International Journal of Advanced Computer Science, Vol. 1, No. 2, Pp. 84-86, Aug. 2011.

A Simple Case Study of FTA in Engineering

Yongzhong TANG & Pingzhang GOU
Manuscript
Received:
1, Jul., 2011

Revised: 7, Aug., 2011 Accepted:

5, Sep., 2011

Published:
15, Sep., 2011

Keywords
Fault Tree Analysis; Nuclear Power Plant; Safety

AbstractFault Tree Analysis (FTA) is a failure analyzing method utilizing Boolean logic and low-level events to analyze undesired states of a system. It has been widely applied in safety-critical areas such as aerospace industry. It is suitable for analyzing a complicated system from predefined subsystems. This paper makes use of FTA for the safety of nuclear power plant, especially focusing on some critical subsystems.

Air Force contract to study the Minuteman Launch Control System [1]. Then it was applied to the entire Minuteman Missile System for the prediction of random failure probability of missile launch by a team led by Dave Haasl from Boeing Company. After that, Boeing took FTA during the design of commercial aircraft. In 1965, the first System Safety Conference sponsored by Boeing and the University of Washington started the worldwide interest in FTA [1].

2. Why FTA
For any so-called system, it is impossible to be perfect, and there eventually will be a failure somewhere. Especially, for safety-critical system, the failure could result in significant property or environment damage, and even loss of life. Therefore, it is extraordinarily necessary to deal with the system failure to keep system reliability. But meanwhile, the probability for a complete or partial success is greater than the probability of a complete failure or partial failure, so assembling a success tree can turn out to be very time consuming. And for a complete system, the complexity makes assembling a FTA a costly and cumbersome experience, so it is reasonable to divide subsystems and start analysis from them. In this way, dealing with systems in smaller scale can reduce error work probability and system analysis. Thereafter, the whole well analyzed system can be integrated by these subsystems.

1. Introduction
Fault Tree Analysis (FTA) is one of the most important logic and probabilistic techniques used for reliability and safety analysis, and risk evaluation in large scale, complicated systems. It utilizes deductive and top-down method to analyze system design and performance, and reliability theory, Boolean algebra and probability theory to combine a series of lower-level events. As a tool for analyzing, visually displaying and evaluating failure paths in a system, FTA provides a mechanism for effective risk evaluations in system level [1]. It is applied in Probabilistic Risk Assessment (PRA), system reliability assessment and safety engineering to quantitatively determine the probability of a safety hazard. This tool has been widely familiarized by many people and corporations and used on a regular basis for safety and reliability evaluations [2]. In some fields it is required for product certification. Fundamentally, FTA describes the failure behavior of a physical system in the way of a visual diagram and logic model. Even though for very complicated issues (e.g. complex systems, and complex relationships between hardware, software and humans), FTA can analyze them with a very simple set of rules and symbols [3]. FTA was conceived at the beginning of 1960s by H. A. Watson of Bell Laboratories in connection with the U. S.
Yongzhong TANG are with Hexi University, Information Technology Services Center (tangyz@hxu.edu.cn). Pingzhang GOU are with Northwest Teachers University, College of Mathematics and Information Science(goupz@nwnu.edu.cn).

3. Nuclear Power Plant

As common sense, nuclear power plant has significant effects on environment and health, and potential probability for serious disasters. Therefore, any nuclear power plant has to be kept in a reliably running state to avoid any kinds of faults. Nuclear power plant is also a fairly complicated system, so it is wise enough to divide it into several subsystems for easier and more convenient maintenance. The fundamental safety-critical issues of nuclear power plant are to prevent nuclear and radiation accidents, or to limit their consequences. Those transactions include nuclear material transportation, storage and utility, products created with radioactive materials, watch faces, and smoke detectors etc. Following the lead of aerospace industry, the nuclear power industry also benefited from FTA for the design and development of nuclear power plants [1]. The goal of applying FTA is to guarantee the reliability and safety of the whole environment in nuclear power plant. The nuclear power industry has contributed a lot to the

TANG et al.: A Simple Case Study of FTA in Engineering

85

development of FTA with advanced fault tree theory, software codes and new evaluation algorithms [4][5]. Figure 1 demonstrates a typical nuclear power plant with defense-in-depth. Currently the defenses vary depending on the type of plant, the owner of the plant, the purpose of usage and the generation the plant is from, etc.

