Fault tree analysis - LASAR · 2018-05-30 · Fault Tree Analysis (FTA) •Systematic and quantitative •Deductive (search for root causes) Objectives: 1. Decompose the system failure

Fault tree analysis

Piero Baraldi

Classical Techniques for Risk Analysis

• Hazard identification:

➢ Failure Mode and Effect Analysis (FMEA)

➢ …

• Accident Scenarios Identification:

➢ Fault tree analysis (FTA)

➢ Event tree analysis (ETA)

➢ …

• System Failure Probability Assessment:

➢ Fault tree analysis (FTA)

➢ Event tree analysis (ETA)

➢ …

Piero Baraldi

Fault Tree Analysis (FTA)

• Systematic and quantitative

• Deductive (search for root causes)

Objectives:

1. Decompose the system failure in elementary

failure events of constituent components

2. Compute the system failure probability,

from constituent component failure

probabilities

Piero Baraldi

Fault Tree

construction

Piero Baraldi

FT construction: procedure steps

Electrical generating system

E1 E2

G1 G2 G3

E1, E2 = engines

G1, G2, G3 = generators, each one

is rated at 30 KVA

1. Define top event: typically a (sub)system failure

Piero Baraldi

1. Define top event (system failure)

2. Decompose (top) event by identifying sub-events which can cause it


Identification of the contributing event categories that

may directly cause the top event to occur. At least four

categories exist:

1. No input to the device

2. Primary failure of the device (under operation in the

design envelope, random, due to aging or fatigue)

3. Human error in actuating or installing the device

4. Secondary failure of the device (due to present or

past stresses caused by neighboring components or

the environments: e.g. common cause failure,

external causes such as earthquakes, etc.)

If these events are considered to be indeed contributing

to the system fault, then they are connected to the top

event logically via an OR function and graphically

through the OR gate

Piero Baraldi



No direct contributions to failure:

At least two out of the three generators do not work


E1 E2

G1 G2 G3

Piero Baraldi



3. Decompose each sub-event in more elementary sub-events which can cause it


E1 E2

G1 G2 G3

Piero Baraldi




4. Stop decomposition when sub-event probability data are available (resolution limit): sub-event = basic or primary event

basic event

E1 E2

G1 G2 G3


Piero Baraldi


E1 E2

G1 G2 G3




4. Stop decomposition when sub-event probability data are available (resolution limit): sub-event = basic or primary event

Piero Baraldi

FT Example 1

E1 E2

G1 G2 G3

Piero Baraldi

FT gate symbols

Piero Baraldi

FT gate symbols

Piero Baraldi

FT event symbols

Piero Baraldi

Exercise 1: electric circuit breaker

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

• Draw the fault tree for the top event: “latch does not trip on demand”

Moving part for

disconnecting an

electrical circuit

Piero Baraldi

Exercise 1: Solution

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

Piero Baraldi

FT qualitative

analysis

Piero Baraldi

FT qualitative analysis

Let us introduce:

Xi = binomial indicator variable of i-th component state (basic event)

Xi =1 failure event true

0 failure event false

Fault Tree Gate: boolean algebraic equation (one for each gate) based on Boolean Algebra basic operators:

= AND = OR NOT

(The dual definition can also be

used, as long as we are coherent)

XT = binomial indicator variable of the FT top event

Piero Baraldi

Exercise 2A

E1 E2

D

• Write the Boolean equations linking the event at the top of the gate with those at the bottom in the following two cases:

𝑥𝐴 = 𝑓(𝑥𝐸1, 𝑥𝐺1) 𝑥𝐷 = 𝑓(𝑥𝐸1, 𝑥𝐸2)

Piero Baraldi


= OR gate)1)(1(1

11

1111

GE

GEGEA

XX

XXXXX

= AND gate

E1 E2

D

21 EED X X X

If X’s only assume integer values 0 and 1, then ordinary algebra can be used to

express operator results

Piero Baraldi

Exercise 3

• Write the Boolean equations linking the event at the top of the gate with those at the bottom

