Dissertations / Theses on the topic 'Dynamic fault tree'

Nowadays, in the large ships the electric propulsion solution is a viable alternative to the mechanical one. In fact, at present the latter is limited only to ships with peculiar requirements, such as the need of a high cruise speed or use of specific fuels. The use of electric propulsion, paired with progressive electrification of onboard loads, led to the birth of the All Electric Ship (AES) concept. An AES is a ship where all onboard loads (propulsion included) are electrically powered by a single power system, called Integrated Power System (IPS). The IPS is a key system in an AES, thus requiring both accurate design and management. Indeed, in AES electricity powers almost everything, highlighting the issue of guaranteeing both the proper Power Quality and Continuity of Service. The design of such a complex system has been conventionally done considering all the single components separately, to simplify the process. However, such practice leads to poor performance, integration issues, and oversizing. Moreover, the separate design procedure affects heavily system's reliability, due to the difficulty in assessing the effect on the ship of a fault in a single subsystem. For these reasons, a new design process is needed, able to consider the effect of all components and subsystems on the system, thus improving the ship design's most important drivers: efficiency, effectiveness, reliability, and cost saving. Therefore, the aim of the research has been to obtain a new design methodology, applicable to the AES’ IPS, which is able to consider the systems as a whole, with all its internal interdependencies. The results of such research are depicted in this thesis work, as a sub-process to be integrated into IPS’s design process. In this thesis, a wide review of the state of the art is done, to allow understanding the context, why such innovative process is needed, and which innovative techniques can be used as an aid in design. Each point is discussed focusing on the aim of this thesis, thus presenting topics, bibliography, and personal evaluations tailored to direct the reader to comprehend the impact of the proposed design process. In particular, after a first chapter dedicated to the introduction of All Electric Ships, in which are described how such ships have evolved, and what are the most impacting applications, a reasoned discussion on the conventional ship-design process is given in the second chapter. In addition to that, an in-depth analysis of the IPS design is done, to explain the context in which the proposed innovative design process has to be integrated. Several examples of issues coming from the conventional design process are given, to motivate the proposal of a new design process. Not only the above mentioned design issues, but also the upcoming introduction of innovative distribution systems onboard ships and the recent emergence of new requirements, whose impact on IPS is significant, are motivations calling for a new design process. Due to that, an excursus of both these two topics is given in the third chapter, referring to recent literature and research activities. Chapter four is dedicated to the description of the tools that will be used to build the innovative design process. The first part is dedicated to dependability theory, which is able to give a systematic and coherent approach to the determination of faults effects on complex systems. Through dependability theory and its techniques, it is possible: to assess the effect of single components faults on the overall system; to assess all the possible causes of a given system failure; to evaluate mathematical figures related to the system in order to compare different design solutions; and to define where the designer must intervene to improve the system. The second part of the fourth chapter is dedicated to power system’s software simulators and hardware in the loop testing. In particular, the use of such systems as an aid in designing power systems is discussed, to allow comprehending why such tools have been integrated in the innovative design process developed. The fifth chapter is dedicated to the developed design process. Discussion is presented on how such process work, how it should be integrated in ship design process, and which is the impact it have on the design. In particular, the developed procedure implies both the application of dependability theory techniques (in particular Failure Tree Analysis), and the simulation of the dynamic behavior of the power system through a mathematical model of the system tailored on electromechanical transients. Finally, to demonstrate the applicability of the proposed procedure, in chapter six a case of study has been analyzed: the IPS of a Dynamic Positioned Offshore Oil & Gas drillship. This has been done due to the stringent requirements these ships have, whose impact on power system’s design is significant. The analysis of the IPS done through the Fault Tree Analysis technique is presented (though using a simplified detail level), followed by the calculation of several dependability indexes. Such results, together with applicable rules and regulations, have been used to define the input data for simulations, carried out using a mathematical model of the IPS built on purpose. Simulations outcomes have been used in turn to evaluate the dynamic processes bringing the system from relevant faults to failure, in order to improve the system’s response to the fault events.
