One more example on Fault tree and Even tree by hcj


									                              ChE/MEE 124 (W2009)
                                 Handout #M3.4
                             An Example of Fault Tree

Fault Tree Analysis (FTA) is a popular tool used by system engineers to improve the
safety of systems .Fault trees are used to anticipate system failures, identify weak links,
and balance costs against system safety.

Let’s consider the pressure vessel in Figure 1. The safety system consists of 4 valves,
which are connected to the tank. The valves will open if the pressure in the tank exceeds
a certain level, for example P0. The content in the tank will be release to the environment
if both valves A1 and A2 on line 1 or both valves A3 and A4 on line 2 are open.

                                   (1)          (2)

                              A2                      A4

                              A1                      A3


                   Figure 1. Arrangement of pressure tank and valves.
   a) What is the probability that the safety system fails to function when needed, i.e.
      the valves do not open when the pressure in the tank exceeds P0 ?

The first step is to define the Top Event. The Top Event in this case is that the safety
system fails to release the content in the tank when the pressure is more than P0.

The second step is to construct a logic diagram (the Fault Tree) showing the necessary
conditions or events that must occur in order for the top event to occur. First, the
Intermediate Events are identified and their logical relationships to the top-level event are

For the safety system of the pressure tank to fail to work, the following two events must
occur simultaneously:
    Line (1) fails to open
    Line (2) fails to open

Note that the failure could not occur if either one of these two events does not occur. This
is known as an "AND" logical relationship in the Fault Tree terminology. In an "AND"
relationship, all input events must be satisfied concurrently for the higher level event to

Construction of the Fault Tree continues by identifying the appropriate events at lower
levels and their logical relationship to the higher-level events. This process is continued
until basic failure events are identified. Basic failures are those which are not analyzed
further. The basic failures (or root causes) are placed at the bottom of the tree.

The basic failures we choose for the present case are:
    Valve 1 fails to open
    Valve 2 fails to open
    Valve 3 fails to open
    Valve 4 fails to open

The fault tree is shown in Figure 2.

The objective of FTA is to compute the probability of the top event based on the
probability of the basic failures. The probability of bottom events can be determined
through direct experimentation, historical experience, or estimation. For example, from
past data, we know that the probability that the valve will fail open when the pressure is
more than P0 is p(A1 fails to open) = p(A2 fails to open)= p(A3 fails to open)= p(A4 fails
to open) = 0.001.

Once the probabilities of the basic events are known the fault tree is solved from the
bottom up using Boolean logic and mathematics. We assume for now that the basic
failures are considered to be independent events. The probability associated with an AND
gate is easy to solve. To compute the probability of any event, simply multiply the
probability of all sub-events. For the OR gate, the probability of the output event is
determined by adding the probabilities of all sub-events (usually these are small so that
intersections involving higher order terms are negligible).

So the probability of the top event is
P(failure to danger mode) =( p(A1 fails to open) + p(A2 fails to open)) x ( p(A1 fails to
open) + p(A2 fails to open))

A complete fault tree analysis must take into account common-cause failures. Significant
environmental events (e.g., earthquake, lightning strikes, terrorist attacks, etc.) may
simultaneously cause failures of multiple components or subsystems.

                             The safety system fails to
                             release the content in the
                             tank when the pressure is
                             more than P0


       (1) fails to open                                        (2) fails to open

                           OR                             OR

 A1 fails to         A2 fails to                          A3 fails to           A4 fails to
 open                open                                 open                  open
                       Figure 2 Fault tree for fail-to danger mode.
   b) What is the probability that the safety system releases the contents in the tank
      when the pressure is less than P0?

In this we consider the case that the valves open spuriously even when the pressure in the
tank is less than P0. This is the fail-to-safe mode, i.e. the safety system acts spuriously
under normal operational condition. This is important because the contents in the tank
will be released to environment unnecessarily. .

In the fail-to-safe mode we are concerned with the valves opening spuriously during a
certain period of time. This is like a Poisson process. For example, suppose an estimate of
the probability that a valve will open spuriously under normal working condition is 10-4
per year. This data is usually provided by the manufacturer.

Let consider the probability of fail-to-safe over a period of 1 year ( for example this may
be a maintenance interval). The probability that valve A1 will open spuriously during one
year is 10-4. This is the same for A2, A3 and A4.

Figure 3 shows the fault tree for the fail-to-safe mode. The calculation of the probability
of the top event is trivial. The final result is
             p(fail-to-safe) = p(A1 opens spuriously) x p(A2 opens spuriously)
                     + p(A3 opens spuriously) x p(A4 opens spuriously)
                            The safety system acts
                            spuriously to release the
                            content in the tank when
                            the pressure is less than P0


     (1) opens spuriously                                   (2) opens spuriously


A1 opens         A2 opens                              A3 opens           A4 opens
spuriously       spuriously                            spuriously         spuriously
                       Figure 3 Fault tree for fail-safe mode.

To top