𝑥𝑇1 = 𝛷 (𝑥𝐸1, 𝑥𝐸2, 𝑥𝐺1, 𝑥𝐺2)

D

Piero Baraldi

1) Commutative Law:

(a) X YY X

(b) X YY X

2) Associative Law

(a) ZYX ZYX

(b) ZYX ZYX

3) Idempotent Law

(a) XX X

(b) XX X

4) Absorption Law

(a) X YX X

(b) X YXX

Most important laws of boolean algebra

5) Distributive Law

(a) ZXYX ZYX

(b) ZYXZXYX

6) Complementation*

(a) XX

(b) XX

(c) XX

Piero Baraldi


BAT XX X1

21211212112121

121212212121

2212121111

GGEEGEEGGEGGEE

GEEGGGEEEEGE

GEEEEGGEGE

XXXXXXXXXXXXXX

XXXXXXXXXXXX

)XXXXXX)(XXXX(

XXXXXXXXXXXX211221212121 GGEGEEGGEEGE

),,(2 2111 GGEET XX,XXX

D

Piero Baraldi

FT qualitative analysis

Let us introduce:

Xi = binomial indicator variable of i-th component state (basic event)

Xi =1 failure event true

0 failure event false

Fault Tree Gate: boolean algebraic equation (one for each gate) based on Boolean Algebra basic operators:

= AND = OR NOT

XT = (X1 , X2 , …, Xn)

Structure (switching) function

(The dual definition can also be

used, as long as we are coherent)

XT = binomial indicator variable of the FT top event

Piero Baraldi

Exercise 4

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

• Find the structure function for the TE: “latch does not trip on demand”

Moving part for

disconnecting an

electrical circuit

Piero Baraldi


• Find the structure function for the TE: “latch does not trip on demand”

))XXX)(XXXX(X)(1X(11X HBBHBBHAAHAALT

Hydraulic

Control A

Hydraulic

Control B

ActuatorsLinkage

Piero Baraldi

Fundamental Products

Theorem

A structure function can be written uniquely as the union of

the fundamental products which render the structure

function true (i.e., Φ = 1)

Canonical expansion or disjunctive normal form of

Fundamental product = Products containing all of the n input variables

• 𝒙𝑻 = 𝚽 𝒙𝟏, 𝒙𝟐, 𝒙𝟑 → 𝒙𝟏 ∙ 𝒙𝟐∙ 𝒙𝟑, 𝒙𝟏 ∙ 𝒙𝟐∙ 𝒙𝟑, … , 𝒙𝟏 ∙ 𝒙𝟐 ∙ 𝒙𝟑

Number of fundamental product for a fault tree with n basic events= 2𝑛

Piero Baraldi

Exercise 5: fundamental products

Consider a series of 2 components

You are required to:

• List the fundamental products

• Write the structure function

1 2

Piero Baraldi

2121

212121

212121T

XXXX

X1XXX1XX

XXXXXXX

21212121 XXXXXXXX

• Series of 2 components

• List of the fundamental products

1 2

Which fundamental products are such that, when equal to 1,

the structure function is also true (i.e., Φ = 1)?


Piero Baraldi

Coherent structure functions

Coherent structure functions = monotonically increasing in each input

variable:

1. Φ(1) = 1 (if all components are failed, the system is failed)

2. Φ(0) = 0 (if all components are working, the system is working)

3. Φ(X) Φ(Y) if XY

Improving the performance of a component (= replacing a failed

component by a functioning one) does not cause the system to

change from the success to the failed state

It is possible to show that:

• coherent structure functions do not contain complemented variables

1 2 𝑥𝑇 = 𝛷 𝑥1, 𝑥2 = 𝑥1 + 𝑥2 − 𝑥1𝑥2

Piero Baraldi

FT qualitative analysis: cut sets

• Cut sets = logic combinations of primary (basic) events which cause

the top event to be true (system failure): 𝑋: 𝛷 𝑋 = 1

1 2

Cut sets:

