ITEM ToolKit

Technical Support Notes

Fault Tree Mathematics Review

Item Software, Inc.

2875 Michelle Drive
Suite 300
Irvine, CA 92606

Phone: +1.240.297.4442
Fax: +1.240.297.4429
http://www.Itemsoft.com

Page 1 of 15 Item Software

Technical Support
6/1/2016
 Copyright Item Software, Inc., All Rights Reserved
The Software Product, any media, printed materials, “online” or electronic documentation, instructional
material, or similar materials relating the software are owned by ITEM SOFTWARE and are protected by
copyright laws and international copyright treaties as well as other intellectual property laws and treaties.
All other matters including use and distribution of the Software Product shall be in accordance with Item
Software’s SOFTWARE LICENSE AGREEMENT and/or with the prior written permission of
Item Software (USA) Inc. The copyright and the foregoing restrictions on the copyright use extend to all
media in which this information may be preserved.

This guide may not, in whole or in part, be copied, photocopied, translated, or reduced to any electronic
medium or machine-readable form without prior consent, in writing, from Item Software USA. The
information in this guide is subject to change without notice and Item Software USA assumes no
responsibility for any errors that may appear in this document.

Item ToolKit is a trademark of Item Software USA Inc.

All company and product names are the trademarks or registered trademarks of their respective companies.

Item ToolKit
Technical Support Notes
Fault Tree Mathematics Review
Revision JT2

June, 2016

Printed in the United States of America

Item Software (USA) Inc.
+1.240.297.4442

Page 2 of 15 Item Software

Technical Support
6/1/2016
Fault Tree Mathematics Review
This document seeks to clarify the often misunderstood elements of Fault Tree
mathematics. While not an exhaustive review, it covers the typical trouble areas.

Example One
Two events under an OR gate, both using the same failure model. Two other events under
an AND gate, both using a different failure model. The OR and AND gates are under an
OR Top Gate. (We are focusing only on Unavailability (Q) results in these examples.)
TOP GATE

IE

Gate 1

Q=0.75 w=0.0

IE IE

Gate 2 Gate 3

Q=0.5 w=0.0 Q=0.25 w=0.0

IE IE IE IE

Event 1 Event 2 Event 3 Event 4

Q=0.25 w=0.0 Q=0.25 Q=0.25 w=0.0 Q=0.25 Q=0.5 w=0.0 Q=0.5 Q=0.5 w=0.0 Q=0.5

Methods/Models used
Quantification method: Rare (Esary-Proschan is the other option discussed later)
Fixed models:
Model 1 for Event 1 and 2, Unavailability = .25
Model 2 for Event 3 and 4, Unavailability = .5
Analysis: Retain results at all Gates

Cut Sets
“A cut set is a collection of basic events; if all basic events occur, the top event will
occur.” (Kumamoto/Henley, p. 227)

Cut set view from Gate 2: E1, E2 (two cut sets, each with one Event)
Cut set view from Gate 3: E3:E4 (one cut set with two Events)

Page 3 of 15 Item Software

Technical Support
6/1/2005
Analysis
Begin by calculating the Unavailability of each cut set, using the number of Events in
each. Then, at each Gate level, calculate the System Unavailability at that point, working
your way up to the top. Remember though… you need to consider the view of the cut sets
the Gate has looking down the tree. Not just the Q result at that level.

Cut Set Unavailability: Qcutset = ∏i =1 Qi (Kumamoto/Henley, p. 397)

n

Where:
Qi = Event Unavailability
n = number of Events in the cut set.

Cut set #1 (E1): Q = .25 (due to only one event in the cut set)
Cut set #2 (E2): Q = .25 (same)
Cut set #3 (E3:E4): Q = .5 * .5 = .25 (two events in the cut set)

Next, calculate the Unavailability of the System at each Gate level.

System (Gate level) Unavailability: Qsys = ∑i =1 Qcutset i (Rare method, K/H, p. 412)
n

Where:
n = number of cut sets under the Gate

Gate 2: Q = .25 + .25 = .5 (the Gate sees two cut sets)

Gate 3: Q = .25 (due to only one cut set)

Now, use the view of the cut sets from the Top Gate to calculate the overall System
Unavailability. In this tree, Gate 1 sees all three cut sets.

Cut set #1 (E1): Q = .25

Cut set #2 (E2): Q = .25
Cut set #3 (E3:E4): Q = .25

System Unavailability: Qsys = ∑i =1 Qcutset i

n

Top Gate 1: Q = .25 + .25 + .25 = .75

Interpretation
Note that the mathematics is completely focused on the cut sets. Additionally, the Q
values at each Gate level should not simply be OR’d or AND’d together even though,
when using the Rare method, it looks as if you could.

