Professional Documents
Culture Documents
7.1 INTRODUCTION
Fault tree analysis (FTA) is widely performed in the industry to evaluate engineering
systems during their design and development, in particular the ones used in nuclear
power generation. A fault tree may simply be described as a logical representation
of the relationship of primary events that lead to a specified undesirable event called
the “top event” and is depicted using a tree structure with OR, AND, etc. logic gates.
The fault tree method was developed in the early 1960s by H.A. Watson of Bell
Telephone Laboratories to perform analysis of the Minuteman Launch Control
System. A study team at the Bell Telephone Laboratories further refined it and
Haasl [1] of the Boeing company played a pivotal role in its subsequent development.
In 1965 several papers related to the technique were presented at the System
Safety Symposium held at the University of Washington, Seattle [1]. In 1974, a
conference on “Reliability and Fault Tree Analysis” was held at the University of
California, Berkeley [2]. A paper appeared in 1978 providing a comprehensive list
of publications on Fault Trees [3]. The three books that described FTA in consider-
able depth appeared in 1981 [4–6]. Needless to say, since the inception of the fault
tree technique, many people have contributed to its additional developments.
This chapter describes different aspects of FTA in considerable depth.
• Rectangle. Represents a fault event that results from the logical combi-
nation of fault events through the input of the logic gate.
• Circle. Denotes a basic fault event or the failure of an elementary part.
The fault event’s probability of occurrence, failure, and repair rates are
usually obtained from empirical data.
• Diamond. Denotes a fault event whose causes have not been fully devel-
oped either due to lack of interest or due to lack of information.
• Triangle A. Denotes “transfer in” and is used to avoid repeating segments
of the fault tree.
• Triangle B. Denotes “transfer out” and is used to avoid repeating segments
of the fault tree.
• AND gate. Denotes that an output fault event occurs only if all of the
input fault events occur.
• OR gate. Denotes that an output fault event occurs if one or more of the
input fault events occur.
Example 7.1
Assume that a windowless room has a switch and four light bulbs. Develop a fault
tree for the top or undesired fault event “dark room” (i.e., room without light).
Assume that the room can only be dark if all the light bulbs burn out, there is no
electricity, or the switch fails to close.
A fault tree for this example is shown in Figure 7.2. Each fault event in the
figure is labeled as B1, B2, B3, …, B10 .
• Idempotent law
A⋅A=A (7.1)
A+A=A (7.2)
• Distributive law
X (Y + Z ) = XY + XZ (7.3)
X + YZ = ( X + Y) ( X + Z ) (7.4)
• Commutative law
AB = BA (7.5)
A + B = B+ A (7.6)
• Absorption law
X + XY = X (7.7)
X ( X + Y) = X (7.8)
OR GATE
An m input fault events A1, A2, A3, …, Am OR gate along with its output fault event
A0 in a Boolean expression is shown in Figure 7.3. Thus, mathematically, the output
fault event A0 of the m input fault event OR gate is expressed by
A 0 = A1 + A 2 + A 3 + … + A m (7.9)
where
AND GATE
A k input fault event X1, X2, X3, …, Xk AND gate along with its output fault event
X0 in a Boolean expression is shown in Figure 7.4. Thus, mathematically, the output
fault event X0 of the k input fault event AND gate is expressed by
X 0 = X1 X 2 X 3 … X k (7.10)
where
Example 7.2
For the fault tree shown in Figure 7.2, develop a Boolean expression for the top
event: Room without light (i.e., fault event B10) using fault event identification
symbols B1, B2, B3, …, B9 .
Using relationship (7.10), the Boolean expression for the intermediate fault event
B8 is
B8 = B1 B2 B3 B4 (7.11)
Similarly, utilizing relationship (7.9), the Boolean equation for the intermediate fault
event B9 is given by
B9 = B5 + B6 (7.12)
Again using relationship (7.9), the Boolean expression for the top fault event B10 is
expressed by
B10 = B7 + B8 + B9 (7.13)
Example 7.3
Use Boolean algebra properties to eliminate the repetition of the occurrence of event
A shown in Figure 7.5. Construct the repeated event free fault tree using the sim-
plified Boolean expression for the top event.
Using Figure 7.5, we write down the following Boolean expressions:
X=A+B (7.14)
Y = A+C (7.15)
Z = XY (7.16)
T = Z+D+E (7.17)
Z = (A + B) (A + C) (7.18)
Z = A + BC (7.19)
T = A + BC + D + E (7.20)
The above equation represents the simplified Boolean expression for the top event
of the fault tree shown in Figure 7.5. The repeated event free fault tree constructed
using Equation (7.20) is shown in Figure 7.6.
