ARTICLE IN PRESS

Reliability Engineering and System Safety 93 (2008) 1577–1583

www.elsevier.com/locate/ress

Quantitative analysis of a fault tree with priority AND gates

T. Yuge, S. Yanagi
Department of Electrical and Electronic Engineering, National Defense Academy, 1-10-20 Hashirimizu, Yokosuka 239-8686, Japan
Received 1 December 2006; received in revised form 24 January 2008; accepted 9 February 2008
Available online 4 March 2008

Abstract

A method for calculating the exact top event probability of a fault tree with priority AND gates and repeated basic events is proposed
when the minimal cut sets are given. A priority AND gate is an AND gate where the input events must occur in a prescribed order for the
occurrence of the output event. It is known that the top event probability of such a dynamic fault tree is obtained by converting the tree
into an equivalent Markov model. However, this method is not realistic for a complex system model because the number of states which
should be considered in the Markov analysis increases explosively as the number of basic events increases. To overcome the shortcomings
of the Markov model, we propose an alternative method to obtain the top event probability in this paper. We assume that the basic
events occur independently, exponentially distributed, and the component whose failure corresponds to the occurrence of the basic event
is non-repairable. First, we obtain the probability of occurrence of the output event of a single priority AND gate by Markov analysis.
Then, the top event probability is given by a cut set approach and the inclusion–exclusion formula. An efficient procedure to obtain the
probabilities corresponding to logical products in the inclusion–exclusion formula is proposed. The logical product which is composed of
two or more priority AND gates having at least one common basic event as their inputs is transformed into the sum of disjoint events
which are equivalent to a priority AND gate in the procedure. Numerical examples show that our method works well for complex
systems.
r 2008 Elsevier Ltd. All rights reserved.

Keywords: Dynamic FT; Priority AND gate; Top event probability; Markov analysis; Inclusion–exclusion

1. Introduction output of the gate is true if both events A and B have

occurred and if event A occurred before event B. If both
The fault tree (FT) is used widely as a tool for
events have not occurred or if event B occurred before
quantitative risk assessments. Although obtaining the
event A, then the gate does not fire. Fig. 2 shows an
exact top event probability of an FT is one of the most
example of a logic model for a non-repairable two unit
important aims, it is a difficult problem for a reasonably
redundant system with a switch control. The standby
large scale system with complex structure, such as a
unit is instantaneously switched into operation upon
chemical plant, a nuclear reactor, an airplane and so on.
failure of the main unit. This system fails if the main and
The representative complex FT structures are caused by
standby units both fail or the switch control failed first
several types of dynamic behaviors such as transient
then the main unit fails. In the later case, the standby
recovery, intermittent error, and sequence dependency.
unit cannot be in use because of the failure of the switch
A priority AND gate (PAG) is a typical logic gate to
control.
represent the order of dependency of the event sequence [1].
Markov analysis is an alternative modeling technique for
It is logically equivalent to an AND gate where input
such dynamic systems [2–4]. The difficulty of the analysis
events must occur in a prescribed order for the occurrence
comes from the existence of repeated events. If none of the
of the output event. Fig. 1 shows a PAG. In Fig. 1, the
input events of a PAG appear in other gates, the output
Corresponding author. probability of the gate can be derived by constructing a
E-mail addresses: [email protected] (T. Yuge), Markov transition diagram in which all possible states of
[email protected] (S. Yanagi). the PAG are considered. However, if a PAG has a repeated

