Loughborough Unversty Insttutonal Repostory A fault tree analyss strategy usng bnary decson dagrams Ths tem was submtted to Loughborough Unversty's Insttutonal Repostory by the/an author. Addtonal Informaton: Ths pre-prnt has been submtted, and accepted, to the journal, Relablty Engneerng and System Safety [ c Elsever]. The defntve verson: REAY, K.A. and ANDREWS, J.D., 22. A Fault tree analyss strategy usng bnary decson dagrams. Relablty Engneerng and System Safety, 78(), pp.45-56, s avalable at: http://www.scencedrect.com/scence/journal/95832. Metadata Record: https://dspace.lboro.ac.uk/234/442 Please cte the publshed verson.
A Fault Tree Analyss Strategy Usng Bnary Decson Dagrams. Karen A. Reay and John D. Andrews Loughborough Unversty, Loughborough, Lecestershre, LE 3TU. Abstract The use of Bnary Decson Dagrams (BDDs) n fault tree analyss provdes both an accurate and effcent means of analysng a system. There s a problem however, wth the converson process of the fault tree to the BDD. The varable orderng scheme chosen for the constructon of the BDD has a crucal effect on ts resultng sze and prevous research has faled to dentfy any scheme that s capable of producng BDDs for all fault trees. Ths paper proposes an analyss strategy amed at ncreasng the lkelhood of obtanng a BDD for any gven fault tree, by ensurng the assocated calculatons are as effcent as possble. The method mplements smplfcaton technques, whch are appled to the fault tree to obtan a set of 'mnmal' subtrees, equvalent to the orgnal fault tree structure. BDDs are constructed for each, usng orderng schemes most suted to ther partcular characterstcs. Quanttatve analyss s performed smultaneously on the set of BDDs to obtan the top event probablty, the system uncondtonal falure ntensty and the crtcalty of the basc events.. Introducton The Bnary Decson Dagram (BDD) method () has emerged as an alternatve to conventonal technques for performng both qualtatve and quanttatve analyss of fault trees. BDD's are already provng to be of consderable use n relablty analyss, provdng a more effcent means of analysng a system, wthout the need for the approxmatons prevously used n the tradtonal approach of Knetc Tree Theory (2). The BDD method does not analyse the fault tree drectly, but converts the tree to a bnary decson dagram, whch represents the Boolean equaton for the top event. The dffculty, however, les wth the converson of the tree to the BDD. An orderng of the fault tree varables (basc events) must be chosen and ths orderng can have a crucal effect on the sze of the resultng BDD; t can mean the dfference between a mnmal BDD wth few nodes, provdng an effcent analyss and beng able to produce any BDD at all. There s no unversal orderng scheme that can be successfully used to produce a mnmal BDD for all fault trees; ndeed no scheme has been found that wll produce a BDD (mnmal or otherwse) for some large fault trees. Emphass n the research has now turned to applyng alternatve technques that wll ncrease the lkelhood of obtanng a BDD for any gven fault tree, by ensurng the assocated calculatons are as effcent as possble.