𝑥1𝑥2

𝑥1, 𝑥2

Set of components whose failure causes the failure of the system

Piero Baraldi

FT qualitative analysis: minimal cut sets

• Cut sets = logic combinations of primary (basic) events which cause

the top event to be true (system failure): 𝑋: 𝛷 𝑋 = 1

• Minimal cut sets = cut sets such that if one of the events is not

verified, the top event is not verified

1 2

Cut sets:

𝑥1𝑥2

𝑥1, 𝑥2

A component is repaired The system starts working

1 2

Minimal cut sets:

𝑥1𝑥2

Piero Baraldi

Exercise 6: minimal cut sets

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

• Identify the minimal cut sets for the TE: “latch does not trip on demand”

Moving part for

disconnecting an

electrical circuit

Piero Baraldi


• Identify the minimal cut sets for the TE: “latch does not trip on demand”

Hydraulic

Control A

Hydraulic

Control B

ActuatorsLinkage

5 minimal cut sets:

M1=XL

M2=XAXB

M3=XAXHB

M4=XHAXB

M5=XHAXHB

Piero Baraldi

• Coherent structure functions can be expressed in reduced

expresions in terms of minimal cut sets:

• Unique and irreducible form of the structure function: union of all

the cut sets:

𝑇 = 𝑀1 ∪𝑀2 ∪⋯ ,𝑀𝑚𝑐𝑠

𝑥𝑇 = 1 − 1 − 𝑥1𝑀1𝑥2

𝑀1 … 𝑥1𝑀2𝑥2

𝑀2 … … (1 − 𝑥1𝑀𝑚𝑐𝑠𝑥2

𝑀𝑚𝑐𝑠 …)

FT qualitative analysis: structure function and minimal cut sets

𝑀1 = 𝑥1𝑀1𝑥2

𝑀1 …

𝑀2 = 𝑥1𝑀2𝑥2

𝑀2 …

…

𝑀𝑚𝑐𝑠 = 𝑥1𝑀𝑚𝑐𝑠𝑥2

𝑀𝑚𝑐𝑠 …

Piero Baraldi

• Coherent structure functions can be expressed in reduced

expresions in terms of minimal cut sets:

• Unique and irreducible form of the structure function: union of all

the cut sets

TE

𝑀1 𝑀𝑚𝑐𝑠𝑀2 …

FT qualitative analysis: structure function and minimal cut sets

Piero Baraldi

Exercise 7

• Build the structure function from the minimal cut sets for the circuit breaker system

• Verify whether the structure function obtained in Exercise 4 is the same of that obtained above from the minimal cut set:

Hydraulic

Control A

Hydraulic

Control B

ActuatorsLinkage

M1=XL

M2=XAXB

M3=XAXHB

M4=XHAXB

M5=XHAXHB


Piero Baraldi


• Build the structure function from the minimal cut sets for the circuit breaker system

𝑇 = 𝐿 ∪ 𝐴 ∙ 𝐵 ∪ 𝐴 ∙ 𝐻𝐵 ∪ 𝐻𝐴 ∙ 𝐵 ∪ 𝐻𝐴 ∙ 𝐻𝐵

𝑥𝑇 = 1 − 1 − 𝑥𝐿 1 − 𝑥𝐴𝑥𝐵 1 − 𝑥𝐴𝑥𝐻𝐵 1 − 𝑥𝐻𝐴𝑥𝐵 (1 − 𝑥𝐻𝐴𝑥𝐻𝐵)

Hydraulic

Control A

Hydraulic

Control B

ActuatorsLinkage

M1=XL

M2=XAXB

M3=XAXHB

M4=XHAXB

M5=XHAXHB

Piero Baraldi


• Verify whether the structure function obtained in Exercise 4 is the same of that obtained above from the minimal cut set:

From Ex. 4

From minimal cut sets:

𝑥𝑇 = 1 − 1 − 𝑥𝐿 1 − 𝑥𝐴𝑥𝐵 1 − 𝑥𝐴𝑥𝐻𝐵 1 − 𝑥𝐻𝐴𝑥𝐵 (1 − 𝑥𝐻𝐴𝑥𝐻𝐵)

𝑥𝑇 = 1 − 1 − 𝑥𝐿 𝑥𝐴 + 𝑥𝐻𝐴 − 𝑥𝐴𝑥𝐻𝐴 𝑥𝐵 + 𝑥𝐻𝐵 − 𝑥𝐵𝑥𝐻𝐵

It is possible to show that the two terms are equal by

performing the products and using the rules

of boolean algebra

Piero Baraldi

XT = (X1 , X2 , …, Xn)

• Boolean algebra to solve FT equations

How to find the minimal cut sets?


Piero Baraldi

XT = (X1 , X2 , …, Xn)




𝑥𝑇 = 𝑥𝐸1𝑥𝐺2 + 𝑥𝐸1𝑥𝐸2 + 𝑥𝐺1𝑥𝐺2 −−𝑥𝐸1𝑥𝐸2𝑥𝐺2 − 𝑥𝐸1𝑥𝐺1𝑥𝐺2

Piero Baraldi

BAT XX X1

XT = (X1 , X2 , …, Xn)





cut sets

Piero Baraldi

BAT XX X1




E1 E2

G1 G2 G3

cut set

minimal cut set

minimal cut set

Piero Baraldi

mcs: Example 1

2112212121211 GGEGEEGGEEGET XXXXXXXXXXXX X

)]XXXXXXXX1)(XX1[(1

)]XXXXXXXX1(XXXXXXXXXX1[1

]XXXXXXXXXXXXXXXXXXXX1[1

]XXXXXXXXXXXXXXXXXXXX1[1

]XXXXXXXXXXXX1[1

2121212121

212121212121212121

21212112212121212121

21212121211221212121

211221212121

GGEEGGEEGE

GGEEGGEEGEGGEEGGEE

GGEEGGEGEEGEGGEEGGEE

GGEEGGEEGGEGEEGGEEGE

GGEGEEGGEEGE

)]XX1)(XX1)(XX1[(1212121 GGEEGE

3 minimal cut sets:

211 GEM

212 EEM

213 GGM

E1 E2

G1 G2 G3

Piero Baraldi

FT qualitative analysis: results

1. Mcs identify the component basic failure events which contribute to system failure

2. Qualitative component criticality: those components appearing in low order mcs’ or in many mcs’ are the most critical

Piero Baraldi

FT quantitative

analysis

Piero Baraldi

FT quantitative analysis

Compute system failure probability from primary events probabilities by:

1. Using the laws of probability theory at the fault tree gates

Piero Baraldi

Exercise 8

Compute system failure probability for the circuit breaker of Exercise 1 using the laws of probability theory at the fault tree gates

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

p = 0.1 p = 0.1 p = 0.1 p = 0.1

p 0.01

Piero Baraldi


p = 0.1 p = 0.1 p = 0.1 p = 0.1

p 0.2 p 0.2

p 0.04

p 0.05

Compute system failure probability for the circuit breaker of Exercise 1 using the laws of probability theory at the fault tree gates

p 0.01

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

Attention:

This method may easily lead to errors and should not be used in case of basic events shared by more branches!

