An enhanced component connection method for conversion of fault trees to binary decision diagrams

Fault tree analysis (FTA) is widely applied to assess the failure probability of industrial systems. Many computer packages are available, which are based on conventional kinetic tree theory methods. When dealing with large (possibly non-coherent) fault trees, the limitations of the technique in terms of accuracy of the solutions and the efficiency of the processing time become apparent. Over recent years, the binary decision diagram (BDD) method has been developed that solves fault trees and overcomes the disadvantages of the conventional FTA approach. First of all, a fault tree for a particular system failure mode is constructed and then converted to a BDD for analysis. This paper analyses alternative methods for the fault tree to BDD conversion process.For most fault tree to BDD conversion approaches, the basic events of the fault tree are placed in an ordering. This can dramatically affect the size of the final BDD and the success of qualitative and quantitative analyses of the system. A set of rules is then applied to each gate in the fault tree to generate the BDD. An alternative approach can also be used, where BDD constructs for each of the gate types are first built and then merged to represent a parent gate. A powerful and efficient property, sub-node sharing, is also incorporated in the enhanced method proposed in this paper. Finally, a combined approach is developed taking the best features of the alternative methods. The efficiency of the techniques is analysed and discussed.     

Integrated reliability analysis system (IRAS)

This paper will introduce a computer aided reliability analysis system, IRAS, which is a Unix-based software package. It provides the following features: a model builder, failure mode effect and criticality analysis (FMECA), fault tree synthesis and analysis (FTA) and real time fault location (RTFL). 1. The model builder allows the creation of reliability models for production systems, which are able to reflect the initiation and propagation of serious deviations outside the production and performance tolerances. The modelling procedure allows hierarchical modelling. 2. The failure mode effect and criticality analysis (FMECA) option uses the causal trees and cause-consequence diagrams that are created automatically from the IRAS model data base. The trees can be analysed by the user and the basic events can be grouped according to their criticality, probability and severity. 3. The fault tree analysis and synthesis (FTA) option enables the graphical analysis of fault trees. The generated tree can be trimmed automatically or by the user. It is also possible to extract the minimal cut-set from the complete tree. 4. RTFL enables the fast detection of the most probable fault locations in the system, during the continuous measuring of sensors of the production system and comparing the signals with the expected values of the stored operational vector. It alarms the user in case of serious deviations, thus reducing the out of work stage of the system by making quicker and more efficient reaction of the maintenance facility operators. The failure searching time reduction results in lower maintenance cost.     

A logical model for quantification of occupational risk

Functional block diagrams (FBDs) and their equivalent event trees are introduced as logical models in the quantification of occupational risks. Although a FBD is similar to an influence diagram or a belief network it provides a framework for introduction in a compact form of the logic of the model through the partition of the paths of the equivalent event tree. This is achieved by consideration of an overall event which has as outcomes the outmost consequences defining the risk under analysis. This event is decomposed into simpler events the outcome space of which is partitioned into subsets corresponding to the outcomes of the initial joint event. The simpler events can be further decomposed into simpler events creating a hierarchy where the events in a given level (parents) are decomposed to a number of simpler events (children) in the next level of the hierarchy. The partitioning of the outcome space is transferred from level to level through logical relationships corresponding to the logic of the model.Occupational risk is modeled trough a general FBD where the undesirable health consequence is decomposed to “dose” and “dose/response”; “dose” is decomposed to “center event” and “mitigation”; “center event” is decomposed to “initiating event” and “prevention”. This generic FBD can be transformed to activity—specific FBDs which together with their equivalent event trees are used to delineate the various accident sequences that might lead to injury or death consequences.The methodology and the associated algorithms have been computerized in a program with a graphical user interface (GUI) which allows the user to input the functional relationships between parent and children events, corresponding probabilities for events of the lowest level and obtain at the end the quantified corresponding simplified event tree.The methodology is demonstrated with an application to the risk of falling from a mobile ladder. This type of accidents has been analyzed as part of the Workgroup Occupational Risk Model (WORM) project in the Netherlands aiming at the development and quantification of models for a full range of potential risks from accidents in the workspace.     

