KEMBAR78
Fault Tree Analysis Methods and Applications A Review | PDF | Reliability Engineering | Monte Carlo Method
0% found this document useful (0 votes)
190 views10 pages

Fault Tree Analysis Methods and Applications A Review

This document provides a review and classification of fault tree analysis methods developed since 1960. It begins with an introduction to fault tree analysis and its use as a tool for system safety and reliability. It then: 1. Classifies the literature on fault tree analysis according to system definition, fault tree construction, qualitative evaluation, quantitative evaluation, and available computer codes. 2. Provides tables that classify references and summarize fault tree construction/evaluation methodologies, computer codes, and applications. 3. Aims to provide a reasonably complete review of the literature on fault tree analysis methods.

Uploaded by

jagger zg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
190 views10 pages

Fault Tree Analysis Methods and Applications A Review

This document provides a review and classification of fault tree analysis methods developed since 1960. It begins with an introduction to fault tree analysis and its use as a tool for system safety and reliability. It then: 1. Classifies the literature on fault tree analysis according to system definition, fault tree construction, qualitative evaluation, quantitative evaluation, and available computer codes. 2. Provides tables that classify references and summarize fault tree construction/evaluation methodologies, computer codes, and applications. 3. Aims to provide a reasonably complete review of the literature on fault tree analysis methods.

Uploaded by

jagger zg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

194 IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO.

3,1985 AUGUST

Fault Tree Analysis, Methods, and Applications - A Review

W. S. Lee however informal it was; these events are usually strongly


Kansas State University, Manhattan undesired system states that can occur as a result of sub-
D. L. Grosh system functional faults.
Kansas State University, Manhattan A fault-tree analysis consists of the following four
F. A. Tillman steps:
Kansas State University, Manhattan
C. H. Lie 1. System definition
Seoul National University, Seoul 2. Fault-tree construction
3. Qualitative evaluation
4. Quantitative evaluation
Key Words-Fault-tree analysis, Literature review.
Table 1 classifies the references. Tables 2 and 3 present
Reader Aids- the references for fault-tree construction and evaluation
Purpose: Present a literature survey
Special math needed for explanations: Probability sorted by methodology. Table 4 summarizes the available
Special math needed to use results: None computer codes for all phases of fault-tree analysis from
Results useful to: System theoreticians and reliability engineers. construction to evaluation. Table 5 shows the applications
of fault-tree methodologies to real problems.
Abstract-This paper reviews and classifies fault-tree analysis
methods developed since 1960 for system safety and reliability. Fault-tree
We haveutriedtolbe
t
reasonably completethosepapers
. . .
analysis is a useful analytic tool for the reliability and safety of complex not included were either inadvertently overlooked or con-
systems. The literature on fault-tree analysis is, for the most part, scat- sidered not to bear directly on the topic of this survey. We
tered through conference proceedings and company reports. We have apologize to both the readers and the researchers if we
classified the literature according to system definition, fault-tree con- have omitted any relevant papers. This review is a sequel to
struction, qualitative evaluation, quantitative evaluation, and available our previous literature surveys on optimization of system
computer codes for fault-tree analysis. reliability [139, 140], on availability of maintained systems
[141], on system-effectiveness models [142], on system-
reliability evaluation techniques for complex/large systems
1. INTRODUCTION [143], and on Bayes reliability and availability [1441.
Fault-tree analysis was first conceived in 1961 by H. TABLE 1
A. Watson of Bell Telephone Laboratories in connection Fault-Tree Classification
with a US Air Force contract to study the Minuteman
Missile launch control system [12]. At the 1965 Safety
Symposium, sponsored by the University of Washington Fault tree introduction
and the Boeing Company, several papers were presented [6, 7, 12, 19, 29, 43, 50, 58, 68, 69, 75, 76, 79, 86, 100, 109,
that expounded the virtues of fault-tree analysis [111]. The 138]
presentation of these papers marked the beginning of a Fault tree construction
wide-spread interest in using fault-tree analysis as a system [1, 4, 51, 52, 54, 59, 67, 70, 76, 78, 80 - 83, 91, 95 - 97,
safety and reliability tool for complex dynamic systems 104 - 107, 113, 115 - 117, 136, 137]
such as nuclear reactors. Since 1960, great efforts have Qualitative evaluation
been made in solving fault trees to obtain reliability infor- Minimal cut sets
mation about complex systems. The importance of fault- [2, 14, 23, 24, 32, 56, 60 - 63, 71, 74, 84, 85, 90, 93, 98, 110,
tree analysis for industry is pointed out in the Reactor 118, 125, 127 - 129, 131 - 135]
Safety Study [99], where 1300 pages deal with fault-tree Common-cause analysis
analysis. [2, 20, 21, 30, 44, 87, 124, 1261
The fundamental concept in fault-tree analysis is the Quantitative evaluation
translation of a physical system into a structured logic Probabilistic evaluation
diagram (fault tree), in which certain specified causes lead 45, 47, 48, 53, 55 57, 64, 72, 73, 76, 88, 89, 92, 101, 102,
to one specified TOP event of interest. This logic diagram 119 - 121, 123, 125, 130]
is constructed using the event symbols and logic symbols in Maue fiprac
figure 1. [9, 16, 53, 76, 77, 92]
The two basic units involved are the AND and OR
gates. Another, less often used, element is the NOT gate. [12, 25 - 27, 41 - 43, 54, 57, 66, 69, 75, 76, 79, 80, 81, 96, 97,
TOP events are taken from a preliminary hazard analysis, 99, 121 - 123]

0018-9529/85/0800-0194$01 .00©)1985 IEEE


Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW 195

FAULT TREE SYMBOLISM

EVENT REPRESENTATIONS The diamond describes a fault event that is LOGIC OPERATIONS
The rectangle identifies an event that results considered basic in a given fault tree. The AND gate describes the logical operation
from the combinations of fault events possible causes of the event are not developed whereby the coexistance of all input events is
through the input logic gate.
further because the event is of insufficient required to produce the output event.
consequence or the necessary information is
unavailable. 0

