Fault tree analysis
The fault tree analysis, english Fault Tree Analysis (FTA ) is a method for reliability analysis of technical equipment and systems. It is based on the Boolean algebra to the probability of failure of a system or the entire system to be certain. It is a kind of system analysis and depending on the application in various specifications such as NUREG - 0492 in the field of nuclear industry and at NASA and in the aerospace part of the ARP4761 by the SAE International. As an international standard IEC 61025 ( EN 61025 ) the procedure under the term fault tree analysis by the International Electrotechnical Commission is described. In Germany, the fault tree analysis content of the national DIN 25424th
As part of the fault tree analysis, the logical combinations of partial system failures on all critical paths are identified which lead to a total system failure. The overall system is divided in the analysis into minimum cuts, these are combinations of events that can lead to a total failure. The number of minimum cuts can be up to several million combinations of events depending on the application, the creation of complex fault trees and their evaluation is performed by special software packages. Exemplary applications of the fault tree analysis provide the aviation and space technology, and the probabilistic safety analysis of nuclear power plant technology dar.
History
The fault tree analysis was developed in the early 1960s by HA Watson at Bell Laboratories for the safety assessment of the launch control system for manufactured by Boeing ICBM type LGM -30 Minuteman. In subsequent years, the fault tree analysis has also been used in the design of commercial airplanes at Boeing. In the 1970s and 1980s, the fault tree analysis among others in the planning of nuclear power plants was used in this time range also emerged first commercial software packages for FTA. In the further course of application areas were added in the automotive industry and its suppliers. Recent developments include dynamic fault tree analysis, under which the temporal sequence of failures and dependencies can be modeled by basic events.
Method
As part of the fault tree analysis and its description, a so-called negative logic is used, ie the fault tree describes a loss function which in the state of logic -1 expresses a failure, at logic - 0, there is a functioning system. Since the fault tree analysis of Boolean algebra operated, the overall system, or subsystems as components, in each case only in the two states Operational ( logic 0 ) or unusual (logic -1) can be located.
The starting point is that according to a system analysis of a single adverse event at the top of the fault tree, the so-called top event, which, for example, describes the total failure of the system to be considered and it is determined in the context of a risk analysis. Depending on the task may be limited to certain boundary conditions This top event. In the field of aeronautical engineering, for example, is only to catastrophic conditions in which the uncontrollable crash of the aircraft order.
Starting from this top event of the fault tree is created in a top-down analysis to the individual failure states of components. In more complex systems, the division into sub-systems which is carried out analogously to be divided is shown further to the entire system in the form of no longer divisible minimal cut in the form of basic events. The failure combinations in the fault tree are the Boolean algebra and their symbols, in particular the AND and OR logical links.
In the simplest case, components of a system, which depend on each other in your functioning, connected by the logical OR function. In this case, the failure of a component already leads to a failure of the entire system. Components that can replace the function mutually, then you also speaks of a redundancy, connected by the AND function in the fault tree. In complex systems, redundancy across errors may occur, these are errors that occur at several points of the fault tree and can not be directly summed up in only a minimal cut due to the system structure. These so-called "Together caused error " ( GVA), English Common Cause Failure (CCF ), complicate the analysis.
System components are usually divided in the fault tree into three categories of errors, which are linked via an OR gate:
Calculation
After creating the fault tree for a particular probability of occurrence of the failure will be assigned in the quantitative fault tree analysis each basic event. Data for concrete failure rates can be derived from our own examination series for each base component, or it is referenced as 217Plus with commercially available components and components on free databases such as the MIL -HDBK- 217F or commercial databases. The calculation of the probabilities it can flow more specific environmental conditions such as temperature ranges, scheduled service times, service intervals and the like.
The individual basic components assigned failure rates λ can be in the simple case of exponential distribution - this corresponds to an assumed time constant failure rate over time - with the probability of default expressed as:
Which for sufficiently small values of? t < 0.1 in approximation
Corresponds. The values in the fault trees are based on a given, fixed time interval under normal circumstances. This interval for normalization can be chosen differently depending on the system, for example, be related to an aircraft on a flight hour. The probabilities are therefore dependent on the choice of this time interval.
The default probabilities are set in the fault tree analysis with the symbols of logic gates each other with respect. An AND gate associated two statistically independent events at its two inputs and to form at its output the probability that the two systems have failed:
An OR gate in the fault tree corresponds to the function:
And is the probability when either or both the basic components has failed. This can be iteratively the individual default probabilities in the tree to calculate the top event. Special cases such as "Together caused error " ( GVA) necessitate advanced models. As a rule, various simplifications in the calculation, especially for complex systems, made. Thus, it is believed, among other things due to the generally low probability that a system failure will not several minimum cuts is performed by simultaneous failure, which in the calculation of the overall probability of default, the higher order terms are negligible. For the evaluation of complex fault trees special software is available which facilitates the graphical creation, calculation and evaluation.