| Fault Tree Construction: Events and Gates |
Part III: Dynamic Gates
Note: This is the third part of a three-part series. It demonstrates how dynamic gates extend
fault tree analysis even further by considering the order in which input events occur.
Part I describes the events and static gates most commonly
used in fault tree construction. Part II explores additional static
gates that use NOT logic to indicate how the lack of an event's occurrence can cause the top event to occur.
Introduction
Dynamic gates are relatively new in fault tree analysis. Dynamic gates consider the
temporal order of the occurrence of input events. This means that the order of the occurrence of input
events is important to determining the output. A fault tree becomes a dynamic fault tree whenever
a dynamic gate is present.
This article describes the four types of dynamic gates that can be inserted in a fault
tree to make it a dynamic fault tree. These are the Priority AND (PAND), Spare, Sequence Enforcing (SEQ), and
Functional Dependency (FDEP) gates. Additionally, it shows the symbols that Relex Fault Tree uses to
represent dynamic gates and provides general information about how dynamic fault trees are calculated.
PAND Gate
The PAND gate, also known as the Priority AND gate, is used to indicate that the output occurs
if and only if all input events occur in a particular order. The order of occurrence is the order in which the
input events are connected to the PAND gate from left to right.
PAND Gate
The output of a PAND gate can be the top event or an intermediate event. The inputs can be basic
events or outputs of any AND gate, OR gate, or dynamic gate (PAND, SPARE, SEQ, or FDEP). Items need to fail in
temporal order from left to right to trigger the event. In Relex, you can rearrange items that enter PAND gates
by clicking and dragging them to new locations. The PAND gate also supports a single input. When only a single
input exists, then the occurrence of that input will trigger the event.
Summary of Logic: All input events must be TRUE for the output to be TRUE, and the events
must occur from left to right in the temporal order.
A truth table for a PAND gate follows. In column A, T(1) indicates that the input event occurred
first, and T(2) indicates that the input event occurred second. The Boolean equation for a PAND gate is
T = A * B, where A occurs and then B occurs.
| A |
B |
Output |
| T(1) |
T(2) |
T |
| T(2) |
T(1) |
F |
| T |
F |
F |
| F |
T |
F |
| F |
F |
F |
Example
For a manufacturing plant to be damaged extensively by fire, the fire alarm must fail, and then
a fire must occur in the plant. (If a fire occurs before the fire alarm failure, the damage is likely to be
less extensive because a nearby fire department would be notified by the sounding of the fire alarm.)
Fault Tree with a PAND Gate
SPARE Gate and Spare Event
The Spare gate is used to model cold, warm, and hot spares in the system. The Spare gate
is used to indicate that the output occurs if and only if all spare events (inputs) occur. Spare events
are a special event type used to model spare usage.
Spare Gate
A spare event can be an input to only a SPARE gate or an FDEP gate, which is described later in
this article. While spare events are similar to basic events in functionality, they allow only repair rates as
inputs to accurately model the temporal behavior. The dormancy factor of the spare event indicates the ratio
of failure rate in the standby mode and the failure rate in the operational mode. A spare event can have a
spare pool, which represents the number of identical instances of that spare component (event). For
example, if a spare pool of an event is two, there are two identical spare components of that spare event.
Spare Event
All inputs of a Spare gate are spare events. A Spare gate can have multiple inputs. The first
event (left-most event) is known as the primary input, and all other inputs are known as alternative
inputs. The primary event is the one that is initially active or powered on, and the alternative inputs
are initially in standby mode. After a failure, the active/powered unit that is the first available spare
from left to right will be made active. If all units are failed, then the spare will be considered as
failed.
Depending on the dormancy factor of spares, spare events (components) can fail even in
standby mode. The Relex Spare gate is flexible and can handle any kind of spares.
- If all inputs of a spare gate are identical, then it acts like a standard spare gate. If the
dormancy factor of a spare component is zero, then it cannot fail in the standby mode, and its failure
rate in the standby mode is zero. Hence, the spare event is called a cold spare, and the gate is called
a cold Spare gate. Cold spares are used to model the components that are not powered until needed. If
the dormancy factor is one, then the spare event acts like a hot spare, which is continually powered.
Hence, the gate is called a hot spare gate. If the dormancy factor is between 0 and 1, the spare acts
like a warm spare, which is partially powered in the standby mode until it is needed. Hence, the gate
is called a warm spare gate.
- The inputs to the Relex Spare gate can be non-identical and can have different failure rates
and dormancy factors. This allows us to model complex and hybrid spares in an effective way.
In Relex Fault Tree, you can rearrange spare events that enter Spare gates by clicking on the
events and dragging them to new locations.
Summary of Logic: All inputs must be TRUE for the output to be TRUE.
A truth table for the Spare gate follows.
| A |
B |
Output |
| T |
T |
T |
| T |
F |
F |
| F |
T |
F |
| F |
F |
F |
Example
A computer system has dual redundant processors. Assume that there is a cold spare that can
replace either processor upon its failure.
