Risk Analysis of Highly-integrated Systems

Similar documents
12 - The Tie Set Method

Reliability of Technical Systems

Nuclear reliability: system reliabilty

RISK-INFORMED OPERATIONAL DECISION MANAGEMENT (RIODM): RISK, EVENT TREES AND FAULT TREES

PROBABILISTIC AND POSSIBILISTIC FAULT TREE ANALYSIS

Module No. # 03 Lecture No. # 11 Probabilistic risk analysis

Failures in Process Industries

Boolean algebra. Examples of these individual laws of Boolean, rules and theorems for Boolean algebra are given in the following table.

Causal & Frequency Analysis

Chapter 18 Section 8.5 Fault Trees Analysis (FTA) Don t get caught out on a limb of your fault tree.

Safety and Reliability of Embedded Systems

Propositional Logic Language

Propositional Equivalence

Chapter 2 Combinational Logic Circuits

2.2: Logical Equivalence: The Laws of Logic

Comp487/587 - Boolean Formulas

Discrete Mathematics. CS204: Spring, Jong C. Park Computer Science Department KAIST

Logic Synthesis and Verification

BOOLEAN ALGEBRA INTRODUCTION SUBSETS

Lecture 5 Probability

Boolean Algebra. Philipp Koehn. 9 September 2016

Chapter 2 Combinational Logic Circuits

Logic and Boolean algebra

Lecture 2. Logic Compound Statements Conditional Statements Valid & Invalid Arguments Digital Logic Circuits. Reading (Epp s textbook)

Compound Propositions

Hardware Design I Chap. 2 Basis of logical circuit, logical expression, and logical function

Packet #1: Logic & Proofs. Applied Discrete Mathematics

Boolean Algebra, Gates and Circuits

Reliability of sequential systems using the causeconsequence diagram method

Propositional Logic. Spring Propositional Logic Spring / 32

CSC Discrete Math I, Spring Propositional Logic

Week-I. Combinational Logic & Circuits

Review CHAPTER. 2.1 Definitions in Chapter Sample Exam Questions. 2.1 Set; Element; Member; Universal Set Partition. 2.

Lecture 4: Proposition, Connectives and Truth Tables

UNCERTAINTY. In which we see what an agent should do when not all is crystal-clear.

Intelligent Agents. Pınar Yolum Utrecht University

Reliability of Technical Systems

On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets

CHAPTER 10. Gentzen Style Proof Systems for Classical Logic

Common Cause Failure (CCF)

Logic As Algebra COMP1600 / COMP6260. Dirk Pattinson Australian National University. Semester 2, 2017

CHAPTER 1. MATHEMATICAL LOGIC 1.1 Fundamentals of Mathematical Logic

Development of Multi-Unit Dependency Evaluation Model Using Markov Process and Monte Carlo Method

KE/Tableaux. What is it for?

A New Reliability Allocation Method Based on FTA and AHP for Nuclear Power Plant!

MAT 243 Test 1 SOLUTIONS, FORM A

Propositional natural deduction

CS 226: Digital Logic Design

Computer Organization: Boolean Logic

Formal Verification Methods 1: Propositional Logic

Sample Problems for all sections of CMSC250, Midterm 1 Fall 2014

Combinational Logic Fundamentals

INTRODUCTION TO INFORMATION & COMMUNICATION TECHNOLOGY LECTURE 8 : WEEK 8 CSC-110-T

Part I: Propositional Calculus

Chapter 2 Combinational Logic Circuits

Logic Overview, I. and T T T T F F F T F F F F

Logic Gates and Boolean Algebra

Set Theory Basics of Set Theory. mjarrar Watch this lecture and download the slides

Lifted Inference: Exact Search Based Algorithms

Title: Logical Agents AIMA: Chapter 7 (Sections 7.4 and 7.5)

Chapter 4, Logic using Propositional Calculus Handout

Propositional Logic. Jason Filippou UMCP. ason Filippou UMCP) Propositional Logic / 38

PHIL12A Section answers, 16 February 2011

Packet #2: Set Theory & Predicate Calculus. Applied Discrete Mathematics

Unit 8A Computer Organization. Boolean Logic and Gates

Chapter 1. Logic and Proof

Artificial Intelligence Chapter 7: Logical Agents

Revised by Hankui Zhuo, March 21, Logical agents. Chapter 7. Chapter 7 1

Logic. Definition [1] A logic is a formal language that comes with rules for deducing the truth of one proposition from the truth of another.