power plant. For this subsystem, the fault tree can be retrieved as Figure 3. B. Inflammable Gas Control Inflammable gas control, which controls the quantity of hydrogen in pressure tank, is another important subsystem of nuclear power plant. In the high temperature environment of pressure tank, the quantity of hydrogen must be kept in a safe level to prevent burning or even exploding. The fault tree for inflammable gas control is built as Figure 4. The events stand for the following: E1: Reactor core decay produces superfluous hydrogen E2: Reaction between melt reactor core and concrete produces superfluous hydrogen E3: Hydrogen is not discharged out of pressure tank in time A1: Zr is in a large quantity B1: Reactor core is heated at a high speed C1: Operator takes improper actions for heating A2: Water exists in concrete B2: Fragments of reactor are not cooled down in time C2: A great deal of metal is contained in concrete A3: Sensors for detecting hydrogen volume in pressure tank fail B3: Pumps for discharging hydrogen fail C3: Valves for discharging hydrogen fail

Fig. 1 A typical 5-layer nuclear power plants [6][7]

From the layered model above, combined with functions of each parts of a nuclear power plant, there are some safety functions extracted (Table ), which can be treated as the functions of subsystems of the nuclear power plant.
TABLE 1 SAFETY FUNCTIONS OF NUCLEAR POWER PLANT Safety function Reaction control Cooling system control Heat discharge Pressure tank isolation Pressure and temperature control Inflammable gas control Goals Stop the reactor Keep the reactor running in normal state Transfer heat from core to cooling system Shut the pressure tank in case of radiation leakage Avoid breaking pressure tank and other equipment Discharge and reallocate Hydrogen in case of explosion

TABLE 2 PRIMARY BUILDING BLOCKS OF FTA [8] Fault Tree Symbols Basic Event stands for the appropriate limit of resolution. Conditioning Event is the condition or restriction for logic gate.it is prior to the inhibit and And-Gate. Intermediate Event is a fault event triggered by antecedent cause through logic gates.

4. A Simple Case Study

To compose a fault tree visually, a number of symbols (Table II) have been utilized for building blocks of a fault tree [8]. Based on the safety functions in Table I, to demonstrate the utility of FTA in nuclear power plant, some subsystems are taken for case study. And fault trees for these subsystems will be built of the specific symbols in Table II. A. Heat Discharge Heat discharge is useful to keep the temperature at an acceptable level to prevent faults led by overheating. The architecture of heat discharge subsystem can be designed as Figure II. The assumed inexhaustible produced heat will be pumped through a valve to the cooling system of the nuclear
International Journal Publishers Group (IJPG)

Undeveloped Event is not further developed because of insufficient consequence or information unavailable. Or-Gate shows the output event happens only if one or morel of the input happens.

And-Gate shows the output event happens only if all of the input happens.

86

International Journal of Advanced Computer Science, Vol. 1, No. 2, Pp. 84-86, Aug. 2011.

5. Conclusion
Fig. 2 Heat discharge

FTA can provide a methodology for the development and quantification of the potential faults for a complicated and safety-critical system like nuclear power plant. To achieve the complete fault tree of such a complicated system, it is a feasible method to integrate fault trees of each subsystems, which are pre-divided before the analysis.

References
[1] [2]

[3] [4]

Fig. 3 FTA for heat discharge

[5]

[6]

[7]

[8]

C. A. Ericson II, Fault Tree Analysis - A History, (1999) Proc. the 17th International System Safety Conference. C. V. Ramamoorthy, Y. W. Han & G. S. Ho, Fault Tree Analysis of Computer Systems, (1977) Proc. the National Computer Conference. M. Stamatelatos et al., Fault Tree Handbook with Aerospace Applications, (2002) NASA, August. J. C. Knight, Safety Critical Systems: Challenges and Directions, (2002) Proc. the 24th International Conference on Software Engineering (ICSE 2002). J. S. Feinstein, The Safety Regulation of U.S. Nuclear Power Plants: Violations, Inspections, and Abnormal Occurrences, (1989) the Journal of Political Economy, vol. 97, no. 1, pp. 115-154. ONCOR, Nuclear Energy, http://www.oncor.com/community/knowledgecollege/energy_li brary/elec_nuc.aspx, accessed on August 9, 2010 J. M. Hendrie, Nuclear Power Plants: Structure and Function, (1983) Symposium on the Health Aspects of Nuclear Power Plant Incidents. W. E. Vesely et al., Fault Tree Handbook, U. S. Nuclear Regulatory Commission (NUREG-0492), January 1981

Fig. 4 FTA for inflammable gas control

International Journal Publishers Group (IJPG)