Fault Tree Analysis Part 3: Digraph-Based Fault Tree Synthesis Procedure (Tree and NFBL)
Feb 04, 2016
Fault Tree Analysis
Part 3: Digraph-Based Fault Tree Synthesis Procedure (Tree and
NFBL)
LEVELS OF MATHEMATICAL MODELS OF ENGINEERING SYSTEMS
Partial Differential Equations
Ordinary Differential Equations
Algebraic Equations
DIGRAPHS
V1 V2Gain
Multi-Valued Logic
Boolean Algebra
node edge
The value of gain is discretized!
±1: if a moderate deviation in the input variable causes moderate deviation in the output.
±10: if the output deviation is very large when compared to the input.
0: if the output deviation is very small compared with the input.
input
output
v
vGain
1
2
Computation of Output Value
if 10 10
10 if 10
10 if 10
where, , , 10, 1,0, 1, 10
in in
out in
in
in out
gain v gain v
v gain v
gain v
v v gain
[ Example ]
1
3
2
4
HOT
NITRIC
ACIDCOOLING
WATER
WATER LEAKS
INTO
NITRIC ACID
AU
TSURR
-1 +1
+1
+1
+1
+1
+1
-1-1
-1
T 2
4T
3M
1M
1T
4M
2M
T2(+1)
OR
M1(+1)
T1(+1) …… M4(-1)
The Fault-Tree Structure for Tree-Like Digraph
THE MAGNITUDE OF DISTURBANCES
inV
outVGain
CONDIF V Z
inValues of V
+10 “Large” Positive Deviations
+ 1 “Normal” Positive Deviations
0 No Change in
- 1 “Normal” Negative Deviations
-10 “Large” Negative Deviation
inV
CONDV Z is the condition required
for the gain to be correct
(if implicit in initial conditions
it is unstated)
inv Deviation in input from its normal value
Digraph Model
[ EXAMPLE ]
3
1 2
AIR TO OPEN
regular valve P 3 M 2+1
quick opening P 3 M 2+10
failure models
M 2P 3+1
0 valve stuck
-1 valve reversed
Digraph Models
Control Valve
(Air to Open)
3
1 2
M = Mass Rate
P = Pressure
T = Temperature
DEN = Density
X = Mass Fraction
Output Variable (Gain) Input
M 2 (+1) M 1 , (+1) P 3 , (+1)DEN . 1
(-1) P 3 , if Valve Reversed
(+1) Fails Open
(-1) Fails Closed
M 1 (+1) M 2 , (+1) P 3
(-1) P 3 if Valve Reversed
( 0 ) P 3 if Valve Stuck
(+1) Fails Open
(-1) Fails Close
( 0 ) P 3 if Valve Stuck
(-1) Plug
(-1) Leak Out
(+1) Leak In
(-1) Plug
( 0 ) M 2 if Plug = +10
( 0 ) M 2 if Fails closed = +10
(+1) Leak Out
(-1) Leak In
Output (Gain) Input
P 2(+1) P 1 , (+1) P 3 , ( 0 ) P 3 if Valve Stuck ,
( 0 ) P 1 if plug = +10 , ( 0 ) P 1 if Fails Closed
+10 , (-1) Plug , (-1) Fails Closed , (-1) P 3 if Valve
Reversed , (+1) Fails Open , (+1) Leak , (-1) Leak Out
P 1 (+1) P 2 , (-1) P 3 , ( 0 ) P 3 if Valve Stuck , (+1) P 3
if Valve Rev , ( 0 ) P 2 if Plug = , ( 0 ) P 2 if Fails Closed = +10 , ( ) Plug , (+1) Fails Closed , (-1) Fails Open , ( ) Leak In , (-1) Leak Out
101
1
T 2 (+1) T 1 , ( 0 ) T 1 if M 2 = -10 , ( )
, (+1) Leak In (if )
1
surroundingsT
surr. 2T T
T 1 None
P 3 None
A,2X A,1 A,1
A ,S A,2
A ,S A,2
( 1)X , (0) X if M 2 =-10 , ( 1)
Leak In ( if X X ) , (-10) Leak In
(if X X )
A,1X None
Output (Gain) Input
(+1) Vap. Frac. 1, ( 0 ) Vap. Frac. 1 if
M2 = -10 , (+1) Leak In (if Vap. Frac.
