Vous êtes sur la page 1sur 4

Reliability Engineering and System Safety 36 (1992) 59-62

Finding minimal cut sets in a fault tree

Jsrn Vatn
SINTEF, Safety and Reliability, N-7034 Trondheim, Norway

This paper presents a new method for identification of minimal cut sets in a
fault tree. The (non-minimal) cut sets are found by a modification of the
well-known MOCUS algorithm. These cut sets are stored in a virtual tree
structure which requires far less core space than the MOCUS cut set matrix.
The minimal cut sets are found by traversing this virtual tree a number of
times. In the first cycle, all cut sets of order one are identified. In the next
cycle, all cut sets of order two are identified and compared with the cut sets of
order one to exclude non-minimal sets. This procedure is continued until all
minimal cut sets are identified. The procedure is very fast. Compared to the
standard MOCUS program the computer time is reduced by at least a factor of

INTRODUCTION (I) Instead of building the cut set matrix (as done
by M O C U S ) , a virtual cut set tree structure is
When developing c o m p u t e r programs for Fault T r e e developed. This virtual tree should not be
Analysis (VI'A), one of the main challenges is to find confused with the original fault tree.
an effective algorithm for minimal cut set identifica- (II) To obtain the cut sets, we traverse the cut set
tion. For the fault tree module of C A R A 1 a new tree several times in a systematic manner. As
method has been developed. This new method is cut sets are obtained, they are immediately
based on the same basic idea as the well-known checked as to whether they are minimal or not.
M O C U S algorithm. 2 T h r e e m a j o r problems arise
when trying to implement M O C U S on a personal ! Building the cut set tree structure
(i) We may run out of m e m o r y . W h e n dimension- The virtual cut set tree contains a n u m b e r of nodes.
ing the cut set matrix, we must define the The nodes are either gates or basic events. Each node
n u m b e r of columns to be large enough to hold has two pointers (written in cursive below) which are
the cut set with the highest n u m b e r of basic pointing to other nodes:
events. The n u m b e r of rows must be large
h --horizontal pointer, h points to the next element
enough to hold all (non-minimal) cut sets.
in a cut set (a row in the cut set matrix),
(ii) For each gate in the fault tree, M O C U S
v --vertical pointer, v points to the next row in the
updates the cut set matrix. In most cases the
minimal cut set matrix.
updated matrix will hold a n u m b e r of rows
which are identical with the previous matrix. A Further notation:
lot of unnecessary work has thus to be carried
p = pointer to a node
out, since M O C U S does not take advantage of
P 1' = node pointed to by p,
these duplications.
(iii) The final cut set matrix which we get from the p 1' . I D = the node identifier of the node pointed to
by p,
M O C U S approach is hard to reduce to obtain
the minimal cut sets. p 1' . h = the horizontal pointer of the node pointed
to by p,
p 1' . v -- the vertical pointer of the node pointed to
by p,
The new C A R A algorithm for identification of N I L = null pointer.
minimal cut sets is p e r f o r m e d in two main steps:
The function create_new(node_id, h, v) returns a
Reliability Engineering and System Safety 0951-8320/92/$05.00 pointer to a new node with the node identifier equal
1992 Elsevier Science Publishers Ltd, England. to node_id, and with pointers h and v. The function
60 JCrn Vatn

