Fault Tree Analysis

Part 3: Digraph-Based Fault Tree

Synthesis Procedure (Tree and
NFBL)

LEVELS OF MATHEMATICAL MODELS OF

ENGINEERING SYSTEMS
Partial Differential Equations
Ordinary Differential Equations
Algebraic Equations

DIGRAPHS

V1

Gain

Multi-Valued Logic
node

Boolean Algebra

edge

V2

v2 output
Gain

v1
input
The value of gain is discretized!
1: if a moderate deviation in the input variable causes
moderate deviation in the output.
10: if the output deviation is very large when compared to
the input.
0: if the output deviation is very small compared with the
input.

Computation of Output Value

vout

gain vin

10

10

if 10 gain vin 10
if gain vin 10
if gain vin 10

where, vin , vout , gain 10, 1, 0, 1, 10

[ Example ]
3
1

HOT
NITRIC
ACID

2
COOLING
WATER

4
M
T

WATER LEAKS
INTO
NITRIC ACID

-1

+1
+1

TSURR

+1
+1

T2

+1

+1

-1

-1

-1

T2(+1)
OR
M1(+1 T1(+1)
)

M4(-1)

The Fault-Tree Structure for Tree-Like

Digraph

THE MAGNITUDE OF DISTURBANCES

Gain

in

IF V

COND

vin

Deviation in input from its normal value

Values of V

in

+10

Large Positive Deviations

+1

Normal Positive Deviations

COND

No Change in

in

-1

Normal Negative Deviations

-10

Large Negative Deviation

out

Z is the condition required

for the gain to be correct
(if implicit in initial conditions
it is unstated)

Digraph Model

[ EXAMPLE ]
1

AIR TO OPEN

+1

regular valve

P3

quick opening

P3

M2
+10

failure models

valve stuck

+1

P3

-1

M2

valve reversed

M2

Digraph

Models

Control Valve
(Air to Open)

M = Mass Rate
P = Pressure

T = Temperature
DEN = Density
X = Mass Fraction

Output Variable
M2

M1

(Gain) Input
(+1) M 1 , (+1) P 3 , (+1)DEN . 1
(-1) P 3 , if Valve Reversed
(+1) Fails Open
(-1) Fails Closed

(+1) M 2 , (+1) P 3
(-1) P 3 if Valve Reversed
( 0 ) P 3 if Valve Stuck
(+1) Fails Open
(-1) Fails Close

( 0 ) P 3 if Valve Stuck
(-1) Plug
(-1) Leak Out
(+1) Leak In

(-1) Plug
(0)M2
(0)M2
(+1) Leak
(-1) Leak

if Plug = +10
if Fails closed = +10
Out
In

Output
P2

(Gain) Input
(+1) P 1 , (+1) P 3 , ( 0 ) P 3 if Valve Stuck ,
( 0 ) P 1 if plug = +10 , ( 0 ) P 1 if Fails Closed
+10 , (-1) Plug , (-1) Fails Closed , (-1) P 3 if Valve
Reversed , (+1) Fails Open , (+1) Leak , (-1) Leak Out

P1

(+1) P 2 , (-1) P 3 , ( 0 ) P 3 if Valve Stuck , (+1) P 3

if Valve Rev , ( 0 ) P 2 if Plug = 10, ( 0 ) P 2 if Fails
1 , (+1) Fails Closed ,
Closed = +10 , ( ) Plug
(-1)
1
Fails Open , ( ) Leak
In , (-1) Leak Out

T2

(+1) T 1 , ( 0 ) T 1 if M 2 = -10 , ( 1)

Tsurroundings

T1
P3

A,2

, (+1) Leak In (if

None
None

( 1)X , (0) X
A,1

A,1

Leak In ( if X
(if X

X A,1

None

A ,S

A,2

A ,S

T T)
surr.

if M 2 =-10 , ( 1)
X ) , (-10) Leak In
A,2

Output

(Gain) Input

Vapor

(+1) Vap. Frac. 1, ( 0 ) Vap. Frac. 1 if

Fraction 2

M2 = -10 , (+1) Leak In (if Vap. Frac.

Sur. > Vap. Frac. 2) , (-1) Leak In (if
Vap. Frac. Sur. < Vap. Frac. 2)

Vap. Frac 1

None

Den 2

(1) Den. 1 , ( 0 ) Den. 1 if M2 = -10 ,

(+1) Leak In (Den Den ) , (-1) Leak if
S

(Den Den )
S

Den 1

None

COOPERATIVE CAUSES FOR

AN EVENT
[ Example ] The simultaneous occurrences of P (+1)
and T (-1) Cause brittle fracture in a tank,

+1
(T= -1)

fracture

-1
(P= +1)

Glossary
Digraph : nodes connected by edges which have direction.
Edge : the line connecting two nodes.
It indicates a relationship between the two nodes. The
number next to the edge is the gain.
Conditional Edge : The relationship between two nodes
depends on another event or variable.
For example, the gain between valve position and
flow out of the valve is zero if the valve is stuck.
The condition is valve stuck.

