0% found this document useful (0 votes)
96 views10 pages

Jurnal Referensi 4

FTA Review

Uploaded by

Fadhilah Afif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
96 views10 pages

Jurnal Referensi 4

FTA Review

Uploaded by

Fadhilah Afif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

194

IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3,1985 AUGUST

Fault Tree Analysis, Methods, and Applications - A Review


W. S. Lee
Kansas State University, Manhattan
D. L. Grosh
Kansas State University, Manhattan
F. A. Tillman
Kansas State University, Manhattan
C. H. Lie
Seoul National University, Seoul
Key Words-Fault-tree analysis, Literature review.

however informal it was; these events are usually strongly


undesired system states that can occur as a result of subsystem functional faults.
A fault-tree analysis consists of the following four
steps:
1.
2.
3.
4.

System definition
Fault-tree construction
Qualitative evaluation
Quantitative evaluation

Abstract-This paper reviews and classifies fault-tree analysis

Table 1 classifies the references. Tables 2 and 3 present


the references for fault-tree construction and evaluation
sorted by methodology. Table 4 summarizes the available
computer codes for all phases of fault-tree analysis from
construction to evaluation. Table 5 shows the applications
of fault-tree methodologies to real problems.
We
reasonably completethosepapers
t

analysis is a useful analytic tool for the reliability and safety of complex
systems. The literature on fault-tree analysis is, for the most part, scattered through conference proceedings and company reports. We have
classified the literature according to system definition, fault-tree construction, qualitative evaluation, quantitative evaluation, and available

not included were either inadvertently overlooked or considered not to bear directly on the topic of this survey. We
apologize to both the readers and the researchers if we
have omitted any relevant papers. This review is a sequel to
our previous literature surveys on optimization of system

Reader Aids-

Purpose: Present a literature survey

Special math needed for explanations: Probability


Special math needed to use results: None

Results useful to: System theoreticians and reliability engineers.


methods developed since 1960 for system safety and reliability. Fault-tree

computer codes for fault-tree analysis.

1. INTRODUCTION
Fault-tree analysis was first conceived in 1961 by H.
A. Watson of Bell Telephone Laboratories in connection
with a US Air Force contract to study the Minuteman
Missile launch control system [12]. At the 1965 Safety
Symposium, sponsored by the University of Washington
and the Boeing Company, several papers were presented
that expounded the virtues of fault-tree analysis [111]. The
presentation of these papers marked the beginning of a
wide-spread interest in using fault-tree analysis as a system
safety and reliability tool for complex dynamic systems
such as nuclear reactors. Since 1960, great efforts have
been made in solving fault trees to obtain reliability information about complex systems. The importance of faulttree analysis for industry is pointed out in the Reactor
Safety Study [99], where 1300 pages deal with fault-tree
analysis.
The fundamental concept in fault-tree analysis is the
translation of a physical system into a structured logic
diagram (fault tree), in which certain specified causes lead
to one specified TOP event of interest. This logic diagram
is constructed using the event symbols and logic symbols in
figure 1.

The two basic units involved are the AND and OR


gates. Another, less often used, element is the NOT gate.
TOP events are taken from a preliminary hazard analysis,

haveutriedtolbe
.

reliability [139, 140], on availability of maintained systems


[141], on system-effectiveness models [142], on systemreliability evaluation techniques for complex/large systems
[143], and on Bayes reliability and availability [1441.
TABLE 1

Fault-Tree Classification

Fault tree introduction


[6, 7, 12, 19, 29, 43, 50, 58, 68, 69, 75, 76, 79, 86, 100, 109,
138]
Fault tree construction
[1, 4, 51, 52, 54, 59, 67, 70, 76, 78, 80 - 83, 91, 95 - 97,
104 - 107, 113, 115 - 117, 136, 137]
Qualitative evaluation

Minimal cut sets


[2, 14, 23, 24, 32, 56, 60 - 63, 71, 74, 84, 85, 90, 93, 98, 110,
118, 125, 127 - 129, 131 - 135]
Common-cause analysis
[2, 20, 21, 30, 44, 87, 124, 1261
Quantitative evaluation

Probabilistic evaluation

45, 47, 48, 53, 55 57, 64, 72, 73, 76, 88, 89, 92, 101, 102,
119 - 121, 123, 125, 130]
Maue fiprac
[9, 16, 53, 76, 77, 92]

[12, 25 - 27, 41 - 43, 54, 57, 66, 69, 75, 76, 79, 80, 81, 96, 97,
99, 121 - 123]

0018-9529/85/0800-0194$01 .00)1985 IEEE

LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW

195

FAULT TREE SYMBOLISM


EVENT REPRESENTATIONS
The rectangle identifies an event that results
from the combinations of fault events
through the input logic gate.

The circle describes a basic-fault-event that


requires no further development. Frequency
and mode of failure of items so identified are
derived from empirical data.

The triangles are used as transfer symbols. A


line from the apex of the triangle indicates a
transfer in and a line from the side or bottom
denotes a transfer out.

The diamond describes a fault event that is


considered basic in a given fault tree. The
possible causes of the event are not developed

LOGIC OPERATIONS
AND gate describes the logical operation
whereby the coexistance of all input events is

further because the event is of insufficient


consequence or the necessary information is
unavailable.

required to produce the output event.

~~~~~~~OR

gate defines the situation whereby the


output event will exist if one or more of the

input events exists.


The circle within a diamond indicates a subtree exists, but that subtree was evaluated
separately and the quantitative results inserted as though a component.

INHIBIT gates described a causal relationship between one fault and another. The inevent directly produces the output event
usdatrasfesybol.Aput
if the indicated condition is satisfied. The
conditional input defines a state of the system
The house is used as a switch to include or
that permits the fault sequence to occur, and
eliminate parts of the fault tree as those parts
may be either normal to the system or result
may or may not apply to certain situations.
from failures.
The

triagle

Fig. 1. Standard Fault Tree Logic and Event Symbolism [99]

2. SYSTEM DEFINITION
Fault-tree analysis begins with the statement of an
undesired event, eg, failed state of a system. To perform a
meaningful analysis, the following three basic types of
system information are usually needed [52, 106]:
1. Component operating and failure modes: A
description of how the output states of each component
are influenced by the input states and internal operational
modes of that component.
2. System chart: A description of how the components are interconnected. A functional layout diagram
of the system must show all functional interconnections
and identify each component.
3. System boundary conditions: These define the
situation for which the fault tree is to be drawn. Top event,

initial conditions existing or not-allowed events, and the


tree top are system boundary conditions.
3. FAULT-TREE CONSTRUCTION

Fault-tree construction is generally a complicated and


time-consuming task. Computer-aided synthesis has at-

tracted considerable attention and several methodologies


have been proposed. They differ in the modeling of components and in their objectives. Table 2 classifies the
literature on fault-tree construction techniques.
General methodology for construction: David Haasl
[671 devised a structure that establishes rules to determine
the type of gate to use and inputs to the gate.
J. B. Fussell [511 initiated automated construction with
his Synthetic Tree Model (STM). He presented a computer

196

IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

TABLE 2
Fault-Tree Construction

TABLE 3
Fault-Tree Evaluation

Construction Technique

Technique

Haasll, structuring process


[67, 76]
Fussell, STM (DRAFT code)
[51, 52, 54]
Powers & Tompkins, method

Qualitative evaluation: Minimal Cut Sets


Monte Carlo simulation
PREP (FATE option)
Deterministic Method
PREPE (COMBO option)
MOCUS
ALLCUTS
MICSUP
ELRAFT
FAUTRAN
SETS
FATRAM
DICOMIC
Kumanoto & Henley
Nakashima & Hattori
GO

[95 - 97]

Salem et alii, CAT

[104 - 107, 136]


Lapp & Powers, computer aided synthesis

[78, 80 - 83, 137]


Comarda, et alii, efficient algorithm
[1, 27]

Taylor, CCD

[91, 113,

115

117]

code, DRAFT, for electrical systems. The idea behind

STM is the modeling of each device in the system by a


failure transfer function. Then, by tracing
' through the
schematic, these transfer functions for various com-

ponents are combined and edited to form the final fault


tree.

Powers & Tompkins [96] devised a method for


automated fault-tree construction method for chemical
systems. They began the use of input/output models for
describing local cause and effect relationships between
variables and failure events for a single component of a
system. Their approach is first to break down a system into
constituent blocks, and define their operations via unit
models, then to couple these systematically to form the
tree.

Qualitative evaluation: Common-Cause

[125]

[56, 601
[118]
[32, 93]
[110]

[131]

[132,133]
[98]

[62]

[74, 84]
190]
[129]

failure-analysis

COMCAN
BACFIREet alii, new approach
~~~~~~~~Wagner,