0951-8320/$ - see front matter r 2008 Elsevier Ltd. All rights reserved.
doi:10.1016/j.ress.2008.02.016
 ARTICLE IN PRESS
1578 T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583
C method [9,10] in order to eliminate the repeated events one
A B
Fig. 1. Priority AND gate.
failure of two unit system
failure failure failure failure
of main of standby of switch of main
unit unit control unit
Fig. 2. Power supply system with standby unit.
input event, for example, the main unit failure in Fig. 2,
we have to construct a large dimensional Markov
transition diagram to obtain the top event probability.
The dimensionality usually increases up to the number
of the basic events. Therefore, the construction and
calculation of a Markov diagram is tedious and error
prone as the number of the basic events and/or the
number of the repeated events increases. For such a
complex system, one cannot get enough results with
the related methods based on modularization [3] or BDD
[4]. In fact, the well-known dynamic FT tool, Galileo [3],
does not support a PAG having repeated events. However,
it is considered that many FTs in the real world
system have PAGs with repeated basic event as shown in
Fig. 2. To overcome the shortcomings of the Markov
model, it is necessary to develop a new analytical model
that is flexible enough to capture the dynamic behaviors of
the system. Other methods proposed for the analysis of
dynamic FTs are a Bayesian network approach [5] and
Monte Carlo simulation [6]. However, the former has a
problem same as Markov analysis in complexity, the latter
requires more computational time to achieve the desired
accuracy.
The existence of repeated events makes analysis compli-
cated even for conventional static FTs. For the static trees
with repeated events, many researchers have proposed
efficient algorithms to obtain exact or approximate top
event probabilities [8]. The proposed methods are classified
roughly into two groups. One approach uses factoring
by one. However, it is generally difficult to apply this
approach to a dynamic FT. The conditional probabilities
that have to be obtained when the factoring method is
carried out cannot be readily obtained for a dynamic FT.
The other uses a Boolean function. In this approach, the
main effort is to find the structural representation of the
top event in terms of the basic events. Finding the minimal
cut sets is one way of accomplishing this step. Several
algorithms [7,11,12] to find minimal cut sets are proposed.
After all minimal cut sets are enumerated the inclusio-
n–exclusion method is used to calculate the exact top event
probability or its upper and lower bounds.
In this paper, we present a method for calculating the
exact top event probability for a large scale FT containing
many PAGs and repeated events when all the cut sets are
given. Some cut sets are quite different from the traditional
ones because these are the ordered cut sets where the basic
events in the cut set have to occur in a prescribed order for
the occurrence of the top event. The top event is
represented by the union of the cut sets and the exact top
event probability is given by the inclusion–exclusion
expression as in the case of an FT without PAGs. An
efficient procedure to obtain probabilities of logical
products in the inclusion–exclusion formula is proposed.
The logical product which is composed of two or more
PAGs having at least one common basic event as their
inputs is transformed into the sum of disjoint events which
are equivalent to PAGs in the procedure. The output
probability of the transformed PAG is given by Markov
analysis. Numerical examples show that our method works
well for complex systems such as a tree composed of 10 or
more PAGs where almost all the basic events appear
repeatedly.
2. Preparation
2.1. Acronyms and nomenclature
FT fault tree
PAG priority AND gate
Minimal cut set minimal set of basic events such that the
incidence of all the events in a set directly causes
the occurrence of the top event
Minimal ordered cut set minimal ordered set of basic
events such that all the basic events in the set have
to occur in a prescribed order for the occurrence of
top event
2.2. Assumptions
(1) A system is composed of non-repairable components
and does not have a cold standby component.
(2) The failure of a component which correspond to the
occurrence of the basic event is s-independent and has
an exponential failure time distribution.
 ARTICLE IN PRESS
T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583 1579

(3) The minimal cut sets and the minimal ordered cut sets 3 + ...+ m
of the system are known.
1 2 3 m−1 m
2.3. Notations 0 1 2 m-1 m

