncated cut sets, that is, the amount of truncation error. The functions to calculate the measures are programmed into the new fault tree quantifier FTREX (Fault Tree Reliability Evaluation eXpert) and a Benchmark test was performed to demonstrate the efficiency of the measures.The measures presented in this study are calculated by a single quantification of the fault tree with the assigned truncation limit. As demonstrated in the Benchmark test, lower bound of truncated probability (LBTP) and approximate truncation probability (ATP) are efficient estimators of the truncated probability. The truncation limit could be determined or validated by suppressing the measures to be less than the assigned upper limit. The truncation limit should be lowered until the truncation error is less than the assigned upper limit. Thus, the measures could be used as an acceptability of the fault tree quantification results. Furthermore, the developed measures are easily implemented into the existing fault tree solvers by adding a few subroutines to the source code.     

Application of the fault tree analysis for assessment of power system reliability

A new method for power system reliability analysis using the fault tree analysis approach is developed. The method is based on fault trees generated for each load point of the power system. The fault trees are related to disruption of energy delivery from generators to the specific load points. Quantitative evaluation of the fault trees, which represents a standpoint for assessment of reliability of power delivery, enables identification of the most important elements in the power system. The algorithm of the computer code, which facilitates the application of the method, has been applied to the IEEE test system. The power system reliability was assessed and the main contributors to power system reliability have been identified, both qualitatively and quantitatively.     

基于动态故障树的CTCS-3级ATP系统可靠性分析简

 针对传统的可靠性分析方法分析CTCS-3级ATP系统动态失效问题的不足,提出采用动态故障树分析其可靠性。首先,分析系统的结构和功能建立动态故障树模型;其次,采用深度优先最左遍历算法搜索动态故障树模型,得到独立的子树;最后,在引入可修系统可靠性指标基础上,采用解析法和马尔科夫矩阵迭代法求解子树,结合分层迭代方法对动态故障树分析法改进,以减小运算量,使得上述可靠性指标能用于CTCS-3级ATP系统的可靠性评估。计算所得可靠性指标与可靠性框图分析得到的结果对比表明：动态故障树能够更好地描述系统的冗余性和容错性等特点,提高了可靠性指标的精度。     

Component-based modeling of systems for automated fault tree generation

One of the challenges in the field of automated fault tree construction is to find an efficient modeling approach that can support modeling of different types of systems without ignoring any necessary details. In this paper, we are going to represent a new system of modeling approach for computer-aided fault tree generation. In this method, every system model is composed of some components and different types of flows propagating through them. Each component has a function table that describes its input-output relations. For the components having different operational states, there is also a state transition table. Each component can communicate with other components in the system only through its inputs and outputs. A trace-back algorithm is proposed that can be applied to the system model to generate the required fault trees. The system modeling approach and the fault tree construction algorithm are applied to a fire sprinkler system and the results are presented.     

New methods to determine the importance measures of initiating and enabling events in fault tree analysis

Components' importance measures play a very important role in system reliability analysis. They are used to identify the weakest parts of the system for design improvement, failure diagnosis and maintenance. This paper deals with the problem of determining the importance measures of basic events in case of unreliability analysis of binary coherent and non-coherent fault trees. This type of analysis is typical of catastrophic top events, characterised by unacceptable consequences. Since the unreliability of systems with repairable components cannot be exactly calculated via fault tree, the Expected Number of Failures - which is obtained by integrating the unconditional failure frequency - is considered as it represents a good upper bound. In these cases it is important to classify events as initiators or enablers since their roles in the system are different, their sequence of occurrence is different and consequently they must be treated differently. New equations based on system failure frequency are described in this paper for determining the exact importance measures of initiating and enabling events. Simple examples are provided to clarify the application of the proposed calculation methods. Compared with the exact methods available in the literature, those proposed in this paper are easier to apply by hand and are simpler to implement in a fault tree analyser.     

Computerized fault tree construction for a train braking system

A new approach for fault tree automation is proposed which is a hybrid of the digraph and decision table methods, using the best features of both. The new method is based on the flexibility of the decision table method but incorporates a way of detecting, classifying and analysing control loops, similar to the use of operators in the digraph approach. As well as using operators to deal with control loops, a new operator is introduced that deals with electrical circuits. This means that when constructing the fault trees, difficulties of handling repeated events are eliminated and the size of the fault trees is significantly reduced. The method has been tested by its application to a braking system on a train. © 1997 John Wiley & Sons, Ltd.     