[20,21]
[30]
[126]

Quantitative evaluation: Probabilistic evaluation of fault tree


Coherent structure theory

[3, 6, 8, 10, 17, 33 - 35, 47 - 49]


Monte Carlo simulation
RELY4
SAFTE

SAMPLE-WASH 1400
REDIS
Crosetti, code
Analytic method
KITT
Caldarola & Wickenhauser
Other methods

Salem, Apostolakis, Okrent devised CAT (Computer


Automated Tree) code [105] which presents a general,
computer-implemented approach for modeling nuclear
ARMM
and other complex systems involving mechanical, electrical, hydraulic and human interactions and commonNOTED
cause effects as well. The CAT code is based on the use of
WAM-BAM
decision tables as component modeling [107], and a step by
PATREC
step editing procedure by coupling components and tracing
SALP
through the system in order to construct the fault tree.
Digraph Technique
Bit Manipulation
Lapp & Powers Fault Tree Synthesis program (FTS)
[80] first generates a diagraph (directed graph) for system Quantitative evaluation: Measures of importance
representation, and then uses a fault-tree synthesis
[9, 16, 53, 76, 77, 921
algorithm to deduce the fault tree from the diagraph model
of the system being analyzed.

Camarda et alii [27] proposed an efficient algorithm


for fault-tree automatic synthesis from the reliability graph
for large systems, which is generally much easier to obtain
than the fault tree, because the ways in which a physical
system can operate are much fewer than those in which it
can fail.
Taylor & Hollo [116] use algebraic component models
to construct a Cause-Consequence Diagram (CCD). The

[125]

[38, 72, 88]


[64]
[99]
[73]
[38 - 40]
[119 - 121,125]
[22 - 26]

[89]

[30]
[45]

[18]

[5]
[31]
[127]

Cause-Consequence Diagram is the most comprehensive


representation of its kind and has recently generated
widespread attention as a method for reliability and safety
analysis of complex systems. It extends the fault-tree
methodology to describe better the sequential effects of accident chains and to increase their visibility in the analysis

procedure.

LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW

TABLE 4

4. FAULT TREE EVALUATION

4 Available Computer Codes for Fault-Tree Analysis

Computer Code

The evaluation of a fault tree can be qualitative, quantitative, or both, depending upon the scope of the analysis.

Fault-Tree Construction

Table 3 presents the literature on the structures of the fault


tree evaluation.

DRAFT
[51, 52, 54]
CAT -107,136]

4.1 Qualitative Evaluation

[78, 80- 83, 137]


Taylor, CCD
[91, 113, 114, 116, 117]
Qualitative Evaluation
Minimal Cut Set
PREP
MOCUS
ALLCUTS

Qualitative fault-tree analysis consists of determining


cause failures. Two major approaches used for determin-

the minimal cut sets & minimal path sets and the common-

[125]
[56, 60]
[118]

[110]

ELRAFT
FAUTRAN
SETS
FATRAN

[131]
[132, 133]
[98]

DICOMIC

[62]

BUP-CUTS

COMCommon-cAuse

COMCAN

BACFIRE
Quantitative Evaluation
Probabilistic evaluation
RELY4
SAFTE
SAMPLE

[94]

[72]
[64]
[99]

[38 - 40]
[119c- 121,
125]
[22 - 26]
[92]
[89]

[360]

NOTED

WAM-BAM
PATREC

[45]

[18]
[5]

SALP
Measures of importance
IMPORTANCE

[76]
TABLE 5

5 Applications of Fault-Tree Analysis Real Problems


Fault Tree

Analysis

Aerospace Safety Study


[12]

Electrical System

ing minimal cut sets for fault trees are Monte Carlo simulation and deterministic methods. (See table 3)
The Monte Carlo simulation procedure for, finding
minimal cut sets first assigns a time to failure for each

component, usually based upon an exponential failure

distribution. These times to failure are chosen by first


generating for each component a uniformly distributed

random number between 0 and 1, and then finding the


corresponding time to failure. In one Monte Carlo run, the

time to failure is generated for each component, then the

components states are set to "failed", one at a time in


order of increasing time, until the top event is produced.

analysThis
produces a cut set which is then reduced to a minimal
[20, 21]
[30]

Crosetti, code
KITT
Caldarola & Wickenhauser
PL-MOD
ARMM

System Analyzed by

197

ctst[0]

cut set [105].


The basic idea behind deterministic methods is direct
expansion or reduction of the top event of a fault tree in
terms of the constituent basic events using Boolean
algebra. One of the earliest computer programs using the
deterministic method is the PREP progam developed by

Vesely & Narum [125]. The program, except the Monte


Carlo option (FATE), uses a direct combination testing
algorithm (COMBS) for its deterministic approach.
Fussell & Vesely [60] developed an alternative
algorithm which does not require the combination testing.