Oggigiorno, nelle grandi navi la propulsione elettrica è una valida alternativa a quella meccanica. Infatti, attualmente quest'ultima è limitata solo alle navi con requisiti particolari, quali la necessità di una elevata velocità di crociera o l’uso di combustibili specifici. L'uso della propulsione elettrica, in coppia con la progressiva elettrificazione dei carichi di bordo, ha portato alla nascita del concetto di All Electric Ship (AES). Una AES è una nave in cui tutti i carichi di bordo (propulsione inclusa) sono alimentati da un unico sistema elettrico, chiamato Sistema Elettrico Integrato (Integrated Power System - IPS). L'IPS è un sistema chiave in una AES, per cui richiede una progettazione ed una gestione accurata. In effetti, in una AES tale sistema alimenta quasi tutto, mettendo in evidenza il problema di garantire sia la corretta Power Quality, sia la continuità del servizio. La progettazione di un sistema così complesso viene convenzionalmente fatta considerando i singoli componenti separatamente, per semplificare il processo. Tuttavia tale pratica può portare a prestazioni ridotte, problemi di integrazione e sovradimensionamento. Come se non bastasse, la procedura di progettazione separata influisce pesantemente sull'affidabilità del sistema, a causa della difficoltà nel valutare l'effetto sulla nave di un guasto in un singolo sottosistema. Per questi motivi è necessario un nuovo processo di progettazione in grado di considerare l'effetto di tutti i componenti e sottosistemi del sistema, consentendo così di migliorare i più importanti driver applicati nella progettazione di una nave: efficienza, efficacia, affidabilità e riduzione dei costi. Date queste premesse, l'obiettivo della ricerca era di ottenere una nuova metodologia di progettazione applicabile al sistema elettrico integrato delle AES, in grado di considerare il sistema nel suo insieme, comprese tutte le sue interdipendenze interne. Il risultato di tale ricerca è descritto in questo lavoro di tesi, e consiste in un sub-processo che dovrà essere integrato nel processo di progettazione convenzionale del sistema elettrico integrato. In questa tesi viene effettuata un'ampia rassegna dello stato dell'arte, per consentire la comprensione del contesto, del perché tale processo innovativo è necessario e quali tecniche innovative possono essere utilizzate come un aiuto nella progettazione. Ogni punto è discusso concentrandosi sullo scopo di questa tesi, presentando così argomenti, bibliografia, e valutazioni personali volte ad indirizzare il lettore a comprendere l'impatto del processo di progettazione proposto. In particolare, dopo un primo capitolo dedicato all’introduzione delle AES in cui sono descritte come tali navi si sono evolute e quali sono le applicazioni più impattanti, si effettua una discussione ragionata sul processo di progettazione convenzionale delle navi, contenuta nel secondo capitolo. In aggiunta a questo viene effettuata un'analisi approfondita del processi di progettazione dell’IPS, per spiegare il contesto in cui il processo di progettazione innovativo deve essere integrato. Alcuni esempi di problemi derivanti dal processo di progettazione tradizionale sono dati, per motivare la proposta di un processo nuovo. In aggiunta ai problemi dovuti alla progettazione, altre motivazioni portano alla necessità di un rinnovato processo di progettazione, quali l'imminente introduzione di sistemi di distribuzione innovativi a bordo nave e la recente comparsa di nuovi requisiti il cui impatto sull’IPS è significativo. Per questo, un excursus su questi due temi è fatto nel terzo capitolo, con riferimento alle più recenti fonti letterarie e ricerche. Il quarto capitolo è dedicato alla descrizione degli strumenti che verranno utilizzati per costruire l'innovativo processo di progettazione. La prima parte del capitolo è dedicata alla teoria della fidatezza (dependability), in grado di dare un approccio sistematico e coerente alla determinazione degli effetti guasti sui sistemi complessi. Attraverso la teoria della fidatezza e le sue tecniche è possibile: determinare l'effetto sul sistema dei guasti ai singoli componenti; valutare tutte le possibili cause di un dato evento di avaria; valutare alcuni indici matematici relativi al sistema, al fine di confrontare diverse soluzioni progettuali; definire dove e come il progettista deve intervenire per migliorare il sistema. La seconda parte del quarto capitolo è dedicata ai software per la simulazione del comportamento dell’IPS ed ai test hardware-in-the-loop. In particolare viene discusso l'uso di tali sistemi come aiuto nella progettazione di sistemi di potenza, per permettere di comprendere perché tali strumenti sono stati integrati nel processo di progettazione sviluppato. Il quinto capitolo è dedicato al processo di progettazione sviluppato nel corso della ricerca. Viene discusso come tale processo funziona, come dovrebbe essere integrato nel processo di progettazione convenzionale, e qual è l'impatto che esso ha sulla progettazione. In particolare, la procedura sviluppata implica sia l'applicazione delle tecniche proprie della teoria della fidatezza (in particolare la Failure Tree Analysis), sia la simulazione del comportamento dinamico dell’IPS attraverso un modello matematico del sistema tarato sui transitori elettromeccanici. Infine, per dimostrare l'applicabilità della procedura proposta, nel sesto capitolo viene analizzato un caso di studio: l'IPS di una nave da perforazione offshore oil & gas dotata di posizionamento dinamico. Questo caso di studio è stato scelto a causa dei requisiti molto stringenti di questa classe di navi, il cui impatto sul progetto dell’IPS è significativo. Viene presentata l'analisi dell’IPS tramite la tecnica di Fault Tree Analysis (anche se con un livello di dettaglio semplificato), seguita dal calcolo di diversi indici di affidabilità. Tali risultati, unitamente a norme e regolamenti vigenti, sono stati utilizzati per definire i dati di input per le simulazioni, effettuate utilizzando un modello matematico dell’IPS costruito appositamente. I risultati delle simulazioni hanno consentito di valutare come il sistema dinamicamente si porta all’avaria a partire dai guasti rilevanti, e pertanto di proporre soluzioni migliorative.

