# An improved minimal cut set algorithm.

Fault tree analysis: literature reviewFault tree analysis was conceived and developed by Watson[1] in 1961-1962 at the Bell laboratories as part of a collaborative research contract with the US Air Force. The technique was used to study the inadvertent launch in the Minuteman Inter-Continental Ballistic Missiles (ICBM).

Fault tree reports were subsequently published by the Boeing Company and AVCO in March 1963 and January 1964 respectively. In June 1965, the Boeing Company and the university of Washington organized a symposium on safety analysis and system safety in Seattle, where a large number of papers[2-4] were presented by Boeing employees including Haasl, Michels and Nagel. Since then, the concepts and techniques used in fault tree analysis[5] continued to be developed. FTA is regarded today as an established methodology for the safety and reliability study of large and complex systems.

A historical use of fault tree analysis was made by Professor Rasmussen when he carried out the well-known WASH 1400 study[6]. This was the first scientific attempt to provide quantitative risk analyses of nuclear power plants. In the WASH 1400 study, fault tree analysis was used to estimate the probability of each event in the accident path and that of the overall probability of various types of accidents.

Since 1961, a significant amount of time and effort has been spent constructing, using, evaluating and applying fault trees to compute the overall reliability of a wide spectrum of complex systems including electrical systems[7-9], chemical processing systems[10-13], nuclear reactor safety study[14-20], product safety[21-23] and decision making in systems analysis[24,25].

The fundamental concept in fault tree analysis is the translation of a physical system into a structured logic diagram (called a fault tree), in which specified causes lead to one, and only one, specific and undesired event (normally called the top event). Fault tree analysis can be conveniently divided into four main stages:

(1) system definition;

(2) fault tree construction;

(3) qualitative evaluation;

(4) quantitative evaluation.

A fault tree is and should be constructed by a group of experienced analysts who must be fully familiar with the system under consideration. In the case where the system is large and complex, the resulting fault tree generally contains a large number of repeated basic events. It is therefore necessary, before any quantitative analysis is carried out, to reduce the tree into its minimal form and thus determine the minimal cut sets. For very small and simple fault trees, the tree reduction procedure can be carried out manually. However, for even moderate or large-sized systems, suitable computer codes are required.

The qualitative evaluation of a fault tree includes:

* the determination of minimal cut sets;

* the analysis of minimal cut sets which are potentially susceptible to a single common cause or common mode of failure;

* the determination of qualitative importance measures of components depending on their contributions to system failure.

A minimal cut set (or prime implicant in non-coherent systems) is the smallest combination of component failures which causes the occurrence of the top event. Similarly, a minimal path set is defined as the smallest set of system components which must function successfully for the system to function successfully.

The determination of minimal cut sets is based on the structure of the tree and not on the probabilities of associated events. The determination of minimal cut sets is required because:

* they represent the minimal set of components whose failure results in system failure;

* they are used to select those minimal cut sets which significantly contribute to the occurrence of the top event (qualitatively using a smaller order, or quantitatively using higher probabilities). This pruning process is important as it may result in a significant computer time reduction during quantitative analyses;

* they are used to identify those minimal cut sets which are susceptible to one or more common causers of failure;

* they can be used to reproduce a pruned but equivalent version of the original tree, thus providing an additional error checking facility. Incidentally, none of the available computer codes provide this facility. For practical purposes, it is customary to carry out a visual check on the lower order minimal cut sets and compare them to the original fault tree.

In this paper, a new algorithm (FTABMT) for the determination of minimal cut sets of complex fault trees is presented. The algorithm developed is based on bit manipulation techniques. It is validated by direct application to a complex fault tree taken from the literature. The results obtained are compared with those available in the literature. It is shown that the use of the algorithm developed results in significant savings in both computer time and storage requirements.

Review of minimal cut set algorithms

There are three main approaches to generating the minimal cut sets of a given fault tree. These include Monte Carlo simulation, deterministic and object oriented programming approaches.

Determination of minimal cut sets using Monte Carlo simulation

In this approach, events are randomly sampled to check whether or not that particular combination of events results in the occurrence of the top event. If so, the combination represents a cut set. The minimal cut sets are determined from the cut sets thus generated.