Glossary
Primal node : a node on the system digraph with no
inputs.
Input : an edge pointing to the node under
consideration.
Local Input : variables or events one nods away from
the node being considered.
Gain : change in Output / Change in Input.
Gains may have values of 1, 10, 0. Zero means no gain.

Glossary
Variable and Event Values
These are deviations of the variables and events from their
normal value.

10 indicates large or fast deviations which cannot be handled by

normal NFBL.

1 is the usual deviation expected in the variable or event.

Zero means no deviation.
Some variables are univariant (can only vary in one direction
from their normal value), e.g. a normally open valve cannot be
further opened or a fire can only have values of 0, +1, and
+10.

Glossary
Feedback Loop (FBL) : A path through the nodes in
a digraph which starts and terminates at one node.
Negative Feedback Loop (NFBL) : A feedback loop in
which the product of the normal gains around the
loop is negative.
Positive Feed Back Loop (PFBL) : The product of
the gains around the FBL is positive.

[ Example ] FLOW CONTROL LOOP

FAULT TREE
The Process is a simple feedback loop for flow
control. The flow rate of stream 3 (M3) is sensed
by a flow sensor connected to signal line 4. As the
flow increases, the signal in line 4 increases. The
flow recorder-controller upon receiving the increased
signal from 4 sends a decreased signal to stream 5.
This causes the valve to close returning the flow to
its desired setting.
1

SET
PT.

FRC
1

FLOW CONTROL

LOOP

FLOW
AIR TO OPEN

M 3

-10

M 1

+1
M 2

-1 FLOW SENSOR REVERSED

+10

-10

+1

+1

FLOW
SENSOR
FAILS
HIGH

0 FLOW
SENSOR
STUCK

VALVE
MECH .
FAILS
OPEN

+10

FRC
FAILS
LOW

0 V
ALV
E S
TUC
K

-1
VAL
VE
REV
ERS
ED

+1

C
FR

RE

C
FR

P 4

-10
FLOW
SENSOR
FAILS
LOW

-10

P 5

LINE
4
RUPTURES

CK
U
T
S

C
FR

SET
POINT

+1
+10
-10

D
SE
R
VE

-1

VALVE
MACH .
FAILS
CLOSED

ON

AL
U
AN

ROC
FAILS
HIGH

LOSS
OF
INST
AIR

Discussions with the designer and operator

indicate the following events are known to occur
in this process.
Sensor : Fails (High , Low , Stuck), Reversed.
Controller : Fails (High , Low , Stuck) , On
Manual, Loss of Air (Causes Signal 5 to go
down ), Reversed .
Valve : Fails (Open , Closed , Stuck ), Reversed .
The system is normally operating with
flow in lines 1, 2, and 3 . The event that could
be a hazard is Flow in stream 3 too high
(M3 (+1)) .

M 3 (+1)

OR

M 2 (+1)
OR

M 1 (+1)

P 5 (+1)

If the fault tree is constructed by treating

the digraph as a tree, then ..

Development of Fault Tree

What could cause this ? or Which nodes are
inputs to the node representing the current
event ?
+
Nothing else happens which will cancel the original
effect . ( ON A NFBL or NFFL )

THE GENERAL FAULT TREE STRUCTURES OF NFBL

(1)

M 2 ( +1 )
OR
AND

M 1 ( +1 )
process
disturbance

AND
NOT ( P 5 (-1) )
NO control
loop correction

P 5 (+1)
control
loop disturbance

NOT ( M 1 (-1) )
NO process
disturbance
to cancel
P 5 (+1)

THE GENERAL FAULT TREE STRUCTURES OF NFBL

(1)

M 2 ( +1 )
OR
AND

M 1 ( +1 )
process
disturbance

AND
NOT ( P 5 (-1) )
NO control
loop correction

P 5 (+1)
control
loop disturbance

M 2 ( +1 )

(2)

NOT ( M 1 (-1) )
NO process
disturbance
to cancel
P 5 (+1)

OR
AND
M 1 ( +1 )

AND
OR

P5(0)
not
always
true

P 5 ( +1 )
P 5 ( +1 )

