EFcalc - Event/Fault Tree Calculator |
|
|
|
|
|
Event tree/fault tree problems are fairly straightforward to calculate - the failure probabilities of the basic events are combined in either "and" or "or" gates to evaluate the probability of failure for the system gates, which are then combined to find the probability of occurrence for each sequence in each of the event trees. When a basic event is used in more than one location in the fault trees (like most real problems), this simple approach cannot be used. These common components destroy the independence of the gates above them, making the straightforward approach unusable. Most event tree/fault tree software packages use cut-set approaches to handle common components but the approximations commonly used with cut-set analysis do no perform well for systems that have high failure probabilities.
For small numbers of common components, say M, EFcalc evaluates 2^M event/fault tree problems with every combination of the common components in either a failed (p=1.0) or not-failed (p=0.0) state. These 2^M problems are then added together, weighted by the actual probability of those components being in those states. For example, if there were two power systems (A and B) used in multiple places in the fault trees, four separate problems are computed: A failed, B failed; A failed, B not-failed; A not-failed, B failed; A not-failed and B not-failed. The probability for each sequence in the event trees for each of the four cases are added together, weighted by: p(A)*p(B); p(A)*(1-p(B)); (1-p(A))*p(B); (1-p(A))*(1-p(B)). This is called the direct method.
Computing 2^M cases can get quite time-consuming as M increases, so for large numbers of common components, a Monte Carlo approach is used. For each Monte Carlo trial, the common components are sampled, based on their true failure probabilities, to be either failed or not-failed. These are then combined with the other basic events to calculate the fault trees and event tree sequences. The more trials that are made, the less uncertainty there will be in the final answers for the probabilities of each sequence. The user can control the number of trials and what type of stopping criteria to use, such as an absolute uncertainty or a relative uncertainty on the sequences or consequences of the problem. The user can also control when the direct method is used and when the Monte Carlo approach is used.
Results are given for each sequence in each event tree, each consequence for each event tree, the branch probabilities for each branch of the event trees and the failure probability for every gate in the fault trees. The direct method reports just the probabilities and the Monte Carlo method reports probabilities and uncertainties for each result.
Oak Ridge National Laboratory, 2004