A code using this approach is PREP FATE[26]. The program starts by assigning a time to failure to each component within the fault tree. Components are assumed to have constant failure and repair rates. The real time clock is set to zero and components are allowed to fail and to be repaired until the top event is reached. This process produces cut sets which are then reduced to provide the list of minimal cut sets.

While the simulation approach can be considerably faster than deterministic approaches, it has the following limitations:

* It is less accurate and may result in the non-occurrence of important minimal cut sets (smaller order or higher probabilities).

* A doubt always exists whether or not all the minimal cut sets have been found.

* In practice, it requires excessive computer time to obtain minimal cut sets with order four or more.

Determination of minimal cut sets using deterministic methods

Deterministic methods are based on the direct expansion or reduction of the expression (using Boolean algebra) for the top event in terms of the constituent basic events.

One of the first computer codes using deterministic methods is the PREP-COMBS program developed by Vesely and Narum[26]. Fussell and Vesely[27] developed a deterministic algorithm which is based on the fact that AND gates always increase the order of the cut set and OR gates always increase the number of cut sets. Fussell et al.[28] used this algorithm to develop the well known MOCUS code. This uses a top down algorithm and accepts AND and OR gates only.

Pande et al.[29] developed the code MICSUP, which is very similar to MOCUS except it uses a bottom-up algorithm. In other words, it begins with the lowest level gates having basic events only as inputs, it finds the minimal cut sets to these gates and then substitutes these into other parent gates. This procedure is repeated until the top event minimal cut sets are found.

Semanders[30] wrote the computer code ELRAFT. This is based on two main aspects: first, the representation of basic events using prime numbers and, second, the unique factorization feature of prime numbers.

Wheeler et al.[31] developed an algorithm based on bit manipulation techniques and showed the effectiveness of such techniques in the efficient use of computer storage media.

All the above methods for finding minimal cut sets are only valid when coherent fault trees are used, i.e. fault trees which only contain AND and OR gates.

The set equation transformation system (SETS) computer code[32], however, is capable of finding the prime implicants existing in a non-coherent fault tree. The prime implicants are like cut sets, except they may contain complemented basic events. SETS represents a powerful and flexible tool for manipulating Boolean equations. SETS requires the analyst to use a specially defined user program to run the code. The user program can be used to instruct the code to carry out the separate processing of independent sub-trees (which must be identified by the analyst), the processing of the tree in stages, or a composite of both facilities.

Similarly, Kumamoto and Henley[33] developed a top down algorithm for obtaining prime implicants of non-coherent fault trees.

Improvements to the above methods can be obtained using suitable fault tree modular decompositions[34,35]. Recent developments in this area are given in[36-38].

Minimal cut set algorithms: discussions

The difficulties encountered when conducting a qualitative fault tree analysis are summarized below:

(1) The computer time required to find some or all the minimal cut sets can be significantly high even when the software is implemented on fast processor PCs or mainframes. This is because the number of cut sets increases exponentially with the number of gates.

(2) As the number of minimal cut sets increases, the computer storage required increases. This can pose a real problem as the data are stored in memory for improved speed and efficiency.

(3) It is very difficult to predict the computer run-time, as this does not depend solely on the number of events and gates.

(4) A large number of available codes can only be run on mainframe computers and are very expensive to buy. Some of these, such as the SETS code, have been re-written and implemented on personal computers. This has resulted in slower processing speeds and required additional storage capacities.

There are three ways to overcome the above-mentioned difficulties:

(1) Ignore cut sets with an order higher than a pre-specified value. This has proved to be the most popular and effective method for trees having dominant low order cut sets (i.e. with many OR gates and very few AND gates). For instance, in the WASH-1400 study, cut sets with order 1 or 2 only were considered for the quantitative analysis. Higher order cut sets were used to identify common cause candidates.

(2) Ignore cut sets with a probability lower than a pre-specified value. The difficulty here is the inconvenience of providing component probabilities at the beginning of the analysis.

(3) Use one or more advanced techniques, including the use of auxiliary storage media provision (SETS), bit manipulation techniques (FAULTRAN), pattern recognition techniques (PATREC), fault tree modularization techniques (SETS) and object-oriented programming techniques.