Safety analysis in process facilities: Comparison of fault tree and Bayesian network approaches

Safety analysis in gas process facilities is necessary to prevent unwanted events that may cause catastrophic accidents. Accident scenario analysis with probability updating is the key to dynamic safety analysis. Although conventional failure assessment techniques such as fault tree (FT) have been used effectively for this purpose, they suffer severe limitations of static structure and uncertainty handling, which are of great significance in process safety analysis. Bayesian network (BN) is an alternative technique with ample potential for application in safety analysis. BNs have a strong similarity to FTs in many respects; however, the distinct advantages making them more suitable than FTs are their ability in explicitly representing the dependencies of events, updating probabilities, and coping with uncertainties. The objective of this paper is to demonstrate the application of BNs in safety analysis of process systems. The first part of the paper shows those modeling aspects that are common between FT and BN, giving preference to BN due to its ability to update probabilities. The second part is devoted to various modeling features of BN, helping to incorporate multi-state variables, dependent failures, functional uncertainty, and expert opinion which are frequently encountered in safety analysis, but cannot be considered by FT. The paper concludes that BN is a superior technique in safety analysis because of its flexible structure, allowing it to fit a wide variety of accident scenarios.     

An improved decomposition scheme for assessing the reliability of embedded systems by using dynamic fault trees

The theories of fault trees have been used for many years because they can easily provide a concise representation of failure behavior of general non-repairable fault tolerant systems. But the defect of traditional fault trees is lack of accuracy when modeling dynamic failure behavior of certain systems with fault-recovery process. A solution to this problem is called behavioral decomposition. A system will be divided into several dynamic or static modules, and each module can be further analyzed using binary decision diagram (BDD) or Markov chains separately. In this paper, we will show a very useful decomposition scheme that independent subtrees of a dynamic module are detected and solved hierarchically. Experimental results show that the proposed method could result in significant saving of computation time without losing unacceptable accuracy. Besides, we also present an analyzing software toolkit: DyFA (dynamic fault-trees analyzer) which implements the proposed methodology.     

Fault diagnostics of dynamic system operation using a fault tree based method

For conventional systems, their availability can be considerably improved by reducing the time taken to restore the system to the working state when faults occur. Fault identification can be a significant proportion of the time taken in the repair process. Having diagnosed the problem the restoration of the system back to its fully functioning condition can then take place. This paper expands the capability of previous approaches to fault detection and identification using fault trees for application to dynamically changing systems. The technique has two phases. The first phase is modelling and preparation carried out offline. This gathers information on the effects that sub-system failure will have on the system performance. Causes of the sub-system failures are developed in the form of fault trees. The second phase is application. Sensors are installed on the system to provide information about current system performance from which the potential causes can be deduced. A simple system example is used to demonstrate the features of the method. To illustrate the potential for the method to deal with additional system complexity and redundancy, a section from an aircraft fuel system is used. A discussion of the results is provided.     

Dot chart analysis as a means to develop a fault tree: application to a catalytic hydrogenation unit

This paper describes the application of dot chart analysis to a semicontinuous catalytic hydrogenation unit. Dot chart tables have been used as a basis for developing the recursive operability analysis and the fault trees (FTs), whose aim is to determine the safety of both the unit and its operators. The unit is formed of two reactors in parallel: the transfer of operations from one reactor to the other when its catalyst is exhausted is performed by means of the isolation systems installed for this purpose on the inlet and outlet lines. FTs assessed the expected number of leak at 3×10⁻³ occurrences per mission time. The study clearly showed that the operations could be regarded as safe, since, with minor modification to control system and operative procedure, these leaks would be of pressurised nitrogen and hence without consequences for the unit and its operators.     

Combining task analysis and fault tree analysis for accident and incident analysis: A case study from Bulgaria

Understanding the reasons for incident and accident occurrence is important for an organization's safety. Different methods have been developed to achieve this goal. To better understand the human behaviour in incident occurrence we propose an analysis concept that combines Fault Tree Analysis (FTA) and Task Analysis (TA). The former method identifies the root causes of an accident/incident, while the latter analyses the way people perform the tasks in their work environment and how they interact with machines or colleagues. These methods were complemented with the use of the Human Error Identification in System Tools (HEIST) methodology and the concept of Performance Shaping Factors (PSF) to deepen the insight into the error modes of an operator's behaviour. HEIST shows the external error modes that caused the human error and the factors that prompted the human to err. To show the validity of the approach, a case study at a Bulgarian Hydro power plant was carried out. An incident – the flooding of the plant's basement – was analysed by combining the afore-mentioned methods. The case study shows that Task Analysis in combination with other methods can be applied successfully to human error analysis, revealing details about erroneous actions in a realistic situation.     

An analytic solution for a fault tree with circular logics in which the systems are linearly interrelated

A circular logic or a logical loop is defined as the infinite circulation of supporting relations due to their mutual dependencies among the systems in the fault tree analysis. While many methods to break the circular logic have been developed and used in the fault tree quantification codes, the general solution for a circular logic is not generally known as yet. This paper presents an analytic solution for circular logics in which the systems are linearly interrelated with each other. To formulate the analytic solution, the relations among systems in the fault tree structure are described by the Boolean equations. The solution is, then, obtained from the successive substitutions of the Boolean equations, which is equivalent to the attaching processes of interrelated system's fault tree to a given fault tree. The solution for three interrelated systems and their independent fault tree structures are given as an example.