Posbist fault tree analysis of coherent systems

When the failure probability of a system is extremely small or necessary statistical data from the system is scarce, it is very difficult or impossible to evaluate its reliability and safety with conventional fault tree analysis (FTA) techniques. New techniques are needed to predict and diagnose such a system's failures and evaluate its reliability and safety. In this paper, we first provide a concise overview of FTA. Then, based on the posbist reliability theory, event failure behavior is characterized in the context of possibility measures and the structure function of the posbist fault tree of a coherent system is defined. In addition, we define the AND operator and the OR operator based on the minimal cut of a posbist fault tree. Finally, a model of posbist fault tree analysis (posbist FTA) of coherent systems is presented. The use of the model for quantitative analysis is demonstrated with a real-life safety system.     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

Assessment of fire vulnerability for nuclear power plant safety systems by combining fault-and success-oriented logic with physical models

The time behaviour of potential accident sequences may carry important information regarding nuclear power plant (NPP) safety operation and shutdown. In the case of external and environmental events, the ability of NPP components to operate correctly can be changed dramatically in a short time. In contrast to the failures caused by internal events, these two groups of undesirable events may lead to dynamic dependent failures among components of one or several systems. Such kinds of failure should be taken into account in the models of NPP behaviour. To evaluate how successfully the tasks of the safety systems will be carded out, logical models such as fault trees are usually used. The fault trees are not efficient at describing the short-term changes of the failure probabilities for system components. A method that has some advantages over the pure fault tree logic is proposed. The main features of the method are demonstrated by using examples.     

Application of the cause–consequence diagram method to static systems

In the last 30 years, various mathematical models have been used to identify the effect of component failures on the performance of a system. The most frequently used technique for system reliability assessment is Fault Tree Analysis (FTA) and a large proportion of its popularity can be attributed to the fact that it provides a very good documentation of the way that the system failure logic was developed. Exact quantification of the fault tree, however, can be problematic for very large systems and in such situations, approximations can be used. Alternatively, an exact result can be obtained via the conversion of the fault tree into a binary decision diagram (BDD). The BDD, however, loses all failure logic documentation during the conversion process.This paper outlines the use of the cause–consequence diagram method as a tool for system risk and reliability analysis. As with the FTA method, the cause–consequence diagram documents the failure logic of the system. In addition to this the cause–consequence diagram produces the exact failure probability in a very efficient calculation procedure. The cause–consequence diagram technique has been applied to a static system and shown to yield the same result as those produced by the solution of the equivalent fault tree and BDD. On the basis of this general rules have been devised for the correct construction of the cause–consequence diagram given a static system. The use of the cause–consequence method in this manner has significant implications in terms of efficiency of the reliability analysis and can be shown to have benefits for static systems.     

基于梯形模糊数的数控磨床砂轮架系统故障树分析

数控磨床砂轮架系统故障树分析中的一大难点是确定基本事件的发生概率,基本事件的发生情况存在模糊性且由于时间和成本的限制往往无法通过实验获得足够的可靠性数据。为了解决这一问题,引入模糊集合论,用梯形模糊数来描述故障树分析中的基本事件和顶事件的发生概率。首先对数控磨床砂轮架系统的结构层次进行分析,建立砂轮架系统的故障树。然后以砂轮架系统主轴振动异响为例进行模糊故障树分析,求解顶事件发生概率的梯形模糊数;并类比传统故障树分析中"临界重要度"的概念,定义适用于模糊故障树分析的"模糊临界重要度"。最后根据求解的模糊临界重要度对基本事件进行排序,确定危害程度较高的基本事件,结果与企业的实际情况相符合。结果表明该方法能够有效解决数控磨床故障树分析中基本事件难于准确赋值的问题,为企业提高机械系统的可靠性提供了一种定量依据。     

A fault tree analysis strategy using binary decision diagrams

The use of binary decision diagrams (BDDs) in fault tree analysis provides both an accurate and efficient means of analysing a system. There is a problem, however, with the conversion process of the fault tree to the BDD. The variable ordering scheme chosen for the construction of the BDD has a crucial effect on its resulting size and previous research has failed to identify any scheme that is capable of producing BDDs for all fault trees. This paper proposes an analysis strategy aimed at increasing the likelihood of obtaining a BDD for any given fault tree, by ensuring the associated calculations are as efficient as possible. The method implements simplification techniques, which are applied to the fault tree to obtain a set of ‘minimal’ subtrees, equivalent to the original fault tree structure. BDDs are constructed for each, using ordering schemes most suited to their particular characteristics. Quantitative analysis is performed simultaneously on the set of BDDs to obtain the top event probability, the system unconditional failure intensity and the criticality of the basic events.     

基于FMEA和FTA的老年人汽车人机界面交互设计研究

目的 提升老年人汽车界面满意度,设计适合老年人使用的汽车界面.方法 提出基于失效模式与效应分析(FMEA)、故障树分析(FTA)的研究方法,首先成立会议小组进行SHERPA分析,绘制汽车界面层次任务分析图;随后运用FMEA找出汽车界面中的潜在失效模式,计算风险优先数值;接着选取风险优先数值高的失效模式,运用FTA寻找其发生的原因,对其以图形化表示;再对故障树进行定性定量分析,计算故障树的最小切集和失效事件发生概率,找到失效发生的核心因素;最后对失效事件进行改良并对改良后的结果进行验证.结论 以老年人汽车界面为例进行研究,该方法可以有效发现老年人操作汽车界面发生错误的原因,不仅可以帮助设计师找到改良的重点,还可以使老年人获得良好的驾驶体验.     

The application of Petri nets to failure analysis

Unlike the technique of fault tree analysis that has been widely applied to system failure analysis in reliability engineering, this study presents a Petri net approach to failure analysis. It is essentially a graphical method for describing relations between conditions and events. The use of Petri nets in failure analysis enables to replace logic gate functions in fault trees, efficiently obtain minimal cut sets, and absorb models. It is demonstrated that for failure analysis Petri nets are more efficient than fault trees. In addition, this study devises an alternative; namely, a trapezoidal graph method in order to account for failure scenarios. Examples validate this novel method in dealing with failure analysis.     

微型变压吸附制氧机FTA与FMEA分析

介绍了FTA和FMEA分析方法 ,并对微型变压吸附制氧机进行了风险分析。结果表明 ,导致微型变压吸附制氧机失效的主要可能因素是压缩机失效和控制失效 ,应从设计、检验和生产等过程进行严格控制 ,确保产品的可靠性 ;微型变压吸附制氧机发生危害的性质和发生的频次证实了其使用风险很小 ,其故障危害度均为最低等级 4级 ,是可以接受的     

State/event fault trees—A safety analysis model for software-controlled systems

Safety models for software-controlled systems should be intuitive, compositional and have the expressive power to model both software and hardware behaviour. Moreover, they should provide quantitative results for failure or hazard probabilities. Fault trees are an accepted and intuitive model for safety analysis, but they are incapable of expressing state dependencies or temporal order of events. We propose to combine fault trees with an explicit State/Event semantics, using a graphical notation that is similar to Statecharts. Our new model, named State/Event Fault Trees (SEFTs), subsumes both deterministic state machines suited to describe software behaviour, and Markov chains that model probabilistic failures, while keeping the visualisation of causal chains known from fault trees. We allow exponentially distributed probabilistic events, deterministic delays, and triggered events. The model provides a component concept, where components are connected by typed ports. Quantitative evaluation is achieved by translating the component models to Deterministic and Stochastic Petri Nets (DSPNs) and using an existing tool for analysis or simulation. This paper, which is an extended version of [Kaiser B, Gramlich C. State-Event-Fault-Trees—a safety analysis model for software controlled systems. Computer safety, reliability, and security. Proceedings of the 23rd international conference, SAFECOMP 2004, Potsdam, Germany, September 21st–24th. Lecture Notes in Computer Science, vol. 3219, 2004.p. 195–209], revisits the model elements and the analysis procedure and provides a small case study of a fire alarm system, completed by an outlook on our tool project ESSaRel.     

How dependent basic events with interval-valued probabilities affect fault tree analysis

This paper studies the effect of the dependence state between basic events (BEs) on fault tree analysis (FTA) when the probabilities of events are characterized by interval values. The well-known Frèchent bounds are extended for modeling six different types of dependence states between BEs. Three indices, called average dependence effect (ADE), location effect (LE) and size effect (SE), are defined for evaluating the effect of the dependence states between BEs on the probability of top event (TE) and identifying influential and non-influential dependence states. Then, the proposed method is applied to fault tree (FT) examples, thereby explaining the dependence problem in FTA. To further verify the practicability of the method, FTA of the unilateral asymmetric movement failure of an aircraft flap mechanism is performed. The results show that: (i) the opposite and negative dependence contribute to the reliability of a parallel system while the perfect and positive dependence reduce it, (ii) the perfect and positive dependence contribute to the reliability of a series system while the opposite and negative dependence reduce it, and (iii) parallel systems are more reliable than series systems regardless of the dependence between BEs.     