No approximation = 0.0457

Piero Baraldi



2. Using the mcs found from the qualitative analysis


Piero Baraldi

1. Consider a system whose 2 minimal cut sets are:

2. 𝑀1 = 𝑥𝐴𝑥𝐵3. 𝑀2 = 𝑥𝐴𝑥𝐶4. You are required to compute the probability of the top

event

Exercise 9

Piero Baraldi

1. 𝑻 = 𝑴𝟏 ∪𝑴𝟐

𝑷 𝑻 = 𝑷(𝑴𝟏) + 𝑷 𝑴𝟐 − 𝑷(𝑴𝟏 ∩𝑴𝟐)


𝑷 𝑻 = 𝑷 𝑨 𝑷(𝑩) + 𝑷 𝑨 𝑷(𝑪) − 𝐏(𝑨𝑩𝑨𝑪)

𝑷 𝑻 = 𝑷 𝑨 𝑷(𝑩) + 𝑷 𝑨 𝑷(𝑪) − 𝐏(𝑨𝑩𝑪)

𝑷 𝑻 = 𝑷 𝑨 𝑷(𝑩) + 𝑷 𝑨 𝑷(𝑪) − 𝐏 𝑨 𝑷 𝑩 𝑷(𝑪)

Piero Baraldi




It can be shown that:

1

1 1 1

1

1

][)1(][][]1)([mcs

i

mcs

ij

mcs

j

j

mcs

ji

mcs

j

j MPMMPMPXP

mcs

j

j

mcs

i

mcs

ij

ji

mcs

j

j MPXPMMPMP1

1

1 11

][]1)([][][


“Rare event” approximation

Piero Baraldi

Exercise 10

Compute system failure probability from the mcs

Hydraulic

Control A

Hydraulic

Control B

Actuators

Linkage

p = 0.1 p = 0.1 p = 0.1 p = 0.1

p 0.01

Piero Baraldi

Exercise 10 Solution

5 mcs:

P(M1) =P(XL=1)=0.01

P(M2)=P(XAXB=1)=0.1·0.1=0.01

P(M3)=P(XAXHB) =0.1·0.1=0.01

P(M4)= P(XHAXB=1)=0.1·0.1=0.01

P(M5) =P(XHAXHB)=0.1·0.1=0.01

0464.0][][]1)([

05.0][]1)([

1

1 11

1

mcs

i

mcs

ij

ji

mcs

j

j

mcs

j

j

MMPMPXP

MPXP

Hydraulic

Control A

Hydraulic

Control B

Actuators

LinkLatch

No approximation = 0.0457

0.0454

Piero Baraldi




3. Reducing (if necessary) the structure function by boolean algebra rules and directly applying the expected value operator:



))XXX(XE)XXX(XE)(1XE(11

))XXX)(XXXX(X)(1X(11EXETP

HBBHBBHAAHAAL

HBBHBBHAAHAALT

= 0.0457

575757Piero Baraldi

57

Exercise 11: Alarm of pressure excess

When the pressure in the reactor reaches a value above the acceptable an alarm is activated manually by the supervisor or automatically by an automatic sensor. The alarm is fed by a line of main energy or, in case of general energy failure, by a stand-by power generator.

You are required to compute the probability of the event: “failure of the alarm system”

Component Failureprobability

Manometer 0.08

Supervisor 0.14

Switch 0.04

Alarm 0.05

Stand by Power Generator

0.12

Main Electricpower

0.10

AutomaticSensor

0.14

585858Piero Baraldi


58

p = 0.14 p = 0.08

p = 0.05

p = 0.14

p = 0.1 p = 0.12

p = 0.012

p = 0.24

p = 0.0336

p = 0.0929

Main power

failure

Stand-by

power

failure

Supervisor

failure

Switch

Failure

(p = 0.04)

Manometer

failure

Failure

of the

automatic

sensor

Alarm

failure

Power failure Signal does not

reach to alarm

Failure of the alarm

system

Failure on manual

activation

Correct! Branches are

INDEPENDENT

Piero Baraldi

FT: comments

1. Straightforward modeling via few, simple logic operators

2. Focus on one top event of interest at a time

3. Providing a graphical communication tool whose analysis is transparent

4. Providing an insight into system behavior

5. Minimal cut sets are a synthetic result which identifies the critical components

Documents

Fault tree analysis - LASAR · 2018-05-30 · Fault Tree Analysis (FTA) •Systematic and quantitative •Deductive (search for root causes) Objectives: 1. Decompose the system failure