Fault Tree Analysis

Part 3: Digraph-Based Fault Tree Synthesis Procedure (Tree and

NFBL)

LEVELS OF MATHEMATICAL MODELS OF ENGINEERING SYSTEMS

Partial Differential Equations

Ordinary Differential Equations

Algebraic Equations

DIGRAPHS

V1 V2Gain

Multi-Valued Logic

Boolean Algebra

node edge

The value of gain is discretized!

±1: if a moderate deviation in the input variable causes moderate deviation in the output.

±10: if the output deviation is very large when compared to the input.

0: if the output deviation is very small compared with the input.

input

output

v

vGain

1

2

Computation of Output Value

if 10 10

10 if 10

10 if 10

where, , , 10, 1,0, 1, 10

in in

out in

in

in out

gain v gain v

v gain v

gain v

v v gain

[ Example ]

1

3

2

4

HOT

NITRIC

ACIDCOOLING

WATER

WATER LEAKS

INTO

NITRIC ACID

AU

TSURR

-1 +1

+1

+1

+1

+1

+1

-1-1

-1

T 2

4T

3M

1M

1T

4M

2M

T2(+1)

OR

M1(+1)

T1(+1) …… M4(-1)

The Fault-Tree Structure for Tree-Like Digraph

THE MAGNITUDE OF DISTURBANCES

inV

outVGain

CONDIF V Z

inValues of V

+10 “Large” Positive Deviations

+ 1 “Normal” Positive Deviations

0 No Change in

- 1 “Normal” Negative Deviations

-10 “Large” Negative Deviation

inV

CONDV Z is the condition required

for the gain to be correct

(if implicit in initial conditions

it is unstated)

inv Deviation in input from its normal value

Digraph Model

[ EXAMPLE ]

3

1 2

AIR TO OPEN

regular valve P 3 M 2+1

quick opening P 3 M 2+10

failure models

M 2P 3+1

0 valve stuck

-1 valve reversed

Digraph Models

Control Valve

(Air to Open)

3

1 2

M = Mass Rate

P = Pressure

T = Temperature

DEN = Density

X = Mass Fraction

Output Variable (Gain) Input

M 2 (+1) M 1 , (+1) P 3 , (+1)DEN . 1

(-1) P 3 , if Valve Reversed

(+1) Fails Open

(-1) Fails Closed

M 1 (+1) M 2 , (+1) P 3

(-1) P 3 if Valve Reversed

( 0 ) P 3 if Valve Stuck

(+1) Fails Open

(-1) Fails Close

( 0 ) P 3 if Valve Stuck

(-1) Plug

(-1) Leak Out

(+1) Leak In

(-1) Plug

( 0 ) M 2 if Plug = +10

( 0 ) M 2 if Fails closed = +10

(+1) Leak Out

(-1) Leak In

Output (Gain) Input

P 2(+1) P 1 , (+1) P 3 , ( 0 ) P 3 if Valve Stuck ,

( 0 ) P 1 if plug = +10 , ( 0 ) P 1 if Fails Closed

+10 , (-1) Plug , (-1) Fails Closed , (-1) P 3 if Valve

Reversed , (+1) Fails Open , (+1) Leak , (-1) Leak Out

P 1 (+1) P 2 , (-1) P 3 , ( 0 ) P 3 if Valve Stuck , (+1) P 3

if Valve Rev , ( 0 ) P 2 if Plug = , ( 0 ) P 2 if Fails Closed = +10 , ( ) Plug , (+1) Fails Closed , (-1) Fails Open , ( ) Leak In , (-1) Leak Out

101

1

T 2 (+1) T 1 , ( 0 ) T 1 if M 2 = -10 , ( )

, (+1) Leak In (if )

1

surroundingsT

surr. 2T T

T 1 None

P 3 None

A,2X A,1 A,1

A ,S A,2

A ,S A,2

( 1)X , (0) X if M 2 =-10 , ( 1)

Leak In ( if X X ) , (-10) Leak In

(if X X )

A,1X None

Output (Gain) Input

(+1) Vap. Frac. 1, ( 0 ) Vap. Frac. 1 if

M2 = -10 , (+1) Leak In (if Vap. Frac.

