A fault tree analysis strategy using binary decision diagrams

The use of binary decision diagrams (BDDs) in fault tree analysis provides both an accurate and efficient means of analysing a system. There is a problem, however, with the conversion process of the fault tree to the BDD. The variable ordering scheme chosen for the construction of the BDD has a crucial effect on its resulting size and previous research has failed to identify any scheme that is capable of producing BDDs for all fault trees. This paper proposes an analysis strategy aimed at increasing the likelihood of obtaining a BDD for any given fault tree, by ensuring the associated calculations are as efficient as possible. The method implements simplification techniques, which are applied to the fault tree to obtain a set of ‘minimal’ subtrees, equivalent to the original fault tree structure. BDDs are constructed for each, using ordering schemes most suited to their particular characteristics. Quantitative analysis is performed simultaneously on the set of BDDs to obtain the top event probability, the system unconditional failure intensity and the criticality of the basic events.     

Criteria for evaluating protection from single points of failure for partially expanded fault trees

Fault tree analysis (FTA) is a technique that describes the combinations of events in a system which result in an undesirable outcome. FTA is used as a tool to quantitatively assess a system's probability for an undesirable outcome. Time constraints from concept to production in modern engineering often limit the opportunity for a thorough statistical analysis of a system. Furthermore, when undesirable outcomes are considered such as hazard to human(s), it becomes difficult to identify strict statistical targets for what is acceptable. Consequently, when hazard to human(s) is concerned a common design target is to protect the system from single points of failure (SPOF) which means that no failure mode caused by a single event, concern, or error has a critical consequence on the system. Such a design target is common with “by-wire” systems. FTA can be used to verify if a system is protected from SPOF. In this paper, sufficient criteria for evaluating protection from SPOF for partially expanded fault trees are proposed along with proof. The proposed criteria consider potential interactions between the lowest drawn events of a partial fault tree expansion which otherwise easily leads to an overly optimistic analysis of protection from SPOF. The analysis is limited to fault trees that are coherent and static.     

Development of measures to estimate truncation error in fault tree analysis

The fault tree quantification uncertainty from the truncation error has been of great concern for the reliability evaluation of large fault trees in the probabilistic safety analysis (PSA) of nuclear plants. The truncation limit is used to truncate cut sets of the gates when quantifying the fault trees. This paper presents measures to estimate the probability of the truncated cut sets, that is, the amount of truncation error. The functions to calculate the measures are programmed into the new fault tree quantifier FTREX (Fault Tree Reliability Evaluation eXpert) and a Benchmark test was performed to demonstrate the efficiency of the measures.The measures presented in this study are calculated by a single quantification of the fault tree with the assigned truncation limit. As demonstrated in the Benchmark test, lower bound of truncated probability (LBTP) and approximate truncation probability (ATP) are efficient estimators of the truncated probability. The truncation limit could be determined or validated by suppressing the measures to be less than the assigned upper limit. The truncation limit should be lowered until the truncation error is less than the assigned upper limit. Thus, the measures could be used as an acceptability of the fault tree quantification results. Furthermore, the developed measures are easily implemented into the existing fault tree solvers by adding a few subroutines to the source code.     

Posbist fault tree analysis of coherent systems

When the failure probability of a system is extremely small or necessary statistical data from the system is scarce, it is very difficult or impossible to evaluate its reliability and safety with conventional fault tree analysis (FTA) techniques. New techniques are needed to predict and diagnose such a system's failures and evaluate its reliability and safety. In this paper, we first provide a concise overview of FTA. Then, based on the posbist reliability theory, event failure behavior is characterized in the context of possibility measures and the structure function of the posbist fault tree of a coherent system is defined. In addition, we define the AND operator and the OR operator based on the minimal cut of a posbist fault tree. Finally, a model of posbist fault tree analysis (posbist FTA) of coherent systems is presented. The use of the model for quantitative analysis is demonstrated with a real-life safety system.     

An analytic solution for a fault tree with circular logics in which the systems are linearly interrelated

A circular logic or a logical loop is defined as the infinite circulation of supporting relations due to their mutual dependencies among the systems in the fault tree analysis. While many methods to break the circular logic have been developed and used in the fault tree quantification codes, the general solution for a circular logic is not generally known as yet. This paper presents an analytic solution for circular logics in which the systems are linearly interrelated with each other. To formulate the analytic solution, the relations among systems in the fault tree structure are described by the Boolean equations. The solution is, then, obtained from the successive substitutions of the Boolean equations, which is equivalent to the attaching processes of interrelated system's fault tree to a given fault tree. The solution for three interrelated systems and their independent fault tree structures are given as an example.     