Page 4 of 15 Item Software

Technical Support
6/1/2005
Example One.b
Another Fault Tree quantification method is the Esary-Prochan (E-P) equation for
evaluating cut-sets and Q values. This widely accepted approach provides more precise
results than does Rare. It is also the default setting for ITEM Toolkit Fault Tree and RBD
modules.

Using the same tree in Example One, but running the Analysis using E-P, results are:

Top Gate – Q = .5781

Gate 2 – Q = .4375
Gate 3 – Q = .25

The question raised is: “Why does the value for Q at Gate 2 and the Top Gate change, but
the value for Q at Gate 3 does not?” Begin by understanding the E-P equation.

[ (
System Unavailability: Qsys = ∏i =1 Qi 1 − ∏ j =1 1 − Qcutset j
m n
)] (Kumamoto/Henley, p. 390)
Where:
Qi = Q of common event i
Qcutsetj = Q of cutset j, excluding common events
m = number of common events in all cut sets
n = number of cut sets

Evaluate Q at Gate 2:

(1- .25) * (1-.25) = .5625 (n=2, 2 cut sets), then

1- .5625 = .4375
No need to do the front product ( ∏i =1 Qi ) due to no common events
m

Evaluate Q at Gate 3:

1- .25 = .75 (n=1, 1 cut set)

1- .75 = .25
No need to do the front product due to no common events

Evaluate Q at the Top Gate:

(1-.25) * (1-.25) * (1-.25) = .4218 (n=3, 3 cut sets viewed from the Top Gate)
1 - .4218 = .5781
No need to do the front product due to no common events

Page 5 of 15 Item Software

Technical Support
6/1/2005
Example One Conclusion:
You can now see the difference in results between the Rare and Esary-Proschan methods
of quantifying Events. The table below shows the differences:

Q at Gate 2 Q at Gate 3 Q at Top Gate

Rare .5 .25 .75
Esary- .4375 .25 .5781
Proschan

While it may be temping to just AND or OR the results at each gate level together, it is
far more consistent to perform the proper summation and product equations that are
actually being used in Toolkit to arrive at results.

Page 6 of 15 Item Software

Technical Support
6/1/2005
Example Two
The subtle change in this example is that Event 1 has been repeated under Gate 3. This
changes the cut set view from the Top Gate. At first glance, the Q = .5 at the Top Gate is
unexpected.
TOP GATE

IE

Gate 1

Q=0.5 w=0.0

IE IE

Gate 2 Gate 3

Q=0.5 w=0.0 Q=0.125 w=0.0

IE P1 IE IE IE R
P1

Event 1 Event 2 Event 3 Event 1

Q=0.25 w=0.0 Q=0.25 Q=0.25 w=0.0 Q=0.25 Q=0.5 w=0.0 Q=0.5 Q=0.25 w=0.0 Q=0.25

Methods/Models used
Quantification method: Rare
Fixed models:
Model 1 for Event 1 and 2, Unavailability = .25
Model 2 for Event 3, Unavailability = .5
Analysis: Retain results at all Gates

Cut Sets

The cut set view from Gate 2: E1, E2 (two cut sets, each with one Event)
The cut set view from Gate 3: E3:E1 (one cut set with two Events)

Page 7 of 15 Item Software

Technical Support
6/1/2005
Analysis
Cut Set Unavailability: Qcutset = ∏i =1 Qi
n

Where:
Qi = Event Unavailability
n = number of Events in the cut set.

Cut set #1 (E1): Q = .25 (due to only one event in the cut set)
Cut set #2 (E2): Q = .25 (ditto)
Cut set #3 (E3:E1): Q = .5 * .25 = .125

Next, calculate the Unavailability of the System at each Gate.

System (Gate) Unavailability: Qsys = ∑i =1 Qcutset i (Rare method)

n

Where:
n = number of cut sets under the Gate

Gate 2: Q = .25 + .25 = .5 (the Gate sees two cut sets)

Gate 3: Q = .125 (due to only one cut set)

Now, use the view of the cut sets from the Top Gate to calculate the overall System Q. In
this tree, Gate 1 only sees the E1 and E2 cut sets due to the Repeat of Event 1. This is due
to the absorption rule of minimal cut set analysis. (Kumamoto/Henley, p. 248)

“A minimal cut set is such that if any basic event is removed, it is no longer a set. A cut
set that contains other sets is not a minimal cut set.” (Kumamoto/Henley, p. 229)

The cut set E3:E1 is not a minimal cut set since it includes the cut set E1, due to the
Repeat of Event 1. Therefore it is removed from the cut set analysis above the level of
Gate 3.