ei ith basic event, i ¼ 1; 2; . . . ; m

T top event of an FT 2 + 3 + ...+ m 4 + ...+ m
li occurrence (failure) rate of ei (component i)
Fig. 3. Transition diagram for an m inputs PAG.
Lm m-dimensional vector of li
F i ðtÞ
failure time distribution function of component Xm
i; ¼ 1  eli t dPj ðLm ; tÞ
¼ lj Pj ðLm ; tÞ þ li Pj1 ðLm ; tÞ,
C 1i minimal cut set, i ¼ 1; 2; . . . ; n1 . n1 is the number of dt i¼jþ1
the minimal cut sets j ¼ 1; 2; . . . ; m  1,
C 2i minimal ordered cut set, i ¼ 1; 2; . . . ; n2 . n2 is the
number of the ordered sets. (Not that C 2;i is a set,
not a vector.) dPm ðLm ; tÞ
¼ lm Pm1 ðLm ; tÞ.
n =n1 þ n2 dt
C~ 1i event that all basic events in C 1i have occurred. (Note that this model does not cover the case of cold
i ¼ 1; 2; . . . ; n1 stand-by.)
C~ 2i event that all basic events in C 2i have occurred in The Laplace transform of Pm ðLm ; tÞ, LðPm ðLm ; tÞÞ, when
the prescribed order. i ¼ 1; 2; . . . ; n2 . C~ 2i is repre- P0 ðLm ; 0Þ ¼ 1, is derived as follows:
sented as he1 ; e2 ; e3 i if the designated order is e1 , e2
then e3 . Y
m Y
m
1 1Ym
li
LðPm ðLm ; tÞÞ ¼ li ¼ , (2)
Ii non-empty subset of i¼1 i¼0
s þ ai s i¼1 s þ ai
fC 11 ; C 12 ; . . . ; C 1n1 ; C 21 ; C 22 ; . . . ; C 2n2 g,
i ¼ 1; 2; . . . ; 2n  1. where
jj cardinal number of a set X
m
[; \ union and intersection of sets a0 ¼ 0; ai ¼ lj ; i ¼ 1; 2; . . . ; m.
_; ^ logical sum and product of events j¼i
A  B is that set of sequences of all elements of A and B
where permutations of indices maintain the Then Pm ðLm ; tÞ is given by using the Heaviside expansion
sequences given by A and B. formula as follows:
Ei the ith sequence of E ¼ A  B Pm ðLm ; tÞ ¼ Prfhe1 ; e2 ; . . . ; em ig
Prfg probability of occurrence of event  at time t
Ym X m
eai t
¼ li Qm . (3)
i¼1 i¼0 j¼0;jai ðaj  ai Þ

3. Output probabilities of AND gates and PAGs Especially, in the i.i.d. case (l1 ¼ l2 ¼    ¼ lm ¼ l):

The output probabilities of AND gates and PAGs with 1

Pm ðLm ; tÞ ¼ Prffiring of an AND gate having m inputsg
m input events, e1 ; e2 ; . . . ; em , are derived in this section. m!
The output probability of an AND gate at time t, QðLm ; tÞ, 1
¼ ð1  elt Þm .
is m!
Y
m Of course Pm ðLm ; tÞ can be obtained by Markov analysis.
QðLm ; tÞ ¼ Prfe1 ; e2 ; . . . ; em g ¼ ð1  eli t Þ (1) Table 1 shows the result of Galileo (Galileo/ASSAP
i¼1
Version 4 alpha). We calculated a single PAG with non-
and let Pi ðLm ; tÞ be the probability that e1 ; e2 ; . . . ; ei ; ðipmÞ i.i.d. inputs by a Pentium 4 personal processor. The
have occurred in this order before time t. Pm ðLm ; tÞ is the computation time increases as the number of inputs
output probability of the PAG. The transition diagram is increases. It also depends on the mission time. On the
given in Fig. 3. Here, the number in a circle means the i of other hand, the computation by Eq. (3) hardly depends on
Pi ðLm ; tÞ. The states and transitions which are irrelevant to these parameters.
the analysis are not depicted in this diagram. From this
diagram, the following differential equations are derived
for the state probabilities: 4. Top event probability
dP0 ðLm ; tÞ Xm
¼ li P0 ðLm ; tÞ, When all the cut sets for an FT are given, its top event
dt i¼1 can be represented as the union of the cut sets of the
 ARTICLE IN PRESS
1580 T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583

Table 1 ej2 ; . . . ; ejv i. C 2i \ C 2j ¼ ; in (iii-a). Hence, for (iii-a)

Computation times (s) of Pm ðLm ; tÞ by Galileo
PrfC~ 2i ^ C~ 2j g ¼ PrfC~ 2i g PrfC~ 2j g. (10)
No. of inputs (m) Pm ðLm ; 100Þ Pm ðLm ; 1000Þ
~
In the case of (iii-b), let Di;j ð¼ hek1 ; ek2 ; . . . ; ekw iÞ be a
8 4 6 subsequence of C~ 2i whose elements also belong to C 2j . D~ j;i is
9 22 38 defined in the same way. (iii-b) is classified into two groups
10 46 174
as
11 310 471
12 832 1152
(iii-b-1) D~ i;j aD~ j;i .
(iii-b-2) D~ i;j ¼ D~ j;i .