Sur. > Vap. Frac. 2) , (-1) Leak In (if
Vap. Frac. Sur. < Vap. Frac. 2)
Vapor
Fraction 2
Vap. Frac 1
S 2
S 2
None
( 1) Den. 1 , ( 0 ) Den. 1 if M2 = -10 ,
(+1) Leak In (Den Den ) , (-1) Leak if
(Den Den )
None
Den 2
Den 1
COOPERATIVE CAUSES FOR AN EVENT
[ Example ] The simultaneous occurrences of P (+1) and T (-1) Cause brittle fracture in a tank,
P fracture T+1
(T= -1)
-1
(P= +1)
Glossary
• Digraph : nodes connected by edges which have direction.
• Edge : the line connecting two nodes. – It indicates a relationship between the two nodes.
The number next to the edge is the gain.• Conditional Edge : The relationship between two nodes
depends on another event or variable.– For example, the gain between valve position and
flow out of the valve is zero if the valve is stuck. The condition is “valve stuck”.
Glossary
• Primal node : a node on the system digraph with no inputs.
• Input : an edge pointing to the node under consideration.
• Local Input : variables or events one nods away from the node being considered.
• Gain : change in Output / Change in Input. – Gains may have values of ±1, ±10, 0. Zero means no gain.
GlossaryVariable and Event Values
• These are deviations of the variables and events from their normal value.
• ±10 indicates large or fast deviations which cannot be handled by normal NFBL.
• ±1 is the usual deviation expected in the variable or event.
• Zero means no deviation.
• Some variables are univariant (can only vary in one direction from their normal value), e.g. a normally open valve cannot be further opened or a fire can only have values of 0, +1, and +10.
Glossary
• Feedback Loop (FBL) : A path through the nodes in a digraph which starts and terminates at one node.
• Negative Feedback Loop (NFBL) : A feedback loop in which the product of the normal gains around the loop is negative.
• Positive Feed Back Loop (PFBL) : The product of the gains around the FBL is positive.
[ Example ] FLOW CONTROL LOOP FAULT TREE
The Process is a simple feedback loop for flow control. The flow rate of stream 3 (M3) is sensed by a flow sensor connected to signal line 4. As the flow increases, the signal in line 4 increases. The flow recorder-controller upon receiving the increased signal from 4 sends a decreased signal to stream 5. This causes the valve to close returning the flow to its desired setting.
1
FRC
FLOW
SETPT.
5
1 24
3FLOW CONTROL
LOOP
AIR TO OPEN
M 2
M 3
M 1
VALVEMACH .FAILS
CLOSED
VALVEMECH .FAILSOPEN
P 5
FRCFAILSLOW SET
POINT
ROCFAILSHIGH
LOSSOF
INSTAIR
P 4FLOW
SENSORFAILSHIGH
FLOWSENSORFAILSLOW
LINE4
RUPTURES
-10
+1
+10 -10 +1
+10
-10
+1
0 VALVE STUCK-1 VALVE REVERSED
-1 FLO
W SE
NSO
R R
EV
ER
SED
+1
0 FLO
W SE
NSO
R ST
UC
K
+1 FRC R
EVERSED
-1
0 FRC S
TUCK
0 FRC O
N MANUAL
+10
-10 -10
Discussions with the designer and operator indicate the following events are known to occur in this process.
Sensor : Fails (High , Low , Stuck), Reversed.
Controller : Fails (High , Low , Stuck) , On Manual, Loss of Air (Causes Signal 5 to go down ), Reversed .
Valve : Fails (Open , Closed , Stuck ), Reversed .
The system is normally operating with flow in lines 1, 2, and 3 . The event that could be a hazard is “Flow in stream 3 too high (M3 (+1)) .”
M 3 (+1)
M 2 (+1)
OR
OR
M 1 (+1) P 5 (+1)
If the fault tree is constructed by treating the digraph as a tree, then ……..
