FTA-Failure Treee Analysys

8/10/2019 FTA-Failure Treee Analysys

1/30

Fault Tree Analysis

)FAILURE

(

)FAULT

(

.

(

FAILURE MODE FTA .)

. /

Fault tree analysis was created and developedin the 1960s, and was adopted by the nuclearpower industry to analyze the safety of their electricpower systems. Fault tree analysis is a probabilistic

deductive systems analysis tool that provides apictorial system representation using Boolean logicgates in a vertically oriented tree formation.

tarting at a top!level event, fault tree analysisdepicts the system operation graphically. "hen,flowing bac#ward through the system, it uses logic

gates to depict events that must occur for propersystem operation. $t is typical during an analysis tocreate a function tree first that displays the properoperation of the system.

"he analyst then ta#es each positive event andreverses the outcome, ma#ing it a fault or failure,and redraws the subordinate events that contribute

to the upper!level event failure, until a Basic %ventsbloc# is reached. &t that point, the analysis for thatleg is concluded.

"here will be many legs to be analyzed, spreadingfrom the top!level event, resembling a triangle or a'tree'(hence the name fault 'tree' analysis.


2/30


3/30

representations are e+uivalent from an analysisstandpoint.

Figure &' Using an AND gate to re(resent an in$i%itrelations$i(

Figure )' Tra*itional use o+ an In$i%it gate

4lease note that the diagram in Figure 3 does not differmathematically from the representation shown in Figure 1.

NOT gate(output event occurs if the input eventdoes not occur.

NOR gate $f there is at least one true input, theoutput is False.

NAND gate ! $f there is at least one False inputevent, the output is "rue.

Trans+er gate &llows lin#ing of logic in separate

areas of a fault tree.


4/30

Re,ars gate 5sed for the entry of comments.

#ass-T$roug$ gate . 4rovides a vertical connectorto aid in fault tree alignment.

Descri(tion /ox(describes system or component.


5/30


6/30

T$e events'

/A0I1EVENTcircle(used to describe a basic eventat the root of the tree where failure and repair dataare available for the basic event. $t is a componentlevel event or an e/ternal event.

2ouse Event an event that can be used to turn on

or off certain branches of a fault tree.

Un*evelo(e* event & higher!level event that is notbro#en down into lower basic event.

Dia,on*-s$a(e* %loc(undeveloped, representsa system event that is yet to be developed.

1on*itional "elli(tical s$a(e(similar to basic

event, but represents a conditional probabilityconnected to an inhibit gate, terminates a branch.

& con*itional eventis used along with an $nhibit gate,which is described later

E3uilateral Triangle(indicates that this part of thefault tree is developed in a different part of thediagram or on a different page of the analysis.

1onstruction 4ui*elines

1. efine the bounds of the system to be analyzed andthe level of comple/ity to which failures will beresolved.

3. $dentify the ")4!level event of the system to beanalyzed. "he ")4!level events of the systemrepresent those events for which reliability andavailability predictions are re+uired.


7/30

. 5sing a top!down deductive!reasoning approach,identify all the immediate causes of the ")4!levelevents.

7. -ow define the immediate causes of the new systemevents. $t is important that intermediate systemevents are not missed out when defining theimmediate causes. $n this way, the levels of the faulttree progress systematically from ma*or systemevents, through intermediate levels of comple/ity, tothe basic events representing component failures atthe roots of the fault tree.

8. ontinue this process of defining the immediatecauses of system events until all the roots of the faulttree are terminated by Basic, onditional,5ndeveloped, ormant, and "ransfer events.

6. &void abstract events.

. $dentify all distinct causes for an event.

:. ;esolve an event into more elementary events.

9. &lways provide a complete description of the systemor component event in the rectangular descriptionbloc# above each fault tree symbol.


8/30

Example:

-:

.1 "": %$# .!

''.&

Top event ,+*()* +ema'-' .'. #.'

1

!

/1

/!

01

0!

/2/*)33le

/&

/1

/!


9/30

Failure of water cooling

system on demand

4) 5a6e787)m *)33le

4) 5a6e7 6)*)33le

Pipe P3 blockedNo water from the pump

Pump fails to start No water

to pump

No water from

line 1

No water from

line 2


10/30

##%''9 .9;#

No water from line 1

No water through the

valve

No water to valve

Pipe blocked No water into

pipe

Filter blockedNo water


11/30

Fault Tree 1onstruction' Events an* 4ates

#art I' 1o,,only Use* Events an* 0tatic 4ates

Intro*uction

Fault tree analysis F"&2 is a procedure for determining the variouscombinations of hardware and software failures and human errorsthat can result in the occurrence of a specified undesired event atthe system level. "he undesired event to evaluate is referred to asthe to( event. $t is generally some type of failure or malfunction.&ll of the hardware and software failures and humans errors thatcan lead to the occurrence of the top event are referred to asevents.

F"& begins with clearly defining the top event and thendetermining the various combinations of events that can lead to itsoccurrence. "he successive levels in the fault tree depict how thepropagation of lower!level events causes the top event to occur.


12/30

& player can be powered by batteries or electrical power. "he player fails to operate if the batteries are dead &- noelectrical power source is available. "hus, an &- gate, which isdescribed later in this article, is inserted in the fault tree along with

two basic events= -o Battery and -o %lectric.

Fault Tree 5it$ T5o /asic Events

Undeveloped Event

&n un*evelo(e* eventis used if further resolution of that event isnot necessary for proper evaluation of the fault tree or if theinformation necessary for developing this event is not currentlyavailable. >hile an undeveloped event is similar to a basic event, itis represented by a different symbol to signify that it is possible tobrea# this event down into associated gates and events, eventhough this has not been done for this particular analysis.

Un*evelo(e* Event

Exa,(le

& vehicle will not start if there is no fuel ); if there is some othermechanical problem. "hus, an ); gate is inserted in the fault treealong with a basic event -o ?as2 and an undeveloped event@ech 4roblem2. "he undeveloped event indicates that other

mechanical problems are not within the scope of the analysis. "he); gate is fully described later in this article.


13/30

Fault Tree 5it$ an Un*evelo(e* Event

Conditional Event

& con*itional eventis used along with an $nhibit gate, which isdescribed later in this article. $n a fault tree with an $nhibit gate, theoutput occurs only when the input events occur &- a conditional

event is satisfied.

1on*itional Event

Exa,(le

From the fire triangle, we #now that there will be fire when fuel anda heat source are present, given the presence of o/ygen. "heneed for the presence of o/ygen is the conditional event in thefollowing fault tree. >hen you insert an $nhibit gate in a ;ele/ faulttree, ;ele/ automatically inserts the conditional event so that youcan specify the condition that must be satisfied. "he main purposeis to visually emphasize the presence of the condition, which isgenerally either a very rare or very common event.


14/30

Fault Tree 5it$ a 1on*itional Event

House Event

& $ouse eventis a special type of event employed for specificuses within a fault tree analysis. ommon uses for house eventsare=

"o represent an event that is normally e/pected to occur.

"o disable or enable parts of a fault tree to ma#e themfunctional or non!functional.

"o represent trigger events, switching events, and e/ternalevents.

2ouse Event

& house event can be turned on or off to specify the conditionspresent under a specific scenario. >hen a house event is turnedon ";5%2, that event is presumed to have occurred and theprobability of that event is set to 1. >hen a house event is turnedoff F&


15/30


16/30

events, intermediate events outputs of other gates2, orcombinations of both.

AND Gate

"he AND gateis used to indicate that the output occurs if and onlyif all the input events occur. "here must be at least two inputevents to an &- gate.

AND 4ate

0u,,ary o+ Logic= &ll events must be ";5% for the output to be";5%.

& truth table for the &- gate follows. "he Boolean e+uation for an&- gate is " & C B.

A / Out(ut

" " "

" F F

F " F

F F F

Exa,(le

& player can be powered by batteries or electrical power. "he player fails to operate if the batteries are dead &- noelectrical power source is available.


17/30

Fault Tree 5it$ an AND 4ate

OR Gate

"he OR gateis used to indicate that the output occurs if and only ifat least one of the input events occur. "here must be at least twoinputs to an ); gate.

OR 4ate

0u,,ary o+ Logic= $f at least one event is ";5%, the output is";5%. $f all events are F&


18/30

Fault Tree 5it$ an OR 4ate

Voting Gate (m/n)

"he Voting ",6n gateis used to indicate that the output occurs ifand only if at least mout of the ninput events occurs. "he inputevents do not need to occur at the same point in time but should

be present at the same time. "he output occurs when at least minput events occur. >hen m 1, the Eoting gate behaves li#e an); ?ate.

Voting 4ate

0u,,ary o+ Logic= $f m 3 and n , two input events must be";5% for the output to be ";5%. $f zero or one input events are";5%, the output is F&


19/30

" F " "

" F F F

F " " "

F " F F

F F " F

F F F F

Exa,(le

4ower is supplied by three generators. >hen two generators arewor#ing, ade+uate power is supplied. >hen only one generator is

wor#ing, there is not enough power.

Fault Tree 5it$ a Voting 4ate

n!i"it Gate

"he In$i%it gateis used to indicate that the output occurs whenthe input events $1 and $32 occur and the input condition 2 is

satisfied. &n $nhibit gate is very much li#e an &- gate with acondition. >hen you insert an $nhibit gate in a ;ele/ fault tree, a


20/30

conditional event is automatically inserted along with it so that theinput condition can be specified.

In$i%it 4ate

0u,,ary o+ Logic= $f one input event is F&


21/30

Fault Tree 5it$ an In$i%it 4ate

#$ans%e$ Gate

"he Trans+er gateis used to lin# logic in separate areas of a faulttree. >hen a "ransfer gate is selected for insertion, a "ransfer $ngate is inserted in the fault tree. "he "ransfer $n gate is then lin#edto a "ransfer )ut gate, which represents the top gate of anotherfault tree.

Trans+er 4ate

"here are two primary uses of "ransfer gates.

&n entire fault tree may not fit on a single sheet of paper. Goucan use "ransfer gates to organize various portions of alarge fault tree on separate sheets of paper.

"he same fault tree logic may be used in different places in afault tree. Gou can use "ransfer gates to define this logiconce and use it wherever necessary. "herefore, repeatedgates can be created using transfer gates.

Rema$&s Gate


22/30

"he Re,ars gateis used for the entry of comments. & ;emar#sgate has no calculation data associated with it and therefore hasno effect on calculations. Aowever, the tree branch may continueafter a ;emar#s gate. "here can be only one input to a ;emar#s

gate.

Re,ars 4ate

Exa,(le

"he fault tree below is the same as the e/ample for the ); gate,with a ;emar#s gate added to e/plain the other mechanicalproblems that could contribute to the car not starting.

Fault Tree 5it$ a Re,ars 4ate

'ass#!$oug! Gate


23/30

"he #ass-T$roug$ gateis used for visually aligning the eventsand gates in a fault tree. & 4ass!"hrough gate e/tends the verticalconnector down through an additional fault tree level.

#ass-T$roug$ 4ate

& 4ass!"hrough gate has no calculation data associated with it,and therefore has no effect on calculations. Aowever, the treebranch may continue after a 4ass!"hrough gate. "here can beonly one input to a 4ass!"hrough gate.

Exa,(le

"he fault tree below is the same as the one for the ;emar#s gatee/ample e/cept a 4ass!"hrough gate has been inserted to e/tendthe connector to the basic event from the second level to thelowest level.


24/30

Fault Tree 1onstruction' Events an* 4ates

#art II' NOT Logic 4ates

Note: This is the second part of a three-part series. It exploresstatic gates that use NOT logic to indicate how the lack of anevent's occurrence can cause the top event to occur. Part Idescries the events and static gates most commonl! used in faulttree construction. Part IIIdemonstrates how d!namic gates extendfault tree anal!sis even further ! considering the order in whichinput events occur.

Intro*uction

-)" logic indicates how the lac# of an eventHs occurrence cancause the top event in a fault tree to occur. "here are several staticgates that use -)" logic. "hey are the -)", -);, -&-, andI); gates. Because the presence of a -)" logic gate in a faulttree typically results in a non-co$erentrather than co$erentfaulttree, -)" logic gates are sometimes referred to as non-co$erentgates.