Emerging technological systems present complexities that pose new risks and hazards. Some of these systems, called safety-critical systems, can have very disastrous effects on human life and the environment if they fail. For this reason, such systems may feature multiple modes of operation, which may make use of redundant components, parallel architectures, and the ability to fall back to a degraded state of operation without failing completely. However, the introduction of such features poses new challenges for systems analysts, who need to understand how such systems behave and estimate how reliable and safe they really are. Fault Trees Analysis (FTA) is a technique widely accepted and employed for analysing the reliability of safety-critical systems. With FTA, analysts can perform both qualitative and quantitative analyses on safety-critical systems. Unfortunately, traditional FTA is unable to efficiently capture some of the dynamic features of modern systems. This problem is not new; various efforts have been made to develop techniques to solve it. Pandora is one such technique to enhance FTA. It uses new 'temporal' logic gates, in addition to some existing ones, to model dynamic sequences of events and eventually produce combinations of basic events necessary and sufficient to cause a system failure. Until now, Pandora was not able to quantitatively evaluate the probability of a system failure. This is the motivation for this thesis. This thesis proposes and evaluates various techniques for the probabilistic evaluation of the temporal gates in Pandora, enabling quantitative temporal fault tree analysis. It also introduces a new logical gate called the 'parameterised Simultaneous-AND' (pSAND) gate. The proposed techniques include both analytical and simulation-based approaches. The analytical solution supports only component failures with exponential distribution whilst the simulation approach is not restricted to any specific component failure distribution. Other techniques for evaluating higher order component combinations, which are results of the propagation of individual gates towards a system failure, have also been formulated. These mathematical expressions for the evaluation of individual gates and combinations of components have enabled the evaluation of a total system failure and importance measures, which are of great interest to system analysts.

