COM4506/6506: Testing and Verification in Safety Critical Systems
COM4506/6506: Testing and Verification in Safety Critical Systems
Professor Rob Hierons
Contents
Fault Tree Analysis
Fault Tree Symbols
Probabilities and Weightings
Introduction
Fault Tree Analysis (FTA) is a structured, logical, and probabilistic method used in risk assessment and system reliability analysis. According to the NASA Fault Tree Handbook, FTA is one of the most important techniques used in probabilistic risk assessment and safety-critical system evaluation.
FTA is applied both during system design and in accident investigation. It focuses on identifying the causes of hazards and understanding how different failures combine to produce undesirable outcomes.
Basics of Fault Tree Analysis
The primary objective of FTA is to analyse the causes of system failures. It uses Boolean logic to represent how individual faults combine to produce a top-level event, which typically represents a hazard.
The analysis begins by defining the system state and identifying the top-level event. This event is then broken down into contributing causes, which are connected using logical gates such as AND and OR. These relationships illustrate how failures interact within the system.
Constructing a Fault Tree
Constructing a fault tree involves several steps. First, assumptions about the system state must be established, such as whether a system is operational or inactive. Next, the top-level hazard is identified. This is followed by decomposing the system into key causes and representing their relationships using logic gates.
Potential causes are often derived from system schematics. Analysts identify relevant components, determine possible failure modes, and examine the reasons for failure. This structured approach ensures a comprehensive understanding of system risks.
Event Types
Fault tree diagrams include different types of events. A basic event represents a fundamental fault that requires no further analysis. Intermediate events are used to structure the tree and may be simplified if necessary. Undeveloped events are not analysed further due to limited information or low impact.
Additional event types include conditioning events, which define constraints on logic gates, and house or external events, which represent conditions expected to occur under normal circumstances.
Cut Sets
Cut sets are combinations of basic events that lead to the occurrence of the top-level event. Minimal cut sets represent the smallest combinations of faults that can cause the hazard. Identifying these sets is essential for understanding system vulnerabilities.
For example, in the expression (A ∧ B) ∨ C, the minimal cut sets are {C} and {A, B}. These represent the simplest combinations of faults that can trigger the system failure.
Boolean Representation and Simplification
Fault trees can be translated into Boolean expressions, which are then simplified using logical rules. These expressions are often rewritten into Disjunctive Normal Form (DNF), where each term represents a minimal cut set. Simplification reduces complexity and improves clarity in analysis.
Probabilistic Modelling
FTA can be extended by assigning probabilities to events. This allows analysts to calculate the likelihood of system failures and identify critical components that require mitigation. Probabilities are expressed as values between 0 and 1, representing the likelihood of an event occurring.
Probabilities can be estimated using empirical data or based on prior knowledge. However, accurate estimation requires sufficient data and controlled conditions.
Probability Rules
Several rules are used when combining probabilities. The probability of an event not occurring is given by P(¬A) = 1 − P(A). For independent events, the probability of both occurring is P(A ∧ B) = P(A) × P(B). For dependent events, conditional probability must be used, expressed as P(A ∧ B) = P(A) × P(B|A).
The probability of either event occurring is given by P(A ∨ B) = P(A) + P(B) − P(A ∧ B). These rules are essential for calculating compound event probabilities in fault tree analysis.
Event Tree Analysis
Event Tree Analysis (ETA) provides an alternative approach to risk assessment. Unlike FTA, which works backward from a hazard, ETA begins with an initiating event and examines possible outcomes. It evaluates sequences of events and eliminates those with negligible probabilities.
ETA is particularly useful in complex systems where fault trees may become too large. It was originally developed in the nuclear industry to manage large-scale risk assessments.
Summary
Fault Tree Analysis is a structured and logical method for analysing system failures in safety-critical systems. It uses Boolean logic and probabilistic modelling to identify causes of hazards and assess their likelihood. By identifying minimal cut sets and critical components, FTA supports effective risk mitigation.
Event Tree Analysis complements FTA by providing a forward-looking approach to analysing system behaviour. Together, these techniques are essential tools for ensuring safety and reliability in complex systems.