Jurnal Referensi 4
Jurnal Referensi 4
System definition
Fault-tree construction
Qualitative evaluation
Quantitative evaluation
analysis is a useful analytic tool for the reliability and safety of complex
systems. The literature on fault-tree analysis is, for the most part, scattered through conference proceedings and company reports. We have
classified the literature according to system definition, fault-tree construction, qualitative evaluation, quantitative evaluation, and available
not included were either inadvertently overlooked or considered not to bear directly on the topic of this survey. We
apologize to both the readers and the researchers if we
have omitted any relevant papers. This review is a sequel to
our previous literature surveys on optimization of system
Reader Aids-
1. INTRODUCTION
Fault-tree analysis was first conceived in 1961 by H.
A. Watson of Bell Telephone Laboratories in connection
with a US Air Force contract to study the Minuteman
Missile launch control system [12]. At the 1965 Safety
Symposium, sponsored by the University of Washington
and the Boeing Company, several papers were presented
that expounded the virtues of fault-tree analysis [111]. The
presentation of these papers marked the beginning of a
wide-spread interest in using fault-tree analysis as a system
safety and reliability tool for complex dynamic systems
such as nuclear reactors. Since 1960, great efforts have
been made in solving fault trees to obtain reliability information about complex systems. The importance of faulttree analysis for industry is pointed out in the Reactor
Safety Study [99], where 1300 pages deal with fault-tree
analysis.
The fundamental concept in fault-tree analysis is the
translation of a physical system into a structured logic
diagram (fault tree), in which certain specified causes lead
to one specified TOP event of interest. This logic diagram
is constructed using the event symbols and logic symbols in
figure 1.
haveutriedtolbe
.
Fault-Tree Classification
Probabilistic evaluation
45, 47, 48, 53, 55 57, 64, 72, 73, 76, 88, 89, 92, 101, 102,
119 - 121, 123, 125, 130]
Maue fiprac
[9, 16, 53, 76, 77, 92]
[12, 25 - 27, 41 - 43, 54, 57, 66, 69, 75, 76, 79, 80, 81, 96, 97,
99, 121 - 123]
195
LOGIC OPERATIONS
AND gate describes the logical operation
whereby the coexistance of all input events is
~~~~~~~OR
INHIBIT gates described a causal relationship between one fault and another. The inevent directly produces the output event
usdatrasfesybol.Aput
if the indicated condition is satisfied. The
conditional input defines a state of the system
The house is used as a switch to include or
that permits the fault sequence to occur, and
eliminate parts of the fault tree as those parts
may be either normal to the system or result
may or may not apply to certain situations.
from failures.
The
triagle
2. SYSTEM DEFINITION
Fault-tree analysis begins with the statement of an
undesired event, eg, failed state of a system. To perform a
meaningful analysis, the following three basic types of
system information are usually needed [52, 106]:
1. Component operating and failure modes: A
description of how the output states of each component
are influenced by the input states and internal operational
modes of that component.
2. System chart: A description of how the components are interconnected. A functional layout diagram
of the system must show all functional interconnections
and identify each component.
3. System boundary conditions: These define the
situation for which the fault tree is to be drawn. Top event,
196
TABLE 2
Fault-Tree Construction
TABLE 3
Fault-Tree Evaluation
Construction Technique
Technique
[95 - 97]
Taylor, CCD
[91, 113,
115
117]
[125]
[56, 601
[118]
[32, 93]
[110]
[131]
[132,133]
[98]
[62]
[74, 84]
190]
[129]
failure-analysis
COMCAN
BACFIREet alii, new approach
~~~~~~~~Wagner,
[20,21]
[30]
[126]
SAMPLE-WASH 1400
REDIS
Crosetti, code
Analytic method
KITT
Caldarola & Wickenhauser
Other methods
[125]
[89]
[30]
[45]
[18]
[5]
[31]
[127]
procedure.
TABLE 4
Computer Code
The evaluation of a fault tree can be qualitative, quantitative, or both, depending upon the scope of the analysis.