Cut set #1 (E1): Q = .25

Cut set #2 (E2): Q = .25

System Unavailability: Qsys = ∑i =1 Qcutset i

n

Top Gate 1: Q = .25 + .25 = .5

Page 8 of 15 Item Software

Technical Support
6/1/2005
Interpretation
Be careful of Repeat Events and Gates in your Fault Trees. Remember that they will
cause cut sets to be removed from the analysis (minimal cut-set rule), perhaps causing
you to doubt the validity of the results. The AND/OR logic of the tree also has dramatic
impact when Repeat Events are present. Go back and look at the tree used for this
example:

At the Top Gate, perhaps you expected Qsys = Q at Gate 2 + Q at Gate 3. But, as you
discovered via the cut-set mathematics (Rare method), the Q at the Top Gate is actually
.5. This makes you suspicious since it is also the Q value for Gate 2. Gate 3 Events seem
to be ignored.

Look again at the cut-set view from the Top Gate. If Event 1 (E1) happens, the Top
Failure happens. Or, if Event 2 (E2) happens, the Top Failure happens. The OR Gate 2, is
allowing this. If either E1 or E2 happens, the Top Failure happens. (Not a good thing if
only one event can cause your entire system to fail, and you have two of those, E1 and
E2!)

If Event 3 (E3) occurs, it has no impact unless E1 (repeated) also occurs due to the AND
Gate 3. The source E1 immediately causes the Top Failure to occur, so the cut set E3:E1
becomes irrelevant at the Top Gate view. Cut-set E1 (and E2) are the sets that impact the
system modeled with this tree, not E3:E1.

Returning now to the Q results, you can see how Q=.5 at the Top Gate makes sense,
which happens to be the same Q value for Gate 2. In effect, only the Events under Gate 2
have any impact on the Top Gate. Those under Gate 3, the AND Gate, are made
irrelevant due to the logic of this particular fault tree and the cut-set mathematics.

Page 9 of 15 Item Software

Technical Support
6/1/2005
Example Two.b
Now take the diagram and use the Esary-Proschan method of calculating the Q values.

Using the same tree in Example Two, but running the Analysis using EP, results are:

Top Gate – Q = .4375

Gate 2 – Q = .4375
Gate 3 – Q = .125

[ (
System Unavailability: Qsys = ∏i =1 Qi 1 − ∏ j =1 1 − Qcutset j
m n
)] (Esary-Proschan)
Where:
Qi = Q of common event i
Qcutsetj = Q of cutset j, excluding common events
m = number of common events in all cut sets
n = number of cut sets

Evaluate Gate 2:
(1- .25) * (1-.25) = .5625 (n=2, 2 cut sets)
1- .5625 = .4375
No need to do the front product due to no common events

Evaluate Gate 3:
1- .5 = .5 (n=1, 1 cut set, 1 common event - E1, Q=.25, removed)
1- .5 = .5
.25 * .5 = .125 (due to a single common event, E1)

Evaluate the Top Gate:

(1-.25) * (1-.25) = .5625 (n=2, only 2 cut sets viewed from the Top Gate due to the
Repeat)
1 - .5625 = .4375
No need to do the front product due to no common events

Example Two Conclusion

Once again, we see how the Q results change slightly between Rare and Esary-Proschan.
Additionally, this example shows the impact repeated Events, and the logic surrounding
them has on the results.

Q at Gate 2 Q at Gate 3 Q at Top Gate

Rare .5 .125 .5
Esary- .4375 .125 .4375
Proschan

Page 10 of 15 Item Software

Technical Support
6/1/2005
Example Three
In this example Event 1 has been repeated, but Gate 3 is now an OR gate. This also
changes the cut set view from the Top Gate.
TOP GATE

IE

Gate 1

Q=1 w=0.0

IE IE

Gate 2 Gate 3

Q=0.5 w=0.0 Q=0.75 w=0.0

IE P1 IE IE IE R
P1

Event 1 Event 2 Event 3 Event 1

Q=0.25 w=0.0 Q=0.25 Q=0.25 w=0.0 Q=0.25 Q=0.5 w=0.0 Q=0.5 Q=0.25 w=0.0 Q=0.25

Methods/Models used
Quantification method: Rare
Fixed models:
Model 1 for Event 1 and 2, Unavailability = .25
Model 2 for Event 3, Unavailability = .5
Analysis: Retain results at all Gates

Cut Sets

The cut set view from Gate 2: E1, E2 (two cut sets, each with one Event)
The cut set view from Gate 3: E3, E1 (two cut sets, each with one Event)

Page 11 of 15 Item Software

Technical Support
6/1/2005
Analysis
Cut Set Unavailability: Qcutset = ∏i =1 Qi
n

Where:
Qi = Event Unavailability
n = number of Events in the cut set.