In ths paper, an analyss strategy s proposed whch mplements these requrements. The ntal stage combnes two smplfcaton technques that have been shown to be advantageous n the constructon of BDDs: Faunet reducton (3), and lnear-tme modularsaton (4). The reducton technque reduces the fault tree to ts mnmal logc form, whlst modularsaton dentfes ndependent subtrees (modules) exstng wthn the tree that can be analysed separately. Ths results n a set of 'mnmal' fault trees, equvalent to the orgnal fault tree structure. A neural network s used to select the most approprate orderng scheme (5,6) for each ndependent module of the fault tree, based upon ts ndvdual characterstcs. BDDs are obtaned for each module n separate computatons, culmnatng n a set of BDDs, whch together represent the orgnal system. Quanttatve analyss s performed smultaneously on the set of BDDs to obtan the top event probablty, the system uncondtonal falure ntensty and the crtcalty of the basc events. Each of these stages s descrbed n more detal n the followng sectons and demonstrated throughout wth the use of an example fault tree. 2. Smplfcaton of the Fault Tree Structure Two pre-processng technques are appled to the fault tree n order to obtan the smallest possble subtrees, so that the process of constructng the BDDs becomes smple and effcent. The frst stage of pre-processng s Faunet reducton, a technque that s used to restructure the fault tree to ts most concse form. Once ths has been appled however, t s possble to smplfy the analyss further by dentfyng ndependent subtrees (modules) wthn the fault tree that can be treated separately. The lnear-tme algorthm s an extremely effcent method of modularsaton and forms the second stage of the fault tree pre-processng. Ths results n a set of ndependent fault trees each wth the smplest possble structure, whch together descrbe the orgnal system. 2. Faunet Reducton FAUNET reducton s a technque that s used to reduce the fault tree to ts mnmal form, so elmnatng any nose from the system, wthout alterng the underlyng logc. Its effectveness has been demonstrated wth ts applcaton to a large set of fault trees, where t decreased the sze of the resultng BDDs by approxmately 5%. The method conssts of three stages: Contracton Subsequent gates of the same type are contracted to form a sngle gate. Ths gves a fault tree wth an alternatng sequence of AND gates and OR gates. 2
Factorsaton Pars of events that always occur together n the same gate type are dentfed. They are combned to form a sngle complex event, whch are gven a numercal label from 2 upwards. Extracton The followng two structures are dentfed and replaced: restructure X X X2 X X3 X2 X3 restructure X X X2 X X3 X2 X3 Fgure : The extracton procedure The above three steps are repeated untl no further changes are possble n the fault tree, resultng n a more compact representaton of the system. For example, consder the fault tree llustrated n Fgure 2. 3
Top G G2 G3 G4 G5 G6 a G7 G8 b G9 c d G G e G2 a f g h d G3 G4 j k m G5 n p q n k e G6 r s Fgure 2: Example fault tree Upon applcaton of the Faunet reducton technque to ths tree, we obtan the much smaller fault tree shown n Fgure 3. The correspondng complex event data s shown n Table. Complex Event, X c Value of the gate Event Event 2 2 AND g h 2 OR p q 22 OR r s 23 OR 2 b 24 OR j 2 25 AND 24 k 26 OR 25 n Table : The complex event data after Faunet reducton. 4
Top G2 26 G3 G4 G6 a G7 23 G9 c d e G2 a f d m G5 22 e Fgure 3: The resultng fault tree after the applcaton of Faunet reducton Havng reduced the fault tree to a more concse form, we now consder the second preprocessng technque of modularsaton. 