The circle describes a basic-fault-event that


~~~~~~~OR gate defines the situation whereby the
output event will exist if one or more of the
requires no further development. Frequency input events exists.
and mode of failure of items so identified are
derived from empirical data. The circle within a diamond indicates a sub-
tree exists, but that subtree was evaluated
separately and the quantitative results in-
serted as though a component.

INHIBIT gates described a causal relation-


ship between one fault and another. The in-
The triangles are used as transfer symbols. A The triagle usdatrasfesybol.Aput event directly produces the output event
if the indicated condition is satisfied. The
line from the apex of the triangle indicates a The house is used as a switch to include or conditional input defines a state of the system
transfer in and a line from the side or bottom eliminate parts of the fault tree as those parts that permits the fault sequence to occur, and
denotes a transfer out. may or may not apply to certain situations. may be either normal to the system or result
from failures.

Fig. 1. Standard Fault Tree Logic and Event Symbolism [99]

2. SYSTEM DEFINITION initial conditions existing or not-allowed events, and the


tree top are system boundary conditions.
Fault-tree analysis begins with the statement of an
undesired event, eg, failed state of a system. To perform a
meaningful analysis, the following three basic types of 3. FAULT-TREE CONSTRUCTION
system information are usually needed [52, 106]:
Fault-tree construction is generally a complicated and
1. Component operating and failure modes: A time-consuming task. Computer-aided synthesis has at-
description of how the output states of each component tracted considerable attention and several methodologies
are influenced by the input states and internal operational have been proposed. They differ in the modeling of com-
modes of that component. ponents and in their objectives. Table 2 classifies the
2. System chart: A description of how the com- literature on fault-tree construction techniques.
ponents are interconnected. A functional layout diagram General methodology for construction: David Haasl
of the system must show all functional interconnections [671 devised a structure that establishes rules to determine
and identify each component. the type of gate to use and inputs to the gate.
3. System boundary conditions: These define the J. B. Fussell [511 initiated automated construction with
situation for which the fault tree is to be drawn. Top event, his Synthetic Tree Model (STM). He presented a computer

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
196 IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

TABLE 2 TABLE 3
Fault-Tree Construction Fault-Tree Evaluation
Construction Technique Technique
Haasll, structuring process Qualitative evaluation: Minimal Cut Sets
[67, 76] Monte Carlo simulation
Fussell, STM (DRAFT code) PREP (FATE option) [125]
[51, 52, 54] Deterministic Method
Powers & Tompkins, method PREPE (COMBO option) [125]
[95 - 97] MOCUS [56, 601
Salem et alii, CAT ALLCUTS [118]
[104 - 107, 136] MICSUP [32, 93]
ELRAFT [110]
Lapp & Powers, computer aided synthesis FAUTRAN [131]
[78, 80 - 83, 137] SETS [132,133]
Comarda, et alii, efficient algorithm FATRAM [98]
[1, 27] DICOMIC [62]
Taylor, CCD Kumanoto & Henley [74, 84]
[91, 113, 115 - 117] Nakashima & Hattori 190]
GO [129]
Qualitative evaluation: Common-Cause failure-analysis
code, DRAFT, for electrical systems. The idea behind
STM is the modeling of each device in the system by a COMCAN [20,21]
failure transfer function. Then, by tracing
' through the
BACFIREet alii, new approach
~~~~~~~~Wagner, [30]
[126]
schematic, these transfer functions for various com-
ponents are combined and edited to form the final fault Quantitative evaluation: Probabilistic evaluation of fault tree
tree. Coherent structure theory
Powers & Tompkins [96] devised a method for [3, 6, 8, 10, 17, 33 - 35, 47 - 49]
automated fault-tree construction method for chemical Monte Carlo simulation
systems. They began the use of input/output models for RELY4 [38, 72, 88]
describing local cause and effect relationships between SAFTE [64]
variables and failure events for a single component of a SAMPLE-WASH 1400 [99]
system. Their approach is first to break down a system into REDIS [73]
constituent blocks, and define their operations via unit Crosetti, code [38 - 40]
models, then to couple these systematically to form the Analytic method
tree. KITT [119 - 121,125]
Salem, Apostolakis, Okrent devised CAT (Computer Caldarola & Wickenhauser [22 - 26]
Automated Tree) code [105] which presents a general, Other methods
computer-implemented approach for modeling nuclear
and other complex systems involving mechanical, elec- ARMM [89]
trical, hydraulic and human interactions and common- NOTED [30]
cause effects as well. The CAT code is based on the use of WAM-BAM [45]
decision tables as component modeling [107], and a step by PATREC [18]
step editing procedure by coupling components and tracing SALP [5]
through the system in order to construct the fault tree. Digraph Technique [31]
Lapp & Powers Fault Tree Synthesis program (FTS) Bit Manipulation [127]
[80] first generates a diagraph (directed graph) for system Quantitative evaluation: Measures of importance
representation, and then uses a fault-tree synthesis [9, 16, 53, 76, 77, 921
algorithm to deduce the fault tree from the diagraph model
of the system being analyzed.
Camarda et alii [27] proposed an efficient algorithm
for fault-tree automatic synthesis from the reliability graph Cause-Consequence Diagram is the most comprehensive
for large systems, which is generally much easier to obtain representation of its kind and has recently generated
than the fault tree, because the ways in which a physical widespread attention as a method for reliability and safety
system can operate are much fewer than those in which it analysis of complex systems. It extends the fault-tree
can fail. methodology to describe better the sequential effects of ac-
Taylor & Hollo [116] use algebraic component models cident chains and to increase their visibility in the analysis
to construct a Cause-Consequence Diagram (CCD). The procedure.

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW 197

TABLE 4 4. FAULT TREE EVALUATION


4 Available Computer Codes for Fault-Tree Analysis
Computer Code The evaluation of a fault tree can be qualitative, quan-
Fault-Tree Construction titative, or both, depending upon the scope of the analysis.
Table 3 presents the literature on the structures of the fault
DRAFT tree evaluation.
[51, 52, 54]
CAT -107,136] 4.1 Qualitative Evaluation

[78, 80- 83, 137] Qualitative fault-tree analysis consists of determining


Taylor, CCD the minimal cut sets & minimal path sets and the common-
[91, 113, 114, 116, 117] cause failures. Two major approaches used for determin-
Qualitative Evaluation ing minimal cut sets for fault trees are Monte Carlo simula-
Minimal Cut Set tion and deterministic methods. (See table 3)
PREP [125] The Monte Carlo simulation procedure for, finding
MOCUS [56, 60] minimal cut sets first assigns a time to failure for each
ALLCUTS [118] component, usually based upon an exponential failure
ELRAFT [110] distribution. These times to failure are chosen by first
FAUTRAN [131] generating for each component a uniformly distributed
SETS [132, 133] random number between 0 and 1, and then finding the
FATRAN [98] corresponding time to failure. In one Monte Carlo run, the
DICOMIC [62] time to failure is generated for each component, then the
BUP-CUTS [94] components states are set to "failed", one at a time in
order of increasing time, until the top event is produced.
COMCommon-cAuse
COMCAN
analysThis
[20, 21]
produces a cut set which is then reduced to a minimal
ctst[0]
BACFIRE [30] cut set [105].
Quantitative Evaluation The basic idea behind deterministic methods is direct
Probabilistic evaluation expansion or reduction of the top event of a fault tree in
RELY4 [72] terms of the constituent basic events using Boolean
SAFTE [64] algebra. One of the earliest computer programs using the
SAMPLE [99] deterministic method is the PREP progam developed by
Crosetti, code [38 - 40] Vesely & Narum [125]. The program, except the Monte
KITT
Caldarola & Wickenhauser
[119c- 121, 125]
[22 - 26]
Carlo option (FATE), uses a direct combination testing
algorithm (COMBS) for its deterministic approach.
PL-MOD [92] Fussell & Vesely [60] developed an alternative
ARMM [89] algorithm which does not require the combination testing.
NOTED
WAM-BAM
[360] It is based on the fact that AND gates always increase the
[45] number of the cut sets, and OR gates always increase the
PATREC [18] number of cut sets. Fussell, Henery, Marshall [56] used
SALP [5] this algorithm in their fault-tree analysis program,
Measures of importance MOCUS. This is the top-down oriented algorithm and is
IMPORTANCE [76] designed to accept only AND and OR gates. MICSUP [93]
is, on the other hand, a bottom-up algorithm. It begins
TABLE 5 with the lowest level gates that have basic events as input
5 Applications of Fault-Tree Analysis Real Problems only, finds the minimal cut sets to these gates and then suc-
System Analyzed by Fault Tree Analysis cessively substitutes these cut sets to these gates. The pro-
cedure is repeated until the minimal cut sets for the top
Aerospace Safety Study eventSemanders[110]
are found.
[12] inthecomputercodeELRAFT,in-
r
Electrical System
[27, 54] troduced the concept of prime number representation of
Chemical Processing System basic events for reduction of fault trees. This concept is
[80, 81, 96, 97] useful in storing the cut sets and eliminating the superset.
Nuclear Reactor Safety Study While the above methods of finding minimal cut
[25, 26, 42, 57, 66, 79, 99, 121 - 123] apply for s-coherent fault trees, ie, a fault tree thatsetsis
[41, 43, 69] restricted to contain AND and OR gates only, the SETS
Decision Making in System Analysis computer code [132] finds the prime implicants to a non-
[75, 76] coherent fault tree. The prime implicants are like minimal

