A knowledge-based approach to the evaluation of fault trees

A knowledge-based approach to the evaluation of fault trees

Reliabili O' Engineering and System St([~'ty 52 (1996) 77-85 ELSEVIER 0951-8320(95)00126-3 © 1996 Elsevier Science Limited Printed in Northern Irel...
Download PDF
635KB Sizes 1 Downloads 54 Views
Report

Reliabili O' Engineering and System St([~'ty 52 (1996) 77-85

ELSEVIER

0951-8320(95)00126-3

© 1996 Elsevier Science Limited Printed in Northern Ireland. All rights reserved 0951-8320/96/$15.00

A knowledge-based approach to the evaluation of fault trees* Yann-Jong Hwang & Louis R. Chow & Henry C. Huang Graduate Institute of Management Science, Tamkang University, Taipei, Taiwan 106, ROC (Received 30 March 1995: accepted 24 October 1995)

A list of critical components is useful for determining the potential problems of a complex system. However, to find this list through evaluating the fault trees is expensive and time consuming. This paper intends to propose an integrated software program which consists of a fault tree constructor, a knowledge base, and an efficient algorithm for evaluating minimal cut sets of a large fault tree. The proposed algorithm uses the approaches of top-down heuristic searching and the probability-based truncation. That makes the evaluation of fault trees obviously efficient and provides critical components for solving the potential problems in complex systems. Finally, some practical fault trees are included to illustrate the results. © 1996 Elsevier Science Limited. 1 INTRODUCTION

omission and inaccuracies. Second, the n u m b e r of MCSs generation will increase exponentially with the size of tree. 37 Therefore, this research intends to propose an efficient approach to obtain critical items of a complex system, namely, 'the critical items identification system-CIIS.' The framework of CIIS is depicted in Fig. 2. It consists of several modules: the fault tree construction, the rules converter, the failure data analysis, and the minimal cut sets determination. They are integrated with a knowledge base for identifying the critical items. Since the n u m b e r of MCSs generation in the fault tree analysis is one of our major concerns, many c o m p u t e r algorithms have been proposed to resolve the problem of finding MCSs, such as MOCUS," W A M C U T , ~ SETS, ~ and F A T R A M ? ' However, some of them are expensive and inefficient for running under mainframe computers. Some of them can not model complex systems with control loops. ~ Other algorithms consider the MCSs with individual probability greater than a certain value. They do not ensure that the total effect of all the eliminated cut sets are not important. Therefore, an efficient algorithm has been developed as part of the CIIS in this research and applied to the Reliability Monitoring and M a n a g e m e n t System (RMMS) in the IRI project.

This research is part of the Integrated Reliability I m p r o v e m e n t ( I R I ) project, sponsored by the Institute of Nuclear Energy Research, the Republic of China and the Taiwan Power Company. The purposes of the I R I project are to reduce unexpected reactor trips (or reactor scrams) and to improve the reliability and safety of the nuclear power plant. There are two major processes in the I R I project: the problem identification and the problem solution (Fig. 1). The initial and most important process in the p r o b l e m identification is to determine the minimal cut sets from the fault tree in the critical items identification module. Fault T r e e Analysis ( F T A ) is widely used for obtaining qualitative and quantitative reliability of complex systems. The analysis process consists of constructing a fault tree which is a model and represents various parallels and sequential combinations of events. These events can be presented by graphical and logical models in the occurrences of a main concern event. Fault trees with repeated events are usually evaluated by determining the minimal cut sets (MCSs). However, there are two major concerns of evaluating fault trees: first, to manipulate fault tree construction is laborious and prone to errors of

2 THE OPERATION FLOW OF CIIS

* This paper was partially presented at the lASTED International Conference on Reliability, Quality control and Risk Assessment held in Washington DC, USA, in November 1992. ~3

The Critical Items Identification System (CIIS) is designed to integrate the construction of fault trees, 77

Yann-Jong Hwang et

78 Problem Identification r .

'

Ii I

i I.

.

.

.

.

Preventive Maintenance .

.

.

:~Ni

.

.

.

.

.

.

.

1 '~::.:~...... / RootCauses ~:::~:t.

Maintenance Recommendali

.

.

Analysis

.

