ExpertFT A: An Expert's Knowledge Based Software Tool for Fault Tree Analysis

ExpertFT A: An Expert's Knowledge Based Software Tool for Fault Tree Analysis

BY

Syed Ma hmudul Hasa n

A thesis submitted to the School of Graduate Studies in partial fulfillment of the requirements for the degree of

MASTER OF COMPUTAT IONAL SCIEN CE

S upervisor: Dr. Faisal Kh an

DEPARTM ENT O F COMPUTAT IONAL SCIENCE M EMO RI AL UNIV ERS ITY OF N EWFOUNDLAND

St. John 's, Newfou nd land, Can ada

July, 20 1 2

Abstract

Having an effective a nd systematic ri sk analys is and safety manage ment strategy is imperati ve to avo id unwanted acc idents in any process facility. Fault Tree Analys is ( FT A) is a frequentl y used techniqu e by des ign engineers for Probabili stic Risk Assessment ( PRA).

Imprecise, incomplete and vagueness of data can result uncertainty in o utput from FTA. The Dcmpstcr- Shafer T heo ry of Evidence (DST) addresses the inco mpleteness in data whil e fuzzy theory handles impreciseness or vagueness in data.

A co mputer aided too l for FTA, ExpertFTA - is int roduced in this thes is. Both DST and fuzzy theory arc considered to develop this software too l in order to aggrega te knowledge from multiple ex perts. ExpertFT A can ass ists users (w ith little knowledge of FTA) to draw a fault tree and perform the analysis effectively. ExpertFTA helps users to create a fault tree, modi fy it and store (pro filin g) data fo r future refe rence. Use rs can pe rf orm qualitative, quantitative and sensitivity ana lysis of th e fa ul t tree fro m DST and fuzzy point of view. It also provides a report based on the generated fau lt tree. Several established des ign patterns arc imple mented and obj ect o riented concepts of Java, XML and XS LT are used in the development o f ExpertFT A.

one of the c urrentl y avail ab le co mmercial software for FTA has the capability of perfo rming ana lys is based on DST and fu zzy logic. This tool is developed with the antic ipa ti on of usin g it for resea rch purposes and also for indu stry personn el fo r detailed risk analysis.

It

is designed s uch a way that it can be ex tend ed with more fun cti ona lity in the future.

ii

Acknowledgements

First of a ll, l would like to express my d ee pest g ratitude to Almi ghty Alla h, the mos t g racious, the mos t merc iful who has g iven me the s trength and abi lity to finish thi thesis.

I a m truly gra teful a nd wou ld like to give my cordial thanks to my su pe rviso r Dr. Faisa l Khan for his s upport and g uidance. I wou ld like to express my s ince re appreciation to Dr. Refaul Ferdo us, who has tremendous ly helped m e whenever need ed . r a m a lso grea tly indebted to the Department of Computa tional Science for g iv ing me the opportunity to pursue my Mas ter's degree a nd to Jason Mi lls for proofreadin g my thesis.

I co uld no t thank e noug h to my wife Syeda Tanzila Kamal for he r unconditio na l a nd unbound love, s upport a nd ins piration to pursue my Masters degree.

Las t but not leas t, l am d eeply thankful to m y pa re nts and s ister for the ir remarkabl e suppo rts in a ll aspects. And l wou ld lik e to de dica te this thesis to my father Syed Tofazza l Hossia n who was the source of continuou s ins pira tio n to purs ue thi s d egree.

iii

Glossary

List of Symbols

Membership function of a fuzzy set Frame of Discernment

p

Power set

p;

Subset of power set

"OR" gate operat ion

PAND

"AND" gate operat ion

<I>

Null se t

BE; Basic Events as input events

m(p ;) Belief mass or basic probability assignment

k

Degree of confli ct

PL

Lower boundary

Prn

Most li kely valu e

Pu Upper boundary

Pr Degree of membership

j5 a. ^Alpha-cut

Probability va lue

a Fuzzy Number

iv

List of Abbreviations

ExpertFTA

AIChE

B , GE,CE, TE FTA

HAZOP PRA PROF AT FOD ETA TFN ZFN Bel. PI

T, F DST hpa

OOP GU I UML XM L XSLT IM SHARP E

Expert knowledge based Fault Tree Analys is American Institute of Chemical Engineers

Bas ic Event, Gate Event, Conditi on Event, Transfer Event Fault Tree Analysis

Hazard and Operabi li ty Probabilisti c Ri k Assessment PRObabilistic FAult Tree Frame of discernment Even Tree Analysis Triangular Fuzzy Number Trapezoidal Fuzzy Number Belief, Plausibi I ity

True, False

Demps ter- Shafer Theory of Evidence basic probability ass ignment

Object Oriented Progra mming Graph ica l User Interface Uni fied Mode ling Language Extensible Markup Language

Ex tensible Stylesheet Language Transformations Intersecti on Matrix

Symbo lic Hierarchical Automated Reliability and Performance Evaluator

v

MCS FST

Monte Carlo Simul ation Fuzzy se t theory

List of Figures

Figure 2. I: Formulation of uncertainty using evidence theory Figure 2.2: Example of Fuzzy Linguistic Scale

Figure 3.1: Operational steps for FTA (after AIChE, 2000)

Figure 3.2: Fundamental structural diagram of fault tree (Henley et al., 1981) Figure 3.3: Wire frame of "Draw Fault Tree" Interface

Figure 3.4: Wire frame of Fuzzy "Input Parameter" Interface Figure 3.5: Wireframe of"Fuzzy Linguistic Scale" Interface Figure 3.6: Wirefi·ame of"Analysis" Interface

Figure 3.7: Work-now diagram of drawing tree Figure 3.8: Work now diagram of' the ExpertFTA Figure 3.9: Component Model of ExpertFTA Figure 3.10: Component Model oi'GUI Figure 3.1 I: Command Model analysis Figure 4.1: Expert FT A architecture overview Figure 4.2: Di l'fcrent types of' events

Figure 4.3: A screenshot of ExpertFT A

Figure 4.4: A screenshot of''Fuzzy Input parameter"

Figure 4.5: A screenshot of"Fuzzy Linguistic scale" screen Figure 4.6: A screenshot of"lnput Detail" screen

vi

18

25

32 33 37 38

40

41 43 45 47 47

49

52

55

64 65 66 67

Figure 4.7: A screenshot of"Fuzzy Analysis" screen Figure 4.8(a): A screenshot of fuzzy report

Figure 4.8(b ): A screen shot of fuzzy report (continued ... ) Figure 4.9: A screenshot of"DST Input parameter"

Figure 4.10: A screenshot of"DST Analysis"

Figure 5. I: Screens hot of the case-study

List of Tab les :