Fault-Tree Construction
DRAFT
[51, 52, 54]
CAT -107,136]
the minimal cut sets & minimal path sets and the common-
[125]
[56, 60]
[118]
[110]
ELRAFT
FAUTRAN
SETS
FATRAN
[131]
[132, 133]
[98]
DICOMIC
[62]
BUP-CUTS
COMCommon-cAuse
COMCAN
BACFIRE
Quantitative Evaluation
Probabilistic evaluation
RELY4
SAFTE
SAMPLE
[94]
[72]
[64]
[99]
[38 - 40]
[119c- 121,
125]
[22 - 26]
[92]
[89]
[360]
NOTED
WAM-BAM
PATREC
[45]
[18]
[5]
SALP
Measures of importance
IMPORTANCE
[76]
TABLE 5
Analysis
Electrical System
ing minimal cut sets for fault trees are Monte Carlo simulation and deterministic methods. (See table 3)
The Monte Carlo simulation procedure for, finding
minimal cut sets first assigns a time to failure for each
analysThis
produces a cut set which is then reduced to a minimal
[20, 21]
[30]
Crosetti, code
KITT
Caldarola & Wickenhauser
PL-MOD
ARMM
System Analyzed by
197
ctst[0]
eventSemanders[110]
are found.
r
inthecomputercodeELRAFT,in-
[27, 54]
Chemical Processing System
[80, 81, 96, 97]
Nuclear Reactor Safety Study
[25, 26, 42, 57, 66, 79, 99, 121 - 123]
198
A. The inclusion-exclusion method of finding successive upper and lower bounds to the probability of the
Theory (KITT), for fault trees containing repairable components. The output from computer programs exercising
Vesely's method [125] contains complete quantitative information about the top event.
L. Caldarola & A. Wickenhauser [26] also developed
an analytic computer program for fault tree evaluation.
This program can evaluate s-coherent systems assuming
binary component states with four different classes of
components. A second computer program is also
developed for solving noncoherent systems with multistate
components [23, 24].
Several computer codes using different approaches
are available to analyze fault trees quantitatively. R. C.
Erdmann et alii [45] developed the WAM series of computer codes to provide flexibility as well as accuracy in the
analysis of system reliability. The SALP computer series,
developed by M. Astolfi et alii [5], in Italy, are based on
the use of list-processing techniques for the direct
manipulation of graphs.
The PATREC code by A. Blin et alii [18] is based on
list-processing which is realized by recognizing and replacing known subtrees or patterns by equivalent leaves with
the corresponding unreliability/unavailability. By
repeatedly pruning the fault tree, it is finally reduced to a
single leaf which represents the system unreliability for
unrepairable systems and unavailability for repairable
systems.
M. F. Chamow [31] suggests a new approach involving well-defined, closed-form methods for quantitative
evaluations of fault tree logic. The method is based on
directed graphs (digraphs) and related matrix methods,
and depends in a major sense on the digraph representations developed for the basic OR and AND logic elements.
The benefit of this method arises because the mathematical
solutions are readily performed by standard matrix techniques, which can be implemented either manually or with
the aid of computer.
For the use of computer on computation and storage
requirements, the fault-tree analysis using bit manipulation
suggested by D. B. Wheeler et alii [127] shows the effectiveness in producing minimal cut sets and the top event
probability through analysis of fault trees of various sizes.
The measures of importance of events and cut sets in
fault trees are another important feature of quantitative
fault tree analysis. While the evaluation of the top event
provides system reliability/availability information, the
probabilistic importance computation can generate a
numerical ranking to assess weaknesses in a system.
Several probabilistic methods can be used to compute
the importance of basic events and cut sets in the fault tree.
H. E. Lambert [76] developed a computer code IMPORTANCE to compute various measures of probabilistic importance of basic events and cut sets to a fault tree. The
code requires as input the minimal cut sets, the failure rates
and the fault duration time (the repair times) of all basic
events contained in the minimal cut sets. The output of the
code includes seven measures of basic-event importance
A REVIEW
199
are
ing fault trees. They are presented in table 4. In the construction phase of the analysis, Fussell [51] pioneered the
(CCD).
200
NOTED [130], WAM-BAM [45], PATREC [18], and Korea Science and Engineering Foundation under the
SALP [5]. Finally, for the measure of importance of events Korea-USA Cooperative Science Program.
and cut sets in fault trees, Lambert [76] developed a very
comprehensive computer code, IMPORTANCE, which
computes various measures of probabilistic importance of
REFERENCES
basic events and cut sets to a fault tree.
5. CONCLUDING REMARKS
ananalytin
onsidring only
nly tose
forts of anfortsof
analyst
in considering
those bsic
basic eents
events
that can contribute to system failure and represent the rela-
in [146, pp 7-35].
[8] R. E. Barlow, F. Proschan, "Availability theory and multicomponent systems,"
Analysis III, P. R. Kriahnaiah,
1971.
editor, Academic
Press,Multivariate
[9] R. E. Barlow, F. Proschan, "Importance of system components and
fault tree analysis," Operations Research Center, Univ. of Calif.,
fault-tsystem
a
this
systenn analyst
andlyst
forw asthe
oriaero
system
as well
theprcess
nuclearcon
design engineer.
