Qualitative temporal analysis: Towards a full implementation of the Fault Tree Handbook

https://doi.org/10.1016/j.conengprac.2008.10.003Get rights and content

Abstract

The Fault Tree Handbook has become the de facto standard for fault tree analysis (FTA), defining the notation and mathematical foundation of this widely used safety analysis technique. The Handbook recognises that classical combinatorial fault trees employing only Boolean gates cannot capture the potentially critical significance of the temporal ordering of failure events in a system. Although the Handbook proposes two dynamic gates that could remedy this, a Priority-AND and an Exclusive-OR gate, these gates were never accurately defined. This paper proposes extensions to the logical foundation of fault trees that enable use of these dynamic gates in an extended and more powerful FTA. The benefits of this approach are demonstrated on a generic triple-module standby redundant system exhibiting dynamic behaviour.

Section snippets

Introduction and background

Fault tree analysis (FTA) is a well-established system analysis technique widely used in reliability engineering and system safety. It was created in the 1960s and since then has been used in a variety of fields, including the automotive, aerospace, and nuclear industries, where numerous applications have been reported on safety critical control systems. FTA is a deductive analysis method, meaning that the analysis starts with a system failure and works backwards to try to determine its root

Introducing Pandora

Pandora1 is a new extension to FTA designed to enable fault trees to model event sequences and relative temporal ordering, which it is hoped will aid in the analysis of dynamic systems (Walker & Papadopoulos, 2006). To that end, Pandora is built around a redefinition of the PAND gate. Many of the problems with the PAND stem from its ambiguous definition in the Fault Tree Handbook, which means it is difficult to use successfully in

Temporal laws

Qualitative analysis of normal fault trees consists of transforming a tree into a group of cut sets, which are sets of events that can cause the top event, and then reducing these cut sets by removing any redundancies. This transformation and reduction is done with the aid of Boolean laws of logic, and the result is a group of MCSs; all of the events in an MCS are necessary to cause the top event, and so they contain no redundant events. The key to this process is the fact that a fault tree can

Qualitative temporal analysis

Although these new temporal laws allow us to manipulate and reduce Boolean expressions, applying them is not always simple, especially if the qualitative analysis is to be carried out automatically. While it is possible to manually apply the laws directly, it is easier to first transform the expression into a simplified form which can be more readily manipulated by a smaller number of temporal laws. This form consists of doublets and is known as base temporal form or BTF (Walker, Bottaci &

Example

To see how Pandora works in practice, consider the example triple-module standby redundant system shown earlier in Fig. 1. This system provides a useful illustration of the benefits of Pandora because the standby redundancy modelled in this system is a classic way of achieving fault tolerance. The system is also generic, an example of a design pattern rather than a specific system; the components are abstract and therefore independent of technology, and could be replaced by specific sensors,

Conclusion

It has long been recognised in the Fault Tree Handbook that classical combinatorial fault trees cannot capture the potentially critical significance of the temporal ordering of failures in a system. Although the Handbook proposed dynamic gates to address the problem, these gates were rarely used due to the lack of any information in the Handbook on how to perform qualitative or quantitative analysis on them.

This paper presented Pandora, an approach that enables modelling and analysis of dynamic

Acknowledgement

This work was supported by the EU Projects SAFEDOR (Grant IP-516278) and ATESST-2 (Grant 224442).

References (16)

  • W. Long et al.

    Quantification of sequential failure logic for fault tree analysis

    Reliability Engineering & System Safety

    (2000)
  • G.K. Palshikar

    Temporal fault trees

    Information and Software Technology

    (2002)
  • J.B. Fussel et al.

    On the quantitative analysis of Priority-AND failure logic

    IEEE Transactions on Reliability

    (1976)
  • Manian, R., Dugan, J. B., Coppit, D., & Sullivan, K. J. (1998). Combining various solution techniques for dynamic fault...
  • Merle, G., & Roussel, J.-M. (2007). Algebraic modelling of temporal fault trees. In First IFAC workshop on dependable...
  • Parker, D., Walker, M., Papadopoulos, Y., & Grante, C. (2006). Component-based, automated FMEA of advanced active...
  • Sullivan, K., Dugan, J., & Coppit, D. (1999). The Galileo fault tree analysis tool. In Proceedings of IEEE...
  • Tang, Z., & Dugan, J. B. (2004). Minimal cut set/sequence generation for dynamic fault trees. In Annual reliability and...
There are more references available in the full text version of this article.

Cited by (0)

View full text