Fault tree analysis model-based system

Fault Tree Analysis Faiilt tree analysis permits the hazardous incident (called the top event) frequency to be estimated from a logic model of the failure mechanisms of a system. The top event is traced downward to more basic failures using logic gates to determine its causes and hkelihood. The model is based on the combinations of fail-... 

Domenech et al., in press presents an approach to integrate CCP effectiveness assessment into predictive modeling based on the performance of the coupled control-monitoring system. Following this focus, this paper shows in an appHcation example of honey, how to aggregate control cells, using a model based on fault tree analysis. This structure allows integrating the main parameters of one step and its control in order to know... 

The modelling of the system unavailability is based on the results of the fault tree analysis and the identified minimal cut sets. The simplified equation for the time-dependent system unavailability, for mutually independent basic events, is ... 

Based on this language model-based FTA, automation has been developed. OSATE tool may be used to generate fault tree. The generation tool is designed to be flexible and can be re-targeted to more than one fault tree analysis tool. The portion of the tool that extracts the system instance error model can be reused to generate different types of safety artifacts, such as Markov Chains. 

According to the survey results, the fault tree analysis is the most applied method by safety engineers. Based on this result and the applicability of this method, a demonstrator for data exchange among tools using PREMISE system model was realized. The presentation of this work would exceed this paper and will be presented in an additional publication. 

Within process industries characterized by large production units and high levels of automation, risk and accident analysis is focused on the avoidance of low-probability events entailing serious consequences for the plant and its environment. Safety analysis is based here on causal or probabilistic models of the accidental chain of events that can serve to identify deficiencies in the design of the plant and its protective system as well as to predict the level of risk involved in an operation. Methods developed are fault tree analysis, MORT (Johnson 1975) and INRS (Leplat Rasmussen 1984). A detailed analysis of the actual, individual incident or failure is performed to identify these possible weak spots in the plant and its operation. It is a common experience that human acts play an important role in such industrial mishaps so, especially after the reactor incident at Three Miles Island in 1979, much effort has been spent on developing suitable predictive tools for the... 

To analyse vulnerabiUty risk various system simulations are applicable e.g. contingency analyses, dynamic analyses etc. Other - more generic - model-based risk analysis methods are also apphcable (e.g. fault tree and/or event tree. Simplified and standard risk analyses methods (brainstorming, plotting in risk matrices) can also be used for more coarse analyses... 

In addition to a formal specification, we need a technique to analyze the fault tolerance behavior of a component in a formal way. Approaches such as [19] verify formalized fault trees against formal implementation models. Furthe-more, several fault injection analyzes that rely on model checking like [3] and [9] have been presented. In this paper we focus on a fault injection based-technique [16], [10] that is called model-based safety analysis MBS A. The MBS A processes functional requirements and provides complete results as cut-sets and allows to define custom faulty behavior in the implementation model, which is specified using Matlab/Statefiow. Cut-sets are unique combinations of malfunctions occurrences that can cause a system failure. A cut-set is said to be minimal if no event can be removed from the set and the combination of malfunctions still leads to a failure[ll]. 

Model Based Safety Assessment aims at supporting the Preliminary System Safety Assessment (PSSA) [8]. Before the PSSA is performed, the Functional Hazard Analysis identifies the Failure Conditions (e.g. safety critical situations of the system) and assesses their severity on a scale going from No Safety Effect (NSE) to Catastrophic (CAT). Then, during the Preliminary System Safety Assessment, safety models (or alternatively fault-trees) axe built and analysed. A safety model describes formally in which node a fault occurs and how this fault propagates inside the system architecture in order to cause a Failure Condition. 

The most important Boolean models are Event Trees and Fault Trees (classics/dynamics). Event Trees (Papazoglou 1998) are graphical models that can be discretized according to their possible effects or distinction in a series of simple events. In the same time Event Trees are adapted for modeling and assessment of the events sequences for non-reparable systems such as safety or protection systems. Instead, the reparable systems or instrumentation and control systems can not be modeled by Event Trees. Fault Trees are built according to an undesired event that is decomposed into basic events till this decomposition becomes impossible or judged useless (Dutuit Rauzy 2005). These models are efficient for c r-based analysis but have limitations for sequence-hd.ssd analysis because of the static point of view they consider. 

ABSTRACT In most cases, Model Based Safety Analysis (MBSA) of critical systems focuses only on the process and not on the control system of this process. For instance, to assess the dependability attributes of power plants, only a model (Fault Tree, Markov chain. ..) of the physical components of the plant (pumps, steam generator, turbine, alternator. ..) is used. In this paper, we claim that for repairable and/or phased-mission systems, not only the process but the whole closed-loop system Proc-ess/Control must be considered to perform a relevant MBSA. Indeed, a part of the control functions aims to handle the dynamical mechanisms that change the mission phase as well as manage repairs and redundancies in the process. Therefore, the achievement of these mechanisms depends on the functional/dysfunctional status of the control components, on which these functions are implemented. A qualitative or quantitative analysis method which considers both the process and the control provides consequently more realistic results by integrating the failures of the control components that may lead to the non-achievement of these mechanisms. This claim is exemplified on an industrial study case issued from a power plant. The system is modeled by a BDMP (Boolean logic Driven Markov Process), assuming first that the control components are faultless, i.e. only the faults in the process are considered, and afterwards that they may fail. The minimal cut sequences of the system are computed in both cases. The comparison of these two sets of minimal cut sequences shows the benefit of the second approach. 

The possibility of repair during accident situation is yet to be included into Probabilistic Safety Assessment (PSA). A PSA method Includes Event tree (ET) to generate accident scenario and Fault Tree (FT) used to quantify the probability of failure of the Safety Barrier (SB). In literature, there are some examples in which FT analysis has been done for systems with repair components. A FT analysis of phased mission systems has been performed with repairable and non-repairable components (Vaurio 2001). The other FT models with repairable basic events have been proposed based on renewal intensity principle and inclusion-exclusion methods (Yuge et al. 2012 Yuge et al. 2013). However, ET analysis of Initiating Events (IE) with repairable SB has not been dealt before. Therefore this paper proposes a scheme of PSA level-1 for systems with repairable components using a simplified combination of Repairable Event Tree (RET) and Repairable Fault Tree (RFT). 

Studies (HiP-HOPS) [12] and Component Fault Trees (CFT) [6]. For specific component-based specification languages, the later two techniques allow tool-supported and automated generation of a safety evaluation model. A limitation of these safety analysis techniques is their inability to handle cycles in the control-or data-flow architecture of the system cycles, of course, appear in most realistic systems. Fault Propagation and Transformation Calculus (FPTC) [15] was one of the first approaches that could automatically carry out failure analysis on systems with cycles by using fixed-point analysis. 

The components screened out on the basis of the walkdown observations are not included in the system modeling, i.e., only components which cannot be genetically stated as having a HCLPF capacity equal or higher than the RLE are modeled in the fault trees. Individual HCLPL capacities of these components are to be estimated, either based on a fragility analysis or at least based on the CDLM method. 

Using result by HAZOP system, the fault propagation scenario is created. The information of propagation is stored to the data base in the system. The analysis result shows the cause of propagation and identifies the hazards by the database. From this data base, it can remove the necessary information to create scenario tree. The proposed system creates the scenario tree of fault propagation automatically. This scenario tree system is developed to calculate automatically the accident frequency quantitatively. The model of the fault propagation scenario is created from many results of HAZOP system. It is shown in Figure 3. EiO is... 

---