New Progressive Variable Ordering for Binary Decision Diagram Analysis of Fault Trees

The binary decision diagram (BDD) is the most efficient method currently available to analyse failure modes represented by fault trees. The fault tree is converted to this alternative structure representative of the failure mode as a Boolean equation. For the conversion the basic event variables within the fault tree are required to be placed in an order. The size of the resulting BDD and therefore the efficiency of the whole methodology is dependent upon the variable ordering chosen. Most commonly the order of variables is determined prior to the conversion using a structured or weighted approach and remains fixed during the process. Although there are several ordering heuristics available, no one heuristic has been found that will guarantee a minimal BDD for all fault trees. This paper proposes a new ordering methodology which seeks to select variables during the conversion process from a fault tree, allowing different potential ordering permutations on each path of the diagram. This method is simple to implement and is applied directly to the fault tree structure. When compared against the best sized BDD produced from 11 different methodologies, it produced a BDD of equal or smaller size in 82% of test cases. In addition, the technique has shown a 34% increase in the likelihood of producing the best BDD compared with the best individual heuristic from the 11 tested. Copyright © 2005 John Wiley & Sons, Ltd.     

An efficient real‐time method of analysis for non‐coherent fault trees

Fault tree analysis is commonly used to assess the reliability of potentially hazardous industrial systems. The type of logic is usually restricted to AND and OR gates, which makes the fault tree structure coherent. In non‐coherent structures not only components' failures but also components' working states contribute to the failure of the system. The qualitative and quantitative analyses of such fault trees can present additional difficulties when compared with the coherent versions. It is shown that the binary decision diagram (BDD) method can overcome some of the difficulties in the analysis of non‐coherent fault trees. This paper presents the conversion process of non‐coherent fault trees to BDDs. A fault tree is converted to a BDD that represents the system structure function (SFBDD). An SFBDD can then be used to quantify the system failure parameters but is not suitable for the qualitative analysis. Established methods, such as the meta‐products BDD method, the zero‐suppressed BDD (ZBDD) method and the labelled BDD (L‐BDD) method, require an additional BDD that contains all prime implicant sets. The process using some of the methods can be time consuming and is not very efficient. In addition, in real‐time applications the conversion process is less important and the requirement is to provide an efficient analysis. Recent uses of the BDD method are for real‐time system prognosis. In such situations as events happen, or failures occur, the prediction of mission success is updated and used in the decision‐making process. Both qualitative and quantitative assessments are required for the decision making. Under these conditions fast processing and small storage requirements are essential. Fast processing is a feature of the BDD method. It would be advantageous if a single BDD structure could be used for both the qualitative and quantitative analyses. Therefore, a new method, the ternary decision diagram (TDD) method, is presented in this paper, where a fault tree is converted to a TDD that allows both qualitative and quantitative analyses and no additional BDDs are required. The efficiency of the four methods is compared using an example fault tree library. Copyright © 2008 John Wiley & Sons, Ltd.     

Application of the cause–consequence diagram method to static systems

In the last 30 years, various mathematical models have been used to identify the effect of component failures on the performance of a system. The most frequently used technique for system reliability assessment is Fault Tree Analysis (FTA) and a large proportion of its popularity can be attributed to the fact that it provides a very good documentation of the way that the system failure logic was developed. Exact quantification of the fault tree, however, can be problematic for very large systems and in such situations, approximations can be used. Alternatively, an exact result can be obtained via the conversion of the fault tree into a binary decision diagram (BDD). The BDD, however, loses all failure logic documentation during the conversion process.This paper outlines the use of the cause–consequence diagram method as a tool for system risk and reliability analysis. As with the FTA method, the cause–consequence diagram documents the failure logic of the system. In addition to this the cause–consequence diagram produces the exact failure probability in a very efficient calculation procedure. The cause–consequence diagram technique has been applied to a static system and shown to yield the same result as those produced by the solution of the equivalent fault tree and BDD. On the basis of this general rules have been devised for the correct construction of the cause–consequence diagram given a static system. The use of the cause–consequence method in this manner has significant implications in terms of efficiency of the reliability analysis and can be shown to have benefits for static systems.     

Analysis of large fault trees based on functional decomposition

With the advent of the Binary Decision Diagrams (BDD) approach in fault tree analysis, a significant enhancement has been achieved with respect to previous approaches, both in terms of efficiency and accuracy of the overall outcome of the analysis. However, the exponential increase of the number of nodes with the complexity of the fault tree may prevent the construction of the BDD. In these cases, the only way to complete the analysis is to reduce the complexity of the BDD by applying the truncation technique, which nevertheless implies the problem of estimating the truncation error or upper and lower bounds of the top-event unavailability.This paper describes a new method to analyze large coherent fault trees which can be advantageously applied when the working memory is not sufficient to construct the BDD. It is based on the decomposition of the fault tree into simpler disjoint fault trees containing a lower number of variables. The analysis of each simple fault tree is performed by using all the computational resources. The results from the analysis of all simpler fault trees are re-combined to obtain the results for the original fault tree.Two decomposition methods are herewith described: the first aims at determining the minimal cut sets (MCS) and the upper and lower bounds of the top-event unavailability; the second can be applied to determine the exact value of the top-event unavailability. Potentialities, limitations and possible variations of these methods will be discussed with reference to the results of their application to some complex fault trees.     