Table 1.1: Example of accidents and its results Table 1.2: Category of mishap

Table 2.1: Uncertainty types and formulations Table 2.2: Source of uncertainty in risk analysis

Table 2.3: Summary of different types of uncertainty formulations Table 2.4: a-cut based fuzzy arithmetic operations for FTA Table 4.1: Constructor and method signature of different events Table 4.2: implementation strategies for TFN

Table 4.3: Trapezoidal conversion strategies Table 4.4: Pseudo code of knowledge combination Table 4.5: Matrix representation of Q

Table 4.6: Example of the XML lile Table 5.1: Fuzzy linguistic scale

Table 5.2: Name, Description and Value assumed for Basic Events Table 5.3: Possible combinations of analysis

Table 5.4: Probability of water quality failure in Walkerton Ontario Table 5.5: Error propagation for different approaches

vii

68 69 69 71 72 78

2

4 12 14

16 23 57 59 59 61 62 70 75 75 78 79 79

Table 6.1: Feature comparison of proposed tool with available FTA tools 84

Thesis Contents

Abstract II

Acknowledgements Ill

Glossary IV

List of Figures VI

List of Tables VII

Chapter I INTRODUCTION ... I I . I Overview ... I

1.2 System Safety Terminology ... 2

1.3 Risk Analysis Methodology ... 5

1.4 Brief Description of FT A ... 6

1.5 Motivation ... 7

1.6 Research Objective and Novelty of the Work ... 8

1.7 Thesis Outline ... 9

Chapter 2 BA KG ROUND REVIEW ... II 2.1 Overview of Fault Tree Analysis (FT A) ... II 2.2 Uncertainty characterization in FTA ... 12

2.3 2.3.1 2.3.2 2.3.3 Evidence Theory Fundamental ... 16 Basic Formulations of DST ... 18 Knowledge Combination Rules for DST ... 19 "Bet" Estimation ... 20

2.4 Fuzzy Set Theory (FST) Fundamental ... 21 2.4.1 Fuzzy Arithmetic Operations ... 22

2.4.2 Multiple Expert's Knowledge Aggregation ... 23

2.4.3 Defuzzi fication ... 24

viii

2.4.4 Alpha-cut Determination ... 24

2.4.5 Fuzzy Linguistic Variable ... 25

2.5 Discussion on Software Development ... 25

2.5.1 Design Patterns ... 26

2.5.2 Software Process Model ... 26

2.5.3 Object Oriented Programming (OOP) ... 29

2.6 XML ... 30

Chapter 3 ExpertFTA MODELLING A D DESIGN ... 31 3.1 omputer-aided Fault Tree Analysis ... 31 3.2 ExpertFTA Requirements ... 34

3.3 ExpertFTA Modelling ... 36

3.3.1 "Draw Fault Tree" Interface ... 36

3.3.2 ''Input Parameter" Interface ... 38

3.3.3 "Fuzzy Linguistic Scale" Interface ... 39

3.3.4 "Analysis" Interface ... 41 3.4 ErpertFTA Design ... 42

3.4.1 Work now of ExpertFTA ... 42

3.4.2 Design Patterns Used in ExpertFTA ... 46

3.5 Summary ... 49

Chaptcr4 ExpertFTA SYSTEM DEVELOPMENT ... 51 4.1 ExpertFTA Architecture Overview ... 51 4.2 ExpertFTA Functionalitics Overview ... 53

4.3 Basic Tree Generation of the Fault-Tree ... 54

4.4 Object Orientation and Control Flow ... 56

4.5 Converting Probability Data into Fuzzy or DST Data ... 58

4.6 Knowledge Aggregation for DST Using Matrix Computation ... 60

4.6.1 Intersection matrix: ... 61 4.7 User view of ExpertFTA .................. 63

4.8 Fuzzy Input Parameter screen ... 64

4.9 DST Input Parameter Screen ... 71 4.10 Summary ... 73

Chapter 5 CASE STUDY A D RESULT.. ... 74

5. I Case Study ... 74

ix

5.1.1 5.1.2 5.2 5.3

Subjective (Fuzzy-Based) Approach ... 74

Evidence Theory-Based Approach ... 77

Results ... 78

Summary ... 80

Chapter 6 COMPARISIO S, CONCLUSIO A D RECOMME DATIO S ... 81 6.1 Comparative study ... 81

6.2 Conclusions and Recommendations ... 84

6.2.1 Conclusions ... 85

6.2.2 Recommendations ... 86

References ... 87

Appendix- A ... 94

I. Analysis report from Single Expert using Fuzzy: ... 94

2. Analysis report from Multiple Expe1is using Fuzzy: ... 98 3. Analysis report from Single Expe1i using DST: ... I 04 4. Analysis report from Multiple Experts using DST: ... I m~

X

Chapter I INTRODUCTION

1.1 (ht•nir''

The current techno log ical era is relyin g heav ily on software.

It

is inev itable to put more emphas is on identifying the risk and imple menting the sa fety features for the rea l time sa fety critical e mbedd ed systems in a cost effective mann er. The most effi cient stage to do this is in the earl y des ign phase by identifying the risk in volved in the syste m. Identificat ion of risk is the first step of risk assc sment and management.

Risk analysis is a n impo rtant step in the risk management process where consequences of any acc ident and the probability o f the occurrences arc identifi ed and analysed in a systemati c mann er. Probabilistic ri sk assessment ( PR A) is a systematic and comprehens ive me thod to identi fy and evalua te ri sks assoc iated with any complex engineered sys tem. According to Mansfie ld et a!. ( 1996a) and HSE( 1 996), 80% of industrial acc idents are caused by ri s ks involved in operation syste m. Industri al acc idents can occur due to human error as well as malfuncti oning or failure of equipment, such as : pipeline ru ptures, vesse l ruptures, chemi cal releases, dete riorati on, design fault s of a system and software/se rve r fa ilure/ ma lfunctio n (Pula, 2005). Table-f . I shows a few exampl es that illustrate how severe and devastating an indus trial accident can be.

1

Tab le 1.1: Example of accidents and its results

Place of occurrence Date Result

Flixborough, England June, 1974 28 people dead. The whole plant destroyed and many

(a Fapor cloud explosion) people injured.

Bhopal, India December, More than 2000 people died and 20,000 injured.

(a poisonom vapor hurst .fi"Oin a 1984 pesticide plan!)

Pasadena. Texas October, 23 people died and injured 314 civilians.

(a massiFe explosion) 1989 capital loss of over $715 million

Texas March, 2005 killed 15 people and injured over 170 persons (a series o( explosions in British

Petroleum)

Every yea r, major and minor industria l acc idents are causing billions of dollars loss to the compa ny and society. There a re some safety management organizations and standards in place, s uch as Occupational Safety and Hea lth Administration's (OSHA), Environmenta l Protection Agency's (E PA), Process Safety Management (PSM) sta ndard and Risk Management Program ( RMP).