Fault Tree with a SPARE Gate
SEQ Gate
The SEQ gate, also known as the Sequence Enforcing gate, forces events to occur in a
particular order. The input events are constrained to occur in the left-to-right order in which they appear
under the gate. This means that the left-most event must occur before the event on its immediate right, which
must occur before the event on its immediate right is allowed to occur. The SEQ gate is used to indicate that
the output occurs if and only if all input events occur in the specified order.
SEQ Gate
The occurrence of the inputs for a SEQ gate follows a sequential order. In other words, an event
connected to a SEQ gate will be initiated immediately after occurrence of its immediate left event.
The SEQ gate can be contrasted with the PAND gate in that the PAND gate detects whether events
occur in a particular order (but the events can occur in any order), whereas the SEQ gate allows the events to
occur only in the specified order.
The first input (left-most input) to a SEQ gate can be a terminal event or outputs of any AND
gate, OR gate, or dynamic gate (PAND, SPARE, SEQ, or FDEP). Only basic events are allowed for all other
inputs. In Relex Fault Tree, you can rearrange the events that enter SEQ gates by clicking and dragging them
to new locations.
Summary of Logic: The output is TRUE if and only if all input events are TRUE; input events
must occur in a particular order.
A Truth table for a SEQ gate with three input events follows.
| Input1 A |
Input2 B |
Input3 C |
Output |
| F |
F |
F |
F |
| F |
F |
T |
Not possible |
| F |
T |
F |
Not possible |
| F |
T |
T |
Not possible |
| T |
F |
F |
F |
| T |
F |
T |
Not possible |
| T |
T |
F |
F |
| T |
T |
T |
T |
Example
An SEQ gate can be used to show gradual degradation. Consider a saw system where system status
is based on the quality of the blade. Initially, there may be minimal degradation to the blade such that the
system is still functioning in a good condition. Next, there may be some degradation to the blade, such that
the cuts are impacted, but the system is still functioning to some acceptable degree. Finally, there may be
some point where the degradation of the blade produces cuts that are unacceptable, at which time the system
is considered to be failed.
Fault Tree with a SEQ Gate
FDEP Gate
The FDEP gate, also known as the Functional Dependency gate, is used to indicate that all
dependent events are forced to occur in a particular order when the trigger event occurs. The separate
occurrence of any of the dependent events has no effect on the trigger event. The FDEP gate has one trigger
event and can have one or more dependent events.
FDEP Gate
Dependent events are repeated events that are present in other parts of the fault tree. Dependent
events are either basic events or spare events. The trigger event can be a terminal event or outputs of any
AND gate, OR gate, or dynamic gate (PAND, SPARE, SEQ, or FDEP). Generally, the output of an FDEP gate is not
that important; however, it is equivalent to the status of its trigger event.
In Relex Fault Tree, you can rearrange the dependent events of FDEP gates by clicking and dragging
them to new locations.
Summary of Logic: When the trigger event is TRUE, then dependent events are forced to
become TRUE. The trigger event must be TRUE for the output to be TRUE.
A truth table for an FDEP gate follows.
| Trigger |
Output |
Dependent Event A |
Dependent Event B |
| T |
T |
T |
T |
| T |
F |
T/F |
T/F |
Example
A computer system has dual redundant processors. Assume that there is a cold spare that can
replace either processor upon its failure (given that the cold spare does not fail before use). Assume that
there is also the possibility of a switching mechanism failure that could prevent the use of the spare. The
spare events, Cold Spare Processor, appear in a blue/green color because they are all the same cold spare.
Fault Tree with a FDEP Gate
Dynamic Gate Calculations
When performing fault tree calculations, Relex Fault Tree first determines if the model is static
or dynamic. Any model that includes a dynamic gate is considered a dynamic fault tree. Dynamic fault trees
are broken down into corresponding modules, and each module is individually analyzed as a static or dynamic
entity. To generate exact calculated results, the static entities are computed using the standard
combinatorial techniques, which consider conditional event and gate probabilities in the same manner as Binary
Decisions Diagrams (BDDs) are computed. The dynamic entities are transformed into equivalent Markov models,
which are then computed using Relex's internal Markov calculation engine. The results for these various entities
are then brought together using techniques employed for generalized static fault tree analysis to produce exact
calculations.
Conclusion
Dynamic gates consider the order of the occurrence of input events to determine the output. The
ability of dynamic gates to consider the order in which input events occur greatly extends the use of fault
trees. Dynamic fault tree analysis is a newly emerging fault tree technique that can be effectively utilized
in a wide array of engineering applications. The inclusion of dynamic fault tree capabilities in Relex Fault
Tree allows fault tree analysis to make significant advances in solving complex, real-world problems.
Part I of this three-part series describes the
event and static gate types most commonly used in fault trees.
Part II describes NOT logic gates. The Relex web site provides
additional information about fault trees and the many benefits provided by Relex Fault Tree. Visit
www.relex.com/products/ftaeta.asp.
| 
RELEX
RELIABILITY STUDIO
STUDIO
FAULT TREE/EVENT TREE