Propositional Calculus: Formula Simplification, Essential Laws, Normal Forms

Logical Agents. Chapter 7

Warm-Up Problem. Is the following true or false? 1/35

Safety and Reliability of Embedded Systems. (Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues

Methods of Partial Logic for Knowledge Representation and Deductive Reasoning in Incompletely Specified Domains

Linear Temporal Logic (LTL)

KP/Worksheets: Propositional Logic, Boolean Algebra and Computer Hardware Page 1 of 8

CS 173 Lecture 2: Propositional Logic

Mid-Semester Quiz Second Semester, 2012

CS206 Lecture 03. Propositional Logic Proofs. Plan for Lecture 03. Axioms. Normal Forms

1 Propositional Logic

Section 1.2 Propositional Equivalences. A tautology is a proposition which is always true. A contradiction is a proposition which is always false.

Lecture 6: Manipulation of Algebraic Functions, Boolean Algebra, Karnaugh Maps

UNIVERSITI TENAGA NASIONAL. College of Information Technology

Propositional Logic: Equivalence

Introduction to Artificial Intelligence. Logical Agents

2. The Logic of Compound Statements Summary. Aaron Tan August 2017

Safety analysis and standards Analyse de sécurité et normes Sicherheitsanalyse und Normen

AP1000 European 19. Probabilistic Risk Assessment Design Control Document

3 The Semantics of the Propositional Calculus

Logical agents. Chapter 7. Chapter 7 1

Chapter 7 R&N ICS 271 Fall 2017 Kalev Kask

Chapter-2 BOOLEAN ALGEBRA

Logical Inference. Artificial Intelligence. Topic 12. Reading: Russell and Norvig, Chapter 7, Section 5

DIGITAL CIRCUIT LOGIC BOOLEAN ALGEBRA

A statement is a sentence that is definitely either true or false but not both.

XOR - XNOR Gates. The graphic symbol and truth table of XOR gate is shown in the figure.

It rains now. (true) The followings are not propositions.

Chapter 2: Switching Algebra and Logic Circuits

Assessing system reliability through binary decision diagrams using bayesian techniques.

TDT4136 Logic and Reasoning Systems

Transcription:

Risk Analysis of Highly-integrated Systems RA II: Methods (FTA, ETA) Fault Tree Analysis (FTA) Problem description It is not possible to analyse complicated, highly-reliable or novel systems as black box ; i.e. there is a lack of knowledge at system level but predictions of failure probability, reliability and risk at system level are needed. Approach: System decomposition The behaviour of the overall system is determined by known behaviour as well as known logical and functional linking of system units. 2 1

Method of FTA Starting point of FTA is a predefined system state (failed state as top event ). The subsequent task is to find event combinations leading to the top event. The branches are tracked top-down (top event -> intermediate events -> basic events); the reasoning is deductive. Goals Systematic identification of failure modes (causes) and combinations as well as associated unit failures (basic events) leading to a top event Computation of top event probability where appropriate Working steps of a FTA Definition of the top event Identification of all basic event combinations which result in the top event If quantitative Assignment of failure probabilities to basic events Boolean modelling and calculations of probabilities Analysis of dominating failure combination and impacts (importance analysis), proposals for system improvement/optimisation 3 (1) Definition of the top event In general: System Failure In particular: Loss of specific functions and services meaning the failure of the overall system, (e.g. rupture of a gas storage tank). (2) Identification of basic event combinations The formal combination of events constitutes the logical structure of the system considered or the derived Boolean model (fault tree). The model consists of: Input events: lower event ( input to the gate) Gates (logic operation): show the relationship of lower events needed to result in a higher event (logic AND, OR) Output events: higher event ( output of the gate). The behaviour of the gates is determined by the Rules of Boolean Algebra. 4 2