next_descendent(g) returns the next descendent of the is written non-recursively by using a stack to store
gate g (as they appear in the original fault tree). values as the tree is traversed.
The algorithm for building the tree is given below: The procedure push_stack(p, b) saves the values of
p and the buffer pointer b to a stack. The values can
1. Initiating.
be retrieved by calling the procedure pop_stack(p, b).
p = create_new(TOP, NIL, NIL):
The function stack_underflow0 returns T R U E when
2. process p 1' (the node pointed to by p).
there are no more values to pop from the stack, and
p 1' . ID = 1. st descendent o f p 1' . ID;
we are done.
h-trap = p ~ . h;
v-trap = p ~ . v; 1. p = pointer to the root node of the tree;
next = p; b =0;
3. the rest of the descendents of p 1`. ID are 2. I F ( p T . h ~ N I L ) :
inserted in the tree depending on whether IF (p 1' . v =~NIL):
p 1' . ID is an A N D gate or an O R gate: push_stack(p 1' . v, b);
IF (p I' . ID is an A N D gate): ENDIF
n e x t t h = create_new(next_ IF(p1' .ID~B):
descendants(p 1' . ID), h-trap, NIL); B=BUpl' .ID;
n e x t = n e x t 1` . h; b=b+l;
E L S E I F (p 1' . ID is an O R gate): ENDIF
n e x t 1` . v = create_new(next_ E L S E I F (p 1' . h = NIL):
descendents(p 1' . ID), h-trap, v - t m p ) ; Update K, i.e. check whether X should be
n e x t = n e x t 1` . v; included in K, or existing cut sets in K should
ENDIF be removed when X is included. (X is now the
IF p 1' . ID has more descendents, G O T O 3: first b elements of the buffer B)
4. IF all gates have been processed, STOP; If (p 1' . v :/=NIL):
ELSE p=p~ .v;
p = pointer to next unprocessed gate in the E L S E I F (p 1' . v = NIL):
tree; pop_stack(p, b);
G O T O 2; IF stack_underflow0 STOP:
II Identifying the minimal cut sets 3. G O T O 2:
The algorithm finds all minimal cut sets. Step 2 may
Let be modified so that only minimal cut sets up to a
certain order are identified. This is done by not
X, Y = cut sets
allowing proceeding in the horizontal direction, when
K = family of cut sets
the buffer pointer b exceeds the limit specified by the
In order to obtain the cut sets, a tree traversal must be maximum cut size.
performed. A buffer B is used to store a cut set before To illustrate the method, consider the fault tree in
it is included in the family, K, of cut sets. A pointer, Fig. 1.
b, is used to control the position up to which the When constructing the virtual tree structure, we
members of the buffer B are applicable. When a cut start with the T O P event, GO, as illustrated in Fig. 2.
set X is found, we check X against K in order to The next step is to resolve the GO gate. GO is replaced
identify non-minimal cut sets. There are three with its first descendent (basic event no 1). Since GO is
different situations: an O R gate, the tree is developed in the vertical
direction. Hence the rest of the descendents of GO are
1. X is identical to an existing cut set in K. X is not
inserted as shown in Fig. 3(a). In Fig. 3(b), G1 has
included in K, no further checking is necessary.
been resolved by G2 and G3. We notice that G2 is an
2. There exists a cut set Y in K, such that Y c X. X
A N D gate, and the tree is developed in the horizontal
is therefore not minimal, no further checking is
direction. Thus G2 is resolved by G4 and G5 in Fig. 4.
necessary. When resolving G4, we notice that G 4 . h :~NIL
3. There exists a cut set Y in K, such that X c Y. Y
(the horizontal pointer of the G4 node is pointing to
is therefore not minimal, and should be removed
G5), hence both basic event 4 and basic event 5 are
from K. K is replaced by K U X , and X is
pointing at G5 (Fig. 5). Proceeding in this manner,
checked against K t 0 X to obtain further
gives the complete resolved structure (Fig. 6).
occurrences of such Ys.
To find the cut sets, the tree is traversed. We start
The algorithm, which is given below, is recursive, but with node 1. The horizontal pointer = NIL, (h = NIL)
Finding minimal cut sets in a fault tree 61

Topevent J

I I I I <g> I



1 I I I
I (D
II II ] I I[ I
Pig. 1. Example fault tree.

C~ 1

(a) (b)
Pig. 2. Initial structure. Fig. 3. Developing vertically.

C~ (

- - n

Fig. 4. Developing horizontally. Fig. 5. Double pointer to G5. Fig. 6. Final structure.
62 JOrn Vatn

and {1} is therefore a cut set. We now proceed to To illustrate the improvement in computer time, the
node 4. The vertical pointer is 4: NIL (v 4: NIL), and algorithm is compared with the commercially available
must push v (pointer to node 5), and the (empty) cut MOCUS program. The figures are given in seconds,
set is pushed to the STACK. Before we proceed to and the programs were run on an 20 MHz PC.
node 6 we let B = {4} and b = 1. Now h = N I L , and
( B = ) {4, 6} is therefore a (non-minimal) cut set. Since
Fault tree 1 ( # gates = 84, # basic events = 81):
v 4: NIL, we proceed to node 7. h = NIL, and {4, 7} is
a (minimal) cut set. v = NIL, and we pop the node
Maximum MOCUS C A R A algorithm
pointer and the empty cut set from the STACK. Now
cut size
we proceed from node 5 similar to what we did with
1 10 0-1
node 4 (remembering to push a pointer to node 3 to
2 25 0.2
the STACK), giving the cut sets {5, 6} and {5, 7}.
3 170 0.4
From the STACK we now pop the pointer to node
4 350 1.2
3. h---NIL, hence {3} is a minimal cut set. We
5 -- 4.3
proceed to node 6, and {6} is also a minimal cut set.
We detect that the cut set {4, 6} which is a member of Fault tree 2 ( # gates = 35, # of basic events = 34):
the family of cut sets K, is no longer minimal, and we
Maximum MOCUS C A R A algorithm
remove {4, 6} from K. Also {5, 6} is not minimal.
cut size
When the procedure is completed, the minimal cut
5 23 0-1
sets are:
6 30 0.3
{1}, {4,7}, {5,7}, {3}, {6} and {2} 7 30 0-8
8 30 1-4
Application of this algorithm on practical fault trees
9 36 2-3
has shown that the time necessary for a tree traversal
is short compared with the time used for checking for
minimal cut sets. We can, therefore, afford traversing
the tree several times. In the first pass, we are looking REFERENCES
for minimal cut sets with only one basic event in each
cut. In the second pass we are looking for cut sets with 1. CARA---Computer Aided Reliability analysis. User's
manual. SINTEF Safety and Reliability N-7034 Trond-
only two basic events in each cut set and so on. We heim, Norway.
then know that all cut sets in K are minimal, and a 2. Fussell, J. B. et al., MOCUS---A COMPUTER
new cut set needs only to be tested against cut sets PROGRAM TO OBTAIN MINIMAL SETS FROM
which we know are minimal. FAULT TREES. Aerojet Nuclear Company, 1974.