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
198 IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

cut sets except that they may contain complemented basic sets/path sets to write the structure function of the tree as a
events. sum of products of basic events provided that the basic
Kumamoto & Henley [74] developed a top-down events are not replicated in cut sets and all basic events are
algorithm for obtaining prime implicant sets of non- statistically independent; or 2) Approximately, by using
coherent fault trees. one of the following standard methods [10]:
Common-cause failure is any occurrence or condition
that results in multiple component failures. An important A. The inclusion-exclusion method of finding suc-
common-cause event is, then, a cause of secondary failure cessive upper and lower bounds to the probability of the
that is common to all basis events in one or more hardware top event in terms on the minimal cut sets.
minimal cut sets. Two methodologies for common-cause B. The minimal cut upper bound and min path lower
analysis have been developed. bound when the basic events are statistically independent.
The first one, called COMCAN [21], was developed C. The min-max bound for statistically dependent
by the Aerojet Nuclear Company for the US Energy basic events, ie, the basic events are associated.
Research and Development Administration. The program
requires as input whatever minimal cut sets have been Improved bounds for above methods can sometimes
selected from the fault tree and the generic cause suscep- be obtained by using modular decomposition [10, 34].
tibility for each basic event in each category. The The analysis of noncoherent fault trees proceeds in a
algorithm then searches for those minimal cut sets that are similar way. Instead of finding the minimal cut sets in
comprised of basic events that are all susceptible to the s-coherent structures, the prime implicants are identified in
same generic cause, and this search is repeated for each noncoherent fault trees. Algorithms for obtaining the
category. Nevertheless, for complex systems, determining prime implicants are discussed in [74, 132]. All the
the list of minimal cut sets becomes a difficult and often an methods applicable to s-coherent fault trees, except the
impossible task. Computer time and storage capacity minimal cut (path) bounds, can be extended to non-
become prohibitive. Any method that requires the list of coherent fault trees [35].
all minimal cut sets as input is restricted. By the late 1960s, sophisticated computer programs
To overcome this difficulty a new procedure was pro- were available to obtain probabilistic information about
posed by Wagner et al. [126]. This second approach, the top event from probabilistic information about the
without examining all the minimal cut sets, locates basic events by using Monte Carlo method. Such programs
minimal cut sets of any order which could fail due to com- have been described by P. Crosetti [38], and H. E.
mon causes. Kongsoe [72].
For quantitative analysis of common-cause failure, In order to reduce the computer run time to an accep-
W. E. Vesely [124] developed a statistic estimation tech- table level, which is usually a painful task in direct simula-
nique for common-cause failure by specializing the tion, a statistical sampling procedure called importance
multivariate exponential Marshall-Olkin model [87]. sampling is used in Monte Carlo analyses [36]. This tech-
nique depends on biasing the simulation through the use of
4.2 Quantitative Evaluation another distribution so that the component or the com-
bination of components that cause the unlikely event are
The first step in the quantitative evaluation of a fault emphasized in the sampling. So as not to bias the end
tree is to find the structural representation of the top event result, corrections are made at the end.
in terms of the basic events. Finding the minimal cut sets is The computer program, RELY 4, developed by H. E.
one way of accomplishing this step. If the rate of occur- Kongsoe [72] has four different versions. Versions 1 and 3
rence and fault duration for all basic events are known, use importance sampling and versions 2 and 4 use direct
and the statistical dependency of each basic event is known simulation.
(or assumed), then the statistical expectation or probability In WASH-1400 Reactor Safety Study [99], a Monte
of the top event can be determined [76]. Carlo program called SAMPLE [99], was used to compute
The Boolean representation of fault trees provides the the uncertainty distribution of the system reliability using a
link with s-coherent structure theory [10]. When system simplified mathematical model (based on exponential
success, rather than failure, is stressed, the s-coherent failure distribution for the system components) and using
structure theory is the foundation of reliability theory. A the uncertainty distribution on the parameters of the com-
s-coherent structure, in the context of fault trees, is ponent failure and repair distribution.
nondecreasing in each basic event, ie, the occurrence of a The SAFTE codes for a unified system reliability and
basic event cannot cause a system transition from a failed safety study by B. J. Garrick [64] and REDIS program [73]
state to an unfailed state. developed in Denmark are also examples of Monte Carlo
The minimal cut sets & path sets of a s-coherent fault simulation programs.
tree can be obtained by using one of the available codes In 1970, W. E. Vesely [119] made a most important
[56, 93, 125]. The system unavailability can then be advance in quantitative evaluation of fault trees by
calculated either: 1) Exactly by using the minimal cut developing an analytic methodology, called Kinetic Tree