Sur. > Vap. Frac. 2) , (-1) Leak In (if

Vap. Frac. Sur. < Vap. Frac. 2)

Vapor

Fraction 2

Vap. Frac 1

S 2

S 2

None

( 1) Den. 1 , ( 0 ) Den. 1 if M2 = -10 ,

(+1) Leak In (Den Den ) , (-1) Leak if

(Den Den )

None

Den 2

Den 1

COOPERATIVE CAUSES FOR AN EVENT

[ Example ] The simultaneous occurrences of P (+1) and T (-1) Cause brittle fracture in a tank,

P fracture T+1

(T= -1)

-1

(P= +1)

Glossary

• Digraph : nodes connected by edges which have direction.

• Edge : the line connecting two nodes. – It indicates a relationship between the two nodes.

The number next to the edge is the gain.• Conditional Edge : The relationship between two nodes

depends on another event or variable.– For example, the gain between valve position and

flow out of the valve is zero if the valve is stuck. The condition is “valve stuck”.

Glossary

• Primal node : a node on the system digraph with no inputs.

• Input : an edge pointing to the node under consideration.

• Local Input : variables or events one nods away from the node being considered.

• Gain : change in Output / Change in Input. – Gains may have values of ±1, ±10, 0. Zero means no gain.

GlossaryVariable and Event Values

• These are deviations of the variables and events from their normal value.

• ±10 indicates large or fast deviations which cannot be handled by normal NFBL.

• ±1 is the usual deviation expected in the variable or event.

• Zero means no deviation.

• Some variables are univariant (can only vary in one direction from their normal value), e.g. a normally open valve cannot be further opened or a fire can only have values of 0, +1, and +10.

Glossary

• Feedback Loop (FBL) : A path through the nodes in a digraph which starts and terminates at one node.

• Negative Feedback Loop (NFBL) : A feedback loop in which the product of the normal gains around the loop is negative.

• Positive Feed Back Loop (PFBL) : The product of the gains around the FBL is positive.

[ Example ] FLOW CONTROL LOOP FAULT TREE

The Process is a simple feedback loop for flow control. The flow rate of stream 3 (M3) is sensed by a flow sensor connected to signal line 4. As the flow increases, the signal in line 4 increases. The flow recorder-controller upon receiving the increased signal from 4 sends a decreased signal to stream 5. This causes the valve to close returning the flow to its desired setting.

1

FRC

FLOW

SETPT.

5

1 24

3FLOW CONTROL

LOOP

AIR TO OPEN

M 2

M 3

M 1

VALVEMACH .FAILS

CLOSED

VALVEMECH .FAILSOPEN

P 5

FRCFAILSLOW SET

POINT

ROCFAILSHIGH

LOSSOF

INSTAIR

P 4FLOW

SENSORFAILSHIGH

FLOWSENSORFAILSLOW

LINE4

RUPTURES

-10

+1

+10 -10 +1

+10

-10

+1

0 VALVE STUCK-1 VALVE REVERSED

-1 FLO

W SE

NSO

R R

EV

ER

SED

+1

0 FLO

W SE

NSO

R ST

UC

K

+1 FRC R

EVERSED

-1

0 FRC S

TUCK

0 FRC O

N MANUAL

+10

-10 -10

Discussions with the designer and operator indicate the following events are known to occur in this process.

Sensor : Fails (High , Low , Stuck), Reversed.

Controller : Fails (High , Low , Stuck) , On Manual, Loss of Air (Causes Signal 5 to go down ), Reversed .

Valve : Fails (Open , Closed , Stuck ), Reversed .

The system is normally operating with flow in lines 1, 2, and 3 . The event that could be a hazard is “Flow in stream 3 too high (M3 (+1)) .”

M 3 (+1)

M 2 (+1)

OR

OR

M 1 (+1) P 5 (+1)

If the fault tree is constructed by treating the digraph as a tree, then ……..