However, the use of the first two ways results in two further complications. First, the total probability of the top event cannot be determined accurately. Second, common cause candidates may be missed when higher order cut sets are ignored.

Since its inception in 1961, several fault tree analysis computer codes have been developed and include (in chronological order) PREP[26], PREP & KITT[26], ELRAFT[30], MOCUS[28], TREEL and MICSUP[39], BAM[40], ALLCUTS[41], PL-MODE[42], FAULTRAN[43], WAMCUT[44], FTAP[45], FATRAM[46], SETS[47], ICARUS[48], WAMCUT[49], SIFTA[50], SEP[51], AFTP[52] and CAFTA[53].

The above list of codes is by no means complete. It does, however, include most of the well known codes used in a number of industries and countries.

Most of the above codes still have many limitations. Some of these are given below:

* They are old and do not efficiently use the intrinsic power of the facilities available in modern computers.

* They require a significant (if not unacceptable) amount of time to reduce the tree.

* They may require a large amount of space to store all the final and intermediate calculations during the tree reduction process.

* Some of them can only find minimal cut sets up to a pre-specified order. This may be adequate in cases where the components under consideration are independent and the probability of a common cause of failure is very small. In the case where this is not true, the determination of higher order minimal cut sets is very important.

* Very few of them combine the recognized strengths of other available methodologies.

* Not all of them provide a combined facility for identifying the largest independent sub-trees and for determining minimal cut sets.

Bit manipulation techniques

The growth of intermediate logical information during the fault tree reduction process is exponential. There is a need for a practical method for;

* significantly reducing the space for storing this logical information;

* significantly reducing the time required for identifying minimal cut sets;

* automatically and efficiently manipulating the information in an algebraic manner.

Bit manipulation techniques serve just that need. In addition, most Boolean algebra rules can be readily implemented. The inclusion of rules that deal with complemented events (such as De Morgan's rule) is intentionally not discussed in this paper.

The information relating to each primary event or intermediate gate is compactly and conveniently stored in binary form. Consider the simple fault tree which top event is given by:

Top = A + AB

It is obvious that, in this case, there is only one minimal cut set and it is {A} (i.e. B is redundant).

Primary event A is coded by the integer number 1 (in decimal) or 01 (in binary, i.e. 1 x [2.sup.0] + O x [2.sup.1]). Similarly, primary event B is coded by the number 2 (in decimal) or 10 (in binary). Note the positions of the bit "1" in the codes for A and B. If there was another primary event C, it will be coded as 4 (decimal) and 100 (in binary).

The immediate advantage of using such coding is the fact that other intermediate events containing more that one primary event can be easily coded. For instance, event AB (meaning A and B) is coded as 3 (decimal) or 11 (binary), i.e. a bit "1" in the first two positions. Similarly, intermediate event AC can be coded as 5 (decimal) or 101 (binary). Note that in this case, the positions of the bit "1" are in the first and third places, starting from right to left.

The inherent benefit of using such coding is that, in the case of integers being used as codes, 15 primary event states can be stored in one number only. For instance, the largest intermediate event that can be stored is ABCDEFGHIJKLMOP and is coded as:

32767 = [2.sup.0]+[2.sup.1]+[2.sup.2]+[2.sup.3]+[2.sup.4]+[2.sup.5]+[2.su p.6]+[2.sup.7]+[2.sup.8]+[2.sup.9]+[2.sup.10]+[2.sup.11] +[2.sup.12]+[2.sup.13]+[2.sup.14].

This is also equal to [2.sup.15] -1 or 111111111111111 (binary).

Note that when integers are used for storing codes, the maximum number of primary events is 15 and not 16. This is due to the fact that integers require two bytes for storage and, therefore, the biggest integer is [+ or -]32768 (which is [2.sup.15]). Long integers and single precision numbers require four bytes and can therefore handle up to 30 primary events at a time. Double precision numbers can handle double that figure. There are, however, penalties using double, or even single, precision numbers for the coding and subsequent manipulation processes. The savings in terms of computer time and space are in the ratio of bits per word depending on the computer used and on the variables used to store the codes.

ANDing two events (intermediate or primary) can be achieved easily by performing a bitwise OR on the bits describing each primary event contained in each of the two events. This operation can be explained by the following example:

[Mathematical Expression Omitted]

[Mathematical Expression Omitted]

ORing two events (intermediate or primary) can also be achieved easily by performing a bitwise AND on the bits describing each primary event contained in each of the two events. The Boolean reduction is carried out automatically as shown in the following examples:

[Mathematical Expression Omitted]

[Mathematical Expression Omitted]

[Mathematical Expression Omitted]

Computer code FTABMT

The bit manipulation techniques described above and others have been incorporated in a computer code called FTABMT. The code is written in Turbo BASIC and has been implemented on an IBM Personal Computer.

The operation of the code developed is best described by application to a practical example. The example chosen is the one used to describe SETS and can be found in[47,54]. The fault tree data input is given in Figure 1.

The selected example fault tree contains a number of complex features:

* It contains 43 gates of which 19 are AND gates. The rest are all OR gates.

* It contains repeated events (such as E4 which is repeated four times, E7 repeated three times, E9 repeated twice and E14 repeated three times).

* It contains repeated sub-trees (such as Gate 8, Gate 10 and Gate 32 which are repeated twice, and Gate 14 which is repeated three times).

* It contains repeated sub-trees, which themselves contain other sub-trees (such as Gate 8 containing Gate 14, Gate 10 containing Gate 14 and Gate 32 and, Gate 14 containing Gate 32).

In other words, this is a tree which requires a significantly long processing time. The code developed uses a number of steps to identify the minimal cut sets. These steps are described in the following sections.

Reading and checking data input

The code starts by reading and checking a specially designed data, an input file. The data input format used has been adapted from the ISOGRAPH code[55]. FTABMT proceeds to check the fault tree for consistency and structure including both intermediate gates and primary events. Note that the data input is given in any order. Gate 1, which represents the top event, is given in line six of Figure 1.

Coding primary and non-primary events

The coding of primary events is carried out using the procedure explained earlier. However, since the total number of primary events is 34 (which is bigger than 15), a triple array is used to store the codes. The coding process is given in Figure 2. Note that because primary event E2 is found first, it is given the code 1. Also note that the program starts by filling [Code.sub.2](1) first with "1" bits up to position 15. At this stage, the "filling" of [Code.sub.2](2) is initiated and so on. Table I also gives the primary event codes in base 10.

It may be useful to notice that the third dimension of the coding array used only stores information relating to four primary events. It will be shown later that these spare bits can be used to code independent sub-trees.

The coding of intermediate gates or non-primary events represents the simple process of coding the events as they appear on the data input file (without using bit manipulation techniques). The non-primary and primary coding (decimal) is then stored in a special file containing only integer numbers. This file is called the code file and is shown in Figure 2.

Finding the largest independent sub-trees automatically

This is where the code differs from a number of other fault tree codes, in that it uses the power of bit manipulation techniques to the full, and extends its use to identify the largest independent sub-trees. It starts by finding the order in which the tree should be visited. This represents a fairly simple top-down process. The information relating to the order is stored in a single array. A zero is conveniently placed in the array at different positions to mark the move from one level to another. The contents of the single array are shown in Figure 3. For instance, note that Gate 2 and Gate 3 are at the first level and, Gate 4, Gate 5 and Gate6 are at the second level.

Also note that, at this stage, some gates (Gate 15, Gate 16, Gate 17, Gate 23 and Gate 41) are not stored anywhere within the array. The reason for this will be explained later.

[TABULAR DATA FOR TABLE I OMITTED]

FTABMT uses another temporary triple array to store all the children primary events of every intermediate gate. This is conveniently obtained using a bottom-up approach based on the reverse order provided by the previous single array. Since the triple array uses bit manipulation techniques, finding all children of any gate is a simple process. It is achieved by continuously ORing the individual codes of the primary events of the lowest level gates and working upwards to the next level, and so on until the top event is reached.

This triple array is shown in Table II. Note that the binary code of Gate 1 (top event shown in line six) contains "1" bits in all its binary codes. This is obvious as the top event should have as children all the primary events of the fault tree.

The next step is to check the independence of gates using, this time, a topdown approach. This is facilitated first because the single array of Figure 3 can be used to direct the visiting order of the tree. Second, the checking itself of say, Gate X and Gate Y, is easily achieved using a simple ANDing operation on each of the three binary codes of Gate X and Gate Y. If the result is zero in the three cases, Gate X and Gate Y are then independent. The checking process need only be carried out with gates belonging to the same level; which means that the whole operation is very fast.

Having said that, there could be an added problem where the gate under consideration may have primary events as its inputs. The independence of the gates belonging at the next levels need to be checked as well.

This process results in the identification of four independent sub-trees, namely Gate 13, Gate 22, Gate 31 and Gate 39. The code processes these trees first and re-codes them as primary events.

The spare "0" bits in the third primary event code array can now be used for coding the independent sub-trees as primary events. Significant savings in CPU time are obtained as a result of this last operation.

Gates 15, 16, 17, 23 and 41 do not appear in Figure 3 because they are inputs to the four independent sub-trees identified and are processed first.

Processing majority voting gates

The handling of AND and OR gates is carried out as explained in the previous sections. The handling of majority voting gates also uses smart bit manipulation techniques. Consider a 2003 majority voting gate with three input events A, B and C (non-primary or primary). Somehow, the fault tree program needs to code the required combinations, i.e.:

(A AND B) OR (BAND C) OR (A AND C)

[TABULAR DATA FOR TABLE II OMITTED]

Table III. Obtaining all possible combination for a 2003 majority voting gate

Sequence of numbers up to [2.sup.3]-1 Number Event Number Possible (base 10) in base 2 name of "1"s combination

1 001 A 1 2 010 B 1 3 011 AB 2 Yes 4 100 C 1 5 101 AC 2 Yes 6 110 BC 2 Yes 7 111 ABC 3 Table IV. Cut sets analysis results

Number of cut sets Order of cut set

1 2 4 3 14 4 37 5 178 6 770 7 3,259 8 13,116 9 43,783 10 123,616 11 292,351 12 566,881 13 903,974 14 1,153,698 15 1,137,196 16 854,968 17 466,284 18 170,776 19 35,264 20 2,880 21

Total 5,769,050

To arrive at this, the following steps are taken:

(1) The total number of combinations is [27.sup.3]-1.

(2) Write down the sequence of integer numbers up [2.sup.3]-1 in binary format. So, in this case, the codes are shown in Table III.

(3) Find the required combination by counting the number of "1" bits. This can be easily achieved by using the well known masking techniques.

If the majority voting gate considered is 3004, the total number of combinations would be [2.sup.4]-1.

Table V. Minimal cut sets analysis results

Number of minimal cut sets Order of minimal cut set

1 2 2 3 11 4 11 5 38 6 146 7 290 8 312 9 183 10 53 11 6 12

Total 1,053

Listing of minimal cut sets

Tables IV and V give the total number of cut sets and minimal cut sets generated respectively. A list of minimal cut sets is kept in binary format for further analysis. This list can be stored in a file or printed on a line printer based on an increasing order. Selected minimal cut sets with pre-specified orders can also be stored or printed.

Comparison with other codes

Although the code is written in Turbo BASIC (i.e. not in lower level and, therefore, much faster languages such as FORTRAN, PL/I and LISP), it is remarkably faster than most available codes. The direct comparison of the processing speed of the code with other codes is difficult to carry out. First, because most of the codes are only available commercially. Second, because the [TABULAR DATA FOR TABLE VI OMITTED] type of the computation performed, the output provided and other factors make the comparison difficult.

Nevertheless, an attempt has been made to carry out the comparison with another well known fault tree code (SETS). The complex fault tree given in the previous section has been tested with the two codes. Resulting minimal cut sets obtained by the two codes were exactly the same. However, significant differences in computer processing time exist. These differences are given in Table VI.

The four different methods adopted in SETS have been included in order to have a fair comparison. With exception of the first method, all the other three require actual programming in a special "user defined program" available in SETS. The second method used in SETS requires the manual identification of the largest independent sub-trees. SETS stops the substitution process at these events. The code proceeds to reduce each independent sub-tree separately, and then replaces it in the equation of the top event. The third method used in SETS causes the substitution process to stop at some selected intermediate events. For instance, the stop is made at Gates 8, 10, 14 and 42 in the complex example chosen. Guidelines for finding suitable stop points are given in the SETS manual. These stop points still have to be identified by the analyst. The fourth method used in SETS combines the benefits of using the above two methods to reduce processing time even further. The fifth method is available only on the latest versions of SETS and requires 37 lines of user program code.

[TABULAR DATA FOR TABLE VII OMITTED]

The main problem with the last three SETS methods is that only analysts with significant experience and flair in both computing and fault tree analysis can use the code properly. It was the limitations of the four methods which prompted the author to develop a facility, within FTABMT, that automatically solves this problem.

The performance of FTABMT has also been compared with that of FAULTRAN. This code was implemented on a Honeywell 635 mainframe computer. The comparison has been made first because the code uses bit manipulation techniques and second, because published processing times are available in the literature[31]. The comparison is given in Table VII.

Here again, FTABMT provides a far more efficient algorithm for determining minimal cut sets.

Conclusions

It has been shown that the efficient use of bit manipulation techniques for the automatic identification of the largest independent sub-trees and the subsequent determination of all minimal cut sets of a large and complex fault tree results in a significant saving of computer time and storage requirements.

Because all the intermediate information is stored in a most compact and efficient way, complete gate information (i.e. minimal cut sets) is available at all levels of the fault tree under consideration. There is no inherent limit to fault tree size in the code developed. The limits are determined by the available memory of the host computer used. Also, the code can find minimal cut sets of any pre-specified gate. If this is the top gate, FTABMT identifies minimal cut sets of all intermediate gates.

References

1. Watson, H.A., Launch Control Safety Study, Section VII, Vol. 1, Bell Telephone Laboratories, Murray Hill, NJ, 1961.

2. Nagel, P.M., "A. Monte Carlo method to compute fault tree probabilities", System Safety Symposium, Seattle, 8-9 June 1965.

3. Michels, J.M., "Computer evaluation of safety fault tree model", System Safety Symposium, Seattle, 8-9 June 1965.

4. Haasl, D.F., "Advanced concepts in fault tree analysis", System Safety Symposium, Seattle, 8-9 June 1965.

5. Wei, B.C., "A unified approach to failure mode, effects and criticality analysis (FMECA)", Proceedings Annual Reliability and Maintainability Symposium, 1991, pp. 260-71.

6. Reactor Safety Study: "An assessment of accident risks in US commercial nuclear power plants", WASH-1400 (NUREG-75/014), USNRC, Washington, DC, 1975; Reactor Safety Study: Appendix I & II (Volume 1 & 2) fault methodology, WASH-1400, USAEC, 1975.

7. Caldarola, L., "Coherent systems with multi-state components", Nuclear Engineering and Design, Vol. 58, 1980, pp. 127-39.

8. Camarda, P., Corsi, F. and Trentadue, A., "An efficient simple algorithm for fault tree automatic synthesis from the reliability graph", IEEE Transaction on Reliability, Vol. R-27, August 1978, pp. 215-21.

9. Fussell, J.B., "Computer aided fault tree construction for electrical systems", Reliability and Fault Tree Analysis, SIAM, 1975, pp. 37-56.

10. Lapp, S.A. and Powers, G.J., "The synthesis of fault trees", in Fussell, J.B. and Burdick, G.R. (Eds), Nuclear Systems Reliability and Risk Assessment, SIAM, 1977, pp. 778-99.

11. Lapp, S.A. and Powers, G.J., "Update of Lapp-Powers fault tree synthesis algorithm", IEEE Transaction Reliability, Vol. R-28, April 1979, pp. 12-14.

12. Powers, G.J. and Tompkins, F.C., "Fault tree synthesis for chemical process", AJCHE Journal, Vol. 20, March 1974, pp. 376-87.

13. Powers, G.J., Tompkins, F.C. and Lapp, S.A., "A safety simulation language for chemical processes: a procedure for fault tree synthesis", Reliability and Fault Tree Analysis, SIAM, 1975, pp. 57-75.

14. Caldarola, L. and Wickenhauser, A., "Recent advancements in fault tree methodology at Karlsruhe", in Fussell, J.B. and Burdick, G.R. (Eds), Nuclear Systems Reliability Engineering and Risk Assessment, SIAM, 1977, pp. 518-521.

15. Caldarola, L. and Wickenhauser, A., "The Karlsruhe computer program for the evaluation of the availability and reliability of complex systems", Nuclear Engineering and Design, Vol. 43, 1977, pp. 463-70.

16. Cummings, G.E., "Application of the fault tree technique to a nuclear reactor containment system", in Barlow, R.E., Fussell, J.B. and Bingpurwalla, N.D. (Eds), Reliability and Fault Tree Analyses, SIAM, 1975, pp. 805-25.

17. Fussell, J.B. and Lambert, H.E., "Quantitative evaluation of nuclear system reliability and safety characteristics", IEEE Transaction on Reliability, Vol. R-25, August 1976, pp. 178-83.

18. Griffin, C.W., "The fault tree as a safety optimisation design tool", paper presented at the Topical Meeting on Water Reactor Safety, March 1973.

19. Lapp, S.A. and Powers, G.J., "Computer aided synthesis of fault trees", IEEE Transaction on Reliability, April 1977, p. 213.

20. Vesely, W.E., "Time dependent unavailability analysis of nuclear safety system", IEEE Transaction Reliability, Vol R 26, October 1977, pp. 257-60.

21. Crosetti, P.A. and Bruce, R.A., "Commercial application of fault tree analysis", Proceedings of the Reliability and Maintainability Conference, 1970, pp. 230-44.

22. Eisner, R.L., "Fault tree analysis to anticipate potential failure", paper presented at the Design Engineering Conference, ASME, 8-11 May 1972.

23. Hammer, W., "Fault tree analysis", Product Safety Management and Engineering, Prentice-Hall, Englewood Cliffs, NJ, 1975, pp. 204-28.

24. Lambert, H.E., System Safety Analysis and Fault Tree Analysis, UCID-16238, Lawrence Livermore Laboratory, Livermore, CA, 1973.

25. Lambert, H.E., Fault Trees for Decision Making in System Analysis, Lawrence Livermore Laboratory, University of California, Livermore, CA, UCRL-51829, October 1975.

26. Vesely, W.E. and Narum, R.E., PREP and KITT Computer Code for the Automatic Evaluation of a Fault Tree, Idaho Nuclear Corporation, IO, IN-1349, 1970.

27. Fussell, J.B. and Vesely, W.E., "A new methodology for obtaining cut sets for fault trees", Transactions of the American Nuclear Society, Vol. 15, 1972, p. 262.

28. Fussell, J.B., Henry, E.B. and Marshall, N.H., MOCUS a Computer Program to Obtain Minimal Sets from Fault Trees, ANCR 1156 Aerojet Nuclear Company, Idaho Falls, IO, March 1974.

29. Pande, P.K., Spector, M.E. and Chatterjee, P., Computerised Fault Tree Analysis, TREEL and MICSUP, ORC 75-3, Operation Research Centre, University of California, Berkeley, CA, April 1975.

30. Semanders, S.N., "ELRAFT, a computer program for the efficient logic reduction analysis of fault trees", IEEE Transaction Nuclear Science, Vol. NS-18, February 1971, pp. 481-7.

31. Wheeler, D.B. et al., "Fault tree analysis using bit manipulation", IEEE Transaction on Reliability, Vol. R-26, June 1977, pp. 95-9.

32. Worrell, R.B., Set Equation Transformation System (SETS), SLA 73-028A Sandia Laboratories, Albuquerque, NM, May 1974.

33. Kumamoto, H. and Henley, E.J., "Top-down algorithm for obtaining prime implicant sets of non-coherent fault trees", IEEE Transaction on Reliability, Vol R-27, October 1978, pp. 242-9.

34. Barlow, R.E., and Proschan, F., Statistical Theory of Reliability and Life Testing, Holt, Rinehart and Winston, San Diego, CA, 1975.

35. Chatterjee, P., "Modularisation of fault trees: a method to reduce the cost of analysis", Reliability and Fault Tree Analysis, SIAM, 1975, pp. 101-26.

36. Vatn, J., "Finding minimal cut sets in a fault tree", Reliability Engineering and System Safety, 1992, Vol. 36 No. 1, pp. 59-62.