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW 199

Theory (KITT), for fault trees containing repairable com- and two measures of cut-set importance by assuming
ponents. The output from computer programs exercising statistical independence of basic events.
Vesely's method [125] contains complete quantitative in-
formation about the top event. 4.3 Available Computer Codes for Fault Tree Analysis
L. Caldarola & A. Wickenhauser [26] also developed
an analytic computer program for fault tree evaluation. Numerous computer codes are available for process-
This program can evaluate s-coherent systems assuming ing fault trees. They are presented in table 4. In the con-
binary component states with four different classes of struction phase of the analysis, Fussell [51] pioneered the
components. A second computer program is also work with his DRAFT code for electrical system. Salem et
developed for solving noncoherent systems with multistate alii [105] produced the CAT code based on the application
components [23, 24]. of the decision table. Lapp & Powers [80] developed the
Several computer codes using different approaches Fault Tree Synthesis (FTS) code for chemical processing
are available to analyze fault trees quantitatively. R. C. system. Taylor & Hollo [116] use algebraic component
Erdmann et alii [45] developed the WAM series of com- models to construct a Cause-Consequence Diagram
puter codes to provide flexibility as well as accuracy in the (CCD).
analysis of system reliability. The SALP computer series, For qualitative evaluation, Vesely & Narum [125]
developed by M. Astolfi et alii [5], in Italy, are based on made available a PREP code that obtained the minimal cut
the use of list-processing techniques for the direct sets (or minimal path sets) for the fault tree. Because of the
manipulation of graphs. time consuming nature of the algorithms used in PREP,
The PATREC code by A. Blin et alii [18] is based on several newer and more efficient codes have been written
list-processing which is realized by recognizing and replac- employing faster deterministic routines not requiring
ing known subtrees or patterns by equivalent leaves with Monte Carlo methods. The MOCUS code by Fussell [56]
the corresponding unreliability/unavailability. By starts at the top of the fault tree and proceeds down while
repeatedly pruning the fault tree, it is finally reduced to a the MICSUP code by Pande et alii [93] starts at the bottom
single leaf which represents the system unreliability for of the tree and proceeds up. In general, MICSUP requires
unrepairable systems and unavailability for repairable less memory storage space in the computer than MOCUS
systems. since MICSUP stores all cut sets in a single array. For fault
M. F. Chamow [31] suggests a new approach involv- tree containing NOT gates (and thus noncoherence), Wor-
ing well-defined, closed-form methods for quantitative rell [132] developed the SETS computer code to find the
evaluations of fault tree logic. The method is based on prime implicants for the fault tree. The prime implicants
directed graphs (digraphs) and related matrix methods, are like minimal cut sets except that they can contain com-
and depends in a major sense on the digraph representa- plemented basic events. Other well-known deterministic
tions developed for the basic OR and AND logic elements. programs for determining minimal cut sets are ALLCUTS
The benefit of this method arises because the mathematical [118], ERAFT [110], FAUTRAN [131], FATRAM [90],
solutions are readily performed by standard matrix tech- DICOMIC [62], BAM-CUTS [45], and BUP-CUTS [90].
niques, which can be implemented either manually or with For common-cause failure analysis of qualitative fault-tree
the aid of computer. evaluation, two computer codes have been developed using
For the use of computer on computation and storage minimal cut sets as input: COMCAN [21], developed at
requirements, the fault-tree analysis using bit manipulation INEL, and BACFIRE [30], developed at University of
suggested by D. B. Wheeler et alii [127] shows the effec- Tennessee.
tiveness in producing minimal cut sets and the top event The early computer codes for quantitative fault tree
probability through analysis of fault trees of various sizes. evaluation were available to obtain probabilistic informa-
The measures of importance of events and cut sets in tion about the top event by using the Monte Carlo method.
fault trees are another important feature of quantitative Such codes are RELY 4 [72] and Crosetti's code [38].
fault tree analysis. While the evaluation of the top event SAFTE [64], REDIS [73] and SAMPLE [99] can also be
provides system reliability/availability information, the classified in this category. For analytic methodology of
probabilistic importance computation can generate a quantitative evaluation, Vesely & Narum [125] provided
numerical ranking to assess weaknesses in a system. the KITT code for probabilistic fault tree evaluation start-
Several probabilistic methods can be used to compute ing from primary failure information to top failure infor-
the importance of basic events and cut sets in the fault tree. mation. Caldarola & Wickenhauser [26] also produced an
H. E. Lambert [76] developed a computer code IMPOR- analytic computer program similar to that of Vesely &
TANCE to compute various measures of probabilistic im- Narum. The PL-MOD code by Olmos & Wolf [92] per-
portance of basic events and cut sets to a fault tree. The formed the step by step modularization of fault trees
code requires as input the minimal cut sets, the failure rates through an extensive use of the list processing tools
and the fault duration time (the repair times) of all basic available in PL-1. Other computer codes developed by
events contained in the minimal cut sets. The output of the many industry users and research institutions serving the
code includes seven measures of basic-event importance similar evaluation interests are ARMM [89], GO [65],

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
200 IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

NOTED [130], WAM-BAM [45], PATREC [18], and Korea Science and Engineering Foundation under the
SALP [5]. Finally, for the measure of importance of events Korea-USA Cooperative Science Program.
and cut sets in fault trees, Lambert [76] developed a very
comprehensive computer code, IMPORTANCE, which
computes various measures of probabilistic importance of REFERENCES
basic events and cut sets to a fault tree.
[1] K. K. Aggarwal, "Comment on an efficient simple algorithm for
fault tree automatic synthesis from the reliability graph," IEEE
Trans. Reliability, vol R-28, 1979 Oct, p 309.
5. CONCLUDING REMARKS [2] R. N. Allan, I. L. Ronsiris, D. M. Fryer, "An efficient computa-
tional technique for evaluating the cut/tie sets and common-cause
failures of complex systems," IEEE Trans. Reliability vol R-30,
Fault-tree analysis iS a versatile tool that has rapidly 1981 Jun, pp 101-109.
won favor with those involved in reliability and safety [3] H. P. Alesso, H. J. Benson, "Fault tree and reliability relationships
calculations. But fault-tree models do have disadvantages. for analyzing noncoherent two-state system," Nuclear Engineering
Probably the most outstanding one is the cost of develop- and Design, vol 56, 1980, pp 309-320.
in
ment first-time appllcatlon
1n first-tlme Some inductive
application to a system. Some [4] P. K. Andow, "Difficulties in fault-tree synthesis for process
ment lnductlve
analysis technique, like Failure-Mode-and-Effects Analysis
plant," IEEE Trans. Reliability, vol R-29, 1980 Apr, pp 2-9.
[5] M. Astolfi, S. Contini, C. L. Van der Muyzenberg, G. Volta, "Fault
(FMEA), is a much simpler and more cost effective techni- tree analysis by list-processing techniques," in [145, pp 5-32].
que to apply in analyzing small systems when a single-point [6] R. E. Barlow, P. Chatterjee, "Introduction to fault tree analysis,"
Operations Research Center, UC Berkeley, ORC 73-30, Dec 1973.
failure analysis is adequate. However, as systems become [7] R. E. Barlow, H. E. Lambert, "Introduction to fault tree analysis,"
more complex and the consequences of accidents become in [146, pp 7-35].
catastrophic, a technique such as fault-tree analysis should [8] R. E. Barlow, F. Proschan, "Availability theory and multi-
be applied. Fault-tree analysis can efficiently direct the ef- component systems,"
editor, Academic Press,Multivariate
1971.
Analysis III, P. R. Kriahnaiah,
forts of anfortsof ananalytin
analyst onsidring only
in considering those bsic
nly tose basic eents
events [9] R. E. Barlow, F. Proschan, "Importance of system components and
that can contribute to system failure and represent the rela- fault tree analysis," Operations Research Center, Univ. of Calif.,
tionship of human error and environmental conditions in Berkeley, Report ORC 74-3, 1974.
causing systemalysis,
failure. With the fast progress of automated [10] R. E. Barlow, F. Proschan, Statistical Theory of Reliability and Life
fault-tsystem techniue c a s t p ress ator ctveu Testing, Holt, Rinehart, & Winston, 1975.