An

automated tool for risk analysis wou ld help industries to do the ri sk analysis smoothl y and reduce the chance of any accident.

1.~

\'

ll'nl

Saft'l,\ ll·rminolog,\

The following important terms are defined by Ji a X. (2000):

• Risk:

" Ri sk is the possibility of somet hing undes ired occ urnng. Usually this refers to harm to person , property, o r the environ ment, but can refer to any tangible or intangible loss. Safety is relative freedom from those risks. Ri sk is measured by considering the likelihood of the undesired events and the magnitude of the attendant losses."

2

• Mishap:

''A mishap is an unintended event or series of events that results in a loss. An informal synonym would be 'accident'. Example of mishaps associated with a nuclear weapon system would include accidental launch of a nuclear missile, damage requiring repair or replacement of the weapon, the unplanned destruction of a nuclear weapon, the radioactive contamination of a nuclear installation and its vicinity, and a nuclear missile boomeranging back to friendly territory. A mishap for an air traffic control system would be a collision between aircraft or between an aircraft and a terrain. For a chemical processing plant, mishaps include intoxication and burns to personnel."

• Hazard:

"A hazard is a state of a system or physical situation that, when combined with certain environmental conditions, could lead to a mishap. No accident or loss has necessarily occurred. A hazard is a prerequisite to a mishap. Whenever the hazard is present, the possibility of Mishap exists. Safety is defined in terms of hazard rather than mishaps because mishaps arc caused by multiple factors, and only some of those factors may be controlled by the system in question. The existence of hazardous state docs not mean that a mishap is inevitable."

It is important to note that during the risk and hazard analysis, the whole system is considered. Any component of the system, such as hardware, di ffcrent event· of the system, interaction between other components, connections, environments, and external conditions arc investigated to identify risk or hazard. Probability of mishap and severity of mishap can be

3

paired together to cxpre s risk. Calculating the probability of hazard leads us to the next step where probability of mi shap is identified given that the hazardous state exists. Calculating the probability of ha zard cannot de fine risk; it needs to define losses as well.

M I LSTD-882(military), HB5300.4(NASA), DE05481 (Nuclear) have categorized the seve rity of mishap as follows(Jia X, 2000) :

Table 1 .2 : Category of mi shap

Severit!!_ o{ M i.~lwp E{{ects on: Re.mlt(~l

I. Catastrophic Personnel Death

Facilities/equipment/ vehicles System loss, repair impractical. requires salvage or replacement, severe

environmental damage

II. Critical Personnel Severe iII ness or injury requires admission

to health care facility lengthy convalescence and permanent i mpa i rmcnt.

Facilities/equipment/ vehicles Major system damage, loss of primary mission capability, major environmental da1nagc.

Ill. Marginal Personnel Minor injury/illness (medical treatment but

no permanent impairment).

Facilities/equipment/ vehicles Loss of no primary mission capability, minor environmental loss.

IV. Negligible Personnel Superlicial injury/illness (little or no lirst aid treatment).

Facilities/equipment/ vehicles Loss time is less than one day. Less than minor S}'StCm on environment damage.

4

I.J Ri !, \

nal~ ~i ll'thodolo~~

Ri sk analysis is co nducted qualitati vely and quantitati vely. Qualitati ve analysis invo lves ide ntif ying the poss ible haza rds with the relevant ca use; whil e quantitative analysis invo lves in investigating the consequences of those hazard s in determini sti c or probabilistic manner. A vari ety of ris k assessment techniques ex ist including HAZOP, HAZ ID, Fa ult Tree Analysis, Failure Mode Effect Analysis, What If Analysis and Eve nt Tree Analysis, PRA , QRA, L O PA etc. Techniques to identi fy and ra nk hazard s qu antitati vely include DO W indices, Mond indices, HIRA index, SweHI , IFA L index .

Some well kn own risk assess ment methodologies are (Ferdous

el a!.,

2009)-

• ^WHO methotlologv:

I.

ldenti fica ti on of haza rds ( I) Check I ist

(2)

Matri x diagram of integrati on

II.

Assessment of hazard s

( I) Acc ident sequ ence analysis

(2)

Fa ilure effect analysis

Ill.

Accident consequ ence analys is

• ISGRA methodology :

I.

Hazard identification

II.

Consequence ana lysis

Ill.

Q uantification of ri s k

• Quantitative risk analvsis :

I.

Haza rd identifi cation

5

II. Freque

nc

y estima

tio n

Ill. Conseque

nce a na

lysis

IV.

Measu

re of

ri

s

k.

• Fault Tree Analvsis:

I.

Haza rd ide ntificatio n

II.

To p-event ide ntificati

o

n

Ill. Freque

ncy estima tio n

IV.

Measu

re risk

Fa

ult Tree Ana lysis is th

e one o

f the effi

c

ie nt technique fo r sa fe ty/ ri

sk a

na ly is.

I A Brief lk cription ofF r \

In 196 1- 1962 H.

A.

Wa tson a long w ith

A. Mera

ns in

troduced Fa

ult Tree A na

lysis (FTA) a

t Be ll

Telepho

ne La bora to ries. It

was

intro duced to s tudy the Minute ma n Miss ile

la

unc h

contro

l

syste

m for

US air fo

rce.

S

ince the n this tec hnique has been

extens

ively

explo

red b

y

design

e

ng ineers

fo

r PR

A. FT A

is a n

a

na

lysis

techniqu

e w

hic h is bas ica

lly the v

isua

l

representa ti

o

n

or a

ny possibl

e causes o

f

a

n accide nt. Thi

s

techniqu

e assists

engin

ee

rs to measure, ide ntify and

evaluate

fa ilure, re li

ability a

nd

ava

il

ability of a complex syste

m

. A comp

lex syste m

can be

the

combinatio

n

of human a

nd tec hno logical

e

ntity. T here can be di

ffe

re nt ty pes o f nodes in fa ult tree, such as: Basic E

vent (8£),

G

a

te E

vent (

G£), C

ondition Event (C£), Tra

nsfer Event (

T£).

B E is

denoted by

the c irc le-symb

o

l

which represe

nts

a

n

event tha

t describes a

cause of

the

compo

ne nt fa ilure .

A

G E is

a

logical o pe ra to r that

permits o

r inhibits

fa

ult

logic

be t

ween inputs (lowe

r

events) a

nd a

sing

le o utput

(highe

r

event). A Fault tree can have five d

iffe re nt types o f GEs:

AN

D,

O

R,

Exc

lusive-OR, Pri

ority A

ND

a

nd Inhibit

gate. A

TE

is de

noted

by a tria

ng

le

6

symbol and is th e indica tor of the sub-tree branch (transfer in/out) of the current tree. A CE is de noted by a ova l symbol and use to indicate any specific conditi on or restriction th at may apply to the logic gate.