2.2 Modularsaton The modularsaton procedure does not alter the structure of the tree, but detects modules. A module of a fault tree s a subtree that s completely ndependent from the rest of the tree. That s, t contans no basc events that appear elsewhere n the fault tree. The advantage of dentfyng these modules s that each one can be analysed separately from the rest of the tree. The results from subtrees dentfed as modules are substtuted nto the hgher-level fault trees where the modules occur. Usng the lnear-tme algorthm, the modules can be dentfed after two depth-frst traversals of the fault tree. The frst of these performs a step-by-step traversal recordng for each gate and event, the step number at the frst, second and fnal vsts to that node. The step number of the second vst to each event s always equvalent to the step number of the frst vst to that event. To demonstrate ths, refer to the fault tree n Fgure 3. Startng at the top event and progressng through the tree n a depth-frst manner (and consderng the event nputs to a gate before any gate nputs), the gates and events are vsted n the order shown n Table 2. Each gate s vsted at least twce: once on the way down the tree and agan on the way back 5
up the tree. Once a gate has been vsted, t can be vsted agan, but the depth-frst traversal beneath that gate s not repeated. The step numbers of the vsts to the gates and events are shown n Tables 3 and 4. Step number 2 3 4 5 6 7 8 9 Node Top 26 G2 a G6 e G2 m G5 22 e Step number 2 3 4 5 6 7 8 9 2 2 22 Node G5 G2 G6 G7 a f G7 G2 G3 23 G9 Step number 23 24 25 26 27 28 29 3 3 Node d G9 G3 G4 c d G4 Top Table 2: Order n whch the gates and events are vsted n the depth-frst traversal of the fault tree n Fgure 3. The second pass through the tree fnds the maxmum (Max) of the last vsts and the mnmum (Mn) of the frst vsts of the descendants (any gates and events appearng below that gate n the tree) of each gate; these values are shown n Table 3. Gate Top G2 G3 G4 G6 G7 G9 G2 G5 Vst 3 2 27 5 5 22 7 9 Vst 2 3 9 26 3 4 8 25 3 2 Last vst 3 9 26 3 4 8 25 3 2 Mn 2 4 2 23 6 4 23 6 6 Max 3 8 29 29 3 7 29 2 Table 3: Data for the fault tree gates. Event a c d e f m 22 23 26 Vst 4 28 23 6 7 24 8 2 2 Vst 2 4 28 23 6 7 24 8 2 2 Last vst 6 28 29 7 24 8 2 2 Table 4: Data for the fault tree events. The prncple of the algorthm s that f any descendant of a gate has a frst vst step number smaller than the frst vst step number of the gate, then t must also occur beneath another gate. Conversely, f any descendant has a last vst step number greater than the second vst step number of the gate, then agan t must occur elsewhere n the tree. Therefore, a gate can be dentfed as headng a module only f: 6
The frst vst to each descendant s after the frst vst to the gate and The last vst to each descendant s before the second vst to the gate Therefore, the followng gates can be dentfed as modules: Top, G2 and G6 For completeness, the top event (Top) s ncluded n ths lst, even though t wll always be a module of the fault tree. The occurrences of these subtrees are replaced by the sngle modular events, whch are named n the same way as complex events (.e. they take on the next avalable value above 2). Top - 27, G2-28, G6-29 Three separate fault trees as shown n Fgure 4 now replace the fault tree n Fgure 3. Top G2 G6 28 G3 26 G4 29 a G7 e G2 23 G9 c d a f m G5 d e 22 (a) - Module 27 (b) - Module 28 (c) - Module 29 Fgure 4: The three modules obtaned from the fault tree shown n Fgure 3 Havng reduced the fault tree to ts mnmal form and dentfed all the ndependent modules, the pre-processng of the fault tree s complete and the next step s to obtan the assocated BDDs. 3. Obtanng the Assocated Bnary Decson Dagrams A BDD must be constructed for each of the modules. As they all have dfferent propertes, usng the same varable orderng scheme for each may not be approprate. Therefore an orderng scheme s selected for each module based on ts unque characterstcs through the 7
