Fault diagnostics of dynamic system operation using a fault tree based method

For conventional systems, their availability can be considerably improved by reducing the time taken to restore the system to the working state when faults occur. Fault identification can be a significant proportion of the time taken in the repair process. Having diagnosed the problem the restoration of the system back to its fully functioning condition can then take place. This paper expands the capability of previous approaches to fault detection and identification using fault trees for application to dynamically changing systems. The technique has two phases. The first phase is modelling and preparation carried out offline. This gathers information on the effects that sub-system failure will have on the system performance. Causes of the sub-system failures are developed in the form of fault trees. The second phase is application. Sensors are installed on the system to provide information about current system performance from which the potential causes can be deduced. A simple system example is used to demonstrate the features of the method. To illustrate the potential for the method to deal with additional system complexity and redundancy, a section from an aircraft fuel system is used. A discussion of the results is provided.     

A dynamic fault tree

The fault tree analysis is a widely used method for evaluation of systems reliability and nuclear power plants safety. This paper presents a new method, which represents extension of the classic fault tree with the time requirements. The dynamic fault tree offers a range of risk informed applications. The results show that application of dynamic fault tree may reduce the system unavailability, e.g. by the proper arrangement of outages of safety equipment. The findings suggest that dynamic fault tree is a useful tool to expand and upgrade the existing models and knowledge obtained from probabilistic safety assessment with additional and time dependent information to further reduce the plant risk.     

故障树分析法在某型飞机火控系统故障诊断中的应用

故障树分析法是系统安全、可靠性分析研究中常用的一种方法。基于故障树分析法与专家系统相结合的某型飞机火控系统故障诊断仪,以机载火控系统不工作为顶事件,建立了故障树,并对故障树作了定性分析,本系统不但具有故障诊断能力,还具有较强的自学习的功能。结果表明,故障树分析法是机载火控系统故障诊断的一种有效方法。     

Application of the fault tree analysis for assessment of power system reliability

A new method for power system reliability analysis using the fault tree analysis approach is developed. The method is based on fault trees generated for each load point of the power system. The fault trees are related to disruption of energy delivery from generators to the specific load points. Quantitative evaluation of the fault trees, which represents a standpoint for assessment of reliability of power delivery, enables identification of the most important elements in the power system. The algorithm of the computer code, which facilitates the application of the method, has been applied to the IEEE test system. The power system reliability was assessed and the main contributors to power system reliability have been identified, both qualitatively and quantitatively.     

Computerized fault tree construction for a train braking system

A new approach for fault tree automation is proposed which is a hybrid of the digraph and decision table methods, using the best features of both. The new method is based on the flexibility of the decision table method but incorporates a way of detecting, classifying and analysing control loops, similar to the use of operators in the digraph approach. As well as using operators to deal with control loops, a new operator is introduced that deals with electrical circuits. This means that when constructing the fault trees, difficulties of handling repeated events are eliminated and the size of the fault trees is significantly reduced. The method has been tested by its application to a braking system on a train. © 1997 John Wiley & Sons, Ltd.     

基于AHP的测试性分配方法研究

针对目前所采用的测试性分配方法的不足,提出了测试性分配分析框架,将产品复杂程度、测试性实现费用、技术水平、工作时间以及环境条件作为影响测试性分配的5项因素,引入层次分析法(AHP)确定各机构的重要性影响权重系数,确定了对测试性分配进行定量分析的方法。算例分析结果证明了该方法的合理性及可行性。     

Fault tree construction of hybrid system requirements using qualitative formal method

When specifying requirements for software controlling hybrid systems and conducting safety analysis, engineers experience that requirements are often known only in qualitative terms and that existing fault tree analysis techniques provide little guidance on formulating and evaluating potential failure modes. In this paper, we propose Causal Requirements Safety Analysis (CRSA) as a technique to qualitatively evaluate causal relationship between software faults and physical hazards. This technique, extending qualitative formal method process and utilizing information captured in the state trajectory, provides specific guidelines on how to identify failure modes and relationship among them. Using a simplified electrical power system as an example, we describe step-by-step procedures of conducting CRSA. Our experience of applying CRSA to perform fault tree analysis on requirements for the Wolsong nuclear power plant shutdown system indicates that CRSA is an effective technique in assisting safety engineers.     

Posbist fault tree analysis of coherent systems

When the failure probability of a system is extremely small or necessary statistical data from the system is scarce, it is very difficult or impossible to evaluate its reliability and safety with conventional fault tree analysis (FTA) techniques. New techniques are needed to predict and diagnose such a system's failures and evaluate its reliability and safety. In this paper, we first provide a concise overview of FTA. Then, based on the posbist reliability theory, event failure behavior is characterized in the context of possibility measures and the structure function of the posbist fault tree of a coherent system is defined. In addition, we define the AND operator and the OR operator based on the minimal cut of a posbist fault tree. Finally, a model of posbist fault tree analysis (posbist FTA) of coherent systems is presented. The use of the model for quantitative analysis is demonstrated with a real-life safety system.     