fault-tree analysis, this technique can be a more effective [11] L. Bass, et alii, "Fault tree graphics," in [146, pp 913-927].
a this a

and sophisticated analytic reliability tool. [12] Bell Telephone Laboratories, "Launch control safety study," Sec-
A major difficulty with quantitative fault-tree evalua- tion VII, vol 1, Bell Telephone Labs., Murray Hill, NJ USA. 1961.
tion (as well as any quantitative reliabilitiy technidque) is [13] N. N. Bengiamin, B. A. Bowman, K. F. Schenk, "An efficient
the lack of pertinent failure-rate data. Nevertheless, quan- algorithm for reducing the complexity of computation in fault
titative evaluations are particularly valuable for comparing analysis," IEEE Trans. Nuclear Science, vol NS-23, 1976 Oct,tree
pp
1442-1446.
systems designs that have similar components. The results [14] R. G. Bennetts, "On the analysis of fault trees," IEEE Trans.
are not as sensitive to the failure-rate data as is an absolute Reliability, vol R-24, 1973 Aug, pp 175-185.
determination of the system failure probability. Because of [15] L. J. Billera, "On the composition and decomposition of clutters,"
uncertainties in failure-rate data, quantitative fault-tree J. Combinatorial Theory, vol 11, 1971, pp 234-245.
analysis has its greatest value when relative
analysis eltverte[16]
rather thanab-
hatsgeaetvauwe Z. W. Birnbaum, "On the importance of
multicomponent system," Multivariatedifferent components in a
Analysis II, P. R.
solute determinations are made. Fault-tree analysis is then Krishaniah, editor, Academic Press, 1969.
best applied during the detailed design stages of a system. [17] Z. W. Birnbaum, J. D. Esary, S. C. Saunders, "Multi-component
Fault-tree analysis can be a most simple or a most systems and structures and their reliability," Technometrics, vol 3,
sophisticated analytic reliability tool depending on the 1961 Feb, pp 55-77.
needs of the analyst. For the system-safety analyst, fault [18] A. Blin, A. Carline, et alii, "PATREC,
tree calculations," in [145, pp 33-43]
a computer code for fault
trees provide an objective basis for analyzing failure modes [19] D. B. Brown, "Fault tree analysis," Systems Analysis and Design
and probabilities and evaluating overall reliability. The for Safety, Prentice-Hall, Inc., pp 152-193, 1976.
simple logic applies to both systems and subsystems, and is [201 G. R. Burdick, "COMCAN-A computer code for common-cause
an effective visualization tool for management as well as analysis," IEEE Trans. Reliability, vol R-26, 1977 Jun, pp 100-102.
[21] G. R. Burdick, N. H. Marshall, J. R. Wilson, "COMCAN-a com-
systenn analyst
system andlyst forw asthe
as well nuclearcon
theprcess oriaero
design engineer.
puter code for common-cause analysis," ANCR-1314, 1976 May.
[22] L. Caldarola, "Unavailability and failure intensity of components,"
Nuclear Engineering and Design, vol 44, 1977, pp 147-162.
[23] L. Caldarola, "Fault tree analysis with multistate components," in
ACKNOWLEDGMENT [145, pp 199-248].
[24] L. Caldarola, "Coherent systems with multistate components,"
Nuclear Engineering and Design vol 58, 1980, pp 127-139.
Our special thanks go to Dr. C. L. Hwang for his vital [25] L. Caldarola, A. Wickenhauser, "Recent advancements in fault tree
help and encouragement on this project. methodology at Karlsruhe," in [147, pp 518-542].
This study was partly supported by the US Office of [26] L. Cadarola, A. Wickenhauser, "The Karlsruhe computer program
Naval Research, Control No. N00014-76-C-0842; National for the evaluation of the availability and reliability of complex
Science Foundation, Grant 'No. INT 8215755,' and the repairable systems," Nuclear Engineering and Design, vol 43, 1977,
~~~~~~~~~~~pp
463-470.

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW 201

[27] P. Camarda, F. Corsi, A. Trentadue, "An efficient simple [56] J. B. Fussell, E. B. Henry, N. H. Marshall, "MOCUS-a computer
algorithm for fault tree automatic synthesis from the reliability program to obtain minimal sets from fault trees," ANCR-1156,
graph," IEEE Trans. Reliability, vol R-27, 1978 Aug, pp 215-221. Aerojet Nuclear Company, Idaho Falls, Idaho, 1974 March.
[28] J. M. Cargal, "An alternative fault-tree algebra, IEEE Trans. [57] J. B. Fussell, H. E. Lambert, "Quantitative evaluation of nuclear
Reliability, vol R-29, 1980 Aug, pp 269-272. system reliability and safety characteristics," IEEE Trans. Reliabili-
[29] A. Carnino, "Safety analysis using fault trees," in [148]. tys vol R-25e 1976 Augf pp 178-183.
[301 C. L. Cate, J. B. Fussel, "BACFIRE-A computer program for [58] J. B. Fussell, G. J. Powers, R. G. Bennetts, "Fault trees-a state of
common cause failure analysis," The University of Tennessee, the art discussion," IEEE Trans. Reliability, vol R-23, 1974 Apr, pp
NERS-77-02, 1977.
[31] M. F. Chomow, "Directed graph techniques for the analysis of fault 51-55.
t1ERv9
trees," IEEE Trans. Reliability, vol R-27, 1978 Apr, pp 7-15. [59] J. B. Fussell, W. E. Vesely, "Elements of fault tree construction-a
[32] P. Chatterjee, "Fault tree analysis: Min cut set algorithms," ORC new approach," Trans. Amer. Nuc. Soc., 1972, p 794.
74-2, Operations Research Center, University of California, [60] J- B. Fussell, W- E. Vesely, "A new methodology for obtaining cut
Berkeley, California, 1974 Jan. sets for fault trees," Trans. Amer. Nuc. Soc. vol 15, 1972, p 262.
[33] P. Chatterjee, "Fault tree analysis: reliability theory and systems [61] A. C. Gangadharan, M. S. M. Rao, C. Sundarajan, "Computer
safety analysis," Operations Research Center, University of Califor- methods for qualitative fault tree analysis," in Failure Prevention
nia, Berkeley, ORC 74-34, 1974 Nov. and Reliability, edited by S. B. Bennett et al., 1977, pp 251-262.
[34] P. Chatterjee, "Modularization of fault trees: a method to reduce [62] S. Garribba et al., "DICOMICS, an algorithm for direct computa-
the cost of analysis," in [146, pp 101-1261. tion of minimal cut sets of fault trees," EUR-5481e, 1975.
[35] T. L. Chu, G. Apostolakis, "Methods for probabilistic analysis of [63] S. Garribba et al., "Efficient construction of minimal cut sets from
noncoherent fault trees," IEEE Trans. Reliability, vol R-29, 1980 fault trees?," IEEE Trans. Reliability, vol R-26, 1977 Jun, pp
Dec, pp 354-360. 88-94.
[361 C. E. Clark, "Importance sampling in Monte Carlo analysis," [64] B. J. Garrick, "Principles of unified system safety analysis,"
Operations Research, 1961 Sep/Oct, pp 603-620. Nuclear Engineering and Design, vol 13, 1970, pp 245-321.
[37] A. G. Colombo, "Uncertainty propagation in fault tree analysis," [65] W. Y. Gately, D. W. Stoddard, R. L. Williams, "GO, A computer
in Failure Prevention and Reliability presented at the Design Eng. program for the reliability analysis of complex systems," Daman
Technical Cong., Chicago, Ill, 1977 Sep, pp 95-103. Science Corporation, Colorado Springs, Colorado, KN-67-704(R),
[38] P. Crosetti, "Computer program for fault tree analysis," Douglas 1968 Apr.
United Nuclear, Inc., Richard, Wash., DUN-5508, 1969 Apr. [66] C. W. Griffin, "The fault tree as a safety optimization design tool,"
[39] P. A. Crosetti, "Fault tree analysis with probability evaluation," presented at the Topical Meeting on Water Reactor Safety, 1973 Mar.
IEEE Nuclear Power Systems Symp. 1970 Nov, pp 465-471. [67] D. F. Haasl, "Advanced concepts on fault tree analysis," System
[40] P. A. Crosetti, "Fault tree analysis for systems reliability," In- Safety Symposium, The Boeing Company, Seattle, Washington,