Boolean Algebra Boolean Algebra is an algebraic system, in which the logical variables x, y,... with the definition range (0, 1) can be linked with the following functions: Conjunction (AND, ) Disjunction (OR, ) Negation (NOT, ) x y x y x y0 1 x0 1 x 0 1 x y x 1 0 0 0 0 0 0 1 1 0 1 1 1 1 These operations are defined by truth tables, describing the output depending on the different combinations of values for the variables. Time is not explicitly included in boolean algebra 5 Boolean Algebra Statement Description Statement Description X Y = X Y commutativity X Y = X Y X = X X (Y Z) = (X Y) Z) X (Y Z) = (X Y) Z) X (Y Z) = (X Y) (X Z) X (Y Z) = (X Y) (X Z) associativity distributivity X Y XY X Y XY O X = O O X = X X X = X Idempotent L X = X X X = X L X = L de-morgan Theorem X (X Y) = X X (X Y) = X XX L XXO absorption X X Y X Y X X Y X Y 6 3

Requirements of the Boolean model The function of the system can be represented formaly by characterising the state of the components with two values (true, false) No time dependencies of the failure rate of the components (boolean models are static models) No repair Stochastic independent failure of components Remark: Often systems not fulfilling these requirements can be described with boolean algebra. E.g. by additional information as compnent fails within a time interval t. 7 Boolean Function Mapping f between a dependent variable y and independent boolean variables x 0, x 1,,, x n-1 1 1 y = f(x 0, x 1,,, x n-1 ) = f x x i ; y 0 0 Example Exclusive-Or y x x x x 0 1 0 1 Remark: In Boolean Algebra we mostly use the operators and instead of the set operators and. Often we do not use the AND operator, but note it as "" (X Y XY) 8 4

Logic Gate Symbols Symbol Alternative symbols Description OR-Gate Output fault occurs if at least one of the input faults occurs AND-Gate Output fault occurs if all of the input faults occur 9 Primary event, intermediate event and transfer symbols 10 5

Required information for a FTA Component level: Different relevant failure modes of individual units (to fix most relevant one) Relevant external influences, e.g. environmental impacts For quantitative analyses: failure probabilities System level: Precise definition of the operation mode in question and the system boundaries (3) Assignment of failure probabilities problems Lack of data (e.g. reliability figures of highly reliable tailor-made components in nuclear power plants, components designed to work under changing operating conditions in the chemical industry, etc.) Development of the database usually causes an extensive amount of work 11 (4) Boolean modelling and calculation of probabilities Boolean Model Functional model, describing the interaction and dependencies in form of a boolean function with binary variables. Characterisation of the states of the system components. In Reliability Analysis System state: Operational (working) or failed (not working) Question: Is the system operational or has it failed. Do we know the state of the components? 12 6

Summary of the assumptions/preconditions A technical system consists of units (components) The units are both technically and logically connected The state of each unit follows a binary logic (true/false, on/off, intact/defect) Available logic operators are: conjunction: AND (, ) disjunction: OR (, ) Labelling of the probabilities: p i : probability of survival of the i-th unit q i : probability of failure of the i-th unit 13 Example: Fault Tree of a Pumping System In a pumping system a tank is filled with a fluid needed for a chemical reactor in 10 and emptied in 50 minutes; hence, a complete cycle takes 1 hour. After the on/off switch is turned on the motor contacts t are turned on. The timer gives on signal for 10 and then off signal for 50. If this mechanism fails an alarm signal sounds and the operator turns the switches off to prevent a tank failure due to overfilling. 14 7

Examples of probabilities used in quantitative FTAs Unit or functional components Survival Probability p i Failure Probability q i Electromechanical parts: switches, timer, horn, contacts 0.9995 5 10-4 Passive element: storage tank 0.999999 10-6 Active element: pump 0.9999 10-4 Functional element human being : : operator 0.99973 2.7 10-4 q operator : Probability of a wrong operator response on a perceived signal q pump : Probability of pump operation despite of being switched off R(t) = 1 F(t) => q i = 1- p i 15 Example from industry: Pumping-storage system 16 8