use of a pre-programmed neural network. The neural network selects the best orderng scheme from eght possble alternatves, whch nclude both structural and weghted schemes. The BDD for each module s then obtaned usng the varable orderng determned by the approprate scheme. Consderng the module '27' n Fgure 4(a), the modfed prorty depth-frst scheme (a depth-frst left-rght exploraton, consderng the most repeated events under any gate frst and consderng gates wth only event nputs before any others) was dentfed as the most sutable by the neural network. Ths gves the followng orderng: 28 < 26 < d < c < 23 < The BDD obtaned usng ths orderng s shown n Fgure 5. It s known as the 'prmary' BDD, as t represents the top event and s used to calculate the system unavalablty. F 28 F2 26 F3 d F4 23 c F5 F6 F7 23 Fgure 5: The prmary BDD (module '27') obtaned from the orderng 28<26<d<c<23< Each module s treated n the same manner, wth ts BDD nodes labelled consecutvely from the one prevously constructed n order to avod confuson. The BDDs were constructed for the two remanng modules n the example. The modfed depth-frst scheme (a depth-frst left-rght exploraton, consderng the most repeated events under any gate frst) was used for module '28', producng the orderng: a<29<f 8
The modfed top-down scheme (a left-rght, top-down exploraton of the tree, consderng repeated events frst) was used for module '29' gvng: e<m<22 The resultng BDDs, whch also llustrate the node labellng, are shown n Fgure 6. F F8 a F9 F m e 29 22 F2 (a) - BDD for module '28' (b) BDD for module '29' Fgure 6: The BDDs for modules '28' and '29', demonstratng node labellng Once the complete set of BDD data has been computed, the quanttatve analyss can begn. 4. Quanttatve Analyss Quanttatve analyss performed on BDDs s an exact and effcent procedure (7), whch allows us to determne many propertes of the system under consderaton. To date, the methods have only been used on BDDs consstng entrely of basc events. As the technques of reducton and modularsaton produce both complex and modular events, the methods need to be extended to consder these extra factors. The followng sectons descrbe the extenson of the current methods for dealng wth BDDs to those contanng complex events and/or modular events. The am of the analyss s to obtan not only the top event probablty and uncondtonal falure ntensty, but to be able to extract the crtcalty functon for the basc events that contrbute to the complex events and modules. Ths s essental, as although we may use reducton and modularsaton to help construct the BDDs, we must be able to analyse the system n terms of ts orgnal components. 4. System Unavalablty The probablty of occurrence of the top event (Q sys ) s calculated by summng the probabltes of the dsjont paths through the prmary BDD. A depth-frst algorthm can perform ths calculaton very effcently; further dscusson of ths procedure can be found n reference 7. 9
The unavalablty of each encoded event s requred for ths calculaton. Therefore, the probabltes of the complex and modular events must be obtaned from the basc event data. Determnng the unavalablty of complex events s straghtforward, as they are only a combnaton of two component events. The calculaton depends on whether the events were combned under an AND gate or an OR gate, but f we call the complex event x c and ts consttuent events x and x 2, then we can say: AND Gate: q c = q q 2 (a) OR Gate: q c = q + q 2 - q q 2 (b) The probabltes of the complex events are calculated as they are formed, makng the process as effcent as possble. The calculaton of the modular events' probabltes s effectvely that of fndng the probablty of occurrence of the 'top event' of each of the modules. Agan, a depth-frst algorthm s used (as shown n Fgure 7), whch can repeatedly call tself should further modular events be located wthn the module tself. Thus, the unavalablty of modules encodng only basc and complex events wll necessarly be evaluated frst. module_prob(f) { F = te(x, J, K) Consder '' branch: f (J = ) then po [F] = else po [F] = module_prob(j) Consder '' branch: f (K = ) then po [F] = else po [F] = module_prob(k) Calculate and return probablty value of node: f (x s a modular event wth unknown probablty and module root node R) then q = module_prob(r) probablty[f] = q.po [F] + (-q ).po [F] } return(probablty[f]) Fgure 7: The algorthm for calculatng the probablty of a module. Havng obtaned the probabltes of all complex and modular events, the system unavalablty can easly be determned.