strumentation Technology, 1971 Aug, pp 52-56. 1965 June 8-9.
[41] P. A. Crosetti, R. A. Bruce, "Commercial application of fault tree [68] W. Hammer, "Fault tree analysis," Handbook of System and Pro-
analysis," Proc. Reliability and Maintainability Conf., 1970, pp duct Safety, Prentice-Hall, 1972, pp 238-246.
230-244. [69] W. Hammer, "Fault tree analysis," Product Safety Management
[42] G. E. Cummings, "Application of the fault tree technique to a and Engineering, Prentice-Hall, 1975, pp 204-228.
nuclear reactor containment system," in [146, pp 805-825]. [70] E. J. Henley, H. Kumamoto, "Comment on: Computer-aided syn-
[43] R. L. Eisner, "Fault tree analysis to anticipate potential failure," thesis of fault trees," IEEE Trans. Reliability, vol R-26, 1977 Dec,
presented at the Design Eng. Conf., ASME, 1972 May 8-11. pp 316-317.
[44] E. P. Epler, "Common mode failure considerations in the design of [71] B. L. Hulme, R. B. Worrell, "A prime implicant algorithm with fac-
systems for protection and control," Nuclear Safety, vol 10, 1969, toring," IEEE Trans. Computers, vol C-24, 1975 Nov. pp
pp. 38-45. 1129-1131.
[45] R. C. Erdmann, J. E. Kelly, H. R. Kirch, F. L. Leverenz, E. T. [72] H. E. Kongsoe, "RELY 4: a Monte Carlo computer program for
Rumble, "A method for quantifying logic models for safety systems reliability analysis," Danish Atomic Energy Commission,
analysis," in [147, pp 732-754]. RISO-M-1500, June 1972.
[46] C. A. Ericson, "System safety analytical technology-preliminary [73] H. E. Kongsoe, "REDIS, a computer program for system reliability
hazards analysis," the Boeing Co., Seattle, Rept. D2-113072-1, analysis by direct simulation," Intern. Symp. Reliability of Nuclear
1969. Power Plants, Innsbruck, Austria, April 14-18, 1975.
[47] J. D. Esary, F. Proschan, "Coherent structures of non-identical [74] H. Kumamoto, E. J. Henley, "Top-down algorithm for obtaining
components," Technometrics, vol 5, 1963 May, pp 191-209. prime implicant sets of noncoherent fault trees," IEEE Trans.
[48] J. D. Esary, H. Ziehms, "Reliability analysis of phased missions," Reliability, vol R-27, 1978 Oct, pp 242-249.
in [146, pp 213-236]. [75] H. E. Lambert, "System safety analysis and fault tree analysis,"
[49] W. Feller, An Inroduction to Probability Theory and Its Applica- UCID-16238, Lawrence Livermore Lab., Livermore, California,
tions, vol I, 3rd Ed., John Wiley & Sons, 1968. 1973 May.
[50] J. B. Fussell, "Fault tree analysis-concepts and techniques," in [76] H. E. Lambert, "Fault trees for decision making in system
[148]. analysis," Lawrence Livermore Laboratory, University of Califor-
[51] J. B. Fussell, "Synthetic tree model-A formal methodology for nia, Livermore, UCRL-51829, 1975 Oct.
fault tree construction," ANCR-1098, 1973 Mar. [77] H. E. Lambert, "Measures of importance of events and cut sets in
[52] J- B. Fussell, "A formal methodology for fault tree construction," fault trees," in [146, pp 77-100].
Nuclear Eng. and Design, vol 52, 1973, pp 337-360. [78] H. E. Lambert, "Comment on the Lapp-Powers computer-aided
[53]~~~~~ ~
J . Fssel,"ow
[53]J. '.B.Fsel:Hwt.adcluat ytmrlaiiyadsft
o had-clcuatesystm rllalll an saety synthesis of fault trees," IEEE Trans. Reliability, vol R-28, 1979
Apr pp 6-9.s
characteristics," IEEE Trans. Reliability, vol R-24, 1975 Aug, pp [79 5A.LPP,GJ.Pwr,"opt-addsnhisfful
16-14 trees," IEEE Trans. Reliability, 1977 Apr, pp 2-13.
[54] J. B. Fussell, "Computer aided fault tree construction for electrical [80] 5. A. Lapp, G. J. Powers, "The synthesis of fault trees," in [147, pp
systems," in [146, pp 37-56]. 778-799].
[55] J. B. Fussell, G. R. Burdick, D. M. Rasmuson, J. R. Wilson, J. C. [81] 5. A. Lapp, G. J. Powers, "sUpdate of Lapp-Powers fault tree syn-
Zipperer, "A collection of methods for reliability and safety thesis algorithm," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp
engineering," ANCR-1273, 1976. 12-14.

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
202 IEEE TRANSACTIONS ON RELIABILITY, VOL. R-34, NO. 3, 1985 AUGUST

[81a] W. S. Lee, "A study of fault tree analysis for system safety and [108] G. H. Sandler, System Reliability Engineering, McGraw-Hill, 1964, p
reliability," MS Thesis, Kansas State University, 1982. 243.
[82] E. E. Lewis, "Fault trees," Nuclear Power Reactor Safety, John [109] R. J. Schroder, "Fault tree for reliability analysis," Proc. 1970Ann.
Wiley & Sons, 1977, pp 87-91. Symp. Reliability, 1970 Feb, pp 198-205.
[83] M. 0. Locks, "Synthesis of fault trees: an example of [110] S. N. Semanderes, "ELRAFT, a computer program for the efficient
noncoherence," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp 2-5. logic reduction analysis of fault trees," IEEE Trans. Nuclear Science,
[84] M. 0. Locks, "Fault trees, prime implicants and noncoherence," E. vol NS-18, 1971 Feb, pp 481-487.
I. Ogunbiyi, "Author reply #1," H. Kumamoto, E. J. Henley, [111] System Safety Symposium, Seattle, Washington: The Boeing Com-
"Author reply #2," M. 0. Locks, "Rebuttal," IEEE Trans. pany, 1965. Available from University of Washington Library, Seat-
Reliability, vol R-29, 1980 Jun, pp 130-135. tle, Washington.
[85] M. S. Madhava Rao, "FALTREE-a computer program for fault tree [112] C. 0. Smith, Introduction to Reliability in Design, McGraw-Hill,
analysis, " Engineering Science and Technology Dept. Letter Report, 1976.
EST-77-1, Foster Wheeler Development Corporation, Livingston, [1131 J. R. Taylor, "A formalization of failure mode analysis of control
NJ, 1977. systems," Danish Atomic Energy Commission, RISO-M-1654, 1973
[86N Sep.
[86]
o5.Wnc.,Malaskyp "Fault4tree1analysis,"9System7Safety,4HaydenB
S. W. Malasky "Faulttreeanalysis," System Safety HaydenBook
Co. Inc., pp 142-194, 1974.
[115] J. R. Taylor, "A study of failure causes based on U. S. power reactor
abnormal occurrence reports," Reliability ofNuclear Power Plants,
[87] A. W. Marshall, I.O01kin,"A multivariate exponentialdistribution," IAEA-SM-195/16, 1975.
JASA, vol 62, 1967, pp 3044. [115] J. R. Taylor, "Sequential effects in failure mode analysis," in [146,
[88] M. Mazumdar, "Importance sampling in reliability estimation," in pp 881-894].
[146, pp 153-163]. [116] J. R. Taylor, E. Hollo, "Algorithm and programs for consequence
[89] C. W. Mcknight, et al., "Automatic reliability mathematical model", diagram and fault tree construction," Report No. RISO-M-1907,
North American Aviation, Inc., Downey, California, NA 66-838, Danish Atomic Energy Commission, Roskilde, Denmark, 1977.
1966. [117] J. R. Taylor, E. Hollo, "Experience with algorithms for automatic
[90] K. Nakashima, Y. Hattori, "An efficient bottom-up algorithm for failure analysis," in [147, pp 759-777].
enumerating minimal cut sets of fault trees," IEEE Trans. Reliability, [118] W. J. Van Slyke, D. E. Griffing, "ALLCUTS, a fast comprehensive
vol R-28, 1979 Dec, pp 353-357. fault tree analysis code," Atlantic Richfield Hanford Company,
[91] D. Nielsen, "Use of cause-consequence charts in practical system Richlard, Washington, ARH-ST-1 12, 1975 July.
analysis," in [146, pp 849-880]. [119] W. E. Vesely, "Analysis of fault trees by kinetic tree theory,"
[92] J. Olmos, L. Wolf, "A modular representation and analysis of fault IN-1330, Idaho Nuclear Corp., Idaho Falls, 1969 October.
trees," Nuclear
trees," Nuclear Engineering and Design,
Engineering and Design, vol 48, 1978 Aug, pp [120] W. E Vesely, A time-dependent methodology for fault tree
analysis," Nucl. Eng. and Design, vol 13, 1970 Aug, pp 337-360.
531-561.
[93] P. K. Pande, M. E. Spector, P. Chatterjee, "Computerized fault tree ~~~~~~~~~~~~[121]