Example 7.4
Obtain a repeated event free fault tree of the fault tree shown in Figure 7.7. In this
figure, the basic fault events are identified by the numerals and the logic gates are
labeled as GT0, GT1, GT2, …, GT6.
The algorithm starts from the gate, GT0, just below the top event of the fault
tree shown in Figure 7.7. Usually, in a fault tree this gate is either OR or AND. If
this gate is an OR gate, then each of its inputs represents an entry for each row of
the list matrix. On the other hand, if this gate is an AND, then each of its inputs
denotes an entry for each column of the list matrix.
In our case, GT0 is an OR gate; thus, we start the formulation of the list matrix
by listing the gate inputs: 11, 12, GT1, and GT2 (output events) in a single column
but in separate rows as shown in Figure 7.8 (i). As any one input of the GT0 could
cause the occurrence of the top event, these inputs are the members of distinct cut
sets.
One simple rule associated with this algorithm is to replace each gate by its
inputs until all the gates in a given fault tree are replaced with the basic event entries.
The inputs of a gate could be the basic events or the outputs of other gates. Conse-
quently, in our case, in order to obtain a fully developed list matrix, we proceed to
replace the OR gate GT1 of list matrix of Figure 7.8 (i) by its input events as separate
rows, as indicated by the dotted line in Figure 7.8 (ii).
Next, we replace the OR gate GT2 of the list matrix in Figure 7.8 (ii) by its
input events as indicated by the dotted line in Figure 7.8 (iii).
Similarly, we replace the OR gate GT3 of the list matrix in Figure 7.8 (iii) by
its input events 5 and 6 as identified by the dotted line in Figure 7.8 (iv).
The next gate GT4 to be replaced with its input events is an AND gate. The
dotted line in Figure 7.8 (v) indicates its input events. Again, the next gate, GT5, to
be replaced by its input events is an AND gate.
Its input events are indicated by the dotted line in Figure 7.8 (vi).
The last gate to be replaced by its input events is an OR gate GT6. Its inputs
are indicated by the dotted line in the list matrix of Figure 7.8 (vii). As shown in
the list matrix of Figure 7.8 (vii), the cut set 2 is a single event cut set. As only its
occurrence will result in the occurrence of the top event, we eliminate cut set {3, 4, 2}
from the list matrix because the occurrence of this cut set requires all events 3, 4, and 2
to occur. Consequently, the list matrix shown in Figure 7.8 (viii) represents the
minimal cut sets of the fault tree given in Figure 7.7.
The fault tree of the Figure 7.8 (viii) list matrix is shown in Figure 7.9. Now this
fault tree can be used to obtain the quantitative measures of the top or undesirable event.
OR GATE
Using Figure 7.3 for independent input events, the probability of occurrence of the
output fault event A0 is given by
P (A 0 ) = 1 − ∏ {1 − P (A )}
i =1
i
(7.21)
where
P (A 0 ) = 1 − ∏ {1 − P (A )}
i =1
i
(7.22)
P (A 0 ) ⯝ P (A1 ) + P (A 2 ) (7.23)
P (A 0 ) ⯝ ∑ P (A )
i =1
i
(7.24)
AND GATE
Using Figure 7.4, for independent input fault events, the probability of occurrence
of the output fault event X0 is
P (X 0 ) = ∑ P (X )
i =1
i
(7.25)
where
In this case, the basic fault events, say, representing component failures of a system,
are not repaired but their probabilities of occurrence are known. Under such condi-
tions, the probability evaluation of fault trees is demonstrated through Example 7.4.
Example 7.4
Assume that in Figure 7.2, the probability of occurrence of basic events B1, B2, B3,
B4, B5, B6, and B7 are 0.15, 0.15, 0.15, 0.15, 0.06, 0.08, and 0.04, respectively.
Calculate the probability of occurrence of the top event: room without light.