4.2 System Uncondtonal Falure Intensty The system uncondtonal falure ntensty, w sys (t), defned as the probablty that the top event occurs at t per unt tme, s gven by: w sys (t) = G ( q (t)).w(t) (2) where G (q(t)) s the crtcalty functon for each component and w (t) s the component uncondtonal falure ntensty The crtcalty functon s defned as the probablty that the system s n a crtcal state wth respect to component and that the falure of component would then cause the system to go from a workng to a faled state. Therefore: G ( q(t)) = Q(, q(t)) Q(, q(t)) (3) where Q(,q(t)) s the probablty of system falure wth q (t)=and Q(,q(t)) s the probablty of system falure wth q (t)=. An effcent method of calculatng the crtcalty functon from the BDD (7) consders the probabltes of the path sectons of the BDD up to and after the nodes n queston, resultng n the followng expresson: G ( q (t)) = pr x ( q(t))[po x ( q(t)) - po ( q(t))] x (4) n where: prx ( q (t)) - the probablty of the path secton from the root vertex to the node x (set to one for the root vertex) po ( q(t)) x - the probablty of the path secton from the '' branch of node x to a termnal node po ( q(t)) x - the probablty of the path secton from the '' branch of node x to a termnal node n - all nodes for varable x n the BDD. For a sngle BDD encodng only basc events, one pass of the BDD s requred to calculate prx (q), po x (q) and po x (q) for each node (subsequently referred to as the 'path probabltes' of a node), from whch the crtcalty functon of each basc event can be determned, leadng to the evaluaton of the system falure ntensty. However, ths method does not take account of complex and modular events. It s possble to calculate w sys by consderng only the events encoded n the prmary BDD, but ths requres not only the crtcalty of the modular and complex events but also ther falure ntenstes. Although these are relatvely smple to calculate, they are values that have no further use n the analyss. Instead, we calculate the crtcalty functons of each of the basc events and use these together wth ther uncondtonal
falure ntenstes to calculate w sys. Ths also allows analyss of the contrbutons to system falure through component or basc event mportance measures. G (q) s Brnbaum's measure of component mportance. It s also a major element requred to evaluate the crtcalty measure of component mportance. The crtcalty functons of the basc events wthn the prmary BDD are stll calculated at the end of the analyss once the path probabltes have been found for the nodes of the prmary BDD. The calculaton of the crtcalty functons of the basc events ncorporated wthn complex events and modules are descrbed n the followng sectons. 4.3 Crtcalty of Basc Events wthn Complex Events Once the path probabltes are known for a complex event node, the complex event must be further analysed by assgnng approprate values of prx (q), po x (q) and po x (q) to ts component events. These are requred so that the crtcalty functons of the basc events can be evaluated. Consder the complex event X c, shown n Fgure 8. pr c Xc po c po c Fgure 8: A complex event node wthn a BDD The two events that make up ths complex event are ether joned by an AND gate or an OR gate, whch gves the possble te (f-then-else () ) structures and correspondng BDDs as shown n Fgure 9. AND: X c = X.X 2 OR: X c = X + X 2 X c = te(x, te(x 2,, ), ) X c = te(x,, te(x 2,, )) X X X 2 X 2 Fgure 9: The possble BDD structures of a complex event 2