It is based on the fact that AND gates always increase the

number of the cut sets, and OR gates always increase the


number of cut sets. Fussell, Henery, Marshall [56] used
this algorithm in their fault-tree analysis program,
MOCUS. This is the top-down oriented algorithm and is
designed to accept only AND and OR gates. MICSUP [93]
is, on the other hand, a bottom-up algorithm. It begins
with the lowest level gates that have basic events as input
only, finds the minimal cut sets to these gates and then successively substitutes these cut sets to these gates. The procedure is repeated until the minimal cut sets for the top

eventSemanders[110]
are found.
r

inthecomputercodeELRAFT,in-

[27, 54]
Chemical Processing System
[80, 81, 96, 97]
Nuclear Reactor Safety Study
[25, 26, 42, 57, 66, 79, 99, 121 - 123]

troduced the concept of prime number representation of


basic events for reduction of fault trees. This concept is
useful in storing the cut sets and eliminating the superset.
While the above methods of finding minimal cut
apply for s-coherent fault trees, ie, a fault tree thatsetsis

[41, 43, 69]


Decision Making in System Analysis
[75, 76]

restricted to contain AND and OR gates only, the SETS


computer code [132] finds the prime implicants to a noncoherent fault tree. The prime implicants are like minimal

198

IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

cut sets except that they may contain complemented basic


events.
Kumamoto & Henley [74] developed a top-down
algorithm for obtaining prime implicant sets of noncoherent fault trees.
Common-cause failure is any occurrence or condition
that results in multiple component failures. An important
common-cause event is, then, a cause of secondary failure
that is common to all basis events in one or more hardware
minimal cut sets. Two methodologies for common-cause
analysis have been developed.
The first one, called COMCAN [21], was developed
by the Aerojet Nuclear Company for the US Energy
Research and Development Administration. The program
requires as input whatever minimal cut sets have been
selected from the fault tree and the generic cause susceptibility for each basic event in each category. The
algorithm then searches for those minimal cut sets that are
comprised of basic events that are all susceptible to the
same generic cause, and this search is repeated for each
category. Nevertheless, for complex systems, determining
the list of minimal cut sets becomes a difficult and often an
impossible task. Computer time and storage capacity
become prohibitive. Any method that requires the list of
all minimal cut sets as input is restricted.
To overcome this difficulty a new procedure was proposed by Wagner et al. [126]. This second approach,
without examining all the minimal cut sets, locates
minimal cut sets of any order which could fail due to common causes.
For quantitative analysis of common-cause failure,
W. E. Vesely [124] developed a statistic estimation technique for common-cause failure by specializing the
multivariate exponential Marshall-Olkin model [87].
4.2 Quantitative Evaluation

The first step in the quantitative evaluation of a fault


tree is to find the structural representation of the top event
in terms of the basic events. Finding the minimal cut sets is
one way of accomplishing this step. If the rate of occurrence and fault duration for all basic events are known,
and the statistical dependency of each basic event is known
(or assumed), then the statistical expectation or probability
of the top event can be determined [76].
The Boolean representation of fault trees provides the
link with s-coherent structure theory [10]. When system
success, rather than failure, is stressed, the s-coherent
structure theory is the foundation of reliability theory. A
s-coherent structure, in the context of fault trees, is
nondecreasing in each basic event, ie, the occurrence of a
basic event cannot cause a system transition from a failed
state to an unfailed state.
The minimal cut sets & path sets of a s-coherent fault
tree can be obtained by using one of the available codes
[56, 93, 125]. The system unavailability can then be
calculated either: 1) Exactly by using the minimal cut

sets/path sets to write the structure function of the tree as a


sum of products of basic events provided that the basic
events are not replicated in cut sets and all basic events are
statistically independent; or 2) Approximately, by using
one of the following standard methods [10]:

A. The inclusion-exclusion method of finding successive upper and lower bounds to the probability of the

top event in terms on the minimal cut sets.


B. The minimal cut upper bound and min path lower
bound when the basic events are statistically independent.
C. The min-max bound for statistically dependent
basic events, ie, the basic events are associated.

Improved bounds for above methods can sometimes


obtained
be
by using modular decomposition [10, 34].
The analysis of noncoherent fault trees proceeds in a
similar way. Instead of finding the minimal cut sets in
s-coherent structures, the prime implicants are identified in
noncoherent fault trees. Algorithms for obtaining the
prime implicants are discussed in [74, 132]. All the
methods applicable to s-coherent fault trees, except the
minimal cut (path) bounds, can be extended to noncoherent fault trees [35].
By the late 1960s, sophisticated computer programs
were available to obtain probabilistic information about
the top event from probabilistic information about the
basic events by using Monte Carlo method. Such programs
have been described by P. Crosetti [38], and H. E.
Kongsoe [72].
In order to reduce the computer run time to an acceptable level, which is usually a painful task in direct simulation, a statistical sampling procedure called importance
sampling is used in Monte Carlo analyses [36]. This technique depends on biasing the simulation through the use of
another distribution so that the component or the combination of components that cause the unlikely event are
emphasized in the sampling. So as not to bias the end
result, corrections are made at the end.
The computer program, RELY 4, developed by H. E.
Kongsoe [72] has four different versions. Versions 1 and 3
use importance sampling and versions 2 and 4 use direct
simulation.
In WASH-1400 Reactor Safety Study [99], a Monte
Carlo program called SAMPLE [99], was used to compute
the uncertainty distribution of the system reliability using a
simplified mathematical model (based on exponential
failure distribution for the system components) and using
the uncertainty distribution on the parameters of the component failure and repair distribution.
The SAFTE codes for a unified system reliability and
safety study by B. J. Garrick [64] and REDIS program [73]
developed in Denmark are also examples of Monte Carlo
simulation programs.
In 1970, W. E. Vesely [119] made a most important
advance in quantitative evaluation of fault trees by
developing an analytic methodology, called Kinetic Tree

LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS

Theory (KITT), for fault trees containing repairable components. The output from computer programs exercising
Vesely's method [125] contains complete quantitative information about the top event.
L. Caldarola & A. Wickenhauser [26] also developed
an analytic computer program for fault tree evaluation.
This program can evaluate s-coherent systems assuming
binary component states with four different classes of
components. A second computer program is also
developed for solving noncoherent systems with multistate
components [23, 24].
Several computer codes using different approaches
are available to analyze fault trees quantitatively. R. C.
Erdmann et alii [45] developed the WAM series of computer codes to provide flexibility as well as accuracy in the
analysis of system reliability. The SALP computer series,
developed by M. Astolfi et alii [5], in Italy, are based on
the use of list-processing techniques for the direct
manipulation of graphs.
The PATREC code by A. Blin et alii [18] is based on
list-processing which is realized by recognizing and replacing known subtrees or patterns by equivalent leaves with
the corresponding unreliability/unavailability. By
repeatedly pruning the fault tree, it is finally reduced to a
single leaf which represents the system unreliability for
unrepairable systems and unavailability for repairable
systems.
M. F. Chamow [31] suggests a new approach involving well-defined, closed-form methods for quantitative
evaluations of fault tree logic. The method is based on
directed graphs (digraphs) and related matrix methods,
and depends in a major sense on the digraph representations developed for the basic OR and AND logic elements.
The benefit of this method arises because the mathematical
solutions are readily performed by standard matrix techniques, which can be implemented either manually or with
the aid of computer.
For the use of computer on computation and storage
requirements, the fault-tree analysis using bit manipulation
suggested by D. B. Wheeler et alii [127] shows the effectiveness in producing minimal cut sets and the top event
probability through analysis of fault trees of various sizes.
The measures of importance of events and cut sets in
fault trees are another important feature of quantitative
fault tree analysis. While the evaluation of the top event
provides system reliability/availability information, the
probabilistic importance computation can generate a
numerical ranking to assess weaknesses in a system.
Several probabilistic methods can be used to compute
the importance of basic events and cut sets in the fault tree.
H. E. Lambert [76] developed a computer code IMPORTANCE to compute various measures of probabilistic importance of basic events and cut sets to a fault tree. The
code requires as input the minimal cut sets, the failure rates
and the fault duration time (the repair times) of all basic
events contained in the minimal cut sets. The output of the
code includes seven measures of basic-event importance

A REVIEW

199

and two measures of cut-set importance by assuming


statistical independence of basic events.