37. Kohda, T, Henley, E.J. and Inoue, K., "Finding modules in fault trees". IEEE Transaction on Reliability, Vol. 38 No. 2, pp. 165-76.

38. Camarinopoulos, L. and Yllera, J., "Advanced concepts in fault tree modularisation", Nuclear Engineering and Design, 1986, Vol. 91 No. 1, pp. 79-91.

39. Pande, P.K., Spector, M.E. and Chatterjee, P., Computerised Fault Tree Analysis, TREEL and MICSUP, ORC 75-3, Operation Research Centre, University of California, Berkeley, CA, April 1975.

40. Rumble, E.T., Leverenz, F.L. Jr and Erdmann, R.C., Generalised Tree Analysis for Reactor Safety, EPRI 217-2-2, Electric Research Institute, Palo Alto, CA, June 1975.

41. Van Slyke, W. and Gruffing, D., "ALLCUTS: a fast comprehensive fault tree code", Atlantic Richfield Hanford Co., Report ARH (Draft), Richland, WA, July 1975.

42. Olmos, J. and Wolf, L., A Modular Approach to Fault Tree and Reliability Analysis, Report No. MITNE-209 (Also NUREG/CR-0670) Department of Nuclear Engineering, MIT, Cambridge, MA, August 1977.

43. Wheeler, D.B., Hsuan, J.S., Duersh, R.R. and Roe, G.M., "Fault tree analysis using bit manipulation techniques", IEEE Transaction on Reliability, Vol. R-26 No. 2, 1977.

44. Erdmann, R.C., Leverenz, F.L. and Kirch, H., "WAMCUT, a computer code for fault tree evaluation", EPRI NP-803, Science Applications, Inc., June 1978.

45. Willie, R.R., "Computer Aided Fault Tree Analysis", ORC 78-14, Operations Research Centre, University of California, Berkeley, CA, August 1978.

46. Rasmuson, D.M. and Marshall, N.H., "FATRAM - a core efficient cut set algorithm", IEEE Transaction on Reliability, Vol. R-27 No. 4, October 1978, pp. 250-3.

47. Worrell, R.B. and Stack, D.W., A SETS User's Manual for the Fault Tree Analyst, NUREG/CR-0465, SAND 77-2051, US Nuclear Regulatory Commission, Washington DC, November 1978.

48. Vaurio, J.K. and Sciandone, D., Unavailability Modelling and Analysis of Redundant Safety Systems, ANL-79-87, Argonne National Laboratory, Argonne, IL, 1979.

49. Leverenz, F.L. and Jirch, H.R., WAMCUT: A Computer Code for Fault Tree Evaluation, NP803, Electric Power Research Institute, Palo Alto, CA, 1978.

50. Waddington, J.G. and Wild, A., The Fault Tree as a Tool in Safety Analysis in Nuclear Power Plants, INFO-0036, Atomic Energy Control Board, Ottawa, Canada, 1981.

51. Oldman, M.D., Quantitative Fault Tree Analysis Using the Set Evaluation Program (SEP), NUREG/CR-1935, Sandia Laboratories, 1982.

52. Pullen, R.A., "AFTP-fault tree analysis program", IEEE Transaction on Reliability, Vol. R-33 No. 2, June 1984, p.171.

53. Koren, J.M., Gaertner, J.P. and Wall, I.B., "CAFTA: a fault tree analysis tool designed for PSA", Probabilistic Safety Assessment and Risk Management, PSA '87, Vol. 1, Verlag TUV Rheinland, 1987, pp. 588-92.

54. Worrell, R.B., SETS Reference Manual, NUREG/CR-4213. Sandia Laboratories, Washington, DC, 1985.

55. Pullen, R., Code Isograph for Fault Tree Analysis, Isograph Ltd, Manchester, 1992.

Printer friendly Cite/link Email Feedback | |

Author: | Kara-Zaitri, Chakib |
---|---|

Publication: | International Journal of Quality & Reliability Management |

Date: | Feb 1, 1996 |

Words: | 6088 |

Previous Article: | The PCB industry in Hong Kong and China. |

Next Article: | Modelling quality-cost dynamics. |

Topics: |