The complex event node effectvely replaces one of these structures n the orgnal BDD - ths could be ether the prmary BDD or the BDD of a module. In order to evaluate the path probabltes of the nodes encodng these component events, we smply replace any termnal '' branches wth the probablty of the paths below the '' branch of the complex node and the termnal '' branches wth the probablty of the paths below the '' branch of the complex node. The probablty of the paths before the root vertex does not have the usual value of, but takes on the value of prx (q) of the complex event node. Ths s shown n Fgure. pr c pr c X X X 2 po c po c X 2 po c po c po c po c (a) X c = X. X 2 (b) X c = X + X 2 Fgure : The complex event structure Usng Fgure, we can calculate the values of varables X and X 2 : prx (q), po x (q) and po (q) x for the X : AND: OR: pr = prc (5) X : prc po + c po = po (7) pr = () c po = po (2) po + X 2 : 2 prc. q = q 2.poc (- q 2 ). poc (6) = q2.poc (- q2 ). poc (3) pr = (8) X 2 : pr prc.(- q) c po 2 = po (9) c po 2 = po () 2 = (4) c po 2 = po (5) c po 2 = po (6) As the events X and X 2 may be ether basc events or other complex events, ths process s repeated untl values have been calculated for all contrbutng basc events. The crtcalty functons of the basc events are calculated as they are encountered, usng Equaton 4. The algorthm mplementng ths method s shown n Fgure. 3
complex_calc(x c) f (<op> = OR) { { x c = x <op> x 2 po [x ] = po [x c] po [x Calculate probabltes: ] = q 2.po [x c] + (-q 2).po [x c] pr[x 2] = pr[x c].(-q ) pr[x ] = pr[x c] } po [x 2] = po [x c] po [x 2] = po If contrbutng events are basc then calculate crtcalty, [x c] otherwse call functon agan: f (<op> = AND) f (x { s a basc event) then G = G + pr[x ].(po [x ] - po [x ]) po [x ] = q 2.po [x c] + (-q 2).po else complex_calc(x [x ) c] po [x ] = po [x c] f (x 2 s a basc event) then G 2 = G 2 + pr[x 2].(po [x 2] - po [x 2]) pr[x 2] = pr[x c].q else complex_calc(x 2) } } Fgure : The calculaton of the crtcalty functons of basc events wthn complex events. Any complex event may appear more than once n the BDD, resultng n new values of prx (q), po x (q) and po x (q) beng calculated for ts component events on each occason. The crtcalty functon for each of the contrbutng basc events must be n stages, usng the newly assgned values each tme. Once ths addtonal crtcalty value has been calculated for each of the contrbutng basc events, t s added to the current value so that t s calculated as the analyss proceeds, rather than as a separate procedure at the end of the analyss as s the case for the basc events n the prmary BDD. 4.4 Crtcalty of Basc Events wthn Modules Modular events are dealt wth n a smlar way to complex events. Once the path probabltes of the modular event node are known, the module s further analysed to determne the path probabltes of ts component nodes. These probabltes must be calculated as they would have been, had the module not been replaced by the sngle modular event. In order to do ths, the values of po x (q) and po x (q) of the modular event replace the termnal '' and '' branches, and the probablty of the paths before the root vertex of the module s assgned the value of prx (q) of the modular event. Ths s demonstrated n Fgure 2. 4
Module X m : pr m X pr m X X m + X 2 X 2 po m X 3 po m po m po m X 3 po m po m Fgure 2: Replacng a modular event wth the entre module structure. Unlke complex events, the structure of modules s not fxed. They can contan any number of events (basc, complex, or ndeed other modular events), connected by any number of gates. Therefore, the probabltes are assgned by performng a pass through the whole BDD, a process that s capable of dealng wth any structure. The crtcalty functons of the basc events are then calculated accordng to equaton 4. As wth the complex events, the calculatons requred to obtan the path probabltes for the nodes wthn the module must be repeated for each occurrence of the modular event n the BDD. The values are then used to calculate the addtonal contrbutons to the crtcalty functons of the basc events that arse due to the further occurrences of the modular event. Ths can be seen n the followng example. Havng determned the crtcalty functon of each basc event, the system falure ntensty can be evaluated usng equaton 2 and any further mportance measure analyss undertaken. 