system. Therefore, For example, the case of C~ 2i ¼ he1 ; e2 ; e4 ; e5 ; e8 i and C~ 2j ¼

( ) he3 ; e6 ; e8 ; e7 ; e4 i corresponds to (iii-b-1) since in this case,
2 _
_ ni
PrfTg ¼ Pr C~ ij . (5) D~ i;j ¼ he4 ; e8 i, D~ j;i ¼ he8 ; e4 i. On the other hand, if
i¼1 j¼1 C~ 2j ¼ he3 ; e4 ; e6 ; e7 ; e8 i, D~ i;j ¼ D~ j;i ¼ he4 ; e8 i. This case cor-
responds to (iii-b-2).
Using the inclusion–exclusion rule, the exact value of PrfTg
In the case of (iii-b-1), C~ 2i and C~ 2j never occur
can be calculated:
( ) simultaneously. Hence,
n
2X 1 2 ^
^
PrfTg ¼ ð1ÞjI i jþ1
Pr C~ jk . (6) PrfC~ 2i ^ C~ 2j g ¼ 0. (11)
i¼1 j¼1 k2I i ~ ~
(This is irrespective of elements not in Dij or Dji .)
In the case of (iii-b-2), both C~ 2i ; C~ 2j have the subse-
4.1. Classification of logical products quence corresponding to D~ i;j . A~ ik and B~ jk are defined as
subsequences of C~ 2i ; C~ 2j as follows:
In order to obtain the logical products in Eq. (6), logical A~ i0 ¼ hfrom the left most basic event
products of two cut sets are classified as follows by the kind
of cut sets and the existence of repeated basic events. to the event before ek1 of C~ 2i i,

A~ il ¼ hfrom the basic event following to the event ekl

(i) C~ 1i ^ C~ 1j .
(ii-a) C~ 1i ^ C~ 2j , C 1i \ C 2j ¼ ;. before ekðlþ1Þ of C~ 2i i; l ¼ 1; . . . ; w  1,
(ii-b) C~ 1i ^ C~ 2j , C 1i \ C 2j a;.
(iii-a) C~ 2i ^ C~ 2j , C 2i \ C 2j ¼ ;. A~ iw ¼ hfrom the basic event following ekw
(iii-b) C~ 2i ^ C~ 2j , C 2i \ C 2j a;. to the right most event of C~ 2i i,

The case of (i) is a product of the output of two non-PAGs. B~ j0 ¼ hfrom the left most basic event to the
Let C 1i ¼ fei1 ; ei2 ; . . . ; eiu g and C 1j ¼ fej1 ; ej2 ; . . . ; ejv g. In
this case, event before ek1 of C~ 2j i,

Y
w
B~ jl ¼ hfrom the basic event following to the event ekl
PrfC~ 1i ^ C~ 1j g ¼ PrfD~ i;j g ¼ F ki ðtÞ, (7)
i¼1 before ekðlþ1Þ of C~ 2j i; l ¼ 1; . . . ; w  1,
where Di;j ¼ fC 1i [ C 1j g, w ¼ jDi;j j and D~ i;j is the event that
all w elements in Di;j occur. B~ jw ¼ hfrom the basic event following ekw
The cases of (ii-a) and (ii-b) concern the products of the to the right most event of C~ 2j i.
output of a non-PAG and a PAG. Let C 1i ¼ fei1 ; ei2 ; . . . ; eiu g
and C 2j ¼ fej1 ; ej2 ; . . . ; ejv g, C~ 2j ¼ hej1 ; ej2 ; . . . ; ejv i. C 1i and For the above example, C~ 2i ¼ he1 ; e2 ; e4 ; e5 ; e8 i and
C 2j do not have a common basic event in (ii-a). In this case, C~ 2j ¼ he3 ; e4 ; e6 ; e7 ; e8 i, D~ i;j ¼ he4 ; e8 i. Then A~ i0 ¼ he1 ; e2 i,
C~ 1i and C~ 2j are independent of each other, such that A~ i1 ¼ he5 i, A~ i2 ¼ ; and B~ j0 ¼ he3 i, B~ j1 ¼ he6 ; e7 i, B~ j2 ¼ ;.
As A~ il and B~ jl exclude each other, A~ il ^ B~ jl and PrfA~ il ^
PrfC~ 1i ^ C~ 2j g ¼ PrfC~ 1i g PrfC~ 2i g. (8) ~
Bjl g can be represented as follows:
_
On the other hand, in (ii-b) C 1i and C 2j have at least one A~ il ^ B~ jl ¼ E~ lx ,
common basic event. Let D1n2 be the difference set, C 1i nC 2j , x
whose elements are e1 ; e2 ; . . . ; ew . Then, X
PrfA~ il ^ B~ jl g ¼ PrfE~ lx g.
PrfC~ 1i ^ C~ 2j g ¼ PrfC~ 2j g PrfD~ 1n2 g. (9) x