Finite state transition models such as State Machines (SMs) have become a prevalent paradigm for the description of dynamic systems. Such models are well-suited to modelling the behaviour of complex systems, including in conditions of failure, and where the order in which failures and fault events occur can affect the overall outcome (e.g. total failure of the system). For the safety assessment though, the SM failure behavioural models need to be converted to analysis models like Generalised Stochastic Petri Nets (GSPNs), Markov Chains (MCs) or Fault Trees (FTs). This is particularly important if the transformed models are supported by safety analysis tools. This thesis, firstly, identifies a number of problems encountered in current safety analysis techniques based on SMs. One of the existing approaches consists of transforming the SMs to analysis-supported state-transition formalisms like GSPNs or MCs, which are very powerful in capturing the dynamic aspects and in the evaluation of safety measures. But in this approach, qualitative analysis is not encouraged; here the focus is primarily on probabilistic analysis. Qualitative analysis is particularly important when probabilistic data are not available (e.g., at early stages of design). In an alternative approach though, the generation of combinatorial, Boolean FTs has been applied to SM-based models. FTs are well-suited to qualitative analysis, but cannot capture the significance of the temporal order of events expressed by SMs. This makes the approach potentially error prone for the analysis of dynamic systems. In response, we propose a new SM-based safety analysis technique which converts SMs to Temporal Fault Trees (TFTs) using Pandora — a recent technique for introducing temporal logic to FTs. Pandora provides a set of temporal laws, which allow the significance of the SM temporal semantics to be preserved along the logical analysis, and thereby enabling a true qualitative analysis of a dynamic system. The thesis develops algorithms for conversion of SMs to TFTs. It also deals with the issue of scalability of the approach by proposing a form of compositional synthesis in which system large TFTs can be generated from individual component SMs using a process of composition. This has the dual benefits of allowing more accurate analysis of different sequences of faults, and also helping to reduce the cost of performing temporal analysis by producing smaller, more manageable TFTs via the compositionality. The thesis concludes that this approach can potentially address limitations of earlier work and thus help to improve the safety analysis of increasingly complex dynamic safety-critical systems.

L'objet des travaux de cette thèse est de proposer de nouveaux processus de définition de tests (testabilité), de nouvelles méthodes de tests, ainsi que de nouvelles méthodes d'interprétation des tests (diagnostic). Ces travaux ont été menés dans le cadre de l'aéronautique et ont porté dans un premier temps sur l'identification des besoins en diagnostic des hélicoptères. Les problématiques liées au test et au diagnostic des hélicoptères portaient sur : - La non-détection de certaines défaillances - L'occurrence de nombreuses fausses alarmes - L'ambiguïté de localisation de défaillances Dans un premier temps nous avons réalisé l'état de l'art des recherches en diagnostic, ceci afin de sélectionner les technologies et méthodologies permettant de répondre aux problématiques identifiées. Les technologies candidates ont ensuite été architecturées afin de proposer un traitement intégré permettant de répondre à l'ensemble des besoins identifiés. Ainsi nous avons travaillé sur les méthodologies de définition du test, aux moyens d'outils de simulation de la testabilité. Nous avons aussi défini de nouvelles méthodes de test permettant de déterminer l'état de capteurs analogiques aux moyens d'algorithmes basés sur des évaluateurs de calcul de variation de l'écart type, du facteur de forme et du rapport signal sur bruit. Nous avons ensuite travaillé sur l'amélioration du diagnostic au niveau système à l'aide d'automates temporisés afin de simuler le fonctionnement des arbres de tests élémentaires. Ces travaux ont ensuite conduit à la modélisation et au diagnostic des systèmes complexes à l'aide des diagrammes d'état, des arbres de défaillances dynamiques, ainsi que leur simulation à l'aide des réseaux de Petri. Les modèles utilisés ont été complétés au moyen de nouvelles portes dynamiques. Ces travaux ont été appliqués au monde aéronautique, sur plusieurs hélicoptères et ont fait l'objet de deux brevets
The object of the work of this thesis is to propose new processes of definition of tests (testability), new methods of tests, as well as new methods of tests interpretation (diagnosis). This work was carried out in the framework of aeronautics. It first intends to identify the needs of the helicopter diagnosis. The identified problems, related to the test and the diagnosis of the helicopters, were: - Non-detection of failures - Occurrence of many false alarms - Failure localisation ambiguity We first achieved the state of the art of research in diagnosis, in order to select technologies and methodologies allowing to answer the problematic. Candidate technologies were then structured in order to propose an integrated treatment. Thus we worked on methodologies of definition of the test, with testability simulation tools. We also defined new methods of test which allows determining the status of analogue sensors with the means of algorithms based on the calculus of variation of the standard deviation, form factor and noise-signal ratio. We then worked on the improvement of the diagnosis at system level using timed automata in order to simulate the operation of the tests tree. This work then led to the modelling of the complex systems using state diagram, dynamic fault trees, as well as their simulation with Petri networks. Additional doors were defined to complete the existing algorithms. Finally, this work was applied to the aeronautical world, to several helicopters and was the subject of two patents

L’émission de lumière est une puissante technique de localisation dans le domaine de l’analyse de défaillance des circuits intégrés. Depuis plusieurs années, elle est utilisée comme une technique capable de localiser et d’identifier des défauts émissifs, tels que les courants de fuites, en fonctionnement statique du composant. Cependant, l’augmentation d’intégration et des performances des circuits actuels implique l’apparition d’émissions de défauts dynamiques dus à l’utilisation de fréquences de fonctionnement de plus en plus élevées. Ces contraintes imposent une adaptation de la technique d’émission de lumière qui doit donc évoluer en même temps que l’évolution des circuits intégrés. C’est dans ce contexte que de nouveaux modes de détection, liés à l’émission de lumière, est apparu : PICA et TRE. Ainsi, les photons sont collectés en fonction du temps donnant ainsi une place importante à la technique par émission de lumière dynamique pour le debbug et l’analyse de défaillance en procédant à une caractérisation précise des défauts issus des circuits intégrés actuels. Pour répondre aux exigences dues à l’analyse du comportement dynamique des circuits intégrés, des méthodes ont été identifiées à travers la technique PICA et la technique d’émission en temps résolu connue sous le nom de technique mono-point TRE. Cependant, les techniques PICA et TRE sont exposées à un défi continu lié à la diminution des technologies et donc des tensions d’alimentation. Pour analyser des circuits de technologies futures à faible tension d’alimentation, il est nécessaire de considérer différentes approches afin d’améliorer le rapport signal sur bruit. Deux solutions sont présentées dans ce document : un système de détection optimisé et des méthodes de traitement de signal
Light emission is a powerful technique for the characterization of failed integrated circuits. For years, faults have been identified in a static configuration of the device. Just by providing the power supply, abnormal current leakage could be located. With the growing complexity of devices, some fault may appear only in the middle of the test sequence. As a result the evolution of light emission was to use the same detector to acquire the image of a running circuit. A new mode of light emission came became available: PICA or picoseconds IC analysis. With this configuration, photons are collected as a function of time. This technique became mainstream for IC debug and failure analysis to precisely characterize IC. Light emission has also reached dynamic IC requirements through PICA and Single-point PICA also known as TRE. However, light emission and TRE is facing a continuous challenge with technologies shrinkage and its associated power supply voltage drop. To work with recent IC technologies with ultra low VDD voltage, it is necessary to take a different approach, to improve the signal to ratio. Two solutions are presented in this document: A best detection system and TRE and PICA signal processing development

碩士
國立成功大學
化學工程學系
89
By incorporating SDG, FTA and fuzzy inference techniques, a novel framework for fault diagnosis is developed in this study. To relieve the on-line computation load, the scope of diagnosis is limited to the fault origins leading to the top event of given fault trees. The corresponding fault propagation patterns are derived from SDG model and precedence order of symptoms are then encoded in the inference system with fuzzy rules. The simulation results show that the proposed approach is not only effective but also capable of identifying the most likely cause of a hazardous event at the earliest possible time.

Yes
Fault tree analysis (FTA) is a powerful technique that is widely used for evaluating system safety and reliability. It can be used to assess the effects of combinations of failures on system behaviour but is unable to capture sequence dependent dynamic behaviour. A number of extensions to fault trees have been proposed to overcome this limitation. Pandora, one such extension, introduces temporal gates and temporal laws to allow dynamic analysis of temporal fault trees (TFTs). It can be easily integrated in model-based design and analysis techniques. The quantitative evaluation of failure probability in Pandora TFTs is performed using exact probabilistic data about component failures. However, exact data can often be difficult to obtain. In this paper, we propose a method that combines expert elicitation and fuzzy set theory with Pandora TFTs to enable dynamic analysis of complex systems with limited or absent exact quantitative data. This gives Pandora the ability to perform quantitative analysis under uncertainty, which increases further its potential utility in the emerging field of model-based design and dependability analysis. The method has been demonstrated by applying it to a fault tolerant fuel distribution system of a ship, and the results are compared with the results obtained by other existing techniques.