By inserting the given data into Equation (7.25), the probability of occurrence
of event B8 is
⯝ 0.0005
Using the given data with Equation (7.22), we get the following probability of
occurrence of event B9:
= 0.1352
Substituting the above calculated values and the given data into Equation (7.21),
we get the following value for the probability of occurrence of event B10 (i.e., top
event):
[ ][ ][
P (B10 ) = 1 − 1 − P (B7 ) 1 − P (B8 ) 1 − P (B9 ) ]
= 1 − [1 − 0.04] [1 − 0.0005] [1 − 0.1352]
= 0.1702
Thus, the probability of occurrence of the top event, room without light, is
0.1702. The Figure 7.2 fault tree is shown in Figure 7.10 with given and calculated
fault event probability values.
In this case, the basic fault events, say, representing component failures of a system,
are repaired and the failure and repair rates of the components are known. Thus,
using the Markov method, the unavailability of a component is given by
where
λ
UA = (7.27)
λ+µ
where
The above equation yields steady state probability of a component (that it will
be unavailable for service) when its failure and repair rates are known. Thus,
substituting Equation (7.27) into Equation (7.21), we get the steady state probability
of occurrence of the output fault event A0 of the OR gate as follows:
POS = 1 − ∏ (1 − UA )
i =1
i
(7.28)
λi
m
= 1− ∏ i =1
1 − λ + µ
i i
where
POS is the steady state probability of occurrence of the OR gate output fault
event.
UAi is the steady state unavailability of component i; for i = 1, 2, 3, …, m.
λi is the constant failure rate of component i; for i = 1, 2, 3, …, m.
µ i is the constant failure rate of component i; for i = 1, 2, 3, …, m.
Similarly, inserting Equation (7.27) into Equation (7.25) yields the following result:
PaS = ∏ UA
i =1
i
(7.29)
k
λi
= ∏ λ +µ
i =1 i i
PaS is the steady state probability of occurrence of the AND gate output fault
event.
The probability evaluation of fault trees with repairable components using the above
equations is demonstrated by solving the following example [13]:
Example 7.5
Assume that in Figure 7.2 failure and repair (in parentheses) rates associated with basic
events B1, B2, B3, B4, B5, B6, and B7 are 0.0002 failures/h (4 repairs/h), 0.0002 failures/h
(4 repairs/h), 0.0002 failures/h (4 repairs/h), 0.0002 failures/h (4 repairs/h), 0.0001
failures/h (0.004 repairs/h), 0.00015 failures/h (4 repairs/h), and 0.0001 failures/h
(0.004 repairs/h), respectively. Calculate the steady state probability of occurrence
of the top event: room without light.
Substituting the given data into Equation (7.27), we get the following steady
state probability of occurrence of events B1, B2, B3, and B4:
0.0002
UA =
0.0002 + 4
⯝ 4.99 × 10 −5
Similarly, inserting the specified data into Equation (7.27), the following steady
state probability of occurrence of events B5 and B7 is obtained:
0.0001
UA =
0.0001 + 0.004
= 0.0244
Finally, substituting the given data into Equation (7.27), we get the following
steady state probability of occurrence of event B6:
0.00015
UA =
0.00015 + 4
= 3.75 × 10 −5
Using the UA calculated value for events B1, B2, B3, and B4 in Equation (7.29),
we get the following steady state probability of occurrence of event B8:
(
P (B8 ) = 4.99 × 10 −5 )
4
= 6.25 × 10 −18
Substituting the UA calculated values for events B5 and B6 into Equation (7.28),
we obtain the following steady state probability of occurrence of event B9:
(
P (B9 ) = 1 − (1 − 0.0244) 1 − 3.75 × 10 −5 )
⯝ 0.0244
Inserting the UA calculated values for events B7, B8, and B9 into Equation (7.28),
the following steady state probability of occurrence of event B10 is obtained:
[ ][ ][
P (B10 ) = 1 − 1 − P (B7 ) 1 − P (B8 ) 1 − P (B9 )]
[ ]
= 1 − [1 − 0.0244] 1 − 6.25 × 10 −18 [1 − 0.0244]
⯝ 0.0482
Thus, the steady state probability of occurrence of the top event, room without
light, is 0.0482. The above calculated probability values are shown in the Figure 7.11
fault tree.
On the other hand, some of the drawbacks of the FTA approach include time
consuming, costly, end results difficult to check, and considers components in either
working or failed state (more specifically, the partial failure states of components
are difficult to handle).
7.9 PROBLEMS
X + YZ = ( X + Y) ( X + Z ) (7.30)
10. Assume that in Figure 7.2 the basic independent fault events’ failure and
repair rates are 0.009 failures/h and 0.04 repairs/h, respectively. Calculate
the steady state probability of occurrence of the top event, room without light.