4.3 Available Computer Codes for Fault Tree Analysis


Numerous computer codes

are

available for process-

ing fault trees. They are presented in table 4. In the construction phase of the analysis, Fussell [51] pioneered the

work with his DRAFT code for electrical system. Salem et


alii [105] produced the CAT code based on the application
of the decision table. Lapp & Powers [80] developed the
Fault Tree Synthesis (FTS) code for chemical processing
system. Taylor & Hollo [116] use algebraic component
models to construct a Cause-Consequence Diagram

(CCD).

For qualitative evaluation, Vesely & Narum [125]


made available a PREP code that obtained the minimal cut
sets (or minimal path sets) for the fault tree. Because of the
time consuming nature of the algorithms used in PREP,
several newer and more efficient codes have been written
employing faster deterministic routines not requiring
Monte Carlo methods. The MOCUS code by Fussell [56]
starts at the top of the fault tree and proceeds down while
the MICSUP code by Pande et alii [93] starts at the bottom
of the tree and proceeds up. In general, MICSUP requires
less memory storage space in the computer than MOCUS
since MICSUP stores all cut sets in a single array. For fault
tree containing NOT gates (and thus noncoherence), Worrell [132] developed the SETS computer code to find the
prime implicants for the fault tree. The prime implicants
are like minimal cut sets except that they can contain complemented basic events. Other well-known deterministic
programs for determining minimal cut sets are ALLCUTS
[118], ERAFT [110], FAUTRAN [131], FATRAM [90],
DICOMIC [62], BAM-CUTS [45], and BUP-CUTS [90].
For common-cause failure analysis of qualitative fault-tree
evaluation, two computer codes have been developed using
minimal cut sets as input: COMCAN [21], developed at
INEL, and BACFIRE [30], developed at University of
Tennessee.
The early computer codes for quantitative fault tree
evaluation were available to obtain probabilistic information about the top event by using the Monte Carlo method.
Such codes are RELY 4 [72] and Crosetti's code [38].
SAFTE [64], REDIS [73] and SAMPLE [99] can also be
classified in this category. For analytic methodology of
quantitative evaluation, Vesely & Narum [125] provided
the KITT code for probabilistic fault tree evaluation starting from primary failure information to top failure information. Caldarola & Wickenhauser [26] also produced an

analytic computer program similar to that of Vesely &


Narum. The PL-MOD code by Olmos & Wolf [92] performed the step by step modularization of fault trees
through an extensive use of the list processing tools
available in PL-1. Other computer codes developed by
many industry users and research institutions serving the
similar evaluation interests are ARMM [89], GO [65],

200

IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

NOTED [130], WAM-BAM [45], PATREC [18], and Korea Science and Engineering Foundation under the
SALP [5]. Finally, for the measure of importance of events Korea-USA Cooperative Science Program.
and cut sets in fault trees, Lambert [76] developed a very
comprehensive computer code, IMPORTANCE, which
computes various measures of probabilistic importance of
REFERENCES
basic events and cut sets to a fault tree.
5. CONCLUDING REMARKS

Fault-tree analysis iS a versatile tool that has rapidly

won favor with those involved in reliability and safety

calculations. But fault-tree models do have disadvantages.


Probably the most outstanding one is the cost of developin
first-time appllcatlon
ment
Some inductive
application to a system. Some
1n first-tlme
ment
lnductlve
analysis technique, like Failure-Mode-and-Effects Analysis
(FMEA), is a much simpler and more cost effective technique to apply in analyzing small systems when a single-point

failure analysis is adequate. However, as systems become


more complex and the consequences of accidents become
catastrophic, a technique such as fault-tree analysis should
be applied. Fault-tree analysis can efficiently direct the ef-

ananalytin
onsidring only
nly tose
forts of anfortsof
analyst
in considering
those bsic
basic eents
events
that can contribute to system failure and represent the rela-

[1] K. K. Aggarwal, "Comment on an efficient simple algorithm for


fault tree automatic synthesis from the reliability graph," IEEE
Trans. Reliability, vol R-28, 1979 Oct, p 309.
[2] R. N. Allan, I. L. Ronsiris, D. M. Fryer, "An efficient computational technique for evaluating the cut/tie sets and common-cause
failures of complex systems," IEEE Trans. Reliability vol R-30,

1981 Jun, pp 101-109.


[3] H. P. Alesso, H. J. Benson, "Fault tree and reliability relationships
for analyzing noncoherent two-state system," Nuclear Engineering
and Design, vol 56, 1980, pp 309-320.
[4] P. K. Andow, "Difficulties in fault-tree synthesis for process
plant," IEEE Trans. Reliability, vol R-29, 1980 Apr, pp 2-9.
[5] M. Astolfi, S. Contini, C. L. Van der Muyzenberg, G. Volta, "Fault
tree analysis by list-processing techniques," in [145, pp 5-32].
[6] R. E. Barlow, P. Chatterjee, "Introduction to fault tree analysis,"
Operations Research Center, UC Berkeley, ORC 73-30, Dec 1973.

[7] R. E. Barlow, H. E. Lambert, "Introduction to fault tree analysis,"

in [146, pp 7-35].
[8] R. E. Barlow, F. Proschan, "Availability theory and multicomponent systems,"
Analysis III, P. R. Kriahnaiah,
1971.
editor, Academic
Press,Multivariate
[9] R. E. Barlow, F. Proschan, "Importance of system components and
fault tree analysis," Operations Research Center, Univ. of Calif.,

Berkeley, Report ORC 74-3, 1974.


tionship of human error and environmental conditions in
E. Barlow, F. Proschan, Statistical Theory of Reliability and Life
failure. With the fast progress
of automated [10] R.
causing systemalysis,
p
Testing,
ress
c
a
s
t
techniue
ator
ctveu
fault-tree analysis, this technique can be a more effective [11] L. Bass, et alii, "Fault tree graphics," in [146, pp 913-927].

fault-tsystem
a

Holt, Rinehart, & Winston, 1975.

this

and sophisticated analytic reliability tool.