Cut set #1 (E1): Q = .25 (due to only one event in the cut set)
Cut set #2 (E2): Q = .25
Cut set #3 (E3): Q = .5
Cut set #4 (E1): Q = .25

Next, calculate the Unavailability of the System at each Gate.

System (Gate) Unavailability: Qsys = ∑i =1 Qcutset i (Rare method)

n

Where:
n = number of cut sets under the Gate

Gate 2: Q = .25 + .25 = .5 (the Gate sees two cut sets)

Gate 3: Q = .5 + .25 = .75 (the Gate sees two cut sets)

Now, use the view of the cut sets from the Top Gate to calculate the overall System Q. In
this tree, Gate 1 only sees the E1, E2, and E3 cut sets due to the Repeat of Event 1. This
is due to the absorption rule of minimal cut set analysis. (Kumamoto/Henley, p. 248)

The cut set E1 is not a minimal cut set since it includes the cut set E1, due to the Repeat
of Event 1. Therefore it is removed from the cut set analysis above the level of Gate 3.

Cut set #1 (E1): Q = .25

Cut set #2 (E2): Q = .25
Cut set #3 (E3): Q = .5

System Unavailability: Qsys = ∑i =1 Qcutset i

n

Top Gate 1: Q = .25 + .25 + .5 = 1

Interpretation
Again, the Repeat of an Event had an impact on the cut sets visible at the Top Gate, but
so did the OR Gate 3. Event 3 (cut set) now appears at the Top Gate.

Page 12 of 15 Item Software

Technical Support
6/1/2005
Example Four
“Why is the Top Gate Q = 0?”
TOP GATE

IE

Gate 3

Q=0.0 w=0.0

TOP GATE

IE

Gate 1

Q=0.0 w=0.0

W orking House

IE IE

Event 1 Gate 2

W orking Q=9.724e-5
w=9.724e-5

Q=0

IE

Gate 3.1 Gate 5

Q=9.724e-5
w=9.724e-5

IE IE IE IE

Event 2 Event 3 Event 4 Event 5

Q=1.78e-8 w=1.78e-8 Q=3.07e-8 w=3.07e-8 Q=9.72e-5 Q=0.0 w=0.0 r=0.0

r=1.78e-8 r=3.07e-8 w=9.719e-5 r=9.72e-5

Answer: The Working House event (Q=0, R=1), when considered in the cut-set analysis
for Gate 1, is the dominant force at this level in the FT. The cut set view from this gate is
zero cut sets, resulting in Q=0. AND of a 0 results in a 0. If however, you change the
Working House to a Failed House (Q=1, R=0), the model changes, resulting in Gate 1
having a non-zero value for Q. Additionally, the logic/failure models under Gate 5 need
to be confirmed as it is providing Q=0 results as well. (In the real model, Gate 5 was a
Transfer Gate.)

Page 13 of 15 Item Software

Technical Support
6/1/2005
Example Five
Working with Rate/MTTF models, and MTBF results can be confusing. In particular, the
difference between the Mean Time To Repair and Repair Rate.

Rate Model:

Failure Rate = 1e-5 (one failure in 100,000 hours)

Repair Rate = 0

If the Repair Rate is 0, this assumes that no repairs are being made, and only one failure
will occur during the lifetime of the device. MTBetweenF is then a very large number,
and doesn’t really exist because there is no time between failures since only one will
happen.

MTTF Model:

Mean Time To Failure = 100,000 hours

Mean Time To Repair = 0

If MTTR = 0, this means that the repair is happening instantaneously. MTBF = MTTF +
MTTR, so MTBF = MTTF in this case.

The point here is that you need to be careful of the value you assign to the Repair
parameter. 0 can mean either a very short time, or a very long time, depending upon the
model you are using.

Page 14 of 15 Item Software

Technical Support
6/1/2005
Example Six
Another misunderstood area is that of System Unreliability and Reliability. Commonly,
people try to use the following simple formula:

R (t ) = e − λt (Kumamoto/Henley, p. 286)

While it is true for constant failure rates, it is not applicable for systems, which by nature,
have a number of failure rates due to the various components that make up the system. It
is not always possible to plug the system lifetime, and the calculated failure rate back into
this equation and obtain the same value for R(t) that a program like ITEM Toolkit arrives
at. (Kumamoto/Henley, p. 415)

Rather, when working with systems, the following equations should be used.

System Reliability: R (t ) = e − (1− Q (t ) )

System Unreliability: F (t ) = 1 − e − (1− Q (t ) )

Looking at these equations, you can see how the reliability of a system is based upon the
Q (Unavailability) of the system, which from the first few examples in this document,
you can see that is based upon cut sets.

Page 15 of 15 Item Software

Technical Support
6/1/2005