W. E. Vesely, "Reliability and fault tree applications at NRTS,"
Proc. 1970 Reliability and Maintainability Conf., vol 9, 1970, pp
analysis," TREEL AND MICSUP, ORC 75-3, Operation Research 472-480.
Center, University of California, Berkeley, April 1975. [122] W. E. Vesely, "Reliability quantification techniques used in the
[94] S. L. Pollack, Decision Tables: Theory and Practice, Wiley- Rasmussen study," in [146, pp 775-803].
Interscience, 1971. [123] W. E. Vesely, "Time dependent unavailability analysis of nuclear
[95] G. M. Powers, F. C. Tompkins, "Computer-aided synthesis of fault safety system," IEEE Trans. Reliability, vol R-26, 1977 Oct, pp
trees for complex processing systems," in [148, pp 307-314]. 257-260.
[96] G. J. Powers, F. C. Tompkins, "Fault tree synthesis for chemical [124] W. E. Vesely, "Estimating common cause failure probabilities in
process," AICHE Journal, vol 20, 1974 Mar, pp 376-387. reliability and risk analysis: Marshall-Olkin specialization," in [147,
[97] G. J. Powers, F. C. Tompkins, S. A. Lapp, "A safety simulation pp 314-341].
language for chemical processes: A procedure for fault tree [125] W. E. Vesely, R. E. Narum, "PREP and KITT computer code for the
synthesis," in [146, pp 57-75]. automatic evaluation of a fault tree," Idaho Nuclear Corporation,
[98] D. M. Rasmuson, N. H. Marshall, "FATRAM-A core efficient cut- Idaho Falls, Idaho, IN-1349, 1970.
set algorithm," IEEE Trans. Reliability, vol R-27, 1978 Oct, pp [126] D. P. Wagner, C. L. Cate, J. B. Fussell, "Common cause failure
250-253. analysis methodology for complex systems," in [147, pp 289-313].
[99] Reactor Safety Study-An Assessment of Accident Risk in U.S. [127] D. B. Wheeler et alii, "Fault tree analysis using bit manipulation,"
Commercial Nuclear Power Plants, WASH-1400 (NUREG-75/014), IEEE Trans. Reliability, vol R-26, 1977 Jun, pp 95-99.
US Nuclear Regulatory Commission, Washington, DC, 1975 Oct. [128] R. L. William, W. Y. Gateley, "Use of the GO methodology to
[100] J. L. Recht, "System safety analysis: The fault tree," National Safety directly generate minimal cut sets," in [147, pp 825-849].
News, April 1966. [1291 R. R. Willie, "Computer-aided fault tree analysis: FTAP," Opera-
[101] A. Rosenthal, "Decomposition Methods for Fault Tree Analysis," tions Research Center, U. C. Berkeley, OC 78-14, 1978 Aug.
IEEE Trans. Reliability, vol R-29, 1980 Jun, pp 136-138. [130] E. R. Woodcock, "The calculation of reliability of systems: The pro-
[102] E. T. Rumble, 1021F. L.E.Leverenz,
F.L.everezR.C.Ermann
T. Genegram
Rumble, R. C. Erdmann, "Generalized fault Risley,NOTED,"
Warrington,UKAEA Authority
Lancashire, Health
England, and Safety
AHSB(S) Branch,
R. p 153, 1971.
tree analysis for reactor safety," Electric Power Research Inst., Palo [131] P. Y. Wong, "FAUTRAN-A fault tree analyzer," AECL-5182,
Alto, California, EPRI-217-2-2, 1975 Jun. Atomic Energy of Canada Limited, Chalk River Nuclear Lab. Chalk
[103] N. H. Roberts, Mathematical Models in Reliability Engineering, River, Ontario, Canada, 1975.
McGraw-Hill, 1964, p 243. [132] R. B. Worrell, "Set equation transformation system (SETS)," SLA-
[104] S. L. Salem, G. Apostolakis, "The CAT methodology for fault tree 73-0028A Sandia Laboratories, Albuquerque, New Mexico, 1974
construction," in [145, pp 109-128]. May.
[105] 5. L. Salem, G. E. Apostolakis, D. Okrent, "A computer-oriented [133] R. B. Worrell, "Using the set equation transformation system in fault
approach to fault tree construction," EPRI NP-288, Electric Power tree analysis," in [146, pp 165-185].
Research Institute, 1976 Nov. [134] R. B. Worrell, "Qualitative analysis in reliability and safety studies,"
[106] 5. L. Salem, G. E. Apostolakis, D. Okrent, "A new methodology for IEEE Trans. Reliability, vol R-25, 1976 Aug, pp 164-169.
the computer-aided construction of fault tree," Annals of Nuclear [135] R. B. Worrell, D. W. Stack, B. L. Hulme, "Prime implicants of non-
Energy, vol 4, 1977, pp 417-433. coherent fault trees," IEEE Trans. Reliability, vol R-30, 1981 Jun, pp
[107] 5. L. Salem, J. S. Wu, G. E. Apostolakis, "D)ecision table develop- 98-100.
ment and application to the construction of fault trees," Nuclear [136] J. S. Wu, S. L. Salem, G. E. Apostolakis, "The use of decision tables
Technology, vol 42, 1979 Jan, pp 5 1-64. in the systematic construction of fault trees," in [147, pp 800-824].

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.
LEE ET AL.: FAULT TREE ANALYSIS, METHODS, AND APPLICATIONS - A REVIEW 203

[137] T. W. Yellman, "Comment on computer-aided synthesis of fault AUTHORS


trees," IEEE Trans. Reliability, vol R-28, 1979 Apr, pp 10-11.
[138] J. Young, "Using the fault tree analysis technique," in [146, pp Wen-Shing Lee; Dept. of Industrial Engineering; Durland Hall; Kansas
827-848]. State University; Manhattan, Kansas 66506 USA.
[139] F. A. Tillman, C. L. Hwang, W. Kuo, "Optimization techniques for Wen-Shing Lee was born in Taiwan on 1951 March 28. He received
system reliability with redundancy-A review," IEEE Trans. the BS degree in Industrial Management from National Cheng-Kung
Reliability, vol R-26, 1977 Aug, pp 148-155. University, Taiwan, in 1973. He worked for four years in industry in
[140] F. A. Tillman, C. L. Hwang, W. Kuo, Optimization of System Taiwan. He earned the MS degree in Industrial Engineering at Kansas
Reliability, Marcel Dekker, 1980. State University in 1982. He has been an Industrial Engineer at Reliance
[141] C. H. Lie, C. L. Hwang, F. A. Tillman, "Availability of maintained Fuse, Des Plaines 1982 through 1984, and at Signode Corp. presently.
system: A state-of-the-art survey," AIIE Trans., vol 9, 1977, pp
247-259. Dr. C. L. Hwang; Dept. of Industrial Engineering; Durland Hall; Kansas
[142] F. A. Tillman, C. L. Hwang,
' W.
' Kuo,' "System effectiveness models: . .
~~~~~~~~~~State
University; Manhattan, Kansas 66506 USA.
an annotated bibliography," IEEE Trans. Reliability, vol R-29, 1980 Dr. C. L. Hwang: For biography, see vol R-30, 1981 Dec, p 423.
Oct, pp 295-304.
[143] C. L. Hwang, F. A. Tillman, M. H. Lee, "System-reliability evalua- Dr. Doris Lloyd Grosh; Dept. of Industrial engineering; Durland Hall;
tion techniques for complex/large systems-a review," IEEE Trans. Kansas State University; Manhattan, Kansas 66506 USA.
Reliability, vol R-30, 1981 Dec, pp 416-423. Dr. Doris Lloyd Grosh: For biography, see vol R-31, 1982 Oct, p
[144] F. A. Tillman, W. Kuo, C. L. Hwang, D. L. Grosh, "Bayesian 372.
Reliability and Availability-A Review," IEEE Trans. Reliability, vol
R-31, 1982 Oct, pp 362-372. Dr. Frank A. Tillman; Dept. of Industrial Engineering; Durland Hall,
[1451 G. Apostdakis, S. Garribba, G. Volta, editors, Synthesis and Kansas State University; Manhattan, Kansas 66506 USA.
Analysis Methods for Safety and Reliability Studies, Plenum, 1978. Dr. Frank A. Tillman: For biography, see vol R-30, 1981 Dec, p.
[146] R. E. Barlow, J. B. Fussell, N. D. Singpurwalla editors, Reliability 423.
and Fault Tree Analysis, SIAM, 1975.
[147] J. B. Fussell, G. R. Burdick, editors, Nuclear Systems Reliability Dr. Chang Hoon Lie; Dept. of Industrial Engineering; Seoul National
Engineering and Risk Assessment, SIAM, 1977. University; Seoul, KOREA.
[148] E. J. Henley, J. W. Lynn, editors, NA TO Advanced Study Institute Dr. Chang Hoon Lie: For biography, see vol R-27, 1978 Aug, p 184.
on Generic Techniques in Systems Reliability Assessment, Nordhoff
1973. Manuscript TR83-049 received 1983 April 1; revised 1985 June 24. ***