Yes
Over the years, several approaches have been developed for the quantitative analysis of dynamic fault trees (DFTs). These approaches have strong theoretical and mathematical foundations; however, they appear to suffer from the state-space explosion and high computational requirements, compromising their efficacy. Modularisation techniques have been developed to address these issues by identifying and quantifying static and dynamic modules of the fault tree separately by using binary decision diagrams and Markov models. Although these approaches appear effective in reducing computational effort and avoiding state-space explosion, the reliance of the Markov chain on exponentially distributed data of system components can limit their widespread industrial applications. In this paper, we propose a hybrid modularisation scheme where independent sub-trees of a DFT are identified and quantified in a hierarchical order. A hybrid framework with the combination of algebraic solution, Petri Nets, and Monte Carlo simulation is used to increase the efficiency of the solution. The proposed approach uses the advantages of each existing approach in the right place (independent module). We have experimented the proposed approach on five independent hypothetical and industrial examples in which the experiments show the capabilities of the proposed approach facing repeated basic events and non-exponential failure distributions. The proposed approach could provide an approximate solution to DFTs without unacceptable loss of accuracy. Moreover, the use of modularised or hierarchical Petri nets makes this approach more generally applicable by allowing quantitative evaluation of DFTs with a wide range of failure rate distributions for basic events of the tree.
This work was supported in part by the Dependability Engineering Innovation for Cyber Physical Systems (CPS) (DEIS) H2020 Project under Grant 732242, and in part by the LIVEBIO: Light-weight Verification for Synthetic Biology Project under Grant EPSRC EP/R043787/1.

Yes
Safety and reliability are two important aspects of dependability that are needed to be rigorously evaluated throughout the development life-cycle of a system. Over the years, several methodologies have been developed for the analysis of failure behavior of systems. Fault tree analysis (FTA) is one of the well-established and widely used methods for safety and reliability engineering of systems. Fault tree, in its classical static form, is inadequate for modeling dynamic interactions between components and is unable to include temporal and statistical dependencies in the model. Several attempts have been made to alleviate the aforementioned limitations of static fault trees (SFT). Dynamic fault trees (DFT) were introduced to enhance the modeling power of its static counterpart. In DFT, the expressiveness of fault tree was improved by introducing new dynamic gates. While the introduction of the dynamic gates helps to overcome many limitations of SFT and allows to analyze a wide range of complex systems, it brings some overhead with it. One such overhead is that the existing combinatorial approaches used for qualitative and quantitative analysis of SFTs are no longer applicable to DFTs. This leads to several successful attempts for developing new approaches for DFT analysis. The methodologies used so far for DFT analysis include, but not limited to, algebraic solution, Markov models, Petri Nets, Bayesian Networks, and Monte Carlo simulation. To illustrate the usefulness of modeling capability of DFTs, many benchmark studies have been performed in different industries. Moreover, software tools are developed to aid in the DFT analysis process. Firstly, in this chapter, we provided a brief description of the DFT methodology. Secondly, this chapter reviews a number of prominent DFT analysis techniques such as Markov chains, Petri Nets, Bayesian networks, algebraic approach; and provides insight into their working mechanism, applicability, strengths, and challenges. These reviewed techniques covered both qualitative and quantitative analysis of DFTs. Thirdly, we discussed the emerging trends in machine learning based approaches to DFT analysis. Fourthly, the research performed for sensitivity analysis in DFTs has been reviewed. Finally, we provided some potential future research directions for DFT-based safety and reliability analysis.

Yes
Dynamic systems exhibit time-dependent behaviours and complex functional dependencies amongst their components. Therefore, to capture the full system failure behaviour, it is not enough to simply determine the consequences of different combinations of failure events: it is also necessary to understand the order in which they fail. Pandora temporal fault trees (TFTs) increase the expressive power of fault trees and allow modelling of sequence-dependent failure behaviour of systems. However, like classical fault tree analysis, TFT analysis requires a lot of manual effort, which makes it time consuming and expensive. This in turn makes it less viable for use in modern, iterated system design processes, which requires a quicker turnaround and consistency across evolutions. In this paper, we propose for a model-based analysis of temporal fault trees via HiP-HOPS, which is a state-of-the-art model-based dependability analysis method supported by tools that largely automate analysis and optimisation of systems. The proposal extends HiP-HOPS with Pandora, Petri Nets and Bayesian Networks and results to dynamic dependability analysis that is more readily integrated into modern design processes. The effectiveness is demonstrated via application to an aircraft fuel distribution system.
Partly funded by the DEIS H2020 project (Grant Agreement 732242).

Yes
Flaring is a combustion process commonly used in the oil and gas industry to dispose flammable waste gases. Flare flameout occurs when these gases escape unburnt from the flare tip causing the discharge of flammable and/or toxic vapor clouds. The toxic gases released during this process have the potential to initiate safety hazards and cause serious harm to the ecosystem and human health. Flare flameout could be caused by environmental conditions, equipment failure, and human error. However, to better understand the causes of flare flameout, a rigorous analysis of the behavior of flare systems under failure conditions is required. In this article, we used fault tree analysis (FTA) and the dynamic Bayesian network (DBN) to assess the reliability of flare systems. In this study, we analyzed 40 different combinations of basic events that can cause flare flameout to determine the event with the highest impact on system failure. In the quantitative analysis, we use both constant and time-dependent failure rates of system components. The results show that combining these two approaches allows for robust probabilistic reasoning on flare system reliability, which can help improving the safety and asset integrity of process facilities. The proposed DBN model constitutes a significant step to improve the safety and reliability of flare systems in the oil and gas industry.

Yes
Fault Tree Analysis (FTA) is a well-established and well-understood technique, widely used for dependability evaluation of a wide range of systems. Although many extensions of fault trees have been proposed, they suffer from a variety of shortcomings. In particular, even where software tool support exists, these analyses require a lot of manual effort. Over the past two decades, research has focused on simplifying dependability analysis by looking at how we can synthesise dependability information from system models automatically. This has led to the field of model-based dependability analysis (MBDA). Different tools and techniques have been developed as part of MBDA to automate the generation of dependability analysis artefacts such as fault trees. Firstly, this paper reviews the standard fault tree with its limitations. Secondly, different extensions of standard fault trees are reviewed. Thirdly, this paper reviews a number of prominent MBDA techniques where fault trees are used as a means for system dependability analysis and provides an insight into their working mechanism, applicability, strengths and challenges. Finally, the future outlook for MBDA is outlined, which includes the prospect of developing expert and intelligent systems for dependability analysis of complex open systems under the conditions of uncertainty.

Yes
Critical technological systems exhibit complex dynamic characteristics such as time-dependent behavior, functional dependencies among events, sequencing and priority of causes that may alter the effects of failure. Dynamic fault trees (DFTs) have been used in the past to model the failure logic of such systems, but the quantitative analysis of DFTs has assumed the existence of precise failure data and statistical independence among events, which are unrealistic assumptions. In this paper, we propose an improved approach to reliability analysis of dynamic systems, allowing for uncertain failure data and statistical and stochastic dependencies among events. In the proposed framework, DFTs are used for dynamic failure modeling. Quantitative evaluation of DFTs is performed by converting them into generalized stochastic Petri nets. When failure data are unavailable, expert judgment and fuzzy set theory are used to obtain reasonable estimates. The approach is demonstrated on a simplified model of a cardiac assist system.
DEIS H2020 Project under Grant 732242.