故障树分析法在某型飞机火控系统故障诊断中的应用

故障树分析法是系统安全、可靠性分析研究中常用的一种方法。基于故障树分析法与专家系统相结合的某型飞机火控系统故障诊断仪,以机载火控系统不工作为顶事件,建立了故障树,并对故障树作了定性分析,本系统不但具有故障诊断能力,还具有较强的自学习的功能。结果表明,故障树分析法是机载火控系统故障诊断的一种有效方法。     

Application of the fault tree analysis for assessment of power system reliability

A new method for power system reliability analysis using the fault tree analysis approach is developed. The method is based on fault trees generated for each load point of the power system. The fault trees are related to disruption of energy delivery from generators to the specific load points. Quantitative evaluation of the fault trees, which represents a standpoint for assessment of reliability of power delivery, enables identification of the most important elements in the power system. The algorithm of the computer code, which facilitates the application of the method, has been applied to the IEEE test system. The power system reliability was assessed and the main contributors to power system reliability have been identified, both qualitatively and quantitatively.     

Software safety analysis of function block diagrams using fault trees

As programmable logic controllers (PLCs) are often used to implement safety–critical embedded software, safety demonstration of PLC code is needed. In this paper, we propose a fault tree analysis technique on Function Block Diagrams (FBDs) which is one of the most widely used PLC programming languages. FBD is currently being used to develop Reactor Protection System (RPS) for a nuclear power plant in South Korea. Our approach to fault tree analysis, which combines fault-oriented and cause/effect-oriented viewpoints, is easy to understand and offers systematic guidelines to ensure safety of PLC code. Domain experts found the approach to be useful through a case study on RPS, and this paper compares completeness and comprehensiveness of the semi-automatically generated fault trees using the proposed approach against the one manually prepared by nuclear safety engineers.     

Safety analysis in process facilities: Comparison of fault tree and Bayesian network approaches

Safety analysis in gas process facilities is necessary to prevent unwanted events that may cause catastrophic accidents. Accident scenario analysis with probability updating is the key to dynamic safety analysis. Although conventional failure assessment techniques such as fault tree (FT) have been used effectively for this purpose, they suffer severe limitations of static structure and uncertainty handling, which are of great significance in process safety analysis. Bayesian network (BN) is an alternative technique with ample potential for application in safety analysis. BNs have a strong similarity to FTs in many respects; however, the distinct advantages making them more suitable than FTs are their ability in explicitly representing the dependencies of events, updating probabilities, and coping with uncertainties. The objective of this paper is to demonstrate the application of BNs in safety analysis of process systems. The first part of the paper shows those modeling aspects that are common between FT and BN, giving preference to BN due to its ability to update probabilities. The second part is devoted to various modeling features of BN, helping to incorporate multi-state variables, dependent failures, functional uncertainty, and expert opinion which are frequently encountered in safety analysis, but cannot be considered by FT. The paper concludes that BN is a superior technique in safety analysis because of its flexible structure, allowing it to fit a wide variety of accident scenarios.     

Combining task analysis and fault tree analysis for accident and incident analysis: A case study from Bulgaria

Understanding the reasons for incident and accident occurrence is important for an organization's safety. Different methods have been developed to achieve this goal. To better understand the human behaviour in incident occurrence we propose an analysis concept that combines Fault Tree Analysis (FTA) and Task Analysis (TA). The former method identifies the root causes of an accident/incident, while the latter analyses the way people perform the tasks in their work environment and how they interact with machines or colleagues. These methods were complemented with the use of the Human Error Identification in System Tools (HEIST) methodology and the concept of Performance Shaping Factors (PSF) to deepen the insight into the error modes of an operator's behaviour. HEIST shows the external error modes that caused the human error and the factors that prompted the human to err. To show the validity of the approach, a case study at a Bulgarian Hydro power plant was carried out. An incident – the flooding of the plant's basement – was analysed by combining the afore-mentioned methods. The case study shows that Task Analysis in combination with other methods can be applied successfully to human error analysis, revealing details about erroneous actions in a realistic situation.     

Fault diagnostics of dynamic system operation using a fault tree based method

For conventional systems, their availability can be considerably improved by reducing the time taken to restore the system to the working state when faults occur. Fault identification can be a significant proportion of the time taken in the repair process. Having diagnosed the problem the restoration of the system back to its fully functioning condition can then take place. This paper expands the capability of previous approaches to fault detection and identification using fault trees for application to dynamically changing systems. The technique has two phases. The first phase is modelling and preparation carried out offline. This gathers information on the effects that sub-system failure will have on the system performance. Causes of the sub-system failures are developed in the form of fault trees. The second phase is application. Sensors are installed on the system to provide information about current system performance from which the potential causes can be deduced. A simple system example is used to demonstrate the features of the method. To illustrate the potential for the method to deal with additional system complexity and redundancy, a section from an aircraft fuel system is used. A discussion of the results is provided.     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

Dot chart analysis as a means to develop a fault tree: application to a catalytic hydrogenation unit

This paper describes the application of dot chart analysis to a semicontinuous catalytic hydrogenation unit. Dot chart tables have been used as a basis for developing the recursive operability analysis and the fault trees (FTs), whose aim is to determine the safety of both the unit and its operators. The unit is formed of two reactors in parallel: the transfer of operations from one reactor to the other when its catalyst is exhausted is performed by means of the isolation systems installed for this purpose on the inlet and outlet lines. FTs assessed the expected number of leak at 3×10⁻³ occurrences per mission time. The study clearly showed that the operations could be regarded as safe, since, with minor modification to control system and operative procedure, these leaks would be of pressurised nitrogen and hence without consequences for the unit and its operators.     