[12]
A major difficulty with quantitative fault-tree evaluation (as well as any quantitative reliabilitiy technidque) is [13]
the lack of pertinent failure-rate data. Nevertheless, quantitative evaluations are particularly valuable for comparing
systems designs that have similar components. The results [14]
are not as sensitive to the failure-rate data as is an absolute
determination of the system failure probability. Because of [15]
uncertainties in failure-rate data, quantitative fault-tree
analysis
eltverte[16]
hatsgeaetvauwe
analysis has its greatest value when
relative
rather thanabsolute determinations are made. Fault-tree analysis is then
best applied during the detailed design stages of a system. [17]
Fault-tree analysis can be a most simple or a most
sophisticated analytic reliability tool depending on the
needs of the analyst. For the system-safety analyst, fault [18]
trees provide an objective basis for analyzing failure modes [19]
and probabilities and evaluating overall reliability. The
simple logic applies to both systems and subsystems, and is [201
an effective visualization tool for management as well as

systenn analyst
andlyst
forw asthe
oriaero
system
as well
theprcess
nuclearcon
design engineer.
ACKNOWLEDGMENT
Our special thanks go to Dr. C. L. Hwang for his vital

help and encouragement on this project.

This study was partly supported by the US Office of


Naval Research, Control No. N00014-76-C-0842; National

Science Foundation, Grant 'No. INT 8215755,' and the

Bell Telephone Laboratories, "Launch control safety study," Section VII, vol 1, Bell Telephone Labs., Murray Hill, NJ USA. 1961.

N. N. Bengiamin, B. A. Bowman, K. F. Schenk, "An efficient

algorithm for reducing the complexity of computation in fault


analysis," IEEE Trans. Nuclear Science, vol NS-23, 1976 Oct,tree
pp

1442-1446.
R. G. Bennetts, "On the analysis of fault trees," IEEE Trans.
Reliability, vol R-24, 1973 Aug, pp 175-185.

L. J. Billera, "On the composition and decomposition of clutters,"


J. Combinatorial Theory, vol 11, 1971, pp 234-245.
Z. W. Birnbaum, "On the importance of
components in a
multicomponent system," Multivariatedifferent
Analysis II, P. R.
Krishaniah, editor, Academic Press, 1969.
Z. W. Birnbaum, J. D. Esary, S. C. Saunders, "Multi-component
systems and structures and their reliability," Technometrics, vol 3,

1961 Feb, pp 55-77.

A. Blin, A. Carline, et alii, "PATREC,


tree calculations," in [145, pp 33-43]

computer code for fault

D. B. Brown, "Fault tree analysis," Systems Analysis and Design


for Safety, Prentice-Hall, Inc., pp 152-193, 1976.
G. R. Burdick, "COMCAN-A computer code for common-cause

analysis," IEEE Trans. Reliability, vol R-26, 1977 Jun, pp 100-102.

[21] G. R. Burdick, N. H. Marshall, J. R. Wilson, "COMCAN-a computer code for common-cause analysis," ANCR-1314, 1976 May.

[22] L. Caldarola, "Unavailability and failure intensity of components,"

Nuclear Engineering and Design, vol 44, 1977, pp 147-162.


[23] L. Caldarola, "Fault tree analysis with multistate components," in

[145, pp 199-248].

[24] L. Caldarola, "Coherent systems with multistate components,"


Nuclear Engineering and Design vol 58, 1980, pp 127-139.

[25] L. Caldarola, A. Wickenhauser, "Recent advancements in fault tree

methodology at Karlsruhe," in [147, pp 518-542].

[26] L. Cadarola, A. Wickenhauser, "The Karlsruhe computer program


for the evaluation of the availability and reliability of complex

repairable
systems," Nuclear Engineering and Design, vol 43, 1977,
463-470.
~~~~~~~~~~~pp

201

LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW

[27] P. Camarda, F. Corsi, A. Trentadue, "An efficient simple


algorithm for fault tree automatic synthesis from the reliability
graph," IEEE Trans. Reliability, vol R-27, 1978 Aug, pp 215-221.
[28] J. M. Cargal, "An alternative fault-tree algebra, IEEE Trans.
Reliability, vol R-29, 1980 Aug, pp 269-272.
[29] A. Carnino, "Safety analysis using fault trees," in [148].
[301 C. L. Cate, J. B. Fussel, "BACFIRE-A computer program for
common cause failure analysis," The University of Tennessee,
NERS-77-02, 1977.
[31] M. F. Chomow, "Directed graph techniques for the analysis of fault
trees," IEEE Trans. Reliability, vol R-27, 1978 Apr, pp 7-15.
[32] P. Chatterjee, "Fault tree analysis: Min cut set algorithms," ORC
74-2, Operations Research Center, University of California,
Berkeley, California, 1974 Jan.
[33] P. Chatterjee, "Fault tree analysis: reliability theory and systems
safety analysis," Operations Research Center, University of California, Berkeley, ORC 74-34, 1974 Nov.
[34] P. Chatterjee, "Modularization of fault trees: a method to reduce
the cost of analysis," in [146, pp 101-1261.
[35] T. L. Chu, G. Apostolakis, "Methods for probabilistic analysis of
noncoherent fault trees," IEEE Trans. Reliability, vol R-29, 1980
Dec, pp 354-360.
[361 C. E. Clark, "Importance sampling in Monte Carlo analysis,"
Operations Research, 1961 Sep/Oct, pp 603-620.
[37] A. G. Colombo, "Uncertainty propagation in fault tree analysis,"
in Failure Prevention and Reliability presented at the Design Eng.
Technical Cong., Chicago, Ill, 1977 Sep, pp 95-103.
[38] P. Crosetti, "Computer program for fault tree analysis," Douglas
United Nuclear, Inc., Richard, Wash., DUN-5508, 1969 Apr.
[39] P. A. Crosetti, "Fault tree analysis with probability evaluation,"
IEEE Nuclear Power Systems Symp. 1970 Nov, pp 465-471.
[40] P. A. Crosetti, "Fault tree analysis for systems reliability," Instrumentation Technology, 1971 Aug, pp 52-56.
[41] P. A. Crosetti, R. A. Bruce, "Commercial application of fault tree
analysis," Proc. Reliability and Maintainability Conf., 1970, pp
230-244.
[42] G. E. Cummings, "Application of the fault tree technique to a
nuclear reactor containment system," in [146, pp 805-825].
[43] R. L. Eisner, "Fault tree analysis to anticipate potential failure,"
presented at the Design Eng. Conf., ASME, 1972 May 8-11.
[44] E. P. Epler, "Common mode failure considerations in the design of
systems for protection and control," Nuclear Safety, vol 10, 1969,
pp. 38-45.
[45] R. C. Erdmann, J. E. Kelly, H. R. Kirch, F. L. Leverenz, E. T.
Rumble, "A method for quantifying logic models for safety
analysis," in [147, pp 732-754].
[46] C. A. Ericson, "System safety analytical technology-preliminary
hazards analysis," the Boeing Co., Seattle, Rept. D2-113072-1,
1969.
[47] J. D. Esary, F. Proschan, "Coherent structures of non-identical
components," Technometrics, vol 5, 1963 May, pp 191-209.
[48] J. D. Esary, H. Ziehms, "Reliability analysis of phased missions,"
in [146, pp 213-236].
[49] W. Feller, An Inroduction to Probability Theory and Its Applications, vol I, 3rd Ed., John Wiley & Sons, 1968.
[50] J. B. Fussell, "Fault tree analysis-concepts and techniques," in
[148].
[51] J. B. Fussell, "Synthetic tree model-A formal methodology for
fault tree construction," ANCR-1098, 1973 Mar.
[52] J- B. Fussell, "A formal methodology for fault tree construction,"
Nuclear Eng. and Design, vol 52, 1973, pp 337-360.
'.
[53]~~~~~
J . Fssel,"ow
~
B.Fsel:Hwt.adcluat ytmrlaiiyadsft
rllalll an saety
o had-clcuatesystm
[53]J.
characteristics," IEEE Trans. Reliability, vol R-24, 1975 Aug, pp
16-14
[54] J. B. Fussell, "Computer aided fault tree construction for electrical
systems," in [146, pp 37-56].
[55] J. B. Fussell, G. R. Burdick, D. M. Rasmuson, J. R. Wilson, J. C.
Zipperer, "A collection of methods for reliability and safety
engineering," ANCR-1273, 1976.

[56] J. B. Fussell, E. B. Henry, N. H. Marshall, "MOCUS-a computer


program to obtain minimal sets from fault trees," ANCR-1156,
Aerojet Nuclear Company, Idaho Falls, Idaho, 1974 March.
[57] J. B. Fussell, H. E. Lambert, "Quantitative evaluation of nuclear
system reliability and safety characteristics," IEEE Trans. Reliabilitys vol R-25e 1976 Augf pp 178-183.
[58] J. B. Fussell, G. J. Powers, R. G. Bennetts, "Fault trees-a state of
the art discussion," IEEE Trans. Reliability, vol R-23, 1974 Apr, pp

t1ERv9

[59]

[60]
[61]

[62]

[63]
[64]
[65]

[66]

[67]

[68]

[69]
[70]
[71]

[72]
[73]
[74]

[75]

[76]
[77]

[78]
[79

[80]

[81]

51-55.
J. B. Fussell, W. E. Vesely, "Elements of fault tree construction-a
new approach," Trans. Amer. Nuc. Soc., 1972, p 794.
J- B. Fussell, W- E. Vesely, "A new methodology for obtaining cut
sets for fault trees," Trans. Amer. Nuc. Soc. vol 15, 1972, p 262.
A. C. Gangadharan, M. S. M. Rao, C. Sundarajan, "Computer
methods for qualitative fault tree analysis," in Failure Prevention
and Reliability, edited by S. B. Bennett et al., 1977, pp 251-262.
S. Garribba et al., "DICOMICS, an algorithm for direct computation of minimal cut sets of fault trees," EUR-5481e, 1975.
S. Garribba et al., "Efficient construction of minimal cut sets from
fault trees?," IEEE Trans. Reliability, vol R-26, 1977 Jun, pp
88-94.
B. J. Garrick, "Principles of unified system safety analysis,"
Nuclear Engineering and Design, vol 13, 1970, pp 245-321.
W. Y. Gately, D. W. Stoddard, R. L. Williams, "GO, A computer
program for the reliability analysis of complex systems," Daman
Science Corporation, Colorado Springs, Colorado, KN-67-704(R),
1968 Apr.
C. W. Griffin, "The fault tree as a safety optimization design tool,"
presented at the Topical Meeting on Water Reactor Safety, 1973 Mar.
D. F. Haasl, "Advanced concepts on fault tree analysis," System
Safety Symposium, The Boeing Company, Seattle, Washington,
1965 June 8-9.
W. Hammer, "Fault tree analysis," Handbook of System and Product Safety, Prentice-Hall, 1972, pp 238-246.
W. Hammer, "Fault tree analysis," Product Safety Management
and Engineering, Prentice-Hall, 1975, pp 204-228.
E. J. Henley, H. Kumamoto, "Comment on: Computer-aided synthesis of fault trees," IEEE Trans. Reliability, vol R-26, 1977 Dec,
pp 316-317.
B. L. Hulme, R. B. Worrell, "A prime implicant algorithm with factoring," IEEE Trans. Computers, vol C-24, 1975 Nov. pp
1129-1131.
H. E. Kongsoe, "RELY 4: a Monte Carlo computer program for
systems reliability analysis," Danish Atomic Energy Commission,
RISO-M-1500, June 1972.
H. E. Kongsoe, "REDIS, a computer program for system reliability
analysis by direct simulation," Intern. Symp. Reliability of Nuclear
Power Plants, Innsbruck, Austria, April 14-18, 1975.
H. Kumamoto, E. J. Henley, "Top-down algorithm for obtaining
prime implicant sets of noncoherent fault trees," IEEE Trans.
Reliability, vol R-27, 1978 Oct, pp 242-249.
H. E. Lambert, "System safety analysis and fault tree analysis,"
UCID-16238, Lawrence Livermore Lab., Livermore, California,
1973 May.
H. E. Lambert, "Fault trees for decision making in system
analysis," Lawrence Livermore Laboratory, University of California, Livermore, UCRL-51829, 1975 Oct.
H. E. Lambert, "Measures of importance of events and cut sets in
fault trees," in [146, pp 77-100].
H. E. Lambert, "Comment on the Lapp-Powers computer-aided
synthesis of fault trees," IEEE Trans. Reliability, vol R-28, 1979
Apr
pp
5A.LPP,GJ.Pwr,"opt-addsnhisfful
trees," IEEE Trans. Reliability, 1977 Apr, pp 2-13.
5. A. Lapp, G. J. Powers, "The synthesis of fault trees," in [147, pp
778-799].
5. A. Lapp, G. J. Powers, "sUpdate of Lapp-Powers fault tree synthesis algorithm," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp
12-14.

6-9.s

202

IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

[81a] W. S. Lee, "A study of fault tree analysis for system safety and
reliability," MS Thesis, Kansas State University, 1982.
[82] E. E. Lewis, "Fault trees," Nuclear Power Reactor Safety, John
Wiley & Sons, 1977, pp 87-91.
[83] M. 0. Locks, "Synthesis of fault trees: an example of
noncoherence," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp 2-5.
[84] M. 0. Locks, "Fault trees, prime implicants and noncoherence," E.
I. Ogunbiyi, "Author reply #1," H. Kumamoto, E. J. Henley,
"Author reply #2," M. 0. Locks, "Rebuttal," IEEE Trans.
Reliability, vol R-29, 1980 Jun, pp 130-135.
[85] M. S. Madhava Rao, "FALTREE-a computer program for fault tree
analysis, " Engineering Science and Technology Dept. Letter Report,
EST-77-1, Foster Wheeler Development Corporation, Livingston,
NJ, 1977.
[86N
S. W. Malasky "Faulttreeanalysis," System Safety HaydenBook
[86]
Co. Inc., pp 142-194, 1974.
[87] A. W. Marshall, I.O01kin,"A multivariate exponentialdistribution,"
JASA, vol 62, 1967, pp 3044.
[88] M. Mazumdar, "Importance sampling in reliability estimation," in
[146, pp 153-163].
[89] C. W. Mcknight, et al., "Automatic reliability mathematical model",
North American Aviation, Inc., Downey, California, NA 66-838,
1966.
[90] K. Nakashima, Y. Hattori, "An efficient bottom-up algorithm for
enumerating minimal cut sets of fault trees," IEEE Trans. Reliability,
vol R-28, 1979 Dec, pp 353-357.
[91] D. Nielsen, "Use of cause-consequence charts in practical system
analysis," in [146, pp 849-880].
[92] J. Olmos, L. Wolf, "A modular representation and analysis of fault
trees," Nuclear
trees,"
Nuclear Engineering
Engineering and
and Design,
Design, vol 48, 1978 Aug, pp

o5.Wnc.,Malaskyp "Fault4tree1analysis,"9System7Safety,4HaydenB

531-561.

[108] G. H. Sandler, System Reliability Engineering, McGraw-Hill, 1964, p


243.
[109] R. J. Schroder, "Fault tree for reliability analysis," Proc. 1970Ann.
Symp. Reliability, 1970 Feb, pp 198-205.
[110] S. N. Semanderes, "ELRAFT, a computer program for the efficient
logic reduction analysis of fault trees," IEEE Trans. Nuclear Science,
vol NS-18, 1971 Feb, pp 481-487.
[111] System Safety Symposium, Seattle, Washington: The Boeing Company, 1965. Available from University of Washington Library, Seattle, Washington.
[112] C. 0. Smith, Introduction to Reliability in Design, McGraw-Hill,
1976.
[1131 J. R. Taylor, "A formalization of failure mode analysis of control
systems," Danish Atomic Energy Commission, RISO-M-1654, 1973

Sep.
abnormal occurrence reports," Reliability ofNuclear Power Plants,
IAEA-SM-195/16, 1975.
J. R. Taylor, "Sequential effects in failure mode analysis," in [146,
pp 881-894].
J. R. Taylor, E. Hollo, "Algorithm and programs for consequence
diagram and fault tree construction," Report No. RISO-M-1907,
Danish Atomic Energy Commission, Roskilde, Denmark, 1977.
J. R. Taylor, E. Hollo, "Experience with algorithms for automatic
failure analysis," in [147, pp 759-777].
W. J. Van Slyke, D. E. Griffing, "ALLCUTS, a fast comprehensive
fault tree analysis code," Atlantic Richfield Hanford Company,
Richlard, Washington, ARH-ST-1 12, 1975 July.
W. E. Vesely, "Analysis of fault trees by kinetic tree theory,"
IN-1330, Idaho Nuclear Corp., Idaho Falls, 1969 October.
W. E Vesely, A time-dependent methodology for fault tree
analysis," Nucl. Eng. and Design, vol 13, 1970 Aug, pp 337-360.
W. E. Vesely, "Reliability and fault tree applications at NRTS,"
Proc. 1970 Reliability and Maintainability Conf., vol 9, 1970, pp

[115] J. R. Taylor, "A study of failure causes based on U. S. power reactor


[115]
[116]

[117]

[118]
[119]

[120]

~~~~~~~~~~~~[121]

[93] P. K. Pande, M. E. Spector, P. Chatterjee, "Computerized fault tree


analysis," TREEL AND MICSUP, ORC 75-3, Operation Research
472-480.
Center, University of California, Berkeley, April 1975.
[122] W. E. Vesely, "Reliability quantification techniques used in the
[94] S. L. Pollack, Decision Tables: Theory and Practice, WileyRasmussen study," in [146, pp 775-803].
Interscience, 1971.
[123] W. E. Vesely, "Time dependent unavailability analysis of nuclear
[95] G. M. Powers, F. C. Tompkins, "Computer-aided synthesis of fault
safety system," IEEE Trans. Reliability, vol R-26, 1977 Oct, pp
trees for complex processing systems," in [148, pp 307-314].
257-260.
[96] G. J. Powers, F. C. Tompkins, "Fault tree synthesis for chemical [124] W. E. Vesely, "Estimating common cause failure probabilities in
process," AICHE Journal, vol 20, 1974 Mar, pp 376-387.
reliability and risk analysis: Marshall-Olkin specialization," in [147,
[97] G. J. Powers, F. C. Tompkins, S. A. Lapp, "A safety simulation
pp 314-341].
language for chemical processes: A procedure for fault tree [125] W. E. Vesely, R. E. Narum, "PREP and KITT computer code for the
automatic evaluation of a fault tree," Idaho Nuclear Corporation,
synthesis," in [146, pp 57-75].
Idaho Falls, Idaho, IN-1349, 1970.
[98] D. M. Rasmuson, N. H. Marshall, "FATRAM-A core efficient cutset algorithm," IEEE Trans. Reliability, vol R-27, 1978 Oct, pp [126] D. P. Wagner, C. L. Cate, J. B. Fussell, "Common cause failure
analysis methodology for complex systems," in [147, pp 289-313].
250-253.
[99] Reactor Safety Study-An Assessment of Accident Risk in U.S. [127] D. B. Wheeler et alii, "Fault tree analysis using bit manipulation,"
IEEE Trans. Reliability, vol R-26, 1977 Jun, pp 95-99.
Commercial Nuclear Power Plants, WASH-1400 (NUREG-75/014),
US Nuclear Regulatory Commission, Washington, DC, 1975 Oct.
[128] R. L. William, W. Y. Gateley, "Use of the GO methodology to
directly generate minimal cut sets," in [147, pp 825-849].
[100] J. L. Recht, "System safety analysis: The fault tree," National Safety
[1291 R. R. Willie, "Computer-aided fault tree analysis: FTAP," OperaNews, April 1966.
tions Research Center, U. C. Berkeley, OC 78-14, 1978 Aug.
[101] A. Rosenthal, "Decomposition Methods for Fault Tree Analysis,"
[130] E. R. Woodcock, "The calculation of reliability of systems: The proIEEE Trans. Reliability, vol R-29, 1980 Jun, pp 136-138.
Authority
Health
and Safety
Branch,
Genegram
T.
Rumble, R. C. Erdmann, "Generalized
F.L.everezR.C.Ermann
Risley,NOTED,"
Warrington,UKAEA
Lancashire,
England,
AHSB(S)
R. p 153,
[102] E. T. Rumble, 1021
F. L.E.Leverenz,
fault
1971.
tree analysis for reactor safety," Electric Power Research Inst., Palo [131] P. Y. Wong, "FAUTRAN-A fault tree analyzer," AECL-5182,
Atomic Energy of Canada Limited, Chalk River Nuclear Lab. Chalk
Alto, California, EPRI-217-2-2, 1975 Jun.
[103] N. H. Roberts, Mathematical Models in Reliability Engineering,
River, Ontario, Canada, 1975.
McGraw-Hill, 1964, p 243.
[132] R. B. Worrell, "Set equation transformation system (SETS)," SLA[104] S. L. Salem, G. Apostolakis, "The CAT methodology for fault tree
73-0028A Sandia Laboratories, Albuquerque, New Mexico, 1974
construction," in [145, pp 109-128].
May.
[105] 5. L. Salem, G. E. Apostolakis, D. Okrent, "A computer-oriented [133] R. B. Worrell, "Using the set equation transformation system in fault
approach to fault tree construction," EPRI NP-288, Electric Power
tree analysis," in [146, pp 165-185].
Research Institute, 1976 Nov.
[134] R. B. Worrell, "Qualitative analysis in reliability and safety studies,"
[106] 5. L. Salem, G. E. Apostolakis, D. Okrent, "A new methodology for
IEEE Trans. Reliability, vol R-25, 1976 Aug, pp 164-169.
the computer-aided construction of fault tree," Annals of Nuclear [135] R. B. Worrell, D. W. Stack, B. L. Hulme, "Prime implicants of nonEnergy, vol 4, 1977, pp 417-433.
coherent fault trees," IEEE Trans. Reliability, vol R-30, 1981 Jun, pp
[107] 5. L. Salem, J. S. Wu, G. E. Apostolakis, "D)ecision table develop98-100.
ment and application to the construction of fault trees," Nuclear [136] J. S. Wu, S. L. Salem, G. E. Apostolakis, "The use of decision tables
Technology, vol 42, 1979 Jan, pp 5 1-64.
in the systematic construction of fault trees," in [147, pp 800-824].

LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW

203

[137] T. W. Yellman, "Comment on computer-aided synthesis of fault


AUTHORS
trees," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp 10-11.
[138] J. Young, "Using the fault tree analysis technique," in [146, pp Wen-Shing Lee; Dept. of Industrial Engineering; Durland Hall; Kansas
827-848].
State University; Manhattan, Kansas 66506 USA.
[139] F. A. Tillman, C. L. Hwang, W. Kuo, "Optimization techniques for
Wen-Shing Lee was born in Taiwan on 1951 March 28. He received
system reliability with redundancy-A review," IEEE Trans. the BS degree in Industrial Management from National Cheng-Kung
Reliability, vol R-26, 1977 Aug, pp 148-155.
University, Taiwan, in 1973. He worked for four years in industry in
[140] F. A. Tillman, C. L. Hwang, W. Kuo, Optimization of System Taiwan. He earned the MS degree in Industrial Engineering at Kansas
Reliability, Marcel Dekker, 1980.
State University in 1982. He has been an Industrial Engineer at Reliance
[141] C. H. Lie, C. L. Hwang, F. A. Tillman, "Availability of maintained Fuse, Des Plaines 1982 through 1984, and at Signode Corp. presently.
system: A state-of-the-art survey," AIIE Trans., vol 9, 1977, pp
247-259.
Dr. C. L. Hwang; Dept. of Industrial Engineering; Durland Hall; Kansas
[142] F. A. Tillman, C. L. Hwang,
W.
effectiveness
models:
"System
Kuo,
.
.
'
University; Manhattan, Kansas 66506 USA.
'
'
~~~~~~~~~~State
an annotated bibliography," IEEE Trans. Reliability, vol R-29, 1980
Dr. C. L. Hwang: For biography, see vol R-30, 1981 Dec, p 423.
Oct, pp 295-304.
[143] C. L. Hwang, F. A. Tillman, M. H. Lee, "System-reliability evalua- Dr. Doris Lloyd Grosh; Dept. of Industrial engineering; Durland Hall;
tion techniques for complex/large systems-a review," IEEE Trans. Kansas State University; Manhattan, Kansas 66506 USA.
Reliability, vol R-30, 1981 Dec, pp 416-423.
Dr. Doris Lloyd Grosh: For biography, see vol R-31, 1982 Oct, p
[144] F. A. Tillman, W. Kuo, C. L. Hwang, D. L. Grosh, "Bayesian 372.
Reliability and Availability-A Review," IEEE Trans. Reliability, vol
R-31, 1982 Oct, pp 362-372.
Dr. Frank A. Tillman; Dept. of Industrial Engineering; Durland Hall,
[1451 G. Apostdakis, S. Garribba, G. Volta, editors, Synthesis and Kansas State University; Manhattan, Kansas 66506 USA.
Analysis Methods for Safety and Reliability Studies, Plenum, 1978.
Dr. Frank A. Tillman: For biography, see vol R-30, 1981 Dec, p.
[146] R. E. Barlow, J. B. Fussell, N. D. Singpurwalla editors, Reliability 423.
and Fault Tree Analysis, SIAM, 1975.
[147] J. B. Fussell, G. R. Burdick, editors, Nuclear Systems Reliability Dr. Chang Hoon Lie; Dept. of Industrial Engineering; Seoul National
Engineering and Risk Assessment, SIAM, 1977.
University; Seoul, KOREA.
[148] E. J. Henley, J. W. Lynn, editors, NA TO Advanced Study Institute
Dr. Chang Hoon Lie: For biography, see vol R-27, 1978 Aug, p 184.
on Generic Techniques in Systems Reliability Assessment, Nordhoff
1973.
Manuscript TR83-049 received 1983 April 1; revised 1985 June 24. ***

FREE Proceedings
Members, and only members, of the Reliability Society of IEEE and of the Electronics Division of ASQC can receive the
following publications free of extra charge. Just write to the place indicated for that group and publication; you MUST
state that YOU are a member of the group to which you are writing. Quantities are limited, and are available (ONLY to
the above members) on a first-come first-served basis. If you are not a member of either group and would like to join, see
the inside front and rear covers for more information on the two groups. The cost/benefit ratio is hard to beat!

Electronics Division of ASQC


Reliability Society of IEEE
Sent annually to all members, except student-members. A The request MUST state that you are a member of the
few extra copies of the 1985 AR&MS proceedings and a Electronics Division, ASQC! and be sent to: Electronics
few extra copies of the 1984 IRPS are available, but only Division, ASQC; c/o Evans Associates; 804 Vickers
for those who did not get them. Address your request to Avenue; Durham, North Carolina 27701 USA.

the Editor. You MUST state that you are a member of the
IEEE Reliability Society!
Proceedings Annual Reliability and Maintainability
Symposium for 1984, 1985.
Proceedings Annual Reliability and Maintainability Proceedings International Reliability Physics Symposium
Symposium (mailed in February).
for 1984.
Proceedings International Reliability Physics Symposium
(mailed in the early summer).

Proceedings QIE (Quality In Electronics)


for 1982, 1983, 1984.

Proceedings Product Liability Prevention Conference. The free supply is gone. Members of either of the two groups
above can order at the special member price of $12 each (send check with order) from: Consultant Services Institute,
Inc.; 23 Rumson Road; Livingston, New Jersey 07039 USA.***

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy