By defining an algebra to quantize each logic gate, we can calculate a probability for the final consequence in a single-failure fault tree from the initial probabilities of each causal event.

The AND gate is defined as a multiplicative operator; with inputs Х1г X2 Xn, the output of the AND gate is the product XxX2- ■ — Xn.

The OR gate however is defined as an additive operator; with inputs Хг, X2 Xn, the output of the OR gate is the sum xt + x% л— + xn.

The INHIBIT gate is also defined multiplicatively; if an input Xn has a condition W then the output of the INHIBIT gate is the product WXn.

Figure 1.32 shows the Boolean expression for each gate. The INHIBIT and AND gates are clearly very closely related. In many cases the fault tree

OR gate

Output event — В B=X, or X2or — Xn

=xt + x2 + ■■■ + xn

Input event

Fig. 1.32. Boolean quantization of AND, OR, and INHIBIT gates.

can be expanded by the use of either interchangeably; it depends on whether the analyst wishes to probe the reasons for the INHIBIT conditional modifier.

Figure 1.33 shows a representative section of a fault tree with inputs Xx, X2, and X3. The final output event may be quantized by evaluating each gate output thus:

Ax = BXA2 B2 = Xx X2 B3 = Xx + X2

Bx = X2+ B2 a2 = B3X3 (1.60)

Then the overall output is given by

Output = AX = BxA2 = (X2 + B2)(B3X3) = (X2 + Xx + X2)(X3)(Xx + X2)

— XxX2X3 + X1X1X3 + X1X2X3 + X2X2X3 + XxX2X3 + X2X2X3

(1.61)

There are two types of redundancies that can be used to simplify this

equation. The redundancies apply because Boolean combinatorial logic is binary, variables in the logic can only be one or zero.

Thus the AND redundancy states that

A-A = A (1.62)

The OR redundancy states that

В + В = В (1.63)

and so also

B + BC^B (1.64)

The logic of each redundancy can be checked by considering the original definition of the two gates. For example, if an output only applies when both of two identical inputs apply, then it is the same as if there were only one input.

Applying the AND redundancy, Eq. (1.61) becomes

and then, removing the OR redundancies, the expression is reduced to:

Output = XxX3 + X2X3 (1.65)

This is now a nonredundant Boolean expression of the combinatorial

logic of the fault tree in Fig. 1.33. It can be used to derive a probability of the output event from the probabilities of the individual input events X±) -^2) and X3.

1.6.5.1.1 Probability calculus.+ The Boolean expression is transformed into a true probability expression using the following relationships:

(a) P(AB) = P(A)P(B) (1.66)

The probability of a number of events all occurring is a multiplication of the separate probabilities of each event.

(b) P(A + B) = P(A) + P(B) — P(A)P(B) (1.67)

The probability of one of several events occurring is the sum of the separate probabilities less the probability of their occurring together. If the probabili­ties of each event are small then the last term in this expression can be omitted.

Similar expressions apply for three or more variables.

Thus the probability of the final output in the fault tree of Fig. 1.33 is given by a transformation of the logic expression of Eq. (1.65) into a probability expression:

P(Output) = P(X,)P(X:i) + P(X2)P(X3) — P(X,)P(X:i)P(X2)P(X3) (1.68)

1.6.5.1.2 Repair time. It is not enough to know the probability of each event, as each failure may remain in operation for a different repair time. Thus an infrequent failure rate of a system may be associated with a long repair time, and this may be more significant than a high failure rate of a system associated with a very short repair time.

It is conservative to assume that nothing is repaired. It is indeed very pessimistic and unrealistic for a minor event that has a high probability of occurring. No really satisfactory solutions to the problem of mathe­matically representing the repair time have been found, although computer programs that assume constant failure rates and constant repair times do achieve very close approximation to the true results for small fault trees (200 inputs or less). Such programs are used in the aircraft industry where the probability of initiating faults in protection systems is well known and can be applied to reactor systems to advantage (16).

A constant failure rate assumes that the system is operating in the flat portion of the life reliability “bathtub” curve when the burn-in period has ended and before the wearout period becomes apparent (Fig. 1.34). This is a reasonably good assumption for systems that are tested throughout the burn-in peiiod and that are replaced before the wearout period commences; in particular, it is reasonable for certain electrical control equipment.

Fig. 1.34. Life characteristic curve for mechanical and electrical equipment.