A typi cal FTA for an industrial system in volves several steps, whi ch require large expert time, prec ise probability da ta, and computati onal capabilities. Many commercial and acade mic computer-aided FTA too ls, including SHA RPE, CARA fa ult tree, PROFAT, Rclcx Re liability So ftwa re, and Fault tree+ have been developed to assist the time-consuming ste ps of a FT A. The bas ic steps, i.e., the rules of graphica l network construction, th e fa ul t tree deve lopment and computational time optimization for ana lyzing a fa ult tree are more or less sa me for a ll FTA too ls. However, a significant difference is observed in eva luation of a fault tree when uncertaint y d ue to imprecise and unava il abl e data becomes a maj or concern. In tradi tiona l FT A, the probability data of basic events are expected to be precise and ass igned as cri sp or determinis tic input, wh ich are often hard to come by for a real industria l system. The cri sp fa ilure probabilities of such bas ic events a re difficult to measure and th e accuracy of such estim ation is oft en questionable. Thi s is because in practice, especiall y in th e earl y des ign stage of a system, the re is usually not enough data ava il able. Moreover, many basic events of a fa ult tree may not have any quantitative or probability data at all. Ex pert 's j udgme nt/ knowledge in this situat ion is o ften used as an alternati ve to atta in the obj ecti ve data (Yuhu a and Datao, 2005). Howeve r, it co mes at the cost of possible uncertainties related to incompleteness (parti al ignorance), imprecision (subjectivity), a nd lack of consensus (if mul tiple expert j udgments arc used). Most of the ex isting FT A tools do not handl e this ki nd of uncerta inty and imprecision in input data. In essence, the motiva tion of this work li es in fo ll owing three po ints:

7

• Lack of an integrated approach to deal with incompleteness in the information for fault tree analysis.

• Lack or an integrated approach to deal with imprecise and subjectivity in the information for f~tult tree analysis.

• Lack of a computer aided solution with the advanced features as mentioned abo c to do probabilistic analysis of complex process system.

1.6 Hescarch Objective and Novelty of the Worl<

In an attempt to circumvent the uncertainty associated in the expert's knowledge, Fcrdous

et a/.

(2009a, 2009b) have introduced two different approaches (i.e., fuzzy-based and evidence theory-based approaches) to facilitate the accommodation of expert judgment/ knowledge in evaluation of a fault tree, event tree and bow-tic analysis. In this thesis, a software tool - Expert knowledge based Fault Tree Analysis

(ExpertFTA)

is introduced.

ExpertFTA

is a sophisticated engineering software tool which incorporates a formal deductive procedure to draw and analyse a fault tree by utilizing Fuzzy set theory and Dempster-Shafer Theory (DST) of Evidence for addressing and handling the uncertainties. In order to be close-to-accurate and build the confidence into FTA, aggregate knowledge from multiple experts is introduced in this tool.

A software-tool should be easily maintainable and reusable. An efficient design and the object oriented approach for a software development can assure reusability and maintainability.

Several established design patterns are implemented and object oriented concept of Java, XM L and XSL T arc used in

ExpertFTA.

8

T

he novelty of thi

s wo

rk ca

n be stated as

fo

llows:

•

Develo ped

a

unique ad

vanced computer a

ided too

l to

perform Fault Tree Analysis.

• Imple

mented

Fuzzy set theory alo

ng with

ev

ide nce set th

eory (i.e.

DST) fo

r addressing and handling

the uncertainties.

• Introduced knowledge aggrega

tio n

fro

m multipl

e experts

for indi

vid

ua

l basic event.

• ExpertFTA

is eng

ineered

in such a way that it

can be further

enha

nced

with

mo re

functionality.

1.7 I he i\ Outline

T

hi

s

thes is consists o

f six chapters.

The c urrent

chapter has

introduced ri

sk analysis

method

o

logy and its impo rtance a nd current practices in the

industry. Furthe

r, th

e system safety

termino logy a nd the brief descriptio n

of

the FT A

technique we

re discussed. T he m

o

ti

vation and

resea rch obj

ectives of

this work were

mentioned in the later section o

f this chapter.

The second chapter concentrates on the

de ta ils of FT A s

teps and the

implem

entatio

n of those

steps

into software

. T

his chapter discusses th

e

importance o f

implementing

the soft

ware

in

a proper manner by a

do pting certain desig n patterns. Fro m the software evo lutio n and maintenance po int

of view, acquiring several

techniques and mod

els are

identified

and

discussed. Later the reason

for choos

ing a n

app

ropriate method

fo

r

current

purpose is descri

bed. DST a

nd Fuzzy

logic

is brie fl

y

m

entio

ned

in

this chapter

as w

ell.

T

he third

chapter illustrates

the desig n

and architect o

f the t :'.xpertFT A.

In

chapter fo ur, th

e

develo pment

and implementatio

n detail

s of the

ExpertFTA

are

disc ussed.

C

hapter fi

ve

presents a comprehensive case s tudy and results using

this tool. A compa

ri

son of

ExpertFTA

against a

few other ava ilable FT A-too

ls, conclusio

ns

ti·o

m

9

th e current wo rk and a list of future enhancements and directi ons are prov ided 1n the sixth c hapte r.

10

Chapter 2 BACKGROUND REVIEW

This chapter provides a review of diff erent background topics related to this thes is. A brief desc ription of FT A (section 2.1 ) a long with DST and Fuzzy set theory (section 2.3 & 2.4) are provided. L atter, so ftware engineering (section 2.5) from a design pattern and model poin t of view is described. Lastl y, a brief overview of XML is prov ided.

2.1 Ov ·rview ofF.wlt Tree Analysis (FTA)

FTA is frequently used in industry to anal yze risk and safety. Quantitative and qualitative ana lysis is the main focu s of FTA from accident point of view. Following is an overview of FTA.

The root of the logic tree begins with th e undes ired effect, which is known as the top event. After ident ifying the top event, all possible causes for that event is identified. There ca n be a sequence of events which eventuall y lead the occurrence of the top event. Those events arc drawn by usin g logic sy mbols along with the probability of occurrence. According to Ha as!, 1 965, McCormick, 1 98 1, Roberts

el a/.,

1 98 1, Hauptmanns, 1 988, Henley and Kumamoto, 1981 , Bil lington and All en, 1 986 , Lees, 1 996 , Khan and Abbasi, 1999 and AIC hE, 2000, a software too l for FT A should consi ders following basic steps:

i) Gather inf ormation a bout the system.

ii ) Identi fy the top event.

iii) Gather probab ilities of fai lure of basic events.

iv) Construct the fa ult tree us ing logic symbols.

v) Perform quantitative, qualitative and sens iti vity analysis.