OR
M 5 ( +1 )

M1(0)
nearly
always
true

THE GENERAL FAULT TREE STRUCTURES OF NFBL

(1)

M 2 ( +1 )
OR
AND

M 1 ( +1 )
process
disturbance

AND
NOT ( P 5 (-1) )
NO control
loop correction

P 5 (+1)
control
loop disturbance

M 2 ( +1 )

(2)

NOT ( M 1 (-1) )
NO process
disturbance
to cancel
P 5 (+1)

OR
AND
M 1 ( +1 )

OR
P5(0)
not
always
true

Nearly always true

AND
P 5 ( +1 )
P 5 ( +1 )

OR
M 5 ( +1 )

M1(0)
nearly
always
true

THE

GENERAL FAULT TREE

(3)

STRUCTURES

M 2 ( +1 )
OR
OR
AND

M 1( +1 )

P 5 ( +1 )
AND

P5(0)

M 1 ( +1 )

P 5 ( +1 )

OF NFBL

THE

GENERAL FAULT TREE

(3)

STRUCTURES

M 2 ( +1 )
OR
OR
AND

M 1( +1 )

P 5 ( +1 )
AND

P5(0)

M 1 ( +1 )

(4)

P 5 ( +1 )

M 2 ( +1 )
OR
AND
M 1 ( +1 )

P 5 ( +1 )
P5(0)

OF NFBL

A disturbance propagates through a

control loop if
1. An external disturbance enters the system and
the control loop is inactive;
2. The disturbance is caused by the control loop
itself; or
3. The disturbance is extremely large in magnitude.

DISTURBANCES THROUGH A NEGATIVE

FEEDBACK LOOP

IN

OUT

10

IN

OUT

VARIABLE
DEVIATION
V

OUT

1
0

IN

OUT

Generally, VIN ( +10 ) defined as that value of VIN which causes VOUTto have at least
a +1 deviation. ( NFBL cannot completely cancel disturbance.)

THE GENERAL FAULT TREES STRUCTURES OF NFBL

M 2 ( +1 )

(5)

OR

Very
Nearly
true

M 1 ( +10 )
And P 5 (-1 )

AND
M 1 (+1)

P 5 ( +1 )
P 5 ( 0)

(6)

E
OR
AND

OR
component
failure
(primary or
secondary)

external
disturbance
enters loop
large disturbance
enters loop

Loop variable
causes disturbance
loop variable
fails to cancel
disturbance

OUTPUT ( Value )
OR
UNCONTROLLABLE INPUTS
CONTROL LOOP
PASS THROUGH THE NFBL
CAUSES THE DEVIATION
OR
EOR
CONTROLLABLE DIST
(1) INPUT (Value to give large
or fast disturbance ) NOT ON
NFBL
(2) PRIMARY FAILURE
(3) SECONDARY FAILURE
CAUSING EVENT
(4) SET POINT CHANGE

RBANCES PASS
THROUGH THE NFBL

OR

AND

LOCAL EDGE
CONDITIONS
WHICH CAUSES
REVERSE GAIN
ON NFBL

INPUT (Value
to give desired
output value)
ON NFBL

LOOP INACTIVE

OR

INPUT (value for

controllable
disturbance into
the NFBL) NOT
ON NFBL

LOCAL EDGE CONDITIONS

WHICH GIVES A ZERO
GAIN ON THE NFBL

INPUT (value = 0)
ON THE NFBL

GENERAL STRUCTURE FOR OUTPUT VARIABLES

ON A NFBL
OUTPUT ( value = 0 )
OR

LOCAL EDGE CONDITIONS

INPUT ( value= 0 )

WHICH GIVE ZERO

ON THE NFBL

GAIN ON THE NFBL

[ EXAMPLE ]
M 3 (+1)
FLOW
CONTROL
LOOP

OR
M 2 (+1)
OR
OR

M 1 (+10)

AND

EOR

Valve
M 1(+1)
OR
Mech. Fails
Open (+1)
Valve Stuck

Valve
Reversed

P 5 (+1)
Page 2

P 5 (0)
OR

FRC
On Manual

FRC
Stuck

Flow
Sensor
Stuck

P 4 (0)
OR

M2
(inconsistent)

P 5 (+1)
OR
OR
Set Pt. (+1)

EOR

FRC Fails
High

AND

FRC
Reversed
(+1)
P 4 (-1)

(no +1
disturbance)
OR
Flow
Sensor
Fails Low

OR
AND

Line
4
Ruptures

Flow
Sensor
Reversed

(no +1
disturbance)
EOR
M 2 (-1)
(inconsistent)