Problem Solution Fig. 1. The major processes of IRI.

the database of failure data analysis, and the minimal cut sets (MCSs) evaluation with prior knowledge. The system has also been developed from the viewpoint of reliability improvement, and the details of operation flow of CIIS are shown in Fig. 3, in which the component failure modes are stored in a separate database. The safety engineers may use and modify these component models, or specify their own models. Traditionally, the SETS input files need to be built and transferred on a mainframe computer for the MCSs determination. In this research, a rules converter was developed to turn the fault tree data file into a knowledge base and the rule base file was produced for the MCSs determination directly. Therefore, the process of operation flow is simplified and the cost of the operation is reduced by eliminating these modules (dot boxes in Fig. 3). The following sections will describe the need for fault tree construction in CIIS, what kind of knowledge is stored and how it is derived.

spaceJ 2 Therefore, a fault tree model is a good way to present the knowledge about component failures in a system. However, it is well known that the manipulation of fault tree construction is a timeconsuming task. Some experiences show that the process of constructing a fault tree is not formalized but relies on the analyst's experience and heuristics. 3 Therefore, in order to reduce manual fault tree construction errors and to provide a tool for early fault tree analysis, an interactive computer-assisted construction of the fault tree, upon an event-driven and pull-down menu user friendly interface, was developed in this research. An example of the CIIS fault tree construction is shown in Fig. 4. With this interactive construction, the fault tree can easily break down a complex system into simpler subsystems to reduce the complexity. More importantly, using the CIIS for fault tree construction can decrease the cost and improve the quality of the analysis. Additional advantages of the CIIS fault tree construction are: • • •





• 2.1 The need for fault tree construction

The construction of a fault tree is designed to organize the knowledge about potential failures in a system. From a practical viewpoint, the size of the population in the failure space is less than that in the success

A.

Tree I I Rules C°nstructi°nl~i Converter B. [ Fault

Analysis C.

Base

D. j

lDetermination

E.

Critical I ]Components J LIdentificatior] Fig. 2. The framework of CIlS.

al.

to adjust the level of details dynamically during the analysis: to allow the analyst to zoom in/out on particular aspects of the system conditions: to input additional information or detail description to maintain the consistency of the database; to provide a convenient mechanism for encoding fault tree analysis rules from the expressiveness of production rules: to simplify the rules that provide reliability engineers with an intuitive understanding of the reliability analysis process: and to allow the fault tree construction to be carried out on many different knowledge bases for reliability analysis.

2.2 Rules and knowledge base

Knowledge may be obtained in several ways, but in most cases, it is not possible to acquire all of the relevant information. Representation of the fault tree with rules makes it feasible to obtain intermediate results. ~2 By the construction of a fault tree, the data structure files of graphic trees can be converted into a knowledge base automatically. (Concepts of the operation flow are shown in part B of Fig. 3.) The logical connections among fault tree events are projected in the form of the linked list and objects. This may enhance data consistency and eliminate the errors in data transcription from many other sources. The logical rules and data structures of the example tree of Fig. 4 is depicted in Fig. 5. Each fault tree event is represented in a list which consists of parent event, logical type, and location

Evaluation of fault trees

79

S~s-RBS ] Converter

'~/AiBV "

Converter

~D Importance

I~.1

M.C.S. I

Analysis ~Determination I

Components

Inquiry J

/Minimal[

~utSets L

Fig. 3. The operation flow of CIIS.

coordinate. The detail information of the events is stored in a database as follows: • •

• •

F T - I D - - A l p h a n u m e r i c texts for fault tree event or c o m p o n e n t identifier. T y p e - - L o g i c a l types in which A G is for A N D gate, O G is for O R gate, and BE is for Basic Event. L o c . - - L o c a t i o n coordinate of the event in the relative screen. P a g e - - L o c a t i o n page.

File

~

View

Search

Setup



P a r e n t - - T h e output gate of this event.

The other information about the events, such as failure probabilities, failure modes, and detail descriptions, is presented in a separate database (Part C, failure m o d e database, in Fig. 3). These representations may reduce the redundant events (e.g., repeated events) in the knowledge base. The representation of the fault tree with rules makes it feasible to capture the intermediate results. However, most maintenance data are built as data

Type

Help

I TOP I

I G1 I

@

IJ I O z~

G EXAMPLE FLT

Creating a basic event

current page: 1 of 1

Fig. 4. An example of the fault tree construction.

<2> @,

Yann-Jong Hwang et al.

80 FT-ID: TOP

G2

FT-ID: G

( T O P A G G1 G2)

Type: AG

OG

Type: BE

(GI

Loc: xl, y l

2,y2

(SETQ RBS-RULES '(

AG A G3 )

(G20G

B G4 E )

Page:

(G30G

B H C)

Parent:

(G4

1

Page: l

TOP ...... Parent: G5

F C G)

)) Fig. 5. Example of the rules and data structure AG: AND gate, OG: OR gate, BE: Basic Event.

base files. It has to consider the maintenance data and the diagnostic information to the right consistency. Through the construction of fault trees in CIIS, the data structure files of a graphic tree can be represented by a rule base (Fig. 5) and a relational data base (Fig. 6). Figure 6 shows that the field CF stores the certainty factor of each rule, and that the field TI stores the time interval of the occurred parent event. The CF is associated with a failure event that is a heuristic measure of the likelihood and presents the occurrence of the parent fault. The field PS presents the parent status which is controlled by the backward reasoning process. On the other hand, the field CS presents a child status which is under the control of the forward reasoning process. The contents of PS and CS are: Help, Yes, No, --Unknown, or Backtracking. For further diagnostic purposes, the s y m p t o m file of the diagnostic system must be read before executing fault diagnosis, m o r e o v e r , s y m p t o m s of equipment failure are accessed from the data base file. The reasoning process of fault diagnosis is also subject to the failure modes generation, temporal, heuristic, and feasibility constraints resulting from the knowledge stored in the knowledge base and the available information of symptoms.

Gate Event

Child Event

TOP

G1

OR

TOP

G2

OR

G1

AF

AND

G1

G3

AND

G2

BF

AND

G2

G4

AND

G3

BF

OR

G3

SL

OR

G4

AF

OR

G4

SL

OR

PS: Parent

Status

Gate Type

PS

CS

OF CRITICAL

Loc: x16, y16

I

AG D G5 )

(G50G

3 THE IDENTIFICATION COMPONENTS

CF

TI

This section presents the algorithm of CIIS to determine minimal cut sets (MCSs). As shown in Fig. 2, the input is produced from the construction of fault tree, the rules converter, and the failure dam analysis. The p r o b l e m of determining MCSs of a fault tree involves a combination explosion due to an exponential increase of MCSs in a complex system. Therefore, to determine MCSs is a time-consuming and difficult process. Many algorithms have been developed to obtain minimal cut sets in a fast and efficient way. 2"7"~'9"~ However, some reports have shown that the computer implementation of these algorithms are less efficient than expected. 2"4"9The CIIS consisting of the top-down Boolean algebra methodology, the best-first searching (a heuristic method), and the probability-based truncation, is developed in this research to solve the p r o b l e m of resolving minimal cut sets of large fault trees. The advantages of this approach includes the reduction of storage problem, the increase of computational speed, and an easier implementation on personal computers. 3.1 T h e CIIS reduction algorithm

The CIIS reduction algorithm is both a top-down and a b o t t o m - u p algorithm remodeled from F A T R A M . ~ The major difference between the CIIS and F A T R A M is that the CIIS uses the heuristics approach to select/eliminate the intermediate cut sets, while F A T R A M is not able to ensure which cut sets are important or unimportant to be selected/eliminated. In CIIS, gates resolved are selected by using best-first search. For large fault trees, only minimal cut sets up to a certain order are required. A reduction process may occur as each set is being generated. T e r m s in a Boolean expression are discarded using a certain order or a probabilistic cut-off criterion: the term is discarded if the n u m b e r of failed basic events is above a pre-defined order, or the occurrence probability of the term is smaller than a particular value P0 (e.g., 10 ~). Assume that the system has n independent components. Simultaneous existence of all n basic events (Bi, i = 1, 2 ..... n) results in the top event. Thus the system unavailability ~ ( t ) with an A N D gate is given by the probability that all basic events exist at time t:

£ ( t ) = Pr(B, (3 B2 (3 ...B,,) : P~(B,)Pr(B2)...Pr(B,,) CS: Child Status

CF: Certainty Factor TI: Time Interval Fig. 6. Sample structure of a data base file.