FREE Proceedings
Members, and only members, of the Reliability Society of IEEE and of the Electronics Division of ASQC can receive the
following publications free of extra charge. Just write to the place indicated for that group and publication; you MUST
state that YOU are a member of the group to which you are writing. Quantities are limited, and are available (ONLY to
the above members) on a first-come first-served basis. If you are not a member of either group and would like to join, see
the inside front and rear covers for more information on the two groups. The cost/benefit ratio is hard to beat!

Reliability Society of IEEE Electronics Division of ASQC


Sent annually to all members, except student-members. A The request MUST state that you are a member of the
few extra copies of the 1985 AR&MS proceedings and a Electronics Division, ASQC! and be sent to: Electronics
few extra copies of the 1984 IRPS are available, but only Division, ASQC; c/o Evans Associates; 804 Vickers
for those who did not get them. Address your request to Avenue; Durham, North Carolina 27701 USA.
the Editor. You MUST state that you are a member of the
IEEE Reliability Society! Proceedings Annual Reliability and Maintainability
Symposium for 1984, 1985.
Proceedings Annual Reliability and Maintainability Proceedings International Reliability Physics Symposium
Symposium (mailed in February). for 1984.
Proceedings International Reliability Physics Symposium Proceedings QIE®§ (Quality In Electronics)
(mailed in the early summer). for 1982, 1983, 1984.

Proceedings Product Liability Prevention Conference. The free supply is gone. Members of either of the two groups
above can order at the special member price of $12 each (send check with order) from: Consultant Services Institute,
Inc.; 23 Rumson Road; Livingston, New Jersey 07039 USA.***

Authorized licensed use limited to: Synopsys. Downloaded on June 22,2022 at 08:19:58 UTC from IEEE Xplore. Restrictions apply.

You might also like