Development of Fault Tree

“ What could cause this ? ” or “ Which nodes are inputs to the node representing the current event ? ”

+

“ Nothing else happens which will cancel the original effect . ” ( ON A NFBL or NFFL )

THE GENERAL FAULT – TREE STRUCTURES OF NFBL

( 1 ) M 2 ( +1 )

OR

AND AND

M 1 ( +1 ) process disturbance

NOT ( P 5 (-1) )NO controlloop correction

P 5 (+1) control loop disturbance

NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)

THE GENERAL FAULT – TREE STRUCTURES OF NFBL

( 1 ) M 2 ( +1 )

OR

AND AND

M 1 ( +1 ) process disturbance

NOT ( P 5 (-1) )NO controlloop correction

P 5 (+1) control loop disturbance

NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)

( 2 ) M 2 ( +1 )

OR

AND AND

M 1 ( +1 ) OR P 5 ( +1 ) OR

P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true

THE GENERAL FAULT – TREE STRUCTURES OF NFBL

( 1 ) M 2 ( +1 )

OR

AND AND

M 1 ( +1 ) process disturbance

NOT ( P 5 (-1) )NO controlloop correction

P 5 (+1) control loop disturbance

NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)

( 2 ) M 2 ( +1 )

OR

AND AND

M 1 ( +1 ) OR P 5 ( +1 ) OR

P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true

Nearly always true

THE GENERAL FAULT – TREE STRUCTURES OF NFBL

( 3 ) M 2 ( +1 )

OR

OR P 5 ( +1 )

AND AND

M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 )

THE GENERAL FAULT – TREE STRUCTURES OF NFBL

( 3 ) M 2 ( +1 )

OR

OR P 5 ( +1 )

AND AND

M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 )

( 4 ) M 2 ( +1 )

OR

AND P 5 ( +1 )

M 1 ( +1 ) P 5 ( 0 )

A disturbance propagates through a control loop if

1. An external disturbance enters the system and the control loop is inactive;

2. The disturbance is caused by the control loop itself; or

3. The disturbance is extremely large in magnitude.

DISTURBANCES THROUGH A NEGATIVE FEEDBACK LOOP

+ +

_+

+

INV

1V

OUTV

2V

3V

10

10

IN

OUT

V

V

INV

OUTV

OUTV

t

VARIABLE

DEVIATION

Generally, ( +10 ) defined as that value of which causes to have at least a +1 deviation. ( NFBL cannot completely cancel disturbance.)

INV

INV

OUTV

THE GENERAL FAULT – TREES STRUCTURES OF NFBL

( 5 ) M 2 ( +1 )

OR

M 1 ( +10 ) AND P 5 ( +1 )And P 5 (-1 )

M 1 (+1) P 5 ( 0)VeryNearlytrue

( 6 ) E

OR

AND Loop variable causes disturbance

external loop variable disturbance fails to cancel enters loop disturbance OR

component large disturbance failure enters loop(primary orsecondary)

OUTPUT ( Value )

OR

UNCONTROLLABLE INPUTSPASS THROUGH THE NFBL

CONTROL LOOPCAUSES THE DEVIATION

OR EOR

(1) INPUT (Value to give large or fast disturbance ) NOT ON

NFBL(2) PRIMARY FAILURE(3) SECONDARY FAILURE CAUSING EVENT(4) SET POINT CHANGE

LOCAL EDGE INPUT (Value CONDITIONS to give desiredWHICH CAUSES output value)REVERSE GAIN ON NFBLON NFBL

CONTROLLABLE DIST RBANCES PASS THROUGH THE NFBL

AND

OR LOOP INACTIVE

OR

LOCAL EDGE CONDITIONS INPUT (value = 0)WHICH GIVES A ZERO ON THE NFBLGAIN ON THE NFBL

INPUT (value for controllable disturbance into the NFBL) NOT ON NFBL

GENERAL STRUCTURE FOR OUTPUT VARIABLES ON A NFBL

OUTPUT ( value = 0 )

OR

LOCAL EDGE CONDITIONS INPUT ( value= 0 )

WHICH GIVE ZERO ON THE NFBL

GAIN ON THE NFBL

[ EXAMPLE ]M 3 (+1)

OR

M 2 (+1)

OR

OR EOR

M 1 (+10) Valve M 1(+1) OR Mech. Fails Open (+1)

Valve P 5 (+1) Reversed

Page 2

AND

Valve Stuck P 5 (0)

OR

FRC FRC P 4 (0) On Manual Stuck

OR

Flow M 2 Sensor (inconsistent) Stuck

FLOW

CONTROL

LOOP

P 5 (+1)

OR

OR EOR

Set Pt. (+1) FRC Fails High

FRC Reversed (+1)

P 4 (-1)

OR

AND

(no +1disturbance)

OR

Flow Line Sensor 4 Fails Low Ruptures

AND

(no +1disturbance)

EOR

Flow M 2 (-1)Sensor (inconsistent)Reversed