4.5 Quanttatve Analyss Example Ths quanttatve analyss can be demonstrated usng the set of example BDDs obtaned n Secton 3. The basc event data s shown n Table 5. Event a b c d e f g h q.3.45.8..35.25.5.2.9 w.94 x -4 9.9 x -7 2.5 x -6.37 x -5 3.92 x -6 8.5 x -7 2.44 x -6 6.4 x -7 2.27 x -6 Event j k m n p q r s q.4.7.5.5.8.65.2.6 w 3.92 x -6 6.22 x -5 8.76 x -6 4.86 x -6.2 x -4 9.9 x -7 3.53 x -5 7.86 x -6 Table 5: Basc event data for the example fault tree. 5
System Unavalablty The probabltes of the complex events are calculated accordng to equatons a and b, as the complex events are formed. These are shown n Table 6. Complex Event, X c 2 2 22 23 24 25 26 Unavalablty of the complex event, q c.8 x -4.44 x -2.79 x -2 4.68 x -3.84 x -2.29 x -4 5.3 x -3 Table 6: Complex event data. The probabltes of occurrence of modules '28' and '29' are also needed and are evaluated by calculatng the probablty of the 'top event' of each module. Consderng module '29', the dsjont paths through the BDD are:. e.m 2. e.m.22 Therefore the probablty of the module s gven by: q 29 = q e. q m + q e.( - q m ).q 22 =.4 x -4 Smlarly for module '28', the dsjont paths through the BDD are. a 2. a.29 whch gves: q 28 = q a + ( - q a ).q 29 = 3. x -3 Havng obtaned the probabltes of each of the events wthn the prmary BDD, the top event probablty can be calculated. The dsjont paths through the prmary BDD are:. 28.26.d.23 2. 28.26.d.23. 3. 28.26.d.c.23 from whch we can calculate the system unavalablty as: Q sys = q 28.q 26.q d.q 23 + q 28.q 26.q d.( - q 23 ).q + q 28.q 26.( - q d ).q c.q 23 = 2.77 x -9 6
System Uncondtonal Falure Intensty The calculatons for the system falure ntensty start by determnng the path probabltes prx (q), po x (q) and po (q) x n Table 7. for the nodes of the prmary BDD. The calculatons are shown Node Varable One branch Zero branch prx (q) (q) po x (q) po x F 28 F2. F2 26 F3 F3 d F4 F5 F4 23 F6 F5 c F7 F6 F7 23 q 26.po [F2] + (-q 26). po -7. [F2] = 8.89 x pr[f]*q 28 = q d.po [F3] + (-q d). 3. x -3 po -4. [F3] =.73 x pr[f2]*q 26 = q 23.po [F4] + (-q 23)..6 x -5 po [F4] =.36 x -2 q c.po [F5] + (-q c). po [F5] = 3.74 x -5 pr[f3]*q d =.6 x -7. q.po [F6] + (-q ). po [F6] = 9. x -3 pr[f3].(-q d) = q 23.po [F7] + (-q 23)..58 x -5 po -3. [F7] = 4.68 x prf4*(-q 23) -7.. =.59 x pr[f5].q c = -7...26 x Table 7: Results of the quanttatve analyss appled to the prmary BDD. The values of prx (q), po x (q) and po x (q) for the basc events wthn the complex events can be calculated accordng equatons 5-6. Dealng wth the frst occurrence of the complex event '23' at node F4, t can be expanded n terms of ts basc events to gve the values shown n Table 8. The crtcalty functons of the basc events 'b', 'g' and 'h' can be evaluated at ths stage and are also shown n Table 8. Complex event, X C Gate type Component event prx (q) po x (q) po x (q) of the component event Crtcalty 23 OR X = 2 pr 23 =.6 x -7 po 23 =. X 2 = b q b.po 23 + (-q b). po 23 =.35 x -2 - pr 22.(-q 2) =.6 x -7 po 23 =. po 23 = 9. x -3.58 x -7 2 AND X = g pr 2 =.6 x -7 q h.po 2 + (-q h). po 2 = 2.53 x -2 po 2 =.35 x -2.89 x -9 X 2 = h pr 2.q g = 2.4 x -9 po 2 =. po 2 =.35 x -2 2.36 x -9 Table 8: Calculatng the crtcalty functons of the basc events wthn event '23'. 7
