The tool can generate a fault tree, see FTA Construction Algorithm, based on a predefined system model, see System Modelling.
The generated fault tree includes only AND and OR gates due to the modeling constructs used to describe system behaviors. The generated fault tree follows a common FTA notation, circles or ovals represent root contributory factors, rectangles represent intermediate events and the root fault event. Boolean operators “AND” and “OR” are depicted using corresponding logic gate shapes between intermediate events and contributory factors or other intermediate events.
The tool allows to model a system and its parts where parts are allowed to belong to only one whole.
The behavioral model of a system is defined by a set of behaviours and a set of relations among them. There are two types of behaviors, i.e. functions and failure modes which are used to describe expected and unwanted behaviors respectively. The behavioral relationships are part-whole, required and impairing relation.
The part-whole relationship is used to describe how a complex behavior is composed
of its parts. Furthermore, the tool distinguishes two types of compositions of behavioral parts. The first is AND
composition, used to model that the whole is manifested only when all its parts are manifested. The second is OR
composition, used to model that the whole is manifested if one of its parts is manifested.
The required relationship is used to specify dependence between behaviors, e.g. functions of a computer require the functions of the power supply.
The impairing relation among behaviors is used to specify mutual exclusion, e.g. the function of a CPU is impaired by the failure mode of the CPU to overheat and burn.
The algorithm to construct a fault tree from a function behavior is described by the recursive procedure GENERATE_FAULT_TREE which takes as input a behavior. Given a function behavior as input the procedure generates a fault tree where the top fault event is the failure of the input function behavior. The root causes of the top fault event, i.e. the basic events of the fault tree, are the fault events corresponding to behaviours which have no parts as well as no impairing and required behaviours.
The procedure converts the input behaviour into a fault event fault-event. The causes of fault-event are constructed based on input the behaviour's type and its behavioral relations. A fault tree event corresponding to a function behaviour is constructed with an OR gate, i.e. the event occurs when any of its causes occurs. Function's fault event occurs if one of the following causes occur:
- cause corresponding to function parts
- for OR functions - all its function parts fail
- for AND functions - one of its function parts fails
- causes corresponding to required functions - the function's fault event occurs if any of its required function's fault event occurs.
- causes corresponding to impairing failure modes - the function's fault event occurs if any of the function's impairing failure modes occurs.
A fault tree event corresponding to a failure mode behaviour is constructed with an AND gate, i.e. the event occurs when all of its causes occurs and none of its impairing behaviors occur. Failure mode's fault event occurs if all the following causes occur:
- cause corresponding to failure mode parts
- for OR functions - one of its failure mode parts occurs
- for AND functions - all of its failure mode parts occur
- causes corresponding to required failure modes - the failure mode's fault event occurs if all of its required failure modes occur
- causes corresponding to impairing functions - the failure mode's fault event occurs if all the failure mode's impairing functions fail.
GENERATE_FAULT_TREE(behaviour: Behaviour)
BEGIN
fault-event = Create -FaultEvent
IF behaviour is Function
fault-evnt.gate = OR
ELSE IF behaviour is FailureMode
fault-evnt.gate = AND
IF behaviour.child_behaviours is not empty
fault-event-due-to-parts = Create FaultEvent with GATE(behaviour.gateType)
fault-event.add(fault-event-due-to-parts)
FOR EACH behaviourPart IN behaviour.behaviourParts
fault-event-due-to-parts.add(GENERATE_FAULT_TREE(behaviourPart))
FOR EACH b IN behaviour.required_behaviours;
fault-event.add(GENERATE_FAULT_TREE(b))
FOR EACH b IN behaviour.impairing_behaviors;
fault-event.add(GENERATE_FAULT_TREE(b))
RETUNR fault-event
END
GATE(behaviour: Behaviour):
BEGIN
IF (behaviour is Function)
RETURN negate(behaviour.behaviourType)
IF (behaviour is FailureMode)
RETURN behaviour.behaviourType
END
Demonstrates transformation of OR behavior.
Demonstrates transformation of AND behavior.
This example is a study by [1]. The analyzed system (as shown in the following picture taken from [1]) is aircraft fuel system, including its subsystems (fuel transportation, fuel supplying and monitoring subsystem). The link (https://kbss.felk.cvut.cz/fta-fmea-demo/system/instance589946784) shows the part of system that is created by the tool.
The link (https://kbss.felk.cvut.cz/fta-fmea-demo/fta/instance-1287330450) shows a fault tree that is created by this tool.
[1] Wei, Q., Jiao, J., Fan, J. & Zhao, T. (2016). An optimized method for generating fault tree from a counter-example. In 2016 Annual Reliability and Maintainability Symposium (RAMS). IEEE.