~I P~(B,). i

(1)

1

Regarding a system with an O R gate, the top event occurs at time t i f and only i f at least one of the n basic

Evaluation o f f a u h trees events occurs at time t. Thus, the system availability R,(t) and the system unavailability F~(t) are given by

Rs(t) = Pr(B1 f') B: 71 ... A B . )

(2)

E ( t ) = P,(B, U B2 U ... U B,,)

(3)

where the symbol U denotes the union of events, 71 shows the intersection of events, and Bi represents the c o m p l e m e n t of the event Bi; i.e., the event Bi means non-occurrence of the event Bi at time t. The independence of the basic events B b B2 ..... B,, implies the inde~_endence of the c o m p l e m e n t a r y events Bl B2 ..... B,, Thus R~(t) in (2) can be written as

R~(t) = Pr(B,)P,(B2)...P,(B,,) = [1 - P~(B~)][1 - P~(B2)]...[1 - P~(B,,)] = I~I [1 - Pr(B,)].

(4)

i=1

The unavailability E ( t ) can be calculated by ~ ( t ) = 1 - R,(t) = 1 - I~I [1 - Pr(Si)].

81

Step 4. Carry out the best-first searching based on the order of sets until one of the minimal order of retained sets is found. Step 5. Each retained set has to be taken into consideration according to the following reduction processes: 1. If ( a + /3) > M, then eliminate the set, since M is the m a x i m u m order of minimal cut sets to retain. 2. If ( a = order of the set) and (/3 = 0, y = 0), then choose this set to be a MCS after eliminating the redundant sets. 3. If [(a + y) = order of the set] and (/3 = 0), then resolve O R gates to the basic events and push these sets into the MCSs after eliminating the redundant sets. 4. Otherwise, the set is retained. Step 6. Iterate the above steps from 3 to 5 until all gates are resolved. The flow chart of this algorithm is depicted in Fig. 7.

Given M, Po

(5)

i=1

I CalculateProb. of all events

Step 1.

For obtaining the reduction algorithm, it is required that some terms are defined as: • •

• • • •

R e p e a t e d e v e n t - - A basic event that occurs as an input to m o r e than one gate in the fault tree. S u p e r s e t - - A cut set that is not minimal. (In the intermediate steps of the analysis it may contain gates.) R e d u n d a n t s e t - - A cut set that is not a MCS. Potentially minimal cut s e t - - A cut set which has to be checked for being minimal. O r d e r of a s e t - - T h e n u m b e r of elements in a set. M = m a x i m u m order of minimal cut sets to be retained.

Now, for each retained cut set, let a = n u m b e r of basic events; /3 = n u m b e r of A N D gates; and 3'= n u m b e r of O R gates whose inputs are basic events only. The C I I S reduction algorithm is then derived from the following steps: Step 1. Calculate failure probabilities Pr of all events. 5 The intermediate probability of the A N D gate in the fault tree is obtained by using (1) and the probability of the O R gate is calculated by using (5). Step 2. M a r k all of the O R gates which have only basic event inputs. Step 3. Resolution begins with the top event T. If the event is an A N D gate, all inputs are listed as one set; if it is an O R gate, the inputs are listed as separate sets. Then, by Step 1, re-calculate the probability P, of intermediate cut set. If P~ is greater than Po, then retain this set and r e m o v e supersets at this stage.

4`

MarkOR gates ~(--~-IIntermediate 1 whichhaveonly ReducedTree basicinputs

Step 2.

4,

Step 3.

Resolvegatesto t theintermediary cutsets and

(P>%)

$

Step,.

[ Serach'ngaproper set ] ~ I

aestF"tSearch1

thisset Step5.

No~ ~~__~Choose

~is set[ toboaMCS

Y

I-----

N°,t, Ig=est°MCSs No

retainedset

Fig. 7. Flow chart of the CIIS algorithm.

Yann-Jong Hwang et

82

3.2 Example

The minimal cut sets for the fault tree in Fig. 8 are determined in this example. The fault tree contains two repeated events, B and C. Suppose that only cut sets of order 2 or less is required, that is, M = 2 . Assume also Po = 10 ~o. Then, all steps of the algorithm are illustrated as follows: 1. Assume the failure probability of all basic events is 10 -~, thus by Step 1 that the failure probabilities of all gates are: P ( G 3 ) = 2.01.10 3 P ( G 5 ) =2.01-10 3, P ( G 4 ) = 2.01.10 6, P ( G 1 ) = 2.01.10 6 P ( G 2 ) = 1.01.10 s 2. The T O P gate is an A N D gate: thus, we obtain ((G1 G2)). Since G1 is an A N D gate, G2 is an O R gate and there are no basic events in this set, thus a = 0, /3 = 1, and y = 0. By Step 5, this set is retained. 3. Since the failure probability of the set (P, nd(G1)" P,,,(G2)) is greater than P0, and G1 is an A N D gate, G2 is an O R gate; thus, by Step 3, this set is resolved yielding: ((A G3 G2)). 4. Both G2 and G3 are O R gates, but G3 has only basic event inputs, thus c~ = 1, /3 = 0, and y - 1. The order of this set is 3, so it is retained by Step 5. Then, resolving G2, we obtain ((A G3 B) (A G3 E) (A G3 G4)). 5. By Step 4, we first select the set (A G3 B) which has two basic events and an O R gate G3. The inputs of G3 are basic events only thus, c ~ - 2, / 3 = 0 , and -1,=1. Since ( c ~ + y ) = 3 = o r d e r of this set, it is resolved into the yielding: ((A B B) (A H B) (A C B)). By using the idempotence law and absorption law in Boolean algebra, m we have: ((A B)). The second set (A G3 E) has two basic events A, E, and gate G3, and this gives: (A B E) (A H E) (A C E), all of which can be eliminated due to c~ > M. In the third set (A G3

G(2> Fig. 8. Fault tree example from "

al.

G4), A is a basic event, G3 is an O R gate, and G4 is an A N D gate, thus, a = 1, /3 = 1, 7 = 1. The order of this set is 3, so this set is to be retained by Step 5. Then, we select G4 to be resolved, giving: (A G3 D G5). . In this set, there are two basic events A and D, and two O R gates G3 and G5 which have only basic event input, so c~ = 2, 7 = 2, giving a + y = 4 = order of the set. However, in G3, there is no event c o m m o n to A and D. After resolving G3, the order of this set is greater than M, hence the set is eliminated. 7. Finally, there are no other gates to be remained. In Step 5 only the set (A B) is retained as the only minimal cut set of order 2 or less for this example.

4 COMPARISON OF" CIIS AND FATRAM The fault trees shown in Table 1 are created from the Maanshan Nuclear Power Station in Taiwan. The performance of these trees are c o m p a r e d in accordance with the execution times of using the CIIS and the F A T R A M in seconds on an IBM P C / A T 486DX-33 personal computer. According to Table 1, for small trees, F A T R A M is shown to use slightly less time than CIIS did. However, the very complex fault trees like R X S C R A M and RPS, which have more than 400 events, have many repeated events and the n u m b e r of their originality cut sets analysis is more than 10 j'~ (as shown in Table 2). In this case, F A T R A M could not resolve those MCSs, but CIIS did because of its top-down heuristics searching and the probabilitybased truncation characteristics. The LISP functions about the detailed heuristics approach is shown in Fig. 9, which has been provided to illustrate one of the heuristics functions returning with a single important intermediate cut set. Figure 10 expounds how the heuristics approach gets rid of the unimportant redundant sets. This result is particularly useful in obtaining the critical items in complex systems. Since the heuristics approach is involved in the CIIS algorithm, it is appropriate to compare the n u m b e r of loops (recursive calls) required by the algorithm in step 4. Table 3 summarizes the results of this comparison. Meanwhile, for complex fault trees such as R X S C R A M and RPS, the CIIS implementation reveals an evident i m p r o v e m e n t in the performance. The complexitv of most algorithms of CIIS is O(nlogn) or O(n2), which is better than the O(3"/n), 4 the running time for general requirements in the worst case of determining the MCSs. Moreover, some of the above fault trees were also transferred to the C D C computer for running SETS code. 1' Similarly, the results from the CIIS appear

Evaluation of fault trees

83

Table 1. Comparison of CIIS and FATRAM Fault tree file name

No. of events

No. of AND gates

No. of OR gates

No. of order require

No. of minimal cut sets

CIIS2 exec. time

FATRAM exee. time

217

27

59

84

8

23

MFWSAPRM

239

21

55

591

10

152

RPS

407

19

96

TBSEALSY

108

5

33

135 322 28 40 1 325 41 4018" 18 3509* 19 1787

2.86 5.60 5.54 9.99 2:56.70 6:08.17 10:40.43 11:54.58 6:30.74 10:13.9 11.10 2:12.9

2.20 5.38 10.16 29.33 2:45.49 5:16.31

RXSCRAM

2 3 2 3 2 3 1 2 1 2 2 3

AIRGAS GENH2SYS

7.3 1:53.53

"-": not feasible (time out is 120 minutes): unit of computation time is mm:ss.00 "*": upon the probability-based truncation. more efficient than the SETS code. Thus it is especially more convenient for the reliability engineers. The goal for the evaluation of the minimal cut sets is for obtaining the priority of maintenance activities. When a fault tree is reduced to its minimal cut sets form, components are grouped in combinations capable of causing the top event. Some components appear in minimal cut sets are more frequent than the others. Thus, the preventive maintenance for critical components in a system may be prioritized with a view to the importance of the minimal cut sets, and to the frequency of a c o m p o n e n t that appears in the various minimal cut sets (see part E in Fig. 3).

5 CONCLUSIONS

AND

FUTURE

WORK

This paper proposes a knowledge-based approach to integrate the construction of fault trees, the database of failure data analysis, and the rules converter of knowledge base, in order to determine the MCSs for building the critical items' identification system (CIIS). The CIIS may determine the critical components of a complex system even in the absence of failure probabilities, and may provide a costefficient program to enhance the qualitative and quantitative analysis. This approach and the CIIS program have been used successfully in the nuclear power plants of the Taiwan Power Company and in

Table 2. Numbers of the originality cut sets Fault tree file name

No. of events

No. of AND gates

No. of OR gates

No. of basic events

No. of repeat events

No. of cut sets (NCutSet)

No. of recursion

MFWSAPRM MFWSDTL3 RXSCRAM RPS

239 564 591 407

21 41 l0 19

55 157 152 96

163 366 429 292

62 53 100 80

116640 38175 6.734 × 10 's 1.552 × 10'"

1643 1494 3181 1799

(DEFUN M Y - B F S - S O R T I (LST % L o c a l % LSTI) ((NULL LST) LST) ((NULL (CDR LST)) LST) ((= (LENGTH (CAR LST)) i) LST) ;; IF the first is a single i t e m (SETQ LSTI (SPLIT LST)) ;; T H E N r e t u r n to u p p e r routing. (MY-BFSI ( M Y - B F S - S O R T I LST) ( M Y - B F S - S O R T I LSTI)) ) (DEFUN M Y - B F S I (LSTI LST2) ((NULL LSTI) LST2) ((NULL LST2) LSTI) ((> (LENGTH (CAR LSTI)) (LENGTH (CAR LST2))) (RPLACD LST2 (MY-BFSI LSTI (CDR LST2))) ) 3)) (RPLACD LSTI (MY-BFSI (CDR LSTI) LST2)) )

; ; (RPLACD ;; ==>

' (a)

'(l 2

(a 1 2 3)

Fig. 9. One of the heuristics functions returning with a single important intermediate cut set.

Yann-Jong Hwang et al.