ACKNOWLEDGMENT
Our special thanks go to Dr. C. L. Hwang for his vital
Bell Telephone Laboratories, "Launch control safety study," Section VII, vol 1, Bell Telephone Labs., Murray Hill, NJ USA. 1961.
1442-1446.
R. G. Bennetts, "On the analysis of fault trees," IEEE Trans.
Reliability, vol R-24, 1973 Aug, pp 175-185.
[21] G. R. Burdick, N. H. Marshall, J. R. Wilson, "COMCAN-a computer code for common-cause analysis," ANCR-1314, 1976 May.
[145, pp 199-248].
repairable
systems," Nuclear Engineering and Design, vol 43, 1977,
463-470.
~~~~~~~~~~~pp
201
t1ERv9
[59]
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
[70]
[71]
[72]
[73]
[74]
[75]
[76]
[77]
[78]
[79
[80]
[81]
51-55.
J. B. Fussell, W. E. Vesely, "Elements of fault tree construction-a
new approach," Trans. Amer. Nuc. Soc., 1972, p 794.
J- B. Fussell, W- E. Vesely, "A new methodology for obtaining cut
sets for fault trees," Trans. Amer. Nuc. Soc. vol 15, 1972, p 262.
A. C. Gangadharan, M. S. M. Rao, C. Sundarajan, "Computer
methods for qualitative fault tree analysis," in Failure Prevention
and Reliability, edited by S. B. Bennett et al., 1977, pp 251-262.
S. Garribba et al., "DICOMICS, an algorithm for direct computation of minimal cut sets of fault trees," EUR-5481e, 1975.
S. Garribba et al., "Efficient construction of minimal cut sets from
fault trees?," IEEE Trans. Reliability, vol R-26, 1977 Jun, pp
88-94.
B. J. Garrick, "Principles of unified system safety analysis,"
Nuclear Engineering and Design, vol 13, 1970, pp 245-321.
W. Y. Gately, D. W. Stoddard, R. L. Williams, "GO, A computer
program for the reliability analysis of complex systems," Daman
Science Corporation, Colorado Springs, Colorado, KN-67-704(R),
1968 Apr.
C. W. Griffin, "The fault tree as a safety optimization design tool,"
presented at the Topical Meeting on Water Reactor Safety, 1973 Mar.
D. F. Haasl, "Advanced concepts on fault tree analysis," System
Safety Symposium, The Boeing Company, Seattle, Washington,
1965 June 8-9.
W. Hammer, "Fault tree analysis," Handbook of System and Product Safety, Prentice-Hall, 1972, pp 238-246.
W. Hammer, "Fault tree analysis," Product Safety Management
and Engineering, Prentice-Hall, 1975, pp 204-228.
E. J. Henley, H. Kumamoto, "Comment on: Computer-aided synthesis of fault trees," IEEE Trans. Reliability, vol R-26, 1977 Dec,
pp 316-317.
B. L. Hulme, R. B. Worrell, "A prime implicant algorithm with factoring," IEEE Trans. Computers, vol C-24, 1975 Nov. pp
1129-1131.
H. E. Kongsoe, "RELY 4: a Monte Carlo computer program for
systems reliability analysis," Danish Atomic Energy Commission,
RISO-M-1500, June 1972.
H. E. Kongsoe, "REDIS, a computer program for system reliability
analysis by direct simulation," Intern. Symp. Reliability of Nuclear
Power Plants, Innsbruck, Austria, April 14-18, 1975.
H. Kumamoto, E. J. Henley, "Top-down algorithm for obtaining
prime implicant sets of noncoherent fault trees," IEEE Trans.
Reliability, vol R-27, 1978 Oct, pp 242-249.
H. E. Lambert, "System safety analysis and fault tree analysis,"
UCID-16238, Lawrence Livermore Lab., Livermore, California,
1973 May.
H. E. Lambert, "Fault trees for decision making in system
analysis," Lawrence Livermore Laboratory, University of California, Livermore, UCRL-51829, 1975 Oct.
H. E. Lambert, "Measures of importance of events and cut sets in
fault trees," in [146, pp 77-100].
H. E. Lambert, "Comment on the Lapp-Powers computer-aided
synthesis of fault trees," IEEE Trans. Reliability, vol R-28, 1979
Apr
pp
5A.LPP,GJ.Pwr,"opt-addsnhisfful
trees," IEEE Trans. Reliability, 1977 Apr, pp 2-13.
5. A. Lapp, G. J. Powers, "The synthesis of fault trees," in [147, pp
778-799].
5. A. Lapp, G. J. Powers, "sUpdate of Lapp-Powers fault tree synthesis algorithm," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp
12-14.