Probabilistic Fault Diagnosis of Safety Instrumented Systems based on Fault Tree Analysis and Bayesian Network

Safety instrumented systems (SISs) are used in the oil and gas industry to detect the onset of hazardous events and/or to mitigate their consequences to humans, assets, and environment. A relevant problem concerning these systems is failure diagnosis. Diagnostic procedures are then required to determine the most probable source of undetected dangerous failures that prevent the system to perform its function. This paper presents a probabilistic fault diagnosis approach of SIS. This is a hybrid approach based on fault tree analysis (FTA) and Bayesian network (BN). Indeed, the minimal cut sets as the potential sources of SIS failure were generated via qualitative analysis of FTA, while diagnosis importance factor of components was calculated by converting the standard FTA in an equivalent BN. The final objective is using diagnosis data to generate a diagnosis map that will be useful to guide repair actions. A diagnosis aid system is developed and implemented under SWI-Prolog tool to facilitate testing and diagnosing of SIS.     

Quantification of sequential failure logic for fault tree analysis

Fault tree analysis (FTA) is generally accepted as an efficient method for analyzing system failures. It is well known that a fault tree (FT) is equivalent to a minimal cut set fault tree with all minimal cut-AND structures. The minimal cut-AND structure is an AND conjunction of an output and all inputs that compose a minimal cut set. For the structure, the failed state of the output becomes true when all failed states of inputs exist simultaneously. There are cases where the output of the minimal cut-AND structure depends not only on all failed states of inputs but also on the sequence of occurrences of those failures. This sequential failure logic (SFL) is equivalently expressed with Priority-AND gates in FTA, where inputs to the gates have constant failure and repair rates. A probabilistic model for analysis of SFL was proposed and equations with multiple integration for arbitrary number of inputs were derived from the model. However, it is usually difficult to solve the multiple integration when the number of inputs exceeds a certain range. This paper presents analytical solutions of the probability that the output is in a failed state at time t and the statistically expected number of failures of the output per unit time at time t for the special case where inputs are characterized by common failure and repair rates. In addition, the analysis of FT involving SFL is demonstrated by means of software Mathematica.     

Hybrid fault tree analysis using fuzzy sets

In conventional fault tree analysis (FTA), the ambiguous and imprecise events such as human errors tend not to be handled effectively. To overcome this disadvantage, a hybrid approach employing fuzzy set evaluation and probabilistic estimation for FTA is proposed to evaluate abnormal events. The safety problem of unexpected robot motion in an aircraft wing drilling system was analyzed using the proposed method. The results indicated that the proposed approach is very effective in analyzing the reliability of a man-machine system.     

Modelling and quantification of dependent repeatable human errors in system analysis and risk assessment

General equations and numerical tables are developed for quantification of the probabilities of sequentially dependent repeatable human errors. Such errors are typically associated with testing, maintenance or calibration (called “pre-accident” or “pre-initiator” tasks) of redundant safety systems. Guidance is presented for incorporating dependent events in large system fault tree analysis using implicit or explicit methods. Exact relationships between these methods as well as numerical tables and simple approximate methods for system analysis are described. Analytical results are presented for a general human error model while the numerical tables are valid for a specific Handbook (THERP) model. Relationships are pointed out with earlier methods and guides proposed for error probability quantification.     

New methods to determine the importance measures of initiating and enabling events in fault tree analysis

Components' importance measures play a very important role in system reliability analysis. They are used to identify the weakest parts of the system for design improvement, failure diagnosis and maintenance. This paper deals with the problem of determining the importance measures of basic events in case of unreliability analysis of binary coherent and non-coherent fault trees. This type of analysis is typical of catastrophic top events, characterised by unacceptable consequences. Since the unreliability of systems with repairable components cannot be exactly calculated via fault tree, the Expected Number of Failures - which is obtained by integrating the unconditional failure frequency - is considered as it represents a good upper bound. In these cases it is important to classify events as initiators or enablers since their roles in the system are different, their sequence of occurrence is different and consequently they must be treated differently. New equations based on system failure frequency are described in this paper for determining the exact importance measures of initiating and enabling events. Simple examples are provided to clarify the application of the proposed calculation methods. Compared with the exact methods available in the literature, those proposed in this paper are easier to apply by hand and are simpler to implement in a fault tree analyser.