¶ Fault Tree
The Fault Tree layer is populated with logical components of Fault Trees. It includes the stochastic layer, which contains itself the probabilistic data. The stochastic layer is presented in another section.
¶ Description
Constituents of fault trees are Boolean variables (gates, basic events, and house events), Boolean constants (true and false) and connectives (and, or, k-out-of-n, not, etc.). Despite of their name, fault trees have in general a directed acyclic graph structure (and not a tree-like structure) because variables can be referenced more than once. The simplest way to describe a fault tree is to represent it as a set of equations in the form “variable = Boolean-formula”. Variables that show up as left hand side of an equation are gates. Variables that show up only in right hand side formulae are basic events. Finally, variables that show up only as left hand side of an equation are top events. Such a representation imposes two additional conditions: first, the set of equations must contain no loop, i.e., that the Boolean formula at the right hand side of an equation must not depend, even indirectly (recursively), on the variable at the left hand side. Second, a variable must not show up more than once at the left hand side of an equation, i.e., gates must be uniquely defined. Fig. 4.1 shows a Fault Tree. The corresponding set of equations is as follows.
On the figure, basic events are surrounded with a circle. Basic events are in general associated with a probability distribution (see Stochastic Layer).
House events (surrounded by a house shape frame on the figure) are represented as variables but are actually constants: when the tree is evaluated house events are always interpreted by their value, which is either true or false. By default, house events take the value false. Negated house events (gates, basic events) are represented by adding a small circle over their symbol.
A formal description of constructs of Fault Trees is given under the RNC schema in Listing 4.1. This description allows loops (in the sense defined above), multiple definitions and trees with multiple top events. The presence of loops must be detected by a specific check procedure. If a variable or a parameter is declared more than once, tools should emit a warning and consider only the last definition as the good one (the previous ones are just ignored). In some circumstances, it is of interest to define several fault trees at once by means of a unique set of declarations. Therefore, the presence of multiple top events should not be prevented. We shall see what parameters and expressions are in the next chapter.
The semantics of connectives is given in Table 4.1. Note that connectives “and”, “or”, “xor”, “iff”, “nand”, and “nor” are associative. Therefore, it suffices to give their semantics when they take two arguments, i.e., two Boolean formulae F and G.
| Connective | Semantics |
|---|---|
| and | F and G is true if both F and G are true, false otherwise |
| or | F or G is true if either F or G is true, and false otherwise |
| not | not F is true if its F is false, and false otherwise |
| xor | F xor G is equivalent to (F and not G) or (not F and G) |
| iff | F iff G is equivalent to (F and G) or (not F and not G) |
| nand | F nand G is equivalent to not (F and G) |
| nor | F nor G is equivalent to not (F or G) |
| atleast | True if at least k out of the Boolean formulae given as arguments are true, and false otherwise. This connective is also called k-out-of-n, where k is the integer and n is the Boolean formulae given in any arguments. |
| cardinality | True if at least I and at most h of the Boolean formulae given as arguments are true, and false otherwise. I and h are the two integers (in order) given as arguments. |
| imply | F implies G is equivalent to (not F or G) |
In a second step, it would be of interest to incorporate to the Model Exchange Format “inhibit” gates, “priority” gates, and “triggers” (like in Boolean Driven Markov processes). All of these dynamic gates can be interpreted as “and” gates in a Boolean framework. In more general frameworks (like Markovian frameworks), they can have different interpretations, and provide mechanisms to accurately model backup systems, limited amount of resources, etc. The complexity of the assessment of this kind of model is indeed much higher than the one of Boolean models (which is already at least NP-hard or #P-hard).
Next Reading: XML Fault Tree Layer Format