The cases of (iii-a) and (iii-b) concern the products of E~ lx is an ordered event that contains all elements of A~ il
PAGs outputs. Let C~ 2i ¼ hei1 ; ei2 ; . . . ; eiu i and C~ 2j ¼ hej1 ; and B~ jl and maintains their sequences. For the above
 ARTICLE IN PRESS
T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583 1581

example,
TOP
_
3
A~ i0 ^ B~ j0 ¼ E~ 0x
x¼1
G0
¼ he1 ; e2 ; e3 i _ he1 ; e3 ; e2 i _ he3 ; e1 ; e2 i,

_
3
A~ i1 ^ B~ j1 ¼ E~ 1x
x¼1 G1 G2
¼ he5 ; e6 ; e7 i _ he6 ; e5 ; e7 i _ he6 ; e7 ; e5 i,

A~ i2 ^ B~ j2 ¼ ;. e1
G3 e5 G4 G5
By using the subsequences, C~ 2i ^ C~ 2j is transformed into
the sum of disjoint ordered sets as follows:
! ! e2 e6
_ _ e2 e8 e3 e4
C~ 2i ^ C~ 2j ¼ E~ 0x  ek1  E~ 1x G6
x x
!
_
 ek2 ; . . . ; ekw  E~ ðwþ1Þx e7 e3 e9
x
_
¼ G~ lij . Fig. 4. Example of dynamic FT.
l

For the above example, C~ 2i ^ C~ 2j equals the following 9 and the calculation:
disjoint ordered sets:
C~ 11 ¼ fe4 ; e5 ; e6 g,
he1 ; e2 ; e3 ; e4 ; e5 ; e6 ; e7 ; e8 i; he1 ; e2 ; e3 ; e4 ; e6 ; e5 ; e7 ; e8 i,
C~ 12 ¼ fe2 ; e4 ; e5 g,
he1 ; e2 ; e3 ; e4 ; e6 ; e7 ; e5 ; e8 i; he1 ; e3 ; e2 ; e4 ; e5 ; e6 ; e7 ; e8 i,
C~ 13 ¼ fe5 ; e6 ; he7 ; e3 ; e9 ig,
he1 ; e3 ; e2 ; e4 ; e6 ; e5 ; e7 ; e8 i; he1 ; e3 ; e2 ; e4 ; e6 ; e7 ; e5 ; e8 i,
C~ 14 ¼ fe2 ; e5 ; he7 ; e3 ; e9 ig,
he3 ; e1 ; e2 ; e4 ; e5 ; e6 ; e7 ; e8 i; he3 ; e1 ; e2 ; e4 ; e6 ; e5 ; e7 ; e8 i,
he3 ; e1 ; e2 ; e4 ; e6 ; e7 ; e5 ; e8 i. C~ 21 ¼ he1 ; e2 i,

Finally, the probability of the logical product of the (iii-b-2) C~ 22 ¼ he1 ; e3 i,

case is given as follows: C~ 23 ¼ he1 ; e8 i.
X
PrfC~ 2i ^ C~ 2j g ¼ PrfG~ lij g. (12) From Eq. (6), the top event probability is given as follows:
l