Simplifications for simple systems only Pr(A B) = P(A) P(B) Pr(A B) = Pr(A) + Pr(B) - Pr(A B) Approximation with small probabilities: Pr(A B) Pr(A) +Pr(B) + Note For any number of random events A i (i = 1, 2,..., n), the equation after Poincaré is applied n n n n Pr A Pr A Pr A A Pr A A A... 1 Pr A A... A i1 n1 1 2 1 2 3 1 2 i i i i i i i n i i1i21 i1i2, i31 i1 i i1i2i 2 3 Rare event approximation for small Pr(A i ) n n 1 n n n Pr Ai Pr Ai AjPr Ai Pr Ai i i1 ji1 i1 i 17 Advantages of a FTA Well suited for modelling of binary (Boolean) mechanical processes, e.g. valve fails to open/close Events occurring on component level l due to interaction ti of multiple l failures are easily representable Provides reliability figures of a system (if adequate data are available) Encourages a methodical way of thinking Applicable to a wide field of systems and processes. Disadvantages Dynamic processes are not representable (a system is considered as "static") Complicated systems usually result in an unmanageable amount of basic events and combinations Reliability figures are often difficult to get. 18 9

19 Computation of highly complicated systems Approach Identification of those units which must at least operate for total system operability or units whose failure result in the total system failure. Minimal Paths and Minimal Cut Sets respectively. Notation ti State x i of unit i, where x i 0 :Unit state " failure" (in short : xi ) 1: Unit state " in operation" (in short : x i ) 20 10

Negative Logic Minimal Cut Sets Positive Logic Minimal Path Sets Smallest set of failed units, which Smallest set of (operating) units, that blocks the path from input to output in a leaves open a path from input to output reliability block diagram. in a reliability block diagram. Example E x 1 x 2 A x 3 Cuts i : 1x1; x3; 2x2; x3 Paths j : 1x1; x2; 2x3 21 Negative Logic Positive Logic 22 11

Negative Logic Positive Logic 23 24 12

Event Tree Analysis (ETA) Purpose of an ETA Organise, characterise, and quantify potential accident sequences that result from a single initiating event in a methodical manner: Graphical representation of logical and physical interactions of events in a system Inductive determination of final system states caused by defined causes Calculation of the resulting system state frequencies Human behaviour, physical/chemical events and other Boolean events can be modelled by event trees. 25 Working steps of a quantitative ETA List all possible initiating events Identify functional system responses, which evolve of a function/no function (i.e., Boolean) answer of a subsystem Grouping initiating events with all system responses Identification of event chains: Each system response has a corresponding branch that indicates weather or not it was successful. At the end of each sequence is an indication of the consequences than can be expected. Assigning of event frequencies P u for the initiating event and the probabilities for success / failure Event frequencies calculation of the final system state Event tree calculation The sum of all n chain-probabilities is equal to the probability of the initiating event The event probability of chain A with n subsequent subsystems is calculated like Pr( Chain A) Pr( Initiating event ) n j 1 Pr( Subsystem j ) 26 13

Construction of an event tree Description A, B, : Component, subsystem Human behaviour State, e.g. storage tank empty etc. Description of system states: System state "Working" Failure chain System state "Explosion" Impact to the environment Evacuation, etc. Subsystem A Subsystem B Subsystem... Final system state Working, success, yes,... Failure, collaps, no,... "After function A, function B can work or fail." Success...... Initiating event... Description: Leakage Fire Earthquake, etc. "After the failure of A the reaction B is irrelevant."... Failure 27 Advantages of an ETA Procedural steps easy to handle Applicable to all kind of (technical) systems, specially for larger facilities with active and passive security measures and unknown physical/chemical system states Scenarios and event sequences are listed and analysed Combination of function and failure Simplified visualisation of dynamic processes (domino effects in event sequences) Disadvantages Difficulty in application: practical knowledge and a detailed system analysis needed Reduced readability of large event trees Even large event trees may contain errors Modifications of an event tree (by inserting a new subsystem) are difficult 28 14

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback