An enhanced component connection method for conversion of fault trees to binary decision diagrams

Fault tree analysis (FTA) is widely applied to assess the failure probability of industrial systems. Many computer packages are available, which are based on conventional kinetic tree theory methods. When dealing with large (possibly non-coherent) fault trees, the limitations of the technique in terms of accuracy of the solutions and the efficiency of the processing time become apparent. Over recent years, the binary decision diagram (BDD) method has been developed that solves fault trees and overcomes the disadvantages of the conventional FTA approach. First of all, a fault tree for a particular system failure mode is constructed and then converted to a BDD for analysis. This paper analyses alternative methods for the fault tree to BDD conversion process.For most fault tree to BDD conversion approaches, the basic events of the fault tree are placed in an ordering. This can dramatically affect the size of the final BDD and the success of qualitative and quantitative analyses of the system. A set of rules is then applied to each gate in the fault tree to generate the BDD. An alternative approach can also be used, where BDD constructs for each of the gate types are first built and then merged to represent a parent gate. A powerful and efficient property, sub-node sharing, is also incorporated in the enhanced method proposed in this paper. Finally, a combined approach is developed taking the best features of the alternative methods. The efficiency of the techniques is analysed and discussed.     

A simple component-connection method for building binary decision diagrams encoding a fault tree

A simple new method for building binary decision diagrams (BDDs) encoding a fault tree (FT) is provided in this study. We first decompose the FT into FT-components. Each of them is a single descendant (SD) gate-sequence. Following the node-connection rule, the BDD-component encoding an SD FT-component can each be found to be an SD node-sequence. By successively connecting the BDD-components one by one, the BDD for the entire FT is thus obtained. During the node-connection and component-connection, reduction rules might need to be applied. An example FT is used throughout the article to explain the procedure step by step.Our method proposed is a hybrid one for FT analysis. Some algorithms or techniques used in the conventional FT analysis or the newer BDD approach may be applied to our case; our ideas mentioned in the article might be referred by the two methods.     

An ordering heuristic to develop the binary decision diagram based on structural importance

Fault tree analysis is often used to assess risks within industrial systems. The technique is commonly used although there are associated limitations in terms of accuracy and efficiency when dealing with large fault tree structures. The most recent approach to aid the analysis of the fault tree diagram is the Binary Decision Diagram (BDD) methodology. To utilise the technique the fault tree structure needs to be converted into the BDD format. Converting the fault tree requires the basic events of the tree to be placed in an ordering. The ordering of the basic events is critical to the resulting size of the BDD, and ultimately affects the performance and benefits of this technique. A number of heuristic approaches have been developed to produce an optimal ordering permutation for a specific tree. These heuristic approaches do not always yield a minimal BDD structure for all trees. This paper looks at a heuristic that is based on the structural importance measure of each basic event. Comparing the resulting size of the BDD with the smallest generated from a set of six alternative ordering heuristics, this new structural heuristic produced a BDD of smaller or equal dimension on 77% of trials.     

Efficient algorithms to assess component and gate importance in fault tree analysis

One of the principal activities of risk assessment is either the ranking or the categorization of structures, systems and components with respect to their risk-significance or their safety-significance. Several measures, so-called importance factors, of such a significance have been proposed for the case where the support model is a fault tree. In this article, we show how binary decision diagrams can be use to assess efficiently a number of classical importance factors. This work completes the preliminary results obtained recently by Andrews and Sinnamon, and the authors. It deals also with the concept of joint reliability importance.     

Approximate estimation of system reliability via fault trees

In this article, we show how fault tree analysis, carried out by means of binary decision diagrams (BDD), is able to approximate reliability of systems made of independent repairable components with a good accuracy and a good efficiency. We consider four algorithms: the Murchland lower bound, the Barlow-Proschan lower bound, the Vesely full approximation and the Vesely asymptotic approximation. For each of these algorithms, we consider an implementation based on the classical minimal cut sets/rare events approach and another one relying on the BDD technology. We present numerical results obtained with both approaches on various examples.     

Software safety analysis of function block diagrams using fault trees

As programmable logic controllers (PLCs) are often used to implement safety–critical embedded software, safety demonstration of PLC code is needed. In this paper, we propose a fault tree analysis technique on Function Block Diagrams (FBDs) which is one of the most widely used PLC programming languages. FBD is currently being used to develop Reactor Protection System (RPS) for a nuclear power plant in South Korea. Our approach to fault tree analysis, which combines fault-oriented and cause/effect-oriented viewpoints, is easy to understand and offers systematic guidelines to ensure safety of PLC code. Domain experts found the approach to be useful through a case study on RPS, and this paper compares completeness and comprehensiveness of the semi-automatically generated fault trees using the proposed approach against the one manually prepared by nuclear safety engineers.     

Differential, criticality and Birnbaum importance measures: An application to basic event, groups and SSCs in event trees and binary decision diagrams

Recent works [Epstein S, Rauzy A. Can we trust PRA? Reliab Eng Syst Safety 2005; 88:195–205] have questioned the validity of traditional fault tree/event tree (FTET) representation of probabilistic risk assessment problems. In spite of whether the risk model is solved through FTET or binary decision diagrams (BDDs), importance measures need to be calculated to provide risk managers with information on the risk/safety significance of system structures and components (SSCs). In this work, we discuss the computation of the Fussel–Vesely (FV), criticality, Birnbaum, risk achievement worth (RAW) and differential importance measure (DIM) for individual basic events, basic event groups and components. For individual basic events, we show that these importance measures are linked by simple relations and that this enables to compute basic event DIMs both for FTET and BDD codes without additional model runs. We then investigate whether/how importance measures can be extended to basic event groups and components. Findings show that the estimation of a group Birnbaum or criticality importance is not possible. On the other hand, we show that the DIM of a group or of a component is exactly equal to the sum of the DIMs of the corresponding basic events and can therefore be found with no additional model runs. The above findings hold for both the FTET and the BDD methods.     

Optimal decision-making via binary decision diagrams for investments under a risky environment

This paper presents two methods for supporting investments and resource allocation in a constrained risky environment. These methods are based on the application of logical decision trees and binary decision diagrams as an approach that allows quantitative analysis of a qualitative study. The scenario considered in this paper is a decision-making process under risk environment, where stochastic variables are considered. The two novel procedures are introduced to facilitate the resource allocation as the objective of the decision-making process. The first procedure uses the analytic expression provided by binary decision diagrams as an objective function of a non-linear programing model. The second procedure introduces an importance measure that takes into account some external constraints, unlike the classical importance measures that only consider the topology of the tree. The first technique will optimise the outcomes and the second will provide a good approximation of the outcomes using simpler calculations.     

A fast BDD algorithm for large coherent fault trees analysis

Although a binary decision diagram (BDD) algorithm has been tried to solve large fault trees until quite recently, they are not efficiently solved in a short time since the size of a BDD structure exponentially increases according to the number of variables. Furthermore, the truncation of If–Then–Else (ITE) connectives by the probability or size limit and the subsuming to delete subsets could not be directly applied to the intermediate BDD structure under construction. This is the motivation for this work.This paper presents an efficient BDD algorithm for large coherent systems (coherent BDD algorithm) by which the truncation and subsuming could be performed in the progress of the construction of the BDD structure. A set of new formulae developed in this study for AND or OR operation between two ITE connectives of a coherent system makes it possible to delete subsets and truncate ITE connectives with a probability or size limit in the intermediate BDD structure under construction. By means of the truncation and subsuming in every step of the calculation, large fault trees for coherent systems (coherent fault trees) are efficiently solved in a short time using less memory. Furthermore, the coherent BDD algorithm from the aspect of the size of a BDD structure is much less sensitive to variable ordering than the conventional BDD algorithm.     

Assessment of redundant systems with imperfect coverage by means of binary decision diagrams

In this article, we study the assessment of the reliability of redundant systems with imperfect fault coverage. We term fault coverage as the ability of a system to isolate and correctly accommodate failures of redundant elements. For highly reliable systems, such as avionic and space systems, fault coverage is in general imperfect and has a significant impact on system reliability. We review here the different models of imperfect fault coverage. We propose efficient algorithms to assess them separately (as k-out-of-n selectors). We show how to implement these algorithms into a binary decision diagrams engine. Finally, we report experimental results on real life test cases that show on the one hand the importance of imperfect coverage and on the other hand the efficiency of the proposed approach.     

Fault diagnostics of dynamic system operation using a fault tree based method

For conventional systems, their availability can be considerably improved by reducing the time taken to restore the system to the working state when faults occur. Fault identification can be a significant proportion of the time taken in the repair process. Having diagnosed the problem the restoration of the system back to its fully functioning condition can then take place. This paper expands the capability of previous approaches to fault detection and identification using fault trees for application to dynamically changing systems. The technique has two phases. The first phase is modelling and preparation carried out offline. This gathers information on the effects that sub-system failure will have on the system performance. Causes of the sub-system failures are developed in the form of fault trees. The second phase is application. Sensors are installed on the system to provide information about current system performance from which the potential causes can be deduced. A simple system example is used to demonstrate the features of the method. To illustrate the potential for the method to deal with additional system complexity and redundancy, a section from an aircraft fuel system is used. A discussion of the results is provided.     

An efficient real‐time method of analysis for non‐coherent fault trees

Fault tree analysis is commonly used to assess the reliability of potentially hazardous industrial systems. The type of logic is usually restricted to AND and OR gates, which makes the fault tree structure coherent. In non‐coherent structures not only components' failures but also components' working states contribute to the failure of the system. The qualitative and quantitative analyses of such fault trees can present additional difficulties when compared with the coherent versions. It is shown that the binary decision diagram (BDD) method can overcome some of the difficulties in the analysis of non‐coherent fault trees. This paper presents the conversion process of non‐coherent fault trees to BDDs. A fault tree is converted to a BDD that represents the system structure function (SFBDD). An SFBDD can then be used to quantify the system failure parameters but is not suitable for the qualitative analysis. Established methods, such as the meta‐products BDD method, the zero‐suppressed BDD (ZBDD) method and the labelled BDD (L‐BDD) method, require an additional BDD that contains all prime implicant sets. The process using some of the methods can be time consuming and is not very efficient. In addition, in real‐time applications the conversion process is less important and the requirement is to provide an efficient analysis. Recent uses of the BDD method are for real‐time system prognosis. In such situations as events happen, or failures occur, the prediction of mission success is updated and used in the decision‐making process. Both qualitative and quantitative assessments are required for the decision making. Under these conditions fast processing and small storage requirements are essential. Fast processing is a feature of the BDD method. It would be advantageous if a single BDD structure could be used for both the qualitative and quantitative analyses. Therefore, a new method, the ternary decision diagram (TDD) method, is presented in this paper, where a fault tree is converted to a TDD that allows both qualitative and quantitative analyses and no additional BDDs are required. The efficiency of the four methods is compared using an example fault tree library. Copyright © 2008 John Wiley & Sons, Ltd.     

Quantification of sequential failure logic for fault tree analysis

Fault tree analysis (FTA) is generally accepted as an efficient method for analyzing system failures. It is well known that a fault tree (FT) is equivalent to a minimal cut set fault tree with all minimal cut-AND structures. The minimal cut-AND structure is an AND conjunction of an output and all inputs that compose a minimal cut set. For the structure, the failed state of the output becomes true when all failed states of inputs exist simultaneously. There are cases where the output of the minimal cut-AND structure depends not only on all failed states of inputs but also on the sequence of occurrences of those failures. This sequential failure logic (SFL) is equivalently expressed with Priority-AND gates in FTA, where inputs to the gates have constant failure and repair rates. A probabilistic model for analysis of SFL was proposed and equations with multiple integration for arbitrary number of inputs were derived from the model. However, it is usually difficult to solve the multiple integration when the number of inputs exceeds a certain range. This paper presents analytical solutions of the probability that the output is in a failed state at time t and the statistically expected number of failures of the output per unit time at time t for the special case where inputs are characterized by common failure and repair rates. In addition, the analysis of FT involving SFL is demonstrated by means of software Mathematica.     

Posbist fault tree analysis of coherent systems

When the failure probability of a system is extremely small or necessary statistical data from the system is scarce, it is very difficult or impossible to evaluate its reliability and safety with conventional fault tree analysis (FTA) techniques. New techniques are needed to predict and diagnose such a system's failures and evaluate its reliability and safety. In this paper, we first provide a concise overview of FTA. Then, based on the posbist reliability theory, event failure behavior is characterized in the context of possibility measures and the structure function of the posbist fault tree of a coherent system is defined. In addition, we define the AND operator and the OR operator based on the minimal cut of a posbist fault tree. Finally, a model of posbist fault tree analysis (posbist FTA) of coherent systems is presented. The use of the model for quantitative analysis is demonstrated with a real-life safety system.     

Development of measures to estimate truncation error in fault tree analysis

The fault tree quantification uncertainty from the truncation error has been of great concern for the reliability evaluation of large fault trees in the probabilistic safety analysis (PSA) of nuclear plants. The truncation limit is used to truncate cut sets of the gates when quantifying the fault trees. This paper presents measures to estimate the probability of the truncated cut sets, that is, the amount of truncation error. The functions to calculate the measures are programmed into the new fault tree quantifier FTREX (Fault Tree Reliability Evaluation eXpert) and a Benchmark test was performed to demonstrate the efficiency of the measures.The measures presented in this study are calculated by a single quantification of the fault tree with the assigned truncation limit. As demonstrated in the Benchmark test, lower bound of truncated probability (LBTP) and approximate truncation probability (ATP) are efficient estimators of the truncated probability. The truncation limit could be determined or validated by suppressing the measures to be less than the assigned upper limit. The truncation limit should be lowered until the truncation error is less than the assigned upper limit. Thus, the measures could be used as an acceptability of the fault tree quantification results. Furthermore, the developed measures are easily implemented into the existing fault tree solvers by adding a few subroutines to the source code.     

A dynamic fault tree

The fault tree analysis is a widely used method for evaluation of systems reliability and nuclear power plants safety. This paper presents a new method, which represents extension of the classic fault tree with the time requirements. The dynamic fault tree offers a range of risk informed applications. The results show that application of dynamic fault tree may reduce the system unavailability, e.g. by the proper arrangement of outages of safety equipment. The findings suggest that dynamic fault tree is a useful tool to expand and upgrade the existing models and knowledge obtained from probabilistic safety assessment with additional and time dependent information to further reduce the plant risk.     

故障树分析法在某型飞机火控系统故障诊断中的应用

故障树分析法是系统安全、可靠性分析研究中常用的一种方法。基于故障树分析法与专家系统相结合的某型飞机火控系统故障诊断仪,以机载火控系统不工作为顶事件,建立了故障树,并对故障树作了定性分析,本系统不但具有故障诊断能力,还具有较强的自学习的功能。结果表明,故障树分析法是机载火控系统故障诊断的一种有效方法。     

Combining task analysis and fault tree analysis for accident and incident analysis: A case study from Bulgaria

Understanding the reasons for incident and accident occurrence is important for an organization's safety. Different methods have been developed to achieve this goal. To better understand the human behaviour in incident occurrence we propose an analysis concept that combines Fault Tree Analysis (FTA) and Task Analysis (TA). The former method identifies the root causes of an accident/incident, while the latter analyses the way people perform the tasks in their work environment and how they interact with machines or colleagues. These methods were complemented with the use of the Human Error Identification in System Tools (HEIST) methodology and the concept of Performance Shaping Factors (PSF) to deepen the insight into the error modes of an operator's behaviour. HEIST shows the external error modes that caused the human error and the factors that prompted the human to err. To show the validity of the approach, a case study at a Bulgarian Hydro power plant was carried out. An incident – the flooding of the plant's basement – was analysed by combining the afore-mentioned methods. The case study shows that Task Analysis in combination with other methods can be applied successfully to human error analysis, revealing details about erroneous actions in a realistic situation.     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

Improved accuracy in quantitative fault tree analysis

The fault tree diagram defines the causes of the system failure mode or ‘top event’ in terms of the component failures and human errors, represented by basic events. By providing information which enables the basic event probability to be calculated, the fault tree can then be quantified to yield reliability parameters for the system. Fault tree quantification enables the probability of the top event to be calculated and in addition its failure rate and expected number of occurrences. Importance measures which signify the contribution each basic event makes to system failure can also be determined. Owing to the large number of failure combinations (minimal cut sets) which generally result from a fault tree study, it is not possible using conventional techniques to calculate these parameters exactly and approximations are required. The approximations usually rely on the basic events having a small likelihood of occurrence. When this condition is not met, it can result in large inaccuracies. These problems can be overcome by employing the binary decision diagram (BDD) approach. This method converts the fault tree diagram into a format which encodes Shannon's decomposition and allows the exact failure probability to be determined in a very efficient calculation procedure. This paper describes how the BDD method can be employed in fault tree quantification. © 1997 John Wiley & Sons, Ltd.