Development of Fault Tree
“ What could cause this ? ” or “ Which nodes are inputs to the node representing the current event ? ”
+
“ Nothing else happens which will cancel the original effect . ” ( ON A NFBL or NFFL )
THE GENERAL FAULT – TREE STRUCTURES OF NFBL
( 1 ) M 2 ( +1 )
OR
AND AND
M 1 ( +1 ) process disturbance
NOT ( P 5 (-1) )NO controlloop correction
P 5 (+1) control loop disturbance
NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)
THE GENERAL FAULT – TREE STRUCTURES OF NFBL
( 1 ) M 2 ( +1 )
OR
AND AND
M 1 ( +1 ) process disturbance
NOT ( P 5 (-1) )NO controlloop correction
P 5 (+1) control loop disturbance
NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)
( 2 ) M 2 ( +1 )
OR
AND AND
M 1 ( +1 ) OR P 5 ( +1 ) OR
P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true
THE GENERAL FAULT – TREE STRUCTURES OF NFBL
( 1 ) M 2 ( +1 )
OR
AND AND
M 1 ( +1 ) process disturbance
NOT ( P 5 (-1) )NO controlloop correction
P 5 (+1) control loop disturbance
NOT ( M 1 (-1) )NO processdisturbanceto cancelP 5 (+1)
( 2 ) M 2 ( +1 )
OR
AND AND
M 1 ( +1 ) OR P 5 ( +1 ) OR
P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true
Nearly always true
THE GENERAL FAULT – TREE STRUCTURES OF NFBL
( 3 ) M 2 ( +1 )
OR
OR P 5 ( +1 )
AND AND
M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 )
THE GENERAL FAULT – TREE STRUCTURES OF NFBL
( 3 ) M 2 ( +1 )
OR
OR P 5 ( +1 )
AND AND
M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 )
( 4 ) M 2 ( +1 )
OR
AND P 5 ( +1 )
M 1 ( +1 ) P 5 ( 0 )
A disturbance propagates through a control loop if
1. An external disturbance enters the system and the control loop is inactive;
2. The disturbance is caused by the control loop itself; or
3. The disturbance is extremely large in magnitude.
DISTURBANCES THROUGH A NEGATIVE FEEDBACK LOOP
+ +
_+
+
INV
1V
OUTV
2V
3V
10
10
IN
OUT
V
V
INV
OUTV
OUTV
t
VARIABLE
DEVIATION
Generally, ( +10 ) defined as that value of which causes to have at least a +1 deviation. ( NFBL cannot completely cancel disturbance.)
INV
INV
OUTV
THE GENERAL FAULT – TREES STRUCTURES OF NFBL
( 5 ) M 2 ( +1 )
OR
M 1 ( +10 ) AND P 5 ( +1 )And P 5 (-1 )
M 1 (+1) P 5 ( 0)VeryNearlytrue
( 6 ) E
OR
AND Loop variable causes disturbance
external loop variable disturbance fails to cancel enters loop disturbance OR
component large disturbance failure enters loop(primary orsecondary)
OUTPUT ( Value )
OR
UNCONTROLLABLE INPUTSPASS THROUGH THE NFBL
CONTROL LOOPCAUSES THE DEVIATION
OR EOR
(1) INPUT (Value to give large or fast disturbance ) NOT ON
NFBL(2) PRIMARY FAILURE(3) SECONDARY FAILURE CAUSING EVENT(4) SET POINT CHANGE
LOCAL EDGE INPUT (Value CONDITIONS to give desiredWHICH CAUSES output value)REVERSE GAIN ON NFBLON NFBL
CONTROLLABLE DIST RBANCES PASS THROUGH THE NFBL
AND
OR LOOP INACTIVE
OR
LOCAL EDGE CONDITIONS INPUT (value = 0)WHICH GIVES A ZERO ON THE NFBLGAIN ON THE NFBL
INPUT (value for controllable disturbance into the NFBL) NOT ON NFBL
GENERAL STRUCTURE FOR OUTPUT VARIABLES ON A NFBL
OUTPUT ( value = 0 )
OR
LOCAL EDGE CONDITIONS INPUT ( value= 0 )
WHICH GIVE ZERO ON THE NFBL
GAIN ON THE NFBL
[ EXAMPLE ]M 3 (+1)
OR
M 2 (+1)
OR
OR EOR
M 1 (+10) Valve M 1(+1) OR Mech. Fails Open (+1)
Valve P 5 (+1) Reversed
Page 2
AND
Valve Stuck P 5 (0)
OR
FRC FRC P 4 (0) On Manual Stuck
OR
Flow M 2 Sensor (inconsistent) Stuck
FLOW
CONTROL
LOOP
P 5 (+1)
OR
OR EOR
Set Pt. (+1) FRC Fails High
FRC Reversed (+1)
P 4 (-1)
OR
AND
(no +1disturbance)
OR
Flow Line Sensor 4 Fails Low Ruptures
AND
(no +1disturbance)
EOR
Flow M 2 (-1)Sensor (inconsistent)Reversed