An ordering heuristic to develop the binary decision diagram based on structural importance

Fault tree analysis is often used to assess risks within industrial systems. The technique is commonly used although there are associated limitations in terms of accuracy and efficiency when dealing with large fault tree structures. The most recent approach to aid the analysis of the fault tree diagram is the Binary Decision Diagram (BDD) methodology. To utilise the technique the fault tree structure needs to be converted into the BDD format. Converting the fault tree requires the basic events of the tree to be placed in an ordering. The ordering of the basic events is critical to the resulting size of the BDD, and ultimately affects the performance and benefits of this technique. A number of heuristic approaches have been developed to produce an optimal ordering permutation for a specific tree. These heuristic approaches do not always yield a minimal BDD structure for all trees. This paper looks at a heuristic that is based on the structural importance measure of each basic event. Comparing the resulting size of the BDD with the smallest generated from a set of six alternative ordering heuristics, this new structural heuristic produced a BDD of smaller or equal dimension on 77% of trials.     

The application of Petri nets to failure analysis

Unlike the technique of fault tree analysis that has been widely applied to system failure analysis in reliability engineering, this study presents a Petri net approach to failure analysis. It is essentially a graphical method for describing relations between conditions and events. The use of Petri nets in failure analysis enables to replace logic gate functions in fault trees, efficiently obtain minimal cut sets, and absorb models. It is demonstrated that for failure analysis Petri nets are more efficient than fault trees. In addition, this study devises an alternative; namely, a trapezoidal graph method in order to account for failure scenarios. Examples validate this novel method in dealing with failure analysis.     

A fault tree analysis strategy using binary decision diagrams

The use of binary decision diagrams (BDDs) in fault tree analysis provides both an accurate and efficient means of analysing a system. There is a problem, however, with the conversion process of the fault tree to the BDD. The variable ordering scheme chosen for the construction of the BDD has a crucial effect on its resulting size and previous research has failed to identify any scheme that is capable of producing BDDs for all fault trees. This paper proposes an analysis strategy aimed at increasing the likelihood of obtaining a BDD for any given fault tree, by ensuring the associated calculations are as efficient as possible. The method implements simplification techniques, which are applied to the fault tree to obtain a set of ‘minimal’ subtrees, equivalent to the original fault tree structure. BDDs are constructed for each, using ordering schemes most suited to their particular characteristics. Quantitative analysis is performed simultaneously on the set of BDDs to obtain the top event probability, the system unconditional failure intensity and the criticality of the basic events.     

Fast Fault Tree Analysis for Hybrid Uncertainties Using Stochastic Logic Implemented on Field‐Programmable Gate Arrays: An Application in Quantitative Assessment and mitigation of Welding Defects Risk

This paper presents a stochastic logic‐based method for quantitative risk assessment using fault tree analysis (FTA) that can take into account both types of uncertainties including objective and subjective uncertainties. In the proposed method, each fault tree gate is translated to its corresponding stochastic logic template and then is implemented on a field programmable gate array (FPGA). Because the analysis does not utilize any transformation methods, the results of analysis are more accurate than those methods which are based on transformation from possibility to probability distributions or vice versa. Experimental results for a benchmark fault tree show that this method accelerates analysis time compared to conventional hybrid uncertainty analysis method and transformation methods. The efficiency of the proposed method is demonstrated by implementation in a real steel structure project. The quantitative risk assessment is performed for the incomplete penetration as one of the defects encountered in arc welding process, and its results are compared with transformation methods. The comparison results show the proposed hybrid uncertainty analysis method is also more accurate in comparison to the transformation‐based approaches. Copyright © 2016 John Wiley & Sons, Ltd.     

A New Ordering Method of Basic Events in Fault Tree Analysis

The ordering of basic events is critical to fault tree analysis on the basis of binary decision diagrams (BDDs). Many attempts have been made to seek an efficient ordering result with the aim of reducing the complexity of BDD. In this article, a new ordering method, namely, priority ordering method, is proposed. The new method takes into account not only the effects of the layers of fault tree but also the repeated events, the neighboring events, and the number of events under the same gate. According to these four effects, the priorities that sort the basic events of the fault tree are defined. The new method inherits the merits of structure‐based and weight‐based methods. It is able to evaluate the basic events on the basis of the structure‐based method and the size of the subtree on the basis of the weighted‐based method. Demonstrated by the examples, the proposed priority ordering method is superior to the existing ordering methods in terms of reducing the nodes in the BDD and improving the efficiency in transforming a fault tree to a BDD. Copyright © 2011 John Wiley & Sons, Ltd.     