Since G~ lij is equivalent to a PAG output, PrfG~ lij g is given in
the Markov case by Eq. (3).
Eqs. (7)–(12) give all the combinations for the product of
two minimal cut sets or minimal ordered cut sets.
Furthermore, the products composed of 3 or more sets
can be derived by applying Eqs. (7)–(12) repeatedly.
5. Examples
Example 1. Let us consider a dynamic FT of Fig. 4. This
FT consists of seven logic gates (three OR gates, one AND
gate, two PAGs) and nine basic events. e2 and e3 are
repeated events. There are four minimal cut sets and three
minimal ordered cut sets for the FT. Here, as C~ 13 and C~ 14
contain the element of an ordered set he7 ; e3 ; e9 i, these are
ordered cut sets to be exact. Each can be resolved into 20
ordered cut sets. However, by treating them to be the
logical products of non-PAG and PAGs such as C~ 13 ¼
C~ 011 ^ C~ 021 and C~ 14 ¼ C~ 012 ^ C~ 021 where C~ 011 ¼ fe5 ; e6 g, C~ 012 ¼
fe2 ; e5 g and C~ 021 ¼ he7 ; e3 ; e9 i, we can simplify the discussion
PrfTg ¼ PrfC~ 11 g þ PrfC~ 12 g þ PrfC~ 13 g þ PrfC~ 14 g
þ PrfC~ 21 g þ PrfC~ 22 g þ PrfC~ 23 g
 PrfC~ 11 ^ C~ 12 g  PrfC~ 11 ^ C~ 13 g
    þ PrfC~ 11 ^ C~ 12 ^ C~ 13 g
þ PrfC~ 11 ^ C~ 12 ^ C~ 14 g . . .
..
.
 PrfC~ 11 ^ C~ 12 ^ C~ 13 ^ C~ 14 ^ C~ 21 ^ C~ 22 ^ C~ 23 g.
Here, PrfC~ 11 g and PrfC~ 12 g are given by Eq. (1). PrfC~ 21 g,
PrfC~ 22 g and PrfC~ 23 g are derived from Eq. (3). PrfC~ 13 g and
PrfC~ 14 g are considered to be logical products belonging to
(ii-a). The other probabilities are calculated by using
Eqs. (7)–(12). Table 2 shows the top event probability of
the dynamic FT when li ¼ 0:01; i ¼ 1; 2; . . . ; 9. The values
of ‘‘Proposed’’ are given by the method described in the
previous section. These are the exact top event probabil-
ities. For instance, the results of the Monte Carlo
simulations aregiven as the ‘‘Simulation’’. The outputs of
 ARTICLE IN PRESS
1582 T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583

Table 2 ordered cut sets are given. Basically, the top event
Top event probability for FT of Example 1 probability is calculated by the inclusion–exclusion meth-
t Proposed Galileo Simulation
od. The main achievement is the derivation of the
probability of pairs of complex events both of which
0 0 0 0 include ordered subevents; see Section 4. The probability of
50 0.25653 0.21418 0.25647 logical product having PAGs is obtained by the closed
100 0.59960 0.49318 0.59970
equation derived by Markov analysis. The computation
150 0.80196 0.68751 0.80212
200 0.90114 0.81010 0.90120 time strongly depends on the number of cut sets in this
250 0.94864 0.88519 0.94869 method. Therefore, the analysis strikes a snag of computa-
300 0.97213 0.93066 0.97215 tional difficulty. Another efficient computation method for
the exact top event probability and an effective truncation
method should be developed for FTs with more minimal
cut sets. The FT is analyzed under the assumption that all
1 the minimal cut sets are known. The derivation of the
minimal cut sets for the FTs described in this paper is not
0.8
so difficult and can be obtained by the ordinal derivation
technique for the static FT. However, the derivation time is
top event probability

0.6
0.4
0.2
0 cold spare gate. Taking a cold spare gate and other
0 50 100
Fig. 5. Top event probability for FT of Example 2.
Galileo are not correct and tend to be underestimated for
this example. The computation time of our method is
0.031 s when it is executed using a Pentium 4 personal
computer and the C programming language. Those of
Galileo are 5 s ðt ¼ 50Þ and 10 s ðt ¼ 300Þ. In both accuracy
of the probability and calculation time, the superiority of
the proposed method is shown.
Example 2. Fig. 5 shows the top event probability of an FT
with 10 minimal cut sets/ordered cut sets and 10 basic
events. The number of elements in each minimal cut set/
ordered cut set is 3. The tree is equivalent to a reliability
model for a circular consecutive 3-out-of-10:F system.
Namely, the cut sets/ordered cut sets of the system are
defined as fe1 ; e2 ; e3 g, fe2 ; e3 ; e4 g; . . . ; fe9 ; e10 ; e1 g, fe10 ; e1 ; e2 g.
The failure rate of basic events is defined as
li ¼ 0:01 þ ði  0:001Þ, i ¼ 1; 2; . . . ; 10. Fig. 5 shows 10
graphs subject to the number of PAGs. These graphs show
the influence of the PAG upon the top event probability.
The PAGs are arranged consecutively, namely from the left
most gate to ith gate are PAGs and ði þ 1Þth to the right
most gate are non-PAGs.
6. Conclusion
This paper discussed the top event probability of an FT
with sequence dependency when minimal cut sets/minimal
top event probability expected to increase for more complex dynamic FTs.
(the number of PAGs is Therefore, the development of an efficient minimal cut sets/
0,1,2,...,9 from the top)
ordered cut sets algorithm for an FT with PAGs is an
interesting and important problem. Furthermore, it is
plausible that an FT containing PAGs also has cold spare
gates (cold standby components). The proposed model
does not cover the case. That is because a minimal cut set
or an ordered cut set cannot represent the dependency of a
150 200 250 300 dynamic gates in our approach is an important problem.
t As an alternative to the approach presented, one could
consider starting with a BDD-based static FT analysis [13]
and then impose the restrictions defined by PAGs.
However, a first step in the latter process would be to get
rid of negated Boolean variables. Then one ends with a
polynomial form of the FT’s Boolean function [13], and
this is equivalent to the result of the inclusion–exclusion
approach presented here.
References
[1] Dugan JB, Bavuso SJ, Boyd MA. Fault trees and sequence
dependencies. In: Proceedings of the Reliability and Maintainable
Symposium; 1990. p. 286–93.
[2] Dugan JB, Bavuso SJ, Boyd MA. Fault trees and Markov models for
reliability analysis of fault–tolerant digital systems. Reliab Eng Syst
Safety 1993;39:291–307.
[3] Dugan JB. Galileo: a tool for dynamic fault tree analysis. Berlin,
Heidelberg: Springer; 2000.
[4] Dugan JB, Sullivan KJ, Coppit D. Developing a low-cost high-
quality software tool for dynamic fault-tree analysis. IEEE Trans
Reliab 2000;49:49–59.
[5] Boudali H, Dugan JB. A discrete-time Bayesian network reliability
modeling and analysis framework. Reliab Eng Syst Safety 2005;
87:337–49.
[6] Long W, Zhang TL, Lu YF, Oshima M. On the quantitative analysis
of sequential failure logic using Monte Carlo method for different
distributions. In: Probabilistic Safety Assessment and Management
PSAM6. New York: Elsevier; 2002. p. 391–6.
[7] Tang Z, Dugan JB. Minimal cut set/sequence generation for dynamic
Fault trees. In: Proceedings of the Reliability and Maintainable
Symposium; 2004. p. 207–13.
 ARTICLE IN PRESS
T. Yuge, S. Yanagi / Reliability Engineering and System Safety 93 (2008) 1577–1583 1583

[8] Lee WS, Grosh DL, Tillman FA, Lie CH. Fault tree analysis, methods,
and applications—a review. IEEE Trans Reliab 1985;34:194.
[9] Heger AS, Bhat JK, Stack DW, Talbott DV. Calculating exact top-
event probabilities using SP-Patrec. IEEE Trans Reliab 1995;44:640.
[10] Nakashima K, Hattori Y. Analysis of fault trees by using tree
sequences. IECE Trans E 1977;60:175.
[11] Rasmuson DM, Marshall NH. FATRAM—a core efficient cut-set
algorithm. IEEE Trans Reliab 1978;R-27:250.
[12] Garribba S, Nussio P, Maldi F, Reina G, Volta G. Efficient
construction of minimal cut sets of fault trees. IEEE Trans Reliab
1977;R-26:88.
[13] Schneeweiss W. The fault tree method. LiLoLe-Verlag; 1999.