Fault Tree Analysis Part 3: Digraph-Based Fault Tree Synthesis Procedure (Tree and NFBL)

LEVELS OF MATHEMATICAL MODELS OF ENGINEERING SYSTEMS Partial Differential Equations Ordinary Differential Equations Algebraic Equations DIGRAPHS V1V2 Gain Multi-Valued Logic Boolean Algebra node edge

The value of gain is discretized! ±1: if a moderate deviation in the input variable causes moderate deviation in the output. ±10: if the output deviation is very large when compared to the input. 0: if the output deviation is very small compared with the input.

Computation of Output Value

[ Example ] HOT NITRIC ACID COOLING WATER WATER LEAKS INTO NITRIC ACID A U TSURR +1 T 2

T2(+1) OR M1(+1)T1(+1)……M4(-1) The Fault-Tree Structure for Tree-Like Digraph

THE MAGNITUDE OF DISTURBANCES Gain +10 “Large” Positive Deviations + 1 “Normal” Positive Deviations 0 No Change in - 1 “Normal” Negative Deviations -10 “Large” Negative Deviation Z is the condition required for the gain to be correct (if implicit in initial conditions it is unstated) Deviation in input from its normal value

Digraph Model [ EXAMPLE ] 3 12 AIR TO OPEN regular valve P 3M 2 +1 quick opening P 3M failure models M 2P valve stuck -1 valve reversed

Digraph Models Control Valve (Air to Open) 3 12 M = Mass Rate P = Pressure T = Temperature DEN = Density X = Mass Fraction Output Variable(Gain) Input M 2 (+1) M 1, (+1) P 3, (+1)DEN. 1 (-1) P 3, if Valve Reversed (+1) Fails Open (-1) Fails Closed M 1 (+1) M 2, (+1) P 3 (-1) P 3 if Valve Reversed ( 0 ) P 3 if Valve Stuck (+1) Fails Open (-1) Fails Close ( 0 ) P 3 if Valve Stuck (-1) Plug (-1) Leak Out (+1) Leak In (-1) Plug ( 0 ) M 2 if Plug = +10 ( 0 ) M 2 if Fails closed = +10 (+1) Leak Out (-1) Leak In

Output(Gain) Input P 2 (+1) P 1, (+1) P 3, ( 0 ) P 3 if Valve Stuck, ( 0 ) P 1 if plug = +10, ( 0 ) P 1 if Fails Closed +10, (-1) Plug, (-1) Fails Closed, (-1) P 3 if Valve Reversed, (+1) Fails Open, (+1) Leak, (-1) Leak Out P 1 (+1) P 2, (-1) P 3, ( 0 ) P 3 if Valve Stuck, (+1) P 3 if Valve Rev, ( 0 ) P 2 if Plug =, ( 0 ) P 2 if Fails Closed = +10, ( ) Plug, (+1) Fails Closed, (-1) Fails Open, ( ) Leak In, (-1) Leak Out T 2 (+1) T 1, ( 0 ) T 1 if M 2 = -10, ( ), (+1) Leak In (if ) T 1None P 3None

Output(Gain) Input Vapor Fraction 2 Vap. Frac 1 Den 2 Den 1

COOPERATIVE CAUSES FOR AN EVENT [ Example ] The simultaneous occurrences of P (+1) and T (-1) Cause brittle fracture in a tank, PfractureT +1 (T= -1) (P= +1)

Glossary Digraph : nodes connected by edges which have direction. Edge : the line connecting two nodes. –It indicates a relationship between the two nodes. The number next to the edge is the gain. Conditional Edge : The relationship between two nodes depends on another event or variable. – For example, the gain between valve position and flow out of the valve is zero if the valve is stuck. The condition is “valve stuck”.

Glossary Primal node : a node on the system digraph with no inputs. Input : an edge pointing to the node under consideration. Local Input : variables or events one nods away from the node being considered. Gain : change in Output / Change in Input. –Gains may have values of ±1, ±10, 0. Zero means no gain.

Glossary Variable and Event Values These are deviations of the variables and events from their normal value. ±10 indicates large or fast deviations which cannot be handled by normal NFBL. ±1 is the usual deviation expected in the variable or event. Zero means no deviation. Some variables are univariant (can only vary in one direction from their normal value), e.g. a normally open valve cannot be further opened or a fire can only have values of 0, +1, and +10.

Glossary Feedback Loop (FBL) : A path through the nodes in a digraph which starts and terminates at one node. Negative Feedback Loop (NFBL) : A feedback loop in which the product of the normal gains around the loop is negative. Positive Feed Back Loop (PFBL) : The product of the gains around the FBL is positive.

[ Example ] FLOW CONTROL LOOP FAULT TREE The Process is a simple feedback loop for flow control. The flow rate of stream 3 (M3) is sensed by a flow sensor connected to signal line 4. As the flow increases, the signal in line 4 increases. The flow recorder-controller upon receiving the increased signal from 4 sends a decreased signal to stream 5. This causes the valve to close returning the flow to its desired setting.

FRC FLOW SET PT FLOW CONTROL LOOP AIR TO OPEN VALVE STUCK -1 VALVE REVERSED -1 FLOW SENSOR REVERSED +1 0 FLOW SENSOR STUCK +1 FRC REVERSED 0 FRC STUCK 0 FRC ON MANUAL

Discussions with the designer and operator indicate the following events are known to occur in this process. Sensor : Fails (High, Low, Stuck), Reversed. Controller : Fails (High, Low, Stuck), On Manual, Loss of Air (Causes Signal 5 to go down ), Reversed. Valve : Fails (Open, Closed, Stuck ), Reversed. The system is normally operating with flow in lines 1, 2, and 3. The event that could be a hazard is “Flow in stream 3 too high (M3 (+1)).”

M 3 (+1) M 2 (+1) OR M 1 (+1) P 5 (+1) If the fault tree is constructed by treating the digraph as a tree, then ……..

Development of Fault Tree “ What could cause this ? ” or “ Which nodes are inputs to the node representing the current event ? ” + “ Nothing else happens which will cancel the original effect. ” ( ON A NFBL or NFFL )

THE GENERAL FAULT – TREE STRUCTURES OF NFBL ( 1 ) M 2 ( +1 ) OR AND M 1 ( +1 ) process disturbance NOT ( P 5 (-1) ) NO control loop correction P 5 (+1) control loop disturbance NOT ( M 1 (-1) ) NO process disturbance to cancel P 5 (+1)

THE GENERAL FAULT – TREE STRUCTURES OF NFBL ( 1 ) M 2 ( +1 ) OR AND M 1 ( +1 ) process disturbance NOT ( P 5 (-1) ) NO control loop correction P 5 (+1) control loop disturbance NOT ( M 1 (-1) ) NO process disturbance to cancel P 5 (+1) ( 2 ) M 2 ( +1 ) OR AND M 1 ( +1 ) OR P 5 ( +1 ) OR P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true

THE GENERAL FAULT – TREE STRUCTURES OF NFBL ( 1 ) M 2 ( +1 ) OR AND M 1 ( +1 ) process disturbance NOT ( P 5 (-1) ) NO control loop correction P 5 (+1) control loop disturbance NOT ( M 1 (-1) ) NO process disturbance to cancel P 5 (+1) ( 2 ) M 2 ( +1 ) OR AND M 1 ( +1 ) OR P 5 ( +1 ) OR P 5 ( 0 ) P 5 ( +1 ) M 5 ( +1 ) M 1 ( 0 ) not nearly always always true true Nearly always true

THE GENERAL FAULT – TREE STRUCTURES OF NFBL ( 3 ) M 2 ( +1 ) OR OR P 5 ( +1 ) AND AND M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 )

THE GENERAL FAULT – TREE STRUCTURES OF NFBL ( 3 ) M 2 ( +1 ) OR OR P 5 ( +1 ) AND AND M 1( +1 ) P 5 ( 0 ) M 1 ( +1 ) P 5 ( +1 ) ( 4 ) M 2 ( +1 ) OR AND P 5 ( +1 ) M 1 ( +1 ) P 5 ( 0 )

A disturbance propagates through a control loop if 1.An external disturbance enters the system and the control loop is inactive; 2.The disturbance is caused by the control loop itself; or 3.The disturbance is extremely large in magnitude.

DISTURBANCES THROUGH A NEGATIVE FEEDBACK LOOP ++ _ + + VARIABLE DEVIATION Generally, ( +10 ) defined as that value of which causes to have at least a +1 deviation. ( NFBL cannot completely cancel disturbance.)

THE GENERAL FAULT – TREES STRUCTURES OF NFBL ( 5 ) M 2 ( +1 ) OR M 1 ( +10 ) AND P 5 ( +1 ) And P 5 (-1 ) M 1 (+1) P 5 ( 0) Very Nearly true ( 6 ) E OR AND Loop variable causes disturbance external loop variable disturbance fails to cancel enters loop disturbance OR component large disturbance failure enters loop (primary or secondary)

OUTPUT ( Value ) OR UNCONTROLLABLE INPUTS PASS THROUGH THE NFBL CONTROL LOOP CAUSES THE DEVIATION OREOR (1) INPUT (Value to give large or fast disturbance ) NOT ON NFBL (2) PRIMARY FAILURE (3) SECONDARY FAILURE CAUSING EVENT (4) SET POINT CHANGE LOCAL EDGE INPUT (Value CONDITIONS to give desired WHICH CAUSES output value) REVERSE GAIN ON NFBL ON NFBL CONTROLLABLE DIST RBANCES PASS THROUGH THE NFBL AND OR LOOP INACTIVE OR LOCAL EDGE CONDITIONS INPUT (value = 0) WHICH GIVES A ZERO ON THE NFBL GAIN ON THE NFBL INPUT (value for controllable disturbance into the NFBL) NOT ON NFBL

GENERAL STRUCTURE FOR OUTPUT VARIABLES ON A NFBL OUTPUT ( value = 0 ) OR LOCAL EDGE CONDITIONS INPUT ( value= 0 ) WHICH GIVE ZERO ON THE NFBL GAIN ON THE NFBL

[ EXAMPLE ] M 3 (+1) OR M 2 (+1) OR EOR M 1 (+10) Valve M 1(+1) OR Mech. Fails Open (+1) Valve P 5 (+1) Reversed Page 2 AND Valve Stuck P 5 (0) OR FRC FRC P 4 (0) On Manual Stuck OR Flow M 2 Sensor (inconsistent) Stuck FLOW CONTROL LOOP

P 5 (+1) OR EOR Set Pt. (+1) FRC Fails High FRC Reversed (+1) P 4 (-1) OR AND (no +1 disturbance) OR Flow Line Sensor 4 Fails Low Ruptures AND (no +1 disturbance) EOR Flow M 2 (-1) Sensor (inconsistent) Reversed