Enhancing software safety by fault trees: experiences from an application to flight critical software

The fault tree analysis is a well-established method in system safety and reliability assessment. We transferred the principles of this technique to an assembler code analysis, regarding any incorrect output of the software as the undesired top-level event. Starting from the instructions providing the outputs and tracking back to all instructions contributing to these outputs a hierarchical system of references is generated that may graphically be represented as a fault tree. To cope with the large number of relations in the code, a tool suite has been developed, which automatically creates these references and checks for unfulfilled preconditions of instructions. The tool was applied to the operational software of an inertial measurement unit, which provides safety critical signals for artificial stabilization of an aircraft. The method and its implementation as a software tool is presented and the benefits, surprising results, and limitations we have experienced were discussed.     

Common cause failure probabilities in standby safety system fault tree analysis with testing—scheme and timing dependencies

Modelling and quantification of common cause failures (CCFs) in redundant standby safety systems can be implemented by implicit or explicit fault tree techniques. Common cause event probabilities are derived for both methods for systems with time-related CCFs modelled by general multiple failure rates. The probabilities are determined so that the correct time-average risk can be obtained by a single computation. The impacts of test intervals and test staggering are included. Staggered testing is best with a certain extra-testing rule, although extra testing is not important for 1-out-of-n:G systems. An economic model provides insights into the impacts of various parameters: the optimal test interval increases with increasing redundancy and testing cost, and it decreases with increasing accident cost and initiating event rate. Staggered testing with extra tests allows for the longest optimal test intervals. A practical technique is outlined for incorporating assessment uncertainties in the estimation of multiple failure rates based on data from many plants or systems.     

基于动态故障树的CTCS-3级ATP系统可靠性分析简

 针对传统的可靠性分析方法分析CTCS-3级ATP系统动态失效问题的不足,提出采用动态故障树分析其可靠性。首先,分析系统的结构和功能建立动态故障树模型;其次,采用深度优先最左遍历算法搜索动态故障树模型,得到独立的子树;最后,在引入可修系统可靠性指标基础上,采用解析法和马尔科夫矩阵迭代法求解子树,结合分层迭代方法对动态故障树分析法改进,以减小运算量,使得上述可靠性指标能用于CTCS-3级ATP系统的可靠性评估。计算所得可靠性指标与可靠性框图分析得到的结果对比表明：动态故障树能够更好地描述系统的冗余性和容错性等特点,提高了可靠性指标的精度。     

A simple component-connection method for building binary decision diagrams encoding a fault tree

A simple new method for building binary decision diagrams (BDDs) encoding a fault tree (FT) is provided in this study. We first decompose the FT into FT-components. Each of them is a single descendant (SD) gate-sequence. Following the node-connection rule, the BDD-component encoding an SD FT-component can each be found to be an SD node-sequence. By successively connecting the BDD-components one by one, the BDD for the entire FT is thus obtained. During the node-connection and component-connection, reduction rules might need to be applied. An example FT is used throughout the article to explain the procedure step by step.Our method proposed is a hybrid one for FT analysis. Some algorithms or techniques used in the conventional FT analysis or the newer BDD approach may be applied to our case; our ideas mentioned in the article might be referred by the two methods.     

Timing analysis of safety properties using fault trees with time dependencies and timed state-charts

Behavior in time domain is often crucial for safety critical systems. Standard fault trees cannot express time-dependent behavior. In the paper, timing analysis of safety properties using fault trees with time dependencies (FTTDs) and timed state-charts is presented. A new version of timed state-charts (TSCs) is also proposed. These state-charts can model the dynamics of technical systems, e.g. controllers, controlled objects, and people. In TSCs, activity and communication times are represented by time intervals. In the proposed approach the structure of FTTD is fixed by a human. Time properties of events and gates of FTTD are expressed by time intervals, and are calculated using TSCs. The minimal and maximal values of these time intervals of FTTD can be calculated by finding paths with minimal and maximal time lengths in TSCs, which is an NP-hard problem. In order to reduce the practical complexity of computing the FTTD time parameters, some reductions of TSCs are defined in the paper, such as sequential, alternative, loop (iteration), and parallel. Some of the reductions are intuitive, in case of others—theorems are required. Computational complexity of each reduction is not greater than linear in the size of reduced TSC. Therefore, the obtained results enable decreasing of the costs of FTTD time parameters calculation when system dynamics is expressed by TSCs. Case study of a railroad crossing with a controller that controls semaphores, gate, light-audio signal close to the gate will be analyzed.     

Gastric esophageal surgery risk analysis with a fault tree and Markov integrated model

Reliability methods have been widely used in risk analysis of medical surgeries. In this study, the authors combine a fault tree with Markov models to assess time independent- and dependent factors together. Dynamics are integrated in the traditional fault tree, and meanwhile the processes of solving Markov are simplified with the modular approach. Continuous time Markov chains are adopted in evaluating the failure probability of a gastric esophageal surgery after categorizing basic events in the fault tree, and a certain time dependent variables, such as failure rate of medical equipment, surgery frequency, and rescue timeliness are involved into risk analysis. A case is studied with data collected from a general hospital, to illustrate the operational process of the proposed method. Results based on the inputs show that taking rescue actions into consideration can reduce the gap between the result of fault tree analysis and the reality. Sensitivity analysis for measuring the impacts of the above time relevant variables is conducted, as well as limitations of the Markov model are discussed.     

Quantitative safety assessment of the ventilation recirculation system in an undersea mine

This paper describes a quantitative safety study carried out on a system which monitors the environmental conditions in an undersea mine. Of particular importance are the concentrations of methane and carbon monoxide present in the mine. Although the presence of these gases is of concern in all mines it is of particular concern in this undersea mine since up to 37 per cent of the return air of the ventilation system is recirculated. When high methane or carbon monoxide levels are detected recirculation is halted. Fault trees were constructed to represent two system failure modes for each of the trip conditions; failure to trip on demand and spurious trip. These logic diagrams were then analysed to produce the minimal cut sets and the probabilities for the system failure events. From this prediction of system performance the degree of improvement attainable by changing the system design, component repair times or test frequencies was investigated.     

Condition-based fault tree analysis (CBFTA): A new method for improved fault tree analysis (FTA), reliability and safety calculations

Condition-based maintenance methods have changed systems reliability in general and individual systems in particular. Yet, this change does not affect system reliability analysis. System fault tree analysis (FTA) is performed during the design phase. It uses components failure rates derived from available sources as handbooks, etc. Condition-based fault tree analysis (CBFTA) starts with the known FTA. Condition monitoring (CM) methods applied to systems (e.g. vibration analysis, oil analysis, electric current analysis, bearing CM, electric motor CM, and so forth) are used to determine updated failure rate values of sensitive components. The CBFTA method accepts updated failure rates and applies them to the FTA. The CBFTA recalculates periodically the top event (TE) failure rate (λ_TE) thus determining the probability of system failure and the probability of successful system operation—i.e. the system's reliability.FTA is a tool for enhancing system reliability during the design stages. But, it has disadvantages, mainly it does not relate to a specific system undergoing maintenance.CBFTA is tool for updating reliability values of a specific system and for calculating the residual life according to the system's monitored conditions. Using CBFTA, the original FTA is ameliorated to a practical tool for use during the system's field life phase, not just during system design phase.This paper describes the CBFTA method and its advantages are demonstrated by an example.     

An analytic solution for a fault tree with circular logics in which the systems are linearly interrelated

A circular logic or a logical loop is defined as the infinite circulation of supporting relations due to their mutual dependencies among the systems in the fault tree analysis. While many methods to break the circular logic have been developed and used in the fault tree quantification codes, the general solution for a circular logic is not generally known as yet. This paper presents an analytic solution for circular logics in which the systems are linearly interrelated with each other. To formulate the analytic solution, the relations among systems in the fault tree structure are described by the Boolean equations. The solution is, then, obtained from the successive substitutions of the Boolean equations, which is equivalent to the attaching processes of interrelated system's fault tree to a given fault tree. The solution for three interrelated systems and their independent fault tree structures are given as an example.     

Dot chart analysis as a means to develop a fault tree: application to a catalytic hydrogenation unit

This paper describes the application of dot chart analysis to a semicontinuous catalytic hydrogenation unit. Dot chart tables have been used as a basis for developing the recursive operability analysis and the fault trees (FTs), whose aim is to determine the safety of both the unit and its operators. The unit is formed of two reactors in parallel: the transfer of operations from one reactor to the other when its catalyst is exhausted is performed by means of the isolation systems installed for this purpose on the inlet and outlet lines. FTs assessed the expected number of leak at 3×10⁻³ occurrences per mission time. The study clearly showed that the operations could be regarded as safe, since, with minor modification to control system and operative procedure, these leaks would be of pressurised nitrogen and hence without consequences for the unit and its operators.     

基于故障树的计算机安全性分析模型

提出了通过分析计算机系统的资源实体、访问者权限、安全需求和弱点等安全属性,按照不同的安全需求构造出安全故障树来直观地反映攻击者可能选取的攻击手段的安全状况评价方法;分析安全故障树,使用潜在攻击路径和系统安全失效概率从定性和定量两个方面表达计算机系统的安全状况,为系统的安全改进提供指导和建议。