6-9.s
202
[81a] W. S. Lee, "A study of fault tree analysis for system safety and
reliability," MS Thesis, Kansas State University, 1982.
[82] E. E. Lewis, "Fault trees," Nuclear Power Reactor Safety, John
Wiley & Sons, 1977, pp 87-91.
[83] M. 0. Locks, "Synthesis of fault trees: an example of
noncoherence," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp 2-5.
[84] M. 0. Locks, "Fault trees, prime implicants and noncoherence," E.
I. Ogunbiyi, "Author reply #1," H. Kumamoto, E. J. Henley,
"Author reply #2," M. 0. Locks, "Rebuttal," IEEE Trans.
Reliability, vol R-29, 1980 Jun, pp 130-135.
[85] M. S. Madhava Rao, "FALTREE-a computer program for fault tree
analysis, " Engineering Science and Technology Dept. Letter Report,
EST-77-1, Foster Wheeler Development Corporation, Livingston,
NJ, 1977.
[86N
S. W. Malasky "Faulttreeanalysis," System Safety HaydenBook
[86]
Co. Inc., pp 142-194, 1974.
[87] A. W. Marshall, I.O01kin,"A multivariate exponentialdistribution,"
JASA, vol 62, 1967, pp 3044.
[88] M. Mazumdar, "Importance sampling in reliability estimation," in
[146, pp 153-163].
[89] C. W. Mcknight, et al., "Automatic reliability mathematical model",
North American Aviation, Inc., Downey, California, NA 66-838,
1966.
[90] K. Nakashima, Y. Hattori, "An efficient bottom-up algorithm for
enumerating minimal cut sets of fault trees," IEEE Trans. Reliability,
vol R-28, 1979 Dec, pp 353-357.
[91] D. Nielsen, "Use of cause-consequence charts in practical system
analysis," in [146, pp 849-880].
[92] J. Olmos, L. Wolf, "A modular representation and analysis of fault
trees," Nuclear
trees,"
Nuclear Engineering
Engineering and
and Design,
Design, vol 48, 1978 Aug, pp
o5.Wnc.,Malaskyp "Fault4tree1analysis,"9System7Safety,4HaydenB
531-561.
Sep.
abnormal occurrence reports," Reliability ofNuclear Power Plants,
IAEA-SM-195/16, 1975.
J. R. Taylor, "Sequential effects in failure mode analysis," in [146,
pp 881-894].
J. R. Taylor, E. Hollo, "Algorithm and programs for consequence
diagram and fault tree construction," Report No. RISO-M-1907,
Danish Atomic Energy Commission, Roskilde, Denmark, 1977.
J. R. Taylor, E. Hollo, "Experience with algorithms for automatic
failure analysis," in [147, pp 759-777].
W. J. Van Slyke, D. E. Griffing, "ALLCUTS, a fast comprehensive
fault tree analysis code," Atlantic Richfield Hanford Company,
Richlard, Washington, ARH-ST-1 12, 1975 July.
W. E. Vesely, "Analysis of fault trees by kinetic tree theory,"
IN-1330, Idaho Nuclear Corp., Idaho Falls, 1969 October.
W. E Vesely, A time-dependent methodology for fault tree
analysis," Nucl. Eng. and Design, vol 13, 1970 Aug, pp 337-360.
W. E. Vesely, "Reliability and fault tree applications at NRTS,"
Proc. 1970 Reliability and Maintainability Conf., vol 9, 1970, pp
[117]
[118]
[119]
[120]
~~~~~~~~~~~~[121]
203
FREE Proceedings
Members, and only members, of the Reliability Society of IEEE and of the Electronics Division of ASQC can receive the
following publications free of extra charge. Just write to the place indicated for that group and publication; you MUST
state that YOU are a member of the group to which you are writing. Quantities are limited, and are available (ONLY to
the above members) on a first-come first-served basis. If you are not a member of either group and would like to join, see
the inside front and rear covers for more information on the two groups. The cost/benefit ratio is hard to beat!
the Editor. You MUST state that you are a member of the
IEEE Reliability Society!
Proceedings Annual Reliability and Maintainability
Symposium for 1984, 1985.
Proceedings Annual Reliability and Maintainability Proceedings International Reliability Physics Symposium
Symposium (mailed in February).
for 1984.
Proceedings International Reliability Physics Symposium
(mailed in the early summer).
Proceedings Product Liability Prevention Conference. The free supply is gone. Members of either of the two groups
above can order at the special member price of $12 each (send check with order) from: Consultant Services Institute,
Inc.; 23 Rumson Road; Livingston, New Jersey 07039 USA.***