Dynamic fault tree analysis using Monte Carlo simulation in probabilistic safety assessment

Traditional fault tree (FT) analysis is widely used for reliability and safety assessment of complex and critical engineering systems. The behavior of components of complex systems and their interactions such as sequence- and functional-dependent failures, spares and dynamic redundancy management, and priority of failure events cannot be adequately captured by traditional FTs. Dynamic fault tree (DFT) extend traditional FT by defining additional gates called dynamic gates to model these complex interactions. Markov models are used in solving dynamic gates. However, state space becomes too large for calculation with Markov models when the number of gate inputs increases. In addition, Markov model is applicable for only exponential failure and repair distributions. Modeling test and maintenance information on spare components is also very difficult. To address these difficulties, Monte Carlo simulation-based approach is used in this work to solve dynamic gates. The approach is first applied to a problem available in the literature which is having non-repairable components. The obtained results are in good agreement with those in literature. The approach is later applied to a simplified scheme of electrical power supply system of nuclear power plant (NPP), which is a complex repairable system having tested and maintained spares. The results obtained using this approach are in good agreement with those obtained using analytical approach. In addition to point estimates of reliability measures, failure time, and repair time distributions are also obtained from simulation. Finally a case study on reactor regulation system (RRS) of NPP is carried out to demonstrate the application of simulation-based DFT approach to large-scale problems.     

An Efficient Approximate Markov Chain Method in Dynamic Fault Tree Analysis

Approximate Markov chain method for dynamic fault tree analysis is suggested for both reparable and non‐reparable systems. The approximation is based on truncation, aggregation and elimination of Markov chain states during the process of dynamic fault tree transformation to corresponding Markov chain. The method is valid for small probabilities. For reparable systems, it is true if mean time to repair is much less than mean time to failure. Several examples are studied. Additional simplification is considered in case the system is in a steady state. Copyright © 2015 John Wiley & Sons, Ltd.     

Gastric esophageal surgery risk analysis with a fault tree and Markov integrated model

Reliability methods have been widely used in risk analysis of medical surgeries. In this study, the authors combine a fault tree with Markov models to assess time independent- and dependent factors together. Dynamics are integrated in the traditional fault tree, and meanwhile the processes of solving Markov are simplified with the modular approach. Continuous time Markov chains are adopted in evaluating the failure probability of a gastric esophageal surgery after categorizing basic events in the fault tree, and a certain time dependent variables, such as failure rate of medical equipment, surgery frequency, and rescue timeliness are involved into risk analysis. A case is studied with data collected from a general hospital, to illustrate the operational process of the proposed method. Results based on the inputs show that taking rescue actions into consideration can reduce the gap between the result of fault tree analysis and the reality. Sensitivity analysis for measuring the impacts of the above time relevant variables is conducted, as well as limitations of the Markov model are discussed.     

A dynamic fault tree

The fault tree analysis is a widely used method for evaluation of systems reliability and nuclear power plants safety. This paper presents a new method, which represents extension of the classic fault tree with the time requirements. The dynamic fault tree offers a range of risk informed applications. The results show that application of dynamic fault tree may reduce the system unavailability, e.g. by the proper arrangement of outages of safety equipment. The findings suggest that dynamic fault tree is a useful tool to expand and upgrade the existing models and knowledge obtained from probabilistic safety assessment with additional and time dependent information to further reduce the plant risk.     

Assessment of fire vulnerability for nuclear power plant safety systems by combining fault-and success-oriented logic with physical models

The time behaviour of potential accident sequences may carry important information regarding nuclear power plant (NPP) safety operation and shutdown. In the case of external and environmental events, the ability of NPP components to operate correctly can be changed dramatically in a short time. In contrast to the failures caused by internal events, these two groups of undesirable events may lead to dynamic dependent failures among components of one or several systems. Such kinds of failure should be taken into account in the models of NPP behaviour. To evaluate how successfully the tasks of the safety systems will be carded out, logical models such as fault trees are usually used. The fault trees are not efficient at describing the short-term changes of the failure probabilities for system components. A method that has some advantages over the pure fault tree logic is proposed. The main features of the method are demonstrated by using examples.     

Application of the fault tree analysis for assessment of power system reliability

A new method for power system reliability analysis using the fault tree analysis approach is developed. The method is based on fault trees generated for each load point of the power system. The fault trees are related to disruption of energy delivery from generators to the specific load points. Quantitative evaluation of the fault trees, which represents a standpoint for assessment of reliability of power delivery, enables identification of the most important elements in the power system. The algorithm of the computer code, which facilitates the application of the method, has been applied to the IEEE test system. The power system reliability was assessed and the main contributors to power system reliability have been identified, both qualitatively and quantitatively.     

An enhanced component connection method for conversion of fault trees to binary decision diagrams

Fault tree analysis (FTA) is widely applied to assess the failure probability of industrial systems. Many computer packages are available, which are based on conventional kinetic tree theory methods. When dealing with large (possibly non-coherent) fault trees, the limitations of the technique in terms of accuracy of the solutions and the efficiency of the processing time become apparent. Over recent years, the binary decision diagram (BDD) method has been developed that solves fault trees and overcomes the disadvantages of the conventional FTA approach. First of all, a fault tree for a particular system failure mode is constructed and then converted to a BDD for analysis. This paper analyses alternative methods for the fault tree to BDD conversion process.For most fault tree to BDD conversion approaches, the basic events of the fault tree are placed in an ordering. This can dramatically affect the size of the final BDD and the success of qualitative and quantitative analyses of the system. A set of rules is then applied to each gate in the fault tree to generate the BDD. An alternative approach can also be used, where BDD constructs for each of the gate types are first built and then merged to represent a parent gate. A powerful and efficient property, sub-node sharing, is also incorporated in the enhanced method proposed in this paper. Finally, a combined approach is developed taking the best features of the alternative methods. The efficiency of the techniques is analysed and discussed.     

An optimized technique for reliability analysis of safety‐critical systems: A case study of nuclear power plant

Stochastic models are extensively used in quantifying the reliability of safety critical systems. These models use the state‐space model for reliability quantification. Markov chain is comprehensively used in describing a sequence of possible events of any system in which the probability of each event depends only on the state attained in the previous event. Markov chains are convenient to model the software system of the SCS with the help of Petri Nets, a directed bipartite graph widely used for the verification and validation of real‐time systems. However, the stochastic model suffers from the state‐space explosion problem. In this paper, we proposed a technique for reliability analysis of safety critical systems, excavating into the coherent optimization of Markov chain. The approach has been validated on 17 safety critical systems of nuclear power plants.     

Component-based modeling of systems for automated fault tree generation

One of the challenges in the field of automated fault tree construction is to find an efficient modeling approach that can support modeling of different types of systems without ignoring any necessary details. In this paper, we are going to represent a new system of modeling approach for computer-aided fault tree generation. In this method, every system model is composed of some components and different types of flows propagating through them. Each component has a function table that describes its input-output relations. For the components having different operational states, there is also a state transition table. Each component can communicate with other components in the system only through its inputs and outputs. A trace-back algorithm is proposed that can be applied to the system model to generate the required fault trees. The system modeling approach and the fault tree construction algorithm are applied to a fire sprinkler system and the results are presented.     

Integrated system fault diagnostics utilising digraph and fault tree-based approaches

With the growing intolerance to failures within systems, the issue of fault diagnosis has become ever prevalent. Information concerning these possible failures can help to minimise the disruption to the functionality of the system by allowing quick rectification. Traditional approaches to fault diagnosis within engineering systems have focused on sequential testing procedures and real-time mechanisms. Both methods have been predominantly limited to single fault causes. Latest approaches also consider the issue of multiple faults in reflection to the characteristics of modern day systems designed for high reliability. In addition, a diagnostic capability is required in real time and for changeable system functionality. This paper focuses on two approaches which have been developed to cater for the demands of diagnosis within current engineering systems, namely application of the fault tree analysis technique and the method of digraphs. Both use a comparative approach to consider differences between actual system behaviour and that expected. The procedural guidelines are discussed for each method, with an experimental aircraft fuel system used to test and demonstrate the features of the techniques. The effectiveness of the approaches is compared and their future potential highlighted.     

Fault tree developed by an object-based method improves requirements specification for safety-related systems

Fault tree analysis is frequently used to improve system reliability and safety. To be suitable for analysis of software in computerised safety-related systems, it has to be modified accordingly. This paper presents a new application: the fault trees developed by an object-based method. The object-based method integrates structural and behavioural models of a system. The developed fault tree includes information on structure and the failure behaviours of classes of the system. Away from traditional use of the fault tree, which for traditional systems emphasises qualitative and quantitative results, the result of the new application emphasises the process of fault tree development and its qualitative results. Such fault tree application reduces the probability of failures in the requirements specification phase within the software life cycle, which increases the reliability of its product; however, it does not confirm this in a quantitative manner.     

Identification of independent modules in fault trees which contain dependent basic events

The reliability performance of a system is frequently a function of component failures of which some are independent whilst others are interdependent. It is possible to represent the system failure logic in a fault tree diagram, however only the sections containing independent events can be assessed using the conventional fault tree analysis methodology. The analysis of the dependent sections will require a Markov analysis. Since the efficiency of the Markov analysis largely depends on the size of the established Markov model, the key is to extract from the fault tree the smallest sections which contain dependencies. This paper proposes a method aimed at establishing the smallest Markov model for the dependencies contained within the fault tree.     

Quantitative analysis of a fault tree with priority AND gates

A method for calculating the exact top event probability of a fault tree with priority AND gates and repeated basic events is proposed when the minimal cut sets are given. A priority AND gate is an AND gate where the input events must occur in a prescribed order for the occurrence of the output event. It is known that the top event probability of such a dynamic fault tree is obtained by converting the tree into an equivalent Markov model. However, this method is not realistic for a complex system model because the number of states which should be considered in the Markov analysis increases explosively as the number of basic events increases. To overcome the shortcomings of the Markov model, we propose an alternative method to obtain the top event probability in this paper. We assume that the basic events occur independently, exponentially distributed, and the component whose failure corresponds to the occurrence of the basic event is non-repairable. First, we obtain the probability of occurrence of the output event of a single priority AND gate by Markov analysis. Then, the top event probability is given by a cut set approach and the inclusion–exclusion formula. An efficient procedure to obtain the probabilities corresponding to logical products in the inclusion–exclusion formula is proposed. The logical product which is composed of two or more priority AND gates having at least one common basic event as their inputs is transformed into the sum of disjoint events which are equivalent to a priority AND gate in the procedure. Numerical examples show that our method works well for complex systems.     

The robustness of markov reliability models

Markov models are an established part of current systems reliability and availability analysis. They are extensively used in various applications, including, in particular, electrical power supply systems. One of their advantages is that they considerably simplify availability evaluation so that the availability of very large and complex systems can be computed. It is generally assumed, with some justification, that the results obtained from such Markov reliability models are relatively robust. It has, however, been known for some time, that practical time to failure distributions are frequently non-exponential, particular attention being given in much reliability work to the Weibull family. Morover, recently additional doubt has been case on the validity of the Markov approach, both because of the work of Professor Kline and others on the non-exponentiality of practical repair time distribution, and because of the advantages to be obtained in terms of modelling visibility of the alternative simulation approach. In this paper we employ results on the ability of the k-out-of-n systems to span the coherent set to investigate the robustness of Markov reliability models based upon a simulation investigation of coherent systems of up to 10 identical components. We treat the case where adequate repair facilities are available for all components. The effects upon the conventional transient and steady-state measures of Weibull departures from exponentiality are considered. In general, the Markov models are found to be relatively robust, with alterations to failure distributions being more important than those to repair distributions, and decreasing hazard rates more critical than increasing hazard rates. Of the measures studied, the mean time to failure is most sensitive to variations in distributional shape.     

A study of the modeling and analysis of software fault‐detection and fault‐correction processes

Most of the models for software reliability analysis are based on reliability growth models which deal with the fault detection process. This is done either by assuming that faults are corrected immediately after being detected or the time to correct a fault is not counted. Some models have been developed to relax this assumption. However, unlike the fault‐detection process, few published data sets are available to support the modeling and analysis of both the fault detection and removal processes. In this paper, some useful approaches to the modeling of both software fault‐detection and fault‐correction processes are discussed. Further analysis on the software release time decision that incorporates both a fault‐detection model and fault‐correction model is also presented. This procedure is easy to use and useful for practical applications. The approach is illustrated with an actual set of data from a software development project. Copyright © 2006 John Wiley & Sons, Ltd.     

Integration of safety analysis in model-driven software development

Safety critical software requires integrating verification techniques in software development methods. Software architectures must guarantee that developed systems will meet safety requirements and safety analyses are frequently used in the assessment. Safety engineers and software architects must reach a common understanding on an optimal architecture from both perspectives. Currently both groups of engineers apply different modelling techniques and languages: safety analysis models and software modelling languages. The solutions proposed seek to integrate both domains coupling the languages of each domain. It constitutes a sound example of the use of language engineering to improve efficiency in a software-related domain. A model-driven development approach and the use of a platform-independent language are used to bridge the gap between safety analyses (failure mode effects and criticality analysis and fault tree analysis) and software development languages (e.g. unified modelling language). Language abstract syntaxes (metamodels), profiles, language mappings (model transformations) and language refinements, support the direct application of safety analysis to software architectures for the verification of safety requirements. Model consistency and the possibility of automation are found among the benefits.     

Strategy and tool development for nuclear power plant design synthesis with measurement of reliability and simplicity

In this work, the conceptual design supporting tools for nuclear power plants have been developed. These tools are made for system synthesis, complexity measure and reliability analysis.This design synthesis program combined with the reliability analysis program accomplishes the system synthesis. This design strategy can reduce mistakes, effort and time. This design tool, based on Prolog language, is applied to the auxiliary feedwater system. A logic based fault tree analysis program (LOFT) is also developed using Prolog language. As LOFT performs symbolic computation during the fault tree analysis, linking with knowledge-base systems is very easy and the partial usage of the program is possible. The importance measure of components obtained from the system reliability analysis and the complexity measure of the system give very important information to the system designer.     

Corrected transient energy function-based strategy for stability probability assessment of power systems

A new model describing the uncertainty of fault clearing time for probabilistic transient stability assessment of power systems is proposed. In this, a corrected transient energy function-based strategy is developed to evaluate the probabilistic instability index of systems. The advantage of this approach is that evaluations of critical clearing time in the system stability probability assessment are only conducted for very severe contingencies, an extremely small fraction of all considered contingencies. Hence, the computation efficiency has been remarkably enhanced. Case studies on a representation of the North China power system are reported to show that the proposed assessment strategy is effective and practical.     

基于HMM的核动力旋转机械故障诊断的研究

隐Markov模型(HMM)已经证明是学习动态时间序列的概率模型的最广泛应用的工具之一,它可以使用一个隐变量来模拟系统的动态行为的变化。核动力旋转机械升速过程具有信息量大、信号非平稳、重复再现性不佳等特点,HMM很适合处理此类信号。将HMM引人到核动力旋转机械的故障诊断中,提出了一种基于HMM的故障诊断方法。     

SMV model-based safety analysis of software requirements

Fault tree analysis (FTA) is one of the most frequently applied safety analysis techniques when developing safety-critical industrial systems such as software-based emergency shutdown systems of nuclear power plants and has been used for safety analysis of software requirements in the nuclear industry. However, the conventional method for safety analysis of software requirements has several problems in terms of correctness and efficiency; the fault tree generated from natural language specifications may contain flaws or errors while the manual work of safety verification is very labor-intensive and time-consuming. In this paper, we propose a new approach to resolve problems of the conventional method; we generate a fault tree from a symbolic model verifier (SMV) model, not from natural language specifications, and verify safety properties automatically, not manually, by a model checker SMV. To demonstrate the feasibility of this approach, we applied it to shutdown system 2 (SDS2) of Wolsong nuclear power plant (NPP). In spite of subtle ambiguities present in the approach, the results of this case study demonstrate its overall feasibility and effectiveness.