11

FTA as a software tool has been available since in early 1970's (Henley, 1981 ). There arc some commercial software tools available, such as: CARA-Fault Tree (CARA-Fault Tree, version 4.1, 1999), Fault Tree+ by lsograph Ltd. and Relex Fault Tree. These tools calculate quantitative analysis by using a conventional probabilistic approach. Imprecision in data has been addressed in PROFAT (PRObabilistic FAult Tree analysis) (Khan and Abbasi, 1999).

Fuzzy logic is implemented in PROF AT to handle the imprecision in data, but there arc some unresolved issues on basic event data fuzzification and calculation of top event probability.

Moreover, there is no GUt for this tool in order to draw and visualize the fault tree. Until today, to our knowledge, there is no FT A-tool which has addressed uncertainty and vagueness of data at the same time by implementing DST and fuzzy set theory side-by-side. The primary goal of this thesis is to come up with an ideal software tool which would implement DST and fuzzy set theory from multiple experts' point of view. The following section discusses the uncertainty in FTA.

2.2 Uncertainty ch.tractc.-iz.1tion in I•TA

Several techniques have been developed to formulate the uncertainty for risk analysis, which arc summarized in Table 2.1 (Wilcox and Ayyub, 2003).

Tahle 2.1: Uncertainty types and formulations

Types Nature Techniques

Aleatory Stochastic, Objective, Probability theory

Irreducible, Random Evidence theory (random sets) Fuzzy set theory

Imprecise, Incomplete, Evidence theory (random sets) Epistemic Ambiguous, Ignorant,

Info-gap theory Inconsistent, Vague

p-boxcs

12

Uncertainties can be classified into two categories:

aleatory

(or stochastic) and

epistemic

(or knowledge-based) (Apostolakis, 1990; Thacker

et a /. ,

2003; Helton, 2004; Daneshkhah, 2004;

Ayyub and Klir, 2006). According to the sources and natures of the uncertainty,

aleatory

and

epistemic

can be further sub-categorized as

data

uncertainty,

model

uncertainty and

quality

uncertainty (Abrahamsson, 2002; Markowski

et a!.,

2009). Usually incomplete and incomprehensive evaluation of hazards introduces

quality

uncertainty which is also referred to as

completeness

uncertainty (Markowski

et a/. ,

2009; Ferdous, 20 I 0). The

data

and

model

uncertainties occur due to insufficient or missing data and consideration of invalid or unrealistic assumptions (e.g., independent); these uncertainties are respectively known as

parameter

and

dependency

uncertainty (Markowski

et a/. ,

2009; Ferdous, 20 I 0). Table 2.2 provides detailed descriptions of these categories of uncertainty.

13

Ta ble 2.2: Source of uncertainty in risk analys is

Category of uncertainty Steps Objectives Techniques

Completeness Modeling Parameter

Inability to Imprecision or

Identify the identify all vagueness in

c possible hazards, HAZOP, PHA, Wrong interaction characteristic

0 develop logic contributions to

"4J FMEA,

between different properties of

C1l structure of

u risk and all

~ _... risk contributors

representative Fault Tree and

c and variables contributors and

QJ accident scenarios Event Tree RAS

-o variables

~ (RAS).

C1l N C1l I

Incorrectness in identification

... Define the possible of all types of Improper,

Lack or inadequacy

c Consequence

QJ outcomes, the imprecise and

E or vagueness

Vl Measure degree of inadequate models

Vl Models consequences

QJ

adverse impact on for source terms,

Vl

Vl in values for model

<(

health, property as well as of all dispersion and

QJ variables

u and environmental interactions physical effects

c

QJ :J cr

QJ among

Vl c consequences

u 0

c

Wrong selection Limited or

QJ FTA, ETA, of events, unavailable data

E

Vl Wrong analysis for components

Vl Determine the

QJ bow-tie safety function and assumptions failure rates,

Vl

probability or

Vl

<( analysis and number of in FTA, ETA and events occurrence

-o frequency of RAS

bow-tie analysis and

0

0 accident

..c interdependent

QJ outcome cases relationships

-""

:.:::;

Limited Inadequacy in

Insufficient and

c selection of

0 assumptions in limited data on

"4J

C1l Risk indexes, risk external

·;:: N Risk matrix, appropriate risk

2l ranking or risk conditions, and weather

u SIL, LOPA measures as well

conditions, ignition

~ category incorrect

C1l interpretation of sources and

..c as risk acceptance

u

-"" _Vl results criteria population

a:::

14

In order to address and handle diff erent typ es of uncertainties conventional or tradi tional method, probability theory, fu zzy set theory and evidence theory can be introduced . A brief co mpari son between these three theo ries is stated be low:

The conventional or traditional method is highl y des ired and well accepted beca use o f its simpli city, input data requirement and minimum analys is time (A IChE, 2000; Abrahamsson, 200 2). Though the traditiona l method is hi ghly desired in FT A ana lys is, it is incapabl e of ha ndling any kind of data un certa inty, which most of the time provide an unre liabl e analys is (Yang and Suzuk i, 1995; Abrahamsson, 2002). Probability theory is th e most co mmon method to address random uncertainti es (Vose, 2008; Ren e!. al .. 2009) . However, this requires sufficient empirical in formation to derive the PDF (Probability Densit y Function)s for the inputs (Ha mmonds et a/., 1994; Wilcox and Ayyub, 2003; Abrahamsson, 2002; Chojnacki , 2005, Fcrdous, 2009a). Moreove r, the class ical MCS (Monte Carlo Simul ati on) fra mework canno r differe ntiate rando m a nd s ubjecti ve uncertainti es in the uncertainty a nalysis (Berztiss, 2001 ; Abrahamsson, 2002). Us ing fuzzy set theory and evidence theory, uncet tainty analysis can be perf ormed w ith subjecti vely assigned fuzzy numbers and basic probability ass ignment

(bpa)s

by the experts (Wilcox and Ayyub, 2003, Ferdous, 2009). Fu zzy numbers are suffi cient to address the subj ecti ve uncertainty, when the empirica l inf ormation is sparse or complete ly unavail abl e fo r the uncertain parameters (Chojnacki , 2005, Ren et a/., 2009, Fe rdous, 2009). Unlike probabili ty and fuzzy set th eory, the hpa in ev idence th eory is appropriate to represent uncerta inty assoc iated with igno rance and incompleteness of expert knowledge, and able to genera li ze the overall uncertainty in a belie f interval ( Bae et a /. , 2004; Chojnacki , 2005 ). In some cases, the fuzzy arithmeti c and evidence theo ry-based formulations are still not well -defined,

15

whic h often limits their acceptability in risk analysis. Table 2.3 below provides a s ummary of different types of uncertainty form ulations .