Min-max event-triggered computation tree logic

Very often timing verification involves the analysis of the timings of discrete events such as signal changes, sending and receiving of signals, and sensitization of edge-triggered circuit components. The main bottleneck in verifying timing properties of timed finite state machines (FSM) has been the inherent complexity of verifying timed properties (PSPACE-complete for timed extensions of computational tree logic (CTL)). Often however, we are interested in the best case or worst case timings between events. In this paper we introduce a temporal query language called Min-max Event-Triggered Computational Tree Logic for expressing such extremal queries on the timings of events and show that such queries can be evaluated in time polynomial in the size of the system times the length of the formula.     

A dynamic fault tree

The fault tree analysis is a widely used method for evaluation of systems reliability and nuclear power plants safety. This paper presents a new method, which represents extension of the classic fault tree with the time requirements. The dynamic fault tree offers a range of risk informed applications. The results show that application of dynamic fault tree may reduce the system unavailability, e.g. by the proper arrangement of outages of safety equipment. The findings suggest that dynamic fault tree is a useful tool to expand and upgrade the existing models and knowledge obtained from probabilistic safety assessment with additional and time dependent information to further reduce the plant risk.     

Gastric esophageal surgery risk analysis with a fault tree and Markov integrated model

Reliability methods have been widely used in risk analysis of medical surgeries. In this study, the authors combine a fault tree with Markov models to assess time independent- and dependent factors together. Dynamics are integrated in the traditional fault tree, and meanwhile the processes of solving Markov are simplified with the modular approach. Continuous time Markov chains are adopted in evaluating the failure probability of a gastric esophageal surgery after categorizing basic events in the fault tree, and a certain time dependent variables, such as failure rate of medical equipment, surgery frequency, and rescue timeliness are involved into risk analysis. A case is studied with data collected from a general hospital, to illustrate the operational process of the proposed method. Results based on the inputs show that taking rescue actions into consideration can reduce the gap between the result of fault tree analysis and the reality. Sensitivity analysis for measuring the impacts of the above time relevant variables is conducted, as well as limitations of the Markov model are discussed.     

How to avoid the generation of logic loops in the construction of fault trees

Generation of an infinite series of identical sub-trees may occur during the construction of a Fault Tree (FT) when one item of equipment in a plant is considered several times in the same sub-tree in the course of the tree extraction from a HazOp (Hazard Operability analysis) analysis.Generation of loops in the construction of an FT can be avoided by means of an ad hoc logical analysis in which certain simple rules of syntax are taken into account.A radical solution, however, can be obtained if identification of unwanted events in a process plant is not undertaken with conventional procedures, such as HazOp (Operability Analysis with guide words, failure mode and effect analysis (FMEA) etc.), but with a more modern and structured version, such as Recursive Operability Analysis (ROA), which is both systematic and complete, and allows direct extraction of logic trees, (FT, event trees, etc.) for subsequent quantification. This feature means that, by contrast with conventional operability analysis, the congruence of the ROA itself can be checked.The ROA method is illustrated in this paper with the aid of some simple examples.     

On the numerical solution of fault trees

In this paper an account will be given of the numerical solution of the logic trees directly extracted from the Recursive Operability Analysis. Particular attention will be devoted to the use of the NOT and INH logic gates for correct logical representation of Fault Trees prior to their quantitative resolution.The NOT gate is needed for correct logical representation of events when both non-intervention and correct intervention of a protective system may lead to a Top Event.The INH gate must be used to correctly represent the time link between two events that are both necessary, but must occur in sequence. Some numerical examples will be employed to show both the correct identification of the events entering the INH gates and how use of the AND gate instead of the INH gate leads to overestimation of the probability of occurrence of a Top Event.     

New methods to determine the importance measures of initiating and enabling events in fault tree analysis

Components' importance measures play a very important role in system reliability analysis. They are used to identify the weakest parts of the system for design improvement, failure diagnosis and maintenance. This paper deals with the problem of determining the importance measures of basic events in case of unreliability analysis of binary coherent and non-coherent fault trees. This type of analysis is typical of catastrophic top events, characterised by unacceptable consequences. Since the unreliability of systems with repairable components cannot be exactly calculated via fault tree, the Expected Number of Failures - which is obtained by integrating the unconditional failure frequency - is considered as it represents a good upper bound. In these cases it is important to classify events as initiators or enablers since their roles in the system are different, their sequence of occurrence is different and consequently they must be treated differently. New equations based on system failure frequency are described in this paper for determining the exact importance measures of initiating and enabling events. Simple examples are provided to clarify the application of the proposed calculation methods. Compared with the exact methods available in the literature, those proposed in this paper are easier to apply by hand and are simpler to implement in a fault tree analyser.     

Assigning responsibility for a structural failure

Fault Tree Analysis (FTA) is typically used during the engineering design process to plan for the avoidance of in-service failure. This paper presents a variation of FTA; this has been adapted to assist non-engineers with the identification of the causes of structural failures and to indicate the relationship between these causes and the party or parties who should accept responsibility for them. Examples are provided to illustrate the methodology and its application.