Improved accuracy in quantitative fault tree analysis

The fault tree diagram defines the causes of the system failure mode or ‘top event’ in terms of the component failures and human errors, represented by basic events. By providing information which enables the basic event probability to be calculated, the fault tree can then be quantified to yield reliability parameters for the system. Fault tree quantification enables the probability of the top event to be calculated and in addition its failure rate and expected number of occurrences. Importance measures which signify the contribution each basic event makes to system failure can also be determined. Owing to the large number of failure combinations (minimal cut sets) which generally result from a fault tree study, it is not possible using conventional techniques to calculate these parameters exactly and approximations are required. The approximations usually rely on the basic events having a small likelihood of occurrence. When this condition is not met, it can result in large inaccuracies. These problems can be overcome by employing the binary decision diagram (BDD) approach. This method converts the fault tree diagram into a format which encodes Shannon's decomposition and allows the exact failure probability to be determined in a very efficient calculation procedure. This paper describes how the BDD method can be employed in fault tree quantification. © 1997 John Wiley & Sons, Ltd.     

Posbist fault tree analysis of coherent systems

When the failure probability of a system is extremely small or necessary statistical data from the system is scarce, it is very difficult or impossible to evaluate its reliability and safety with conventional fault tree analysis (FTA) techniques. New techniques are needed to predict and diagnose such a system's failures and evaluate its reliability and safety. In this paper, we first provide a concise overview of FTA. Then, based on the posbist reliability theory, event failure behavior is characterized in the context of possibility measures and the structure function of the posbist fault tree of a coherent system is defined. In addition, we define the AND operator and the OR operator based on the minimal cut of a posbist fault tree. Finally, a model of posbist fault tree analysis (posbist FTA) of coherent systems is presented. The use of the model for quantitative analysis is demonstrated with a real-life safety system.     

SMV model-based safety analysis of software requirements

Fault tree analysis (FTA) is one of the most frequently applied safety analysis techniques when developing safety-critical industrial systems such as software-based emergency shutdown systems of nuclear power plants and has been used for safety analysis of software requirements in the nuclear industry. However, the conventional method for safety analysis of software requirements has several problems in terms of correctness and efficiency; the fault tree generated from natural language specifications may contain flaws or errors while the manual work of safety verification is very labor-intensive and time-consuming. In this paper, we propose a new approach to resolve problems of the conventional method; we generate a fault tree from a symbolic model verifier (SMV) model, not from natural language specifications, and verify safety properties automatically, not manually, by a model checker SMV. To demonstrate the feasibility of this approach, we applied it to shutdown system 2 (SDS2) of Wolsong nuclear power plant (NPP). In spite of subtle ambiguities present in the approach, the results of this case study demonstrate its overall feasibility and effectiveness.     

Integrated reliability analysis system (IRAS)

This paper will introduce a computer aided reliability analysis system, IRAS, which is a Unix-based software package. It provides the following features: a model builder, failure mode effect and criticality analysis (FMECA), fault tree synthesis and analysis (FTA) and real time fault location (RTFL). 1. The model builder allows the creation of reliability models for production systems, which are able to reflect the initiation and propagation of serious deviations outside the production and performance tolerances. The modelling procedure allows hierarchical modelling. 2. The failure mode effect and criticality analysis (FMECA) option uses the causal trees and cause-consequence diagrams that are created automatically from the IRAS model data base. The trees can be analysed by the user and the basic events can be grouped according to their criticality, probability and severity. 3. The fault tree analysis and synthesis (FTA) option enables the graphical analysis of fault trees. The generated tree can be trimmed automatically or by the user. It is also possible to extract the minimal cut-set from the complete tree. 4. RTFL enables the fast detection of the most probable fault locations in the system, during the continuous measuring of sensors of the production system and comparing the signals with the expected values of the stored operational vector. It alarms the user in case of serious deviations, thus reducing the out of work stage of the system by making quicker and more efficient reaction of the maintenance facility operators. The failure searching time reduction results in lower maintenance cost.     