Table 2.3: Summary of different types of uncertainty formulation s

Characteristics Traditional Probability Fuzzy set

Evidence theory

theory theory

Analysis com plexity H

L M M

Data requirement

H

H

M M

Handling data uncertainty

L L

H

M

due to subjectiv ity H and ling data uncertainty

due to incomplete and

L L M

H

inconsistent information propagating different

L M M M

uncertainties Simplicity in the

H M L L

interpret ation of results

Data aggregation

L L M

H

Analysis tim e H

L M M

Theory acceptance H

M L L

L: L east desired; M : Moderately desired; H : Highly desired (Ferdous,

2010)

2.3 h, idence Theot·y Fund,mwr t,ll

Evide nce Theory is a lso known as DST as it is developed by Dempster( 1 967) and later extended by Shafer ( 1976). The major motivation worked behind the deve lopment of th is theory was to c haracterize the uncertainty caused by pa rtia l ignorance, knowledge deficiency or inconsistency (Sadiq el a/., 2008; Wang eta/., 2004). Unlike traditional probability theory and Fuzzy set theory, evidence theo ry distributes the subjecti ve know ledge of an ex pert to the co rres pondin g subsets o f a power set. The unassigned mass due to part ial 1 gnora nce o r

16

incomplete information is ass igned to a n ignorance subset within the power set ( Ferdous, eta/., 20 I I; Sadiq et a/., 2008).

The majo r advantages of using the evidence theo ry include (S entz and Ferson, 2002) :

i) Indi vidu al be liefs from different sources can be ex pressed through the probability mass function that may bear in completeness fro m parti al to full ignorance,

ii) A belief interval (a bound ary of probability estimat ion) can be obtain ed for each uncertain paramete r, and

iii) Bias from a specific source can be avoided and conflicts a mong diff erent sources can be reso lved thro ugh a belief structure.

Evidence theory genera lizes c lassica l probability theory through a belief in terval constructed by assigning upper and lower bounds for probabilities (G uth , 199 1 ). It uses four bas ic constituents: F ame of d iscernment

(FOD),

basic probabilit y assignment (bpa ), belief measure (Bel ), and plaus ibility measure

(PI)

to charac terize the quality of uncertainty, such as probability of bas ic-events, events or input events (Sadiq et a/., 2008). The th eory a lso includes reasoning based on the rul e of combin ati on of d egrees of belief accordin g to di fferent evidence.

Fo r a given FOD,

(Q)

in Figure 2. 1, bpa (mass) is distributed over the set of all possible subsets of

Q:

the power set of

Q

and written 2fl. T he unass igned mass, ca lcul ated by 1 - m (p)

-111 (~p),

is ass igned to the belief mass for the ignorance s ubset. T he bas ic formul ations fo r different para meters of evidence theory are stated in the followin g sub-sections.

17

Q = {p, ~p} Ignorance subset

0 ₁

m(-.p}

Bel(p) _ _ _ _ ____,,..___ Bel{p, ~p) Bel (not p) PI (p)

Figure 2.1: Formulation of uncertainty using evidence theory

The total subset of a power set (P) in the DST theory is determined by 2^12• For example, if the number elements of a FOD is two i.e., (Q} = {T, F), then the power set (P) comprises of four subsets, i.e.,

{(<D,

a null set), (T), (F) and (T, F)}.

The

basic probability assignment (bpa)

in DST theory represents the knowledge proportion of every subset {p;) in the power set

(P)

such that the sum of the proportion is I. The

hpa

is denoted by

m(p )

and can be defined with the Equation I:

m(p . )---7 [0,1]

I

; m(ct>) = 0 ; :L>n(pi) = I

pi <;;;; p

(I)

The lower probability bound-

belie/(Bel),for

a set

p;,

is defined as the sum of all the

hpas

of the proper subsets

Pk

that support the minimum knowledge of interest

p;,

where

Pk

r:;;.p;. The

Bel

is written as:

Bel( p i) = ^{m(p )}

k

⁽²⁾

18

The upper probability bo und, 1.e., the p lausibility (PI) measure for a set Pi is the ummation o f hpas that support the max nnum kno wledge includin g the 1 gnorance subset.

T he refore, the relation can be written as:

Pl(pi) = ₍₃₎

2. '·2 h.IJO\\ letl!_!l' ( omhination J<nll'' for I>S I

The combination rul es in DST a llow aggregati on of di fferent degrees of beli e f fro m different ex pert 's knowledge and provide a combined belief structure (Fc rdous et a/., 20 I 0). The Demps ter and Sha fer (OS) rule is funda mental among a ll combination rules in ev idence th eory.

A number of modifi ca ti ons of the OS rul e on the basis of minimi zation and normaliza tion of conflicts among the different so urces have bee n reported (Sentz and Ferson, 2002; Sadiq et. a/. , 2008). The most co mmon modi ftcations inc lude those by Yager, Smets, I naga k i, Dubois and Prade, Zhang, Murph y, a nd more recentl y by Dczc rt and Smarandache (Sadiq et a/. , 200R).

Deta iled di cussion and compari sons of th ese rul es ca n be found in Dczert a nd Smarandachc (2004). To add ress two extreme cases of confli cti ons, hi gh-co nflict a nd non-conflict issues in the ex perts ' knowledge, OS and Yager combin ation rules are used in thi s study. The details of these two rul es arc given below.

i) OS rul e of combination: Dempster's nt!e ol combination (DS) uses a normali zing factor ( 1-k) where ' k' is the sum of a ll bpas with conflict. This method i gnores the conflicts between two sources (eg. m

1,

m

2)

by di vidin g the co mbined ev idence with

19

that factor. DS combination rule uses Equation 4 to combine evidences from di ffcrcnt sources:

0

z:/n ^{1 (Pa )x 111}

³

^(pb)

ParlfJb=pi

1- k

.for P; = </J

(4)

ii) Yager rule of combination: Yager(1987) proposed a similar method as DS but more robust where the degree of conflict is very high among the sources (Sentz and Fcrson, 2002). The difference between DS and Yager rule is that the degree of conflict (k) in Yager is not used for normalization. It is directly added up with part of ignorance

n .

The equations uses in Yager arc as follows:

[111 1 EB 111 , ]( p . ) =

- I

). t

~ "B( "I sin 1.1tinn

0

L1111 (Pa)xm l (ph)

ParlfJh=pi

"'L.m 1 (p

0

) X111

3

(ph)+k

Parlpb=pi

.for P; = cP

(5)

.for P; =

^Q

The interval obtained from the

belief"

and

plausibility

measures gives the belief structure of expert knowledge. The belief structure takes into account the ignorance and conflicts in multi- expert knowledge and provides a range for the event probability.