碩士
國立清華大學
資訊工程學系
93
Fault trees theories have been used in years because they can easily provide a concise representation of failure behavior of general non-repairable fault-tolerant systems. But the defect of traditional fault trees is lack of accuracy when modeling sequence-dependent dynamic failure behavior of certain systems with fault-recovery process. A solution to this problem is called behavioral decomposition. A system will be divided into several dynamic or static modules, and each module can be further analyzed using BDD or Markov Chains separately. In this paper, we will show a decomposition scheme that independent subtrees of a dynamic module are detected and solved hierarchically for saving computation time of solving Markov Chains by reducing the state space of Markov model but without losing unacceptable accuracy when assessing components sensitivities. In the end, we present our analyzing software toolkit: DyFA (Dynamic Fault-trees Analyzer) which implements our enhanced methodology.

Indiana University-Purdue University Indianapolis (IUPUI)
In a wide-area power system, detecting dynamic events is critical to maintaining system stability. Large events, such as the loss of a generator or fault on a transmission line, can compromise the stability of the system by causing the generator rotor angles to diverge and lose synchronism with the rest of the system. If these events can be detected as they happen, controls can be applied to the system to prevent it from losing synchronous stability. In order to detect these events, pattern recognition tools can be applied to system measurements. In this thesis, the pattern recognition tool decision trees (DTs) were used for event detection. A single DT produced rules distinguishing between and the event and no event cases by learning on a training set of simulations of a power system model. The rules were then applied to test cases to determine the accuracy of the event detection. To use a DT to detect events, the variables used to produce the rules must be chosen. These variables can be direct system measurements, such as the phase angle of bus voltages, or indices created by a combination of system measurements. One index used in this thesis was the integral square bus angle (ISBA) index, which provided a measure of the overall activity of the bus angles in the system. Other indices used were the variance and rate of change of the ISBA. Fitting a polynomial curve to a sliding window of these indices and then taking the difference between the polynomial and the actual index was found to produce a new index that was non-zero during the event and zero all other times for most simulations. After the index to detect events was chosen to be the error between the curve and the ISBA indices, a set of power system cases were created to be used as the training data set for the DT. All of these cases contained one event, either a small or large power injection at a load bus in the system model. The DT was then trained to detect the large power injection but not the small one. This was done so that the rules produced would detect large events on the system that could potentially cause the system to lose synchronous stability but ignore small events that have no effect on the overall system. This DT was then combined with a second DT that predicted instability such that the second DT made the decision whether or not to apply controls only for a short time after the end of every event, when controls would be most effective in stabilizing the system.

Indiana University-Purdue University Indianapolis (IUPUI)
In a wide-area power system, detecting dynamic events is critical to maintaining system stability. Large events, such as the loss of a generator or fault on a transmission line, can compromise the stability of the system by causing the generator rotor angles to diverge and lose synchronism with the rest of the system. If these events can be detected as they happen, controls can be applied to the system to prevent it from losing synchronous stability. In order to detect these events, pattern recognition tools can be applied to system measurements. In this thesis, the pattern recognition tool decision trees (DTs) were used for event detection. A single DT produced rules distinguishing between and the event and no event cases by learning on a training set of simulations of a power system model. The rules were then applied to test cases to determine the accuracy of the event detection. To use a DT to detect events, the variables used to produce the rules must be chosen. These variables can be direct system measurements, such as the phase angle of bus voltages, or indices created by a combination of system measurements. One index used in this thesis was the integral square bus angle (ISBA) index, which provided a measure of the overall activity of the bus angles in the system. Other indices used were the variance and rate of change of the ISBA. Fitting a polynomial curve to a sliding window of these indices and then taking the difference between the polynomial and the actual index was found to produce a new index that was non-zero during the event and zero all other times for most simulations. After the index to detect events was chosen to be the error between the curve and the ISBA indices, a set of power system cases were created to be used as the training data set for the DT. All of these cases contained one event, either a small or large power injection at a load bus in the system model. The DT was then trained to detect the large power injection but not the small one. This was done so that the rules produced would detect large events on the system that could potentially cause the system to lose synchronous stability but ignore small events that have no effect on the overall system. This DT was then combined with a second DT that predicted instability such that the second DT made the decision whether or not to apply controls only for a short time after the end of every event, when controls would be most effective in stabilizing the system.