Criteria for evaluating protection from single points of failure for partially expanded fault trees

Fault tree analysis (FTA) is a technique that describes the combinations of events in a system which result in an undesirable outcome. FTA is used as a tool to quantitatively assess a system's probability for an undesirable outcome. Time constraints from concept to production in modern engineering often limit the opportunity for a thorough statistical analysis of a system. Furthermore, when undesirable outcomes are considered such as hazard to human(s), it becomes difficult to identify strict statistical targets for what is acceptable. Consequently, when hazard to human(s) is concerned a common design target is to protect the system from single points of failure (SPOF) which means that no failure mode caused by a single event, concern, or error has a critical consequence on the system. Such a design target is common with “by-wire” systems. FTA can be used to verify if a system is protected from SPOF. In this paper, sufficient criteria for evaluating protection from SPOF for partially expanded fault trees are proposed along with proof. The proposed criteria consider potential interactions between the lowest drawn events of a partial fault tree expansion which otherwise easily leads to an overly optimistic analysis of protection from SPOF. The analysis is limited to fault trees that are coherent and static.     

A simple component-connection method for building binary decision diagrams encoding a fault tree

A simple new method for building binary decision diagrams (BDDs) encoding a fault tree (FT) is provided in this study. We first decompose the FT into FT-components. Each of them is a single descendant (SD) gate-sequence. Following the node-connection rule, the BDD-component encoding an SD FT-component can each be found to be an SD node-sequence. By successively connecting the BDD-components one by one, the BDD for the entire FT is thus obtained. During the node-connection and component-connection, reduction rules might need to be applied. An example FT is used throughout the article to explain the procedure step by step.Our method proposed is a hybrid one for FT analysis. Some algorithms or techniques used in the conventional FT analysis or the newer BDD approach may be applied to our case; our ideas mentioned in the article might be referred by the two methods.     

A fast BDD algorithm for large coherent fault trees analysis

Although a binary decision diagram (BDD) algorithm has been tried to solve large fault trees until quite recently, they are not efficiently solved in a short time since the size of a BDD structure exponentially increases according to the number of variables. Furthermore, the truncation of If–Then–Else (ITE) connectives by the probability or size limit and the subsuming to delete subsets could not be directly applied to the intermediate BDD structure under construction. This is the motivation for this work.This paper presents an efficient BDD algorithm for large coherent systems (coherent BDD algorithm) by which the truncation and subsuming could be performed in the progress of the construction of the BDD structure. A set of new formulae developed in this study for AND or OR operation between two ITE connectives of a coherent system makes it possible to delete subsets and truncate ITE connectives with a probability or size limit in the intermediate BDD structure under construction. By means of the truncation and subsuming in every step of the calculation, large fault trees for coherent systems (coherent fault trees) are efficiently solved in a short time using less memory. Furthermore, the coherent BDD algorithm from the aspect of the size of a BDD structure is much less sensitive to variable ordering than the conventional BDD algorithm.     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

Hybrid fault tree analysis using fuzzy sets

In conventional fault tree analysis (FTA), the ambiguous and imprecise events such as human errors tend not to be handled effectively. To overcome this disadvantage, a hybrid approach employing fuzzy set evaluation and probabilistic estimation for FTA is proposed to evaluate abnormal events. The safety problem of unexpected robot motion in an aircraft wing drilling system was analyzed using the proposed method. The results indicated that the proposed approach is very effective in analyzing the reliability of a man-machine system.     

Fault tree truncation error bounds

The solution of large fault trees can only performed if cut sets of a high order or low probability are neglected. This procedure is non-pessimistic since possible contributions to the top gate failure probability are ignored. Since the number of cut sets neglected is generally large, it is possible that their total contribution is significant compared to the total probability of those cut sets included in the evaluation of the top gate failure probability.In this paper a practical method for the estimation of upper bounds on the total failure probability of cuts sets of a given order is presented. This allows bounds on the contribution of all the cut sets neglected through cut-off procedures in fault tree solutions to be calculated, and so validate the top event failure probability. The method given here is much superior to that suggested by Modarres and Dezfuli in that it produces much lower and hence more useful bounds. The method of Modarres and Dezfuli can be refined, but for realistic fault tree examples the method given here always gives the least pessimistic and most practical bounds.     

Probabilistic Fault Diagnosis of Safety Instrumented Systems based on Fault Tree Analysis and Bayesian Network

Safety instrumented systems (SISs) are used in the oil and gas industry to detect the onset of hazardous events and/or to mitigate their consequences to humans, assets, and environment. A relevant problem concerning these systems is failure diagnosis. Diagnostic procedures are then required to determine the most probable source of undetected dangerous failures that prevent the system to perform its function. This paper presents a probabilistic fault diagnosis approach of SIS. This is a hybrid approach based on fault tree analysis (FTA) and Bayesian network (BN). Indeed, the minimal cut sets as the potential sources of SIS failure were generated via qualitative analysis of FTA, while diagnosis importance factor of components was calculated by converting the standard FTA in an equivalent BN. The final objective is using diagnosis data to generate a diagnosis map that will be useful to guide repair actions. A diagnosis aid system is developed and implemented under SWI-Prolog tool to facilitate testing and diagnosing of SIS.