$n a coherent fault tree, each component in the system is relevant,and the structure function is monotonically increasing. & fault treethat contains only &- gates, ); gates, andor independentevents is always coherent. >henever a -)" logic gate isintroduced into a fault tree, it is li#ely to become non!coherent.>hile the introduction of dis*oint and dependent events is alsoli#ely to ma#e a fault tree non!coherent, this article focuses on-)" logic gates.

& fault tree is non!coherent when both component failures andsuccesses positive and negative events2 can cause the top event

to occur. For e/ample, system failure might occur due to therecovery of a failed component. &lternatively, during system failure,the failure of an additional component may bring the system to agood state. $f the -)" logic can be eliminated from the fault tree,the fault tree is coherent. $f the -)" logic cannot be eliminatedfrom the fault tree, the fault tree is non!coherent.

NOT 4ate

"he -)" gate is used to indicate that the output occurs only when

the input event does not occur. "here is only one input to a -)"gate. "he output is always opposite of the input gate or event.
http://www.relexsoftware.com/resources/art/art_faulttree1.asphttp://www.relexsoftware.com/resources/art/art_faulttree3.asphttp://www.relexsoftware.com/resources/art/art_faulttree1.asphttp://www.relexsoftware.com/resources/art/art_faulttree3.asp


25/30

NOT 4ate

0u,,ary o+ Logic'"he output is the opposite of the input gate orevent.

& truth table for a -)" gate follows. "he Boolean e+uation for a-)" gate is " J&.

A Out(ut

" F

F "

Exa,(le

& traffic light system is used at the crossing of two mono!directional roads. &ssume that the light acts properly and is ;%for road 1 and ?;%%- for road 3. "he figure below depicts thescenario.

?iven this scenario, the following events can occur=

& ar & fails to stop

B ar B fails to stop

ar fails to continue

&n accident can occur in two ways=

ar & acts properly and stops J&2 &- ar B fails to stopB2.


26/30

ar & fails to stop &2 &- ar continues to move towardsarea 3 into crossing J2.

Fault Tree 5it$ T5o NOT 4ates

Note: In "elex #ault Tree$ repeated events are visuall! noted !displa!ing them in a lue%green color. "epeated events arecreated when !ou cop! and paste an event from one part of thefault tree to another.

NOR 4ate

"he NOR gatefunctions li#e a combination of an ); gate and a-)" ?ate. "he -); gate is used to indicate that the outputoccurs when all of the input events are absent.

NOR 4ate


27/30

"he output of a -); gate can be the top event or an intermediateevent. "he input events can be basic events, intermediate events,or combinations of both.

0u,,ary o+ Logic'$f there is at least one ";5% input event, theoutput is F&


28/30

"he NAND gatefunctions li#e a combination of an &- gate and a-)" gate. "he -&- gate is used to indicate that the outputoccurs when at least one of the input events is absent.

NAND 4ate

0u,,ary o+ Logic'$f there is at least one F&hen at least one generator is operating, there is ade+uate power

for the system. $f both of these generators fail, there is no power.


29/30

Fault Tree 5it$ a NAND 4ate

!OR 4ate"he !OR gate, also #nown as the %/clusive ); gate, is used toindicate that the output occurs if and only if one of the two inputevents occurs and the other input event does not occur. &n I);gate can have only two inputs.

!OR 4ate

0u,,ary o+ Logic'$f one and only one input event is ";5%, theoutput is ";5%. $f more than one input event is ";5%, the outputis F&


30/30

F " "

F F F

Exa,(le

"here is a partial loss of power resulting from the failure of either4ower upply & or 4ower upply B.

Fault Tree 5it$ an !OR

1onclusion

-)" logic indicates how the lac# of an eventHs occurrence cancause the top event in a fault tree to occur. "he static gates thatuse -)" logic are the -)", -);, -&-, and I); gates. "hepresence of a -)" logic gate in a fault tree typically results in anon!coherent rather than coherent fault tree.

&s you can see from this series, there may be more than one wayto model a system by employing different gate types. "his isadvantageous for the analyst because there is fle/ibility to model asystem in an understandable manner, as well as the ability to moreaccurately portray the system events.

FTA-Failure Treee Analysys

Documents

Transcript of FTA-Failure Treee Analysys