The calculatons are repeated for the second occurrence of ths complex event at node F7. Ths results n addtonal crtcalty values for the basc events whch are added together to gve the total crtcalty functon: G b =.58 x -7 +.26 x -7 = 2.85 x -7 G g =.89 x -9 +.5 x -9 = 3.4 x -9 G h = 2.36 x -9 +.89 x -9 = 4.25 x -9 The complex event 26 appears only once n the prmary BDD, and expandng t out n terms of ts basc events gves the followng crtcalty functons: G j = 3.7 x -9, G k = 9.88 x -9, G n = 5.4 x -7, G p = 3.72 x -9, G q = 3.72 x -9 Module 28, whch s encoded n node F, s analysed to obtan the path probabltes of ts component nodes. The probabltes po x (q) and po x (q) of the modular event (8.89 x -7 and. respectvely), replace the termnal '' and '' branches and the value prx (q) of the modular event s assgned to the module's root vertex. The resultant calculatons are shown n Table 9. Node Varable One branch Zero branch prx (q) (q) po x (q) po x Crtcalty F8 a F9 pr[f] =. F9 29 po q [F] = 29.po [F9] + 8.89 x -7 (-q 29).po [F9] 8.89 x -7 =.2 x - pr[f8]*q a = 3. x -3 po [F] = 8.89 x -7 po [F] =. - Table 9: Results of the quanttatve analyss appled to module '28'. Node F9 encodes another module '29', whch must also be analysed n terms of ts basc events. The path probabltes are calculated for each node gvng the results shown n Table. Node Varable One branch Zero branch prx (q) (q) po x (q) po x Crtcalty F e F F m F2 F2 22 q pr[f9] = m.po [F] + 3. x -3 (-q m).po [F2] po [F9] =. 8.7 x - = 2.9 x -8 pr[f].q e = po [F9] = 8.89.5 x -5 x -7 q 22.po [F2] + (-q 22).po [F2] 9.7 x -2 =.59 x -8 pr[f].q m =.58 x -7 po [F9] = 8.89 x -7 po [F9] =. - Table : Results of the quanttatve analyss appled to module '29'. 8
The complex event 22 s expanded out n terms of ts basc events to obtan the crtcalty functons: G r =.39 x -3, G s =.38 x -3 The only crtcalty functons that reman to be calculated are those for the basc events wthn the prmary BDD: G c = 7.4 x -8, G d = 2.7 x -7, G =.59 x -7 The system falure ntensty s calculated accordng to Equaton 2 usng the basc events' falure ntenstes and crtcalty functons to gve: W sys =.8 x - 5. Conclusons Ths paper has ntroduced an analyss strategy for dealng wth the effcent constructon of BDDs from fault trees. The resultng BDDs can encode both complex and modular events, for whch the necessary quanttatve analyss has been developed. It has also been shown how the analyss proceeds to enable the calculaton of the top event probablty and the system uncondtonal falure ntensty. In addton, a method to extract the crtcalty functons for the basc events, whch are consttuents of both complex events and modules, has been developed. Ths enables the system to be analysed n terms of ts orgnal components. Further quanttatve analyss s possble; the methods could be extended to nclude the calculaton of other mportance measures for the basc events. 6. References. Rauzy, A. New Algorthms for Fault Tree Analyss, Relab. Engng. Syst. Safety, 4, pp23-2, 993 2. Vesely, W. E., "A Tme Dependent Methodology for Fault Tree Evaluaton", Nuclear Eng and Des, 3, pp337-36, 97 3. Platz, O. and Olsen J. V. FAUNET: A Program Package for Evaluaton of Fault Trees and Networks, Research Establshment Rs! Report No 348, DK-4 Rosklde, Denmark, Sept. 976 4. Dutut, Y. and Rauzy, A. A Lnear-Tme Algorthm to fnd Modules of Fault Trees, IEEE Trans. Relablty, 45, No. 3, 996 5. Bartlett, L. M. Varable Orderng Heurstcs for Bnary Decson Dagrams, Doctoral Thess, Loughborough Unversty, 2 9
6. Bartlett, L. M and Andrews, J. D. "Selectng an Orderng Heurstc for the Fault Tree Bnary Decson Dagram Converson Process usng Neural Networks", accepted for Publcaton n IEEE Trans. Relablty. 7. Snnamon, R. M. and Andrews, J. D. Quanttatve Fault Tree Analyss usng Bnary Decson Dagrams, Jour. Europ en des Systemes Automats s, 3, 996 2