84

(DEFUN C U T S E T - W E E D I N G (LSTS % L o c a l % BAS A G O G OGB A L P H A B E T A G A M M A LST RTLS) (LOOP ((NULL LSTS) RTLS) (SETQ LST (POP LSTS)) (COND ((NULL LST) RTLS) ;; T R U N C A T E - N O D E ((< (CS-VALUE LST) * R E D U C E - N O D E - V A L U E * ) ) (T (SETQ BAS (BAS-AG-OG LST)) (SETQ A G (CADR BAS) ; A N D gate OG (CADDR BAS) ; OR gate OGB (CADDDR BAS) ) ; OG but o n l y b a s i c input (SETQ BAS (CAR BAS)) ; B A S I C events (SETQ A L P H A (LENGTH BAS) B E T A (LENGTH AG) G A M M A (LENGTH OGB) ) (COND (> (+ A L P H A BETA) * R E D U C E - N U M B E R * ) ; M ) (= A L P H A (LENGTH LST)) ; AG, OG and OGB = NIL (COND ((>= (CS-VALUE LST) * R E D U C E - V A L U E * ) (SETQ LST (DELETE-V/ILl LST)) (SETQ *MCS* (WEED-MCS (LIST LST) *MCS*)) (SET-CURSOR W 33) (LPRINI (LENGTH *MCS*)) ) (T RTLS) ) ) (= (+ A L P H A GAMMA) (LENGTH LST)) ;AG ,OG = N I L ; (SETQ LST (WEED-OGB BAS OGB)) (SETQ LST ( D E L E T E - V A L I S LST)) (COND ((NULL LST) RTLS) (T (SETQ *MCS* (WEED-MCS LST *MCS* ) ( S E T - C U R S O R V V 33) (PRINC (LENGTH *MCS*)) ) ) ) (T (PUSH LST RTLS)) ) ) ) ) )

Fig. 10. The function getsrid ofthe unimportantredundantcutsetsand retainstheintermediatesets. Table 3. Comparison of the number of loops required Fault tree file name MFWSDTL3 RXSCRAM RPS

No. of events

No. of AND gates

No. of OR gates

No. of repeat events

No. of order require

No. of MCSs

CIIS

FATRAM

564 661 407

41 10 19

157 152 96

53 100 80

2 2 2

2002 4018 3509

557 886 775

l 191 2864 1997

the experiments of other complex systems such as telephone network systems for determining the potential problems. The future work of this research will focus on the fault diagnosis and the ability to deal with certainty factors resulting from inexact knowledge, and apply the extended knowledge-based approach t o the failure analysis in order to achieve the improvement of the preventive maintenance for a complex system.

ACKNOWLEDGEMENT We sincerely thank Mr Yi-Tsang Lo, director of the IRI project, Mr Huatai Huang and Mr Jen Fon, for

providing us with the real fault-trees we used to evaluate our approach.

REFERENCES 1. Bossche, A., Computer-aided fault tree synthesis I (system modeling and causal trees). Reliab. Engng System Safety, 32 (1990) 217-241. 2. Brown, K. S., Evaluating fault trees (AND & OR gates only) with repeated events. IEEE Trans. Reliab., 39 (1990) 226-235. 3. Carpignano, A. & Poucet, A., Computer assisted fault tree construction: a review of methods and concerns. Reliab. Engng System Safety, 44 (1994) 265-278.

Evaluation or fault trees 4. Coudert, O. & Madre, J. C., MetaPrime: an interactive fault-tree analyzer. IEEE Trans. Reliab., 43 (1994) 121-127. 5. Feo, T., PAFT F77 program for the analysis of fault tree. IEEE Trans. Reliab., 35 (1986) 48-50. 6. Henley, E. J. & Kumamoto, H., Reliability Engineering and Risk Assessment, Prentice-Hall, Inc., N.J., 1981. 7. Kumamoto, H. & Henley, E. J., Top-down algorithm for obtaining prime implicit sets of non-coherent fault trees. IEEE Trans. Reliab., 27 (1978) 242-249. 8. Lellouche, G. S., WAMCUT, a computer code for fault tree evaluation. Technical report, Electric Power Research, Paolo Alto, CA, 1978. 9. Rasmuson, D. M. & Marshall, N. H., FATRAM--a core efficient cut-set algorithm. IEEE Trans. Reliab.,

85

27 (1978) 250-253. 10. Schneeweiss, W. G., Boolean Fanctions with Engineering Applications and Computer Programs, SpringerVerlag, New York, 1988. 11. Stack, D. W., A SETS User's Manual for accident sequence analysis, Sandia National Lab., Albequerque, NM, 1985. 12. Vesely, W. E., Goldberg, F. F., Roberts, N. H. & Haasl, D. F., Fault Tree Handbook, U.S. Nuclear Regulatory Commission, Washington, DC., 1981. 13. Hwang, Y. J., Chow, L. R. & Huang, H. C., CIIS--an efficient package for obtaining critical items of complex systems. Proc. lASTED Int. Conf., Reliability, Quality Control and Risk Assessment, 4-6 November 1992, Washington, DC, pp. 9-12.