"Bet "

estimate in DST

20

prov ides a po int estima te in be lie f struc ture (simila r to de fu zzification), w hic h is estimate d by Equation 6. In equa tio n 6, IP;I re fe rs the cardin a lity (number of cleme nts) in the set p; .

be t(P) = ^I

Pep.

- I

2.. t- Fuzzy Set Theory (fST} F md.un 'nt.ll

(6)

In 1965, Lotif Z ade h introduced his pioneer work: fu zzy set theo ry, whe re he a rg ued tha t the con vent io na

l

probability theory

is

no t su ffic ient to express the inte ns ity (d egre es) of truth in

subj

ecti ve in fo rma tio n. It introduced ro bustness into QRA (Qua ntita ti ve Risk A na lysis) by a llowin g a certa in am o unt of imprecis io n to ex ist, thus paving th e way to re present huma n ling uisti c te rms as fuzzy sets, he dges, predica tes a nd qua ntifie rs (Rivera

et a/ ..

1999). Ma ny disc iplines inc luding contro l system s, neura l ne tworks and a rtific ia l intellige nce have ado pted this concept. Fuzzy set theory (FST) is fl ex ible en o ug h to tra nsla te the expe rt's linguis tic varia ble in proba bility do ma in a nd dea l wi th subjecti ve unce rta inty due to imprecisio n or vagueness in da ta.

FST uses the fu

zzy

numbe r to descri be the rela tio nship be tween an unce rta in qua ntit y p (e.g

., event p

robab ility) and d egree o f uncerta inly thro ugh m e mbe rship functio n

fl.

An y type o f me m bership functio n inc luding norma l, bo und ed and con vex fun ctio ns, e.g., tri a ngul a r, tra pezoida l a nd Gaussia n sha pes, c an be conside red fo r the fo rma tio n o f a fu

zzy

numbe r.

Howeve r, the

se

lection of a func tion essentia ll y de pe nd

s

o n the vari able characte riza tion a nd ava il abl e inf o rmation (Ferd o us,

et a/., 20

10). The TFN (Tria ng ula r fu

zzy

number) can be

21

d escribed by a vector

(pL.

Pm ·

pu)

tha t represe nts the lower bo und ary, most likely value, and upper bo undary of the uncertain quantity . The a-cut for a T FN represents the d egree o f m embership of p

₁

in the

set P. The

membership functio n of a TF can be described as Equati o n 7:

P r - Pt.

Pt. ~

PI

~

Pm Pm- Pt .

Jl t• (p I )= P u - Pr

Pm

~

P r

~

Pu ⁽⁷⁾

Pu - Pm

0 otherwise

'L

L I I

u11:y

\rithmcltc Opet·.1Lion ·

T he a.-cut based formulatio ns arc

simplified

and commo nly used arithmetic operations of FST (La i

et a/.,

1983; Siler

et a/.,

2005; Li, 200 7). T hese operatio ns a rc perf o rmed at each correspo ndin

g

membership va lue o f a a.-c ut fo r adding, subtracting, mul tiply ing, and di viding ruzzy numbers to d etermine overa ll operatio n results o n the fu

zzy

sets ( Wilcox and Ayyub,

2003

). Fcdo us

et a/.

(20 09a) explored fuzzy arithmeti c operatio ns fo r describing the d ependent a nd independent relationship between basic even ts or events in FT A a nd

ETA

. T he curre nt ExpertFT A tool co nsidered that the interdependence a mo ng the basic events in FTA is inde pende nt. In o ther words, basic eve nts arc independent in ExpertFT A . In Table

2.4,

the intersectio n and conj unctio n rul es fo r "A ND" a nd "OR" operatio ns for FT A arc

shown.

22

Table 2.4:

a

-cut based fuzzy arithm

eti c operation

s for FT A

Rule Operation a-cut formulation

II II

Conduction "OR" gate ^{pa = I- n (I - pa); pa = I- n (I - pa)}

L i=l IL N i=l Ill

Intersection "A D" gate

L 1.2 vtultiplt> Expt>rt's l'nowl('dgc

ggreg.ttwn

Kn

ow

ledge aggregation from multipl

e exp erts

becomes essential in an analysis. It pools multiple sources of knowledge into one

and provides a

mu

tual agreement o

f di ffcrcnt sources of knowledge (Lin and Wang, 1997). A number of methods, e.g., max-min,

arithmetic averaging,

quasi-arithmetic m

ean

s, weighted

average

m

etho

d, fuzzy Delphi meth

od, symmetri

c sum and t- nonn,

arc ava

ilabl

e

to aggregate multiple experts knowledge in

the

form of fuzzy numbers (Huang et a/., 200 I;

Sadiq

eta/., 2007; Wagholiar, 200

7). The weig

hted average method is the simplest meth

od

all

owing aggregatio

n

according

to prior

weig

hts

o

f the

arg

uments. It uses the foll

owing equatio

n for aggregating

m

experts knowledge.

"'

" " \V p

~ J I.J

p

=-'-'=_1 _ _ _

I _Ill i = 1.1.3 , ..... 11

(8)

L: w,

,-1

where

Pij is

the

linguistic

ex

pression

o

f un

certain input basic event i

elicited from cxpcrtj,

n

IS th

e

number of input events,

m

is the number

o

f

ex

perts, wi is a weighting

fac

tor corresponding to expert j and

Pi

^IS the aggregated

fuzzy

number.

For

equally

weighted

23

knowledge, the weighted average method gives a similar estimation to the arithmetic averaging method.

L 1.3 DPiunillc.tlion

Dcfuzzification in FST transforms a fuzzy number into a crisp value (Kiir el of., 2001).

Many defuzzification methods arc available in the literature (e.g., Klir

et a/. ,

2001; Ross, 2004).

The weighted average method is a computationally efficient method (Ross, 2004; Khan el a/., 2005). The following equation is used for defuzzification of outcome event probability or frequency.

POlll

2:: ~~ r(P ) . ? ]

2:: ^{f-L r(P )}

L

l.

~

lph.t rut llt'lt•rmin,tlion

(9)

The a-cuts arc used to determine fuzzy intervals (i.e., nested intervals in a fuzzy number) with a membership grade (!lr) greater or equal to the a-cut value (Wilcox

et a/.,

2003). In a TFN, the membership function uses the following relationship to determine the interval at the a-cut level:

p a [ p

^L

+ a (p

^{m -}

P

L ),

P

11 -

a (p ~<

^-

P

^{m )]} (I 0)

24

L ~ 'l Fllt.I.V

Lingui..,lic

V.triable

Fuzzy linguistic variables are linguistic terms to articulate uncertainty 111 probability estimation. Experts' knowledge can be expressed in terms of linguistic variables such as very high, high, medium, very low, low, etc. (Ayyub, 1991; Wu,2006, Sadiq

et a/.,

2007).

Very low low Medium High Very High

1.0

0.5

0.0

0 0.20 0.25 0.40 0.45 0.60 0.65 0.80 0.85 1

Figure 2.2: Example of fuzzy linguistic scale

2.5 Di ·cussion on Softw.tre Ue\<'lopment

In order to implement the theories described above, along with a GUt (Graphical User Interface), it is important to deal with software development carefully. It is imperative to adopt a solid software engineering technique in the very early stage of software development. A concrete software engineering technique involves considering or choosing appropriate design pauern(s) and process model. The following sub-sections briefly discuss design patterns and process models and also, Object Oriented Programming (OOP) concepts.

25

Z.:>.l I>

•<,tgn P.tll<'l'll

Christopher Alexander articulated the concept of

patterns

which he proposed in his book

The Timeless way ol Building

(Alexander,

1 979)

and

A Pat/ern Language- Town. Buildings.

Constructions

(Alexander

et a/. 1977).

The essence of his concepts is that every recurring problem follows some patterns. Certain numbers of patterns are needed in order to confine the essence of all architectural designs. Unlimited architectural design can be accomplished by adopting and combining those patterns. Software de ign also resembles architectural design. The solution of the most commonly encountered problems in software design is described in

sojill'are design patlerns.

The main purpose of using software design patterns arc as follows:

i) To help software designers by providing summarized cxpenencc from vanous software designs in a few design patterns.

ii) To increase the confidence of the designer in order to reuse the proven design 1n software systems.

iii) To provide common vocabulary for software designers.

Gamma (

1 995)

in

Des ign Patterns

first introduced twenty three most commonly used software design patterns. Those patterns arc divided into three categories:

Creational Palfem s.

Stru ctural Patterns, Behavioural Patterns.

The third chapter provides the discussion about these categories .

.... ), > ':iofl

v.tn•

P1 ou•<,. ~1odt'l

An abstract descriptive representation for a particular large and complex software system can be defined as software process model (Sommerville, I. 200 I). Basically, it is a road map

26

which inc

lude the d

esc

riptio ns o f all necessary steps a nd tool

s

in

o

rde r to implem

ent a so

ftware product

successf

ull

y (Bell,

D. 200

I). To

deal

w

ith

ever increasing size a

nd

co

mplexity o f

software systems, so

ftware d

evelo

pment process has been imp

roved drastically over time.

Software

development is

no

longer ju

st

writing

code and fix

ing bu

gs

when it

is encountered;

rather,

w

ith the passage o f time, it is now evo

lved to a full-fledged co

mpre hensive li

fe cycle.

Diff

erent phases

can be involved in

a software

paradig m

which may

include requirement

analysis,

des ig n, implem

entation,

d

ebugging, testing,

d

eployment and

m

aintenance. In order to

handle di

fferent circumstances,

di

fferent process

mode

ls can have

mo re o r less ph

ases and in

di ffe renl o rde rs. T

hat is

why, based on the proj

ect's nature a

nd co

nstraints, an appro

priate mod

el s

ho uld be selected

.

The re a re four maj

o

r

and

mos t

commo

n process mo dels whi

ch arc

bricll

y

described be low:

i)

Waterfall mod

el:

In 1970,

thi

s

m

odel

has

intro

duced b

y

Royce (Royce, W.W.

1970). This

mo del

consists of requirement gathering,

d

esign,

impleme ntatio n, tes ting, depl

oyment and maintenance phase. T

his is a sequenti

al process where

in

o

rder to proceed to the nex t phase; earlier phases have to be finis hed. Hence, th

e

main disad

vantage of

this m

odel

is that,

if any erro

r

occ

urs, it ca n

o

nl

y

be identified during deploym

ent phase. Only

th

e

fully

completed versio

n is given to the

user. Lack o

f

end user interactio

n makes it hard to get

any comme

nts fro m the user in

earlier stages.

ii)

Incremental model:

27

Basili , V.R. and Truncr, A.J . introduced the concep t of the incremental mode l in 1 975. This mode l is essenti all y the composed of a series of waterfa ll-model and co mbines certain phases as a cyc le. Here, user require ments are well defined in the beginning of the project. This model is useful for the projects in whi ch user interacti on and feedbac k is important during th e development because this model allows users to get an evaluati on version of the project in almost every cycle.

iii) Prototyping mode l:

This model was introduced by Floyd, C. in 1 984 whi ch also known as the evolutionary mod el. This mode l is based on the concept of improv ing the prototype system in multiple iterati ons. Specification, development and testi ng arc done here concurrently and th e fin al ve rsion of the software fu lfills th e requirements of th e user.

iv) Spiral model:

For high risk and compl ex projects this model is suggested, although it is a bit comp lex and costly. This model was introduced by Boehm, B. W in 1 988 whe re he combined the f eatures from the above three models. By combining th ose features, th is mode l enhances the users' in teraction and ris k management at the sa me time. For th e proj ect in which req uirements might change frequentl y and it is crucial to be verifi ed by the end-user, thi s model is ideal.

For ExpertFT A purpose, the requirements are well defined, as well as the theories which w ill be imple mented. Users' interac tion is hardly needed in the implementation phase. The Waterfall model is chosen for this software. In add iti on, ExpertFT A is designed in such a way so that futu re en hancement wi ll be very easy.

28

2 . .:-.

~

Ohjl:ll Orkutcd

l'rul,!r:lliHllill!!

tOOl')

Programming and des ign a re two di stin ct tasks in the objec t-oriented pa radi gm; howeve r, they are more ti ghtl y interlinked than in th e conventi onal programming paradigm. Ca pture system 's des ired behavio ur by using notations (s uc h as the Unifi ed Modelin g Language: UML) is the main goal of object-oriented

ana~vsis

and modeling: on the other hand,

o~ject-oriented

design concentrates o n creatin g an architecture for impl ementati on. One o f th e funda mental principa l of the o bj ect-ori ented approach is modularization: a softwa re system i s decomposed into highl y cohesive and l oose ly coupled modules.

In OOP a class (module that includes data stru cture, functionalities/bchav iours and state of the module) ca n be instantiated multiple times as required and each instance is re f e rred to as an object . A particul ar object can also be deri ved or inherited from another class. In th at way the code redundancy can be optimi zed. Upd ating or modi fy ing th e state of an ins tance of a parti cula r object will affect all o f th e instances o f that

o~ject.

A method of an

o~ject

is essentially a place holder (bloc k of code) to perform a specific task or ope rati on w hich can be in vo ked thro ugh an instance of that class . Sending and receiving messages to and fro m an ol?j ect is performed via a method. T he advantages o f

OOP

are as follows:

• System's behav iour o r fun ctionalitics can be abstracted and e nca psul ated thro ugh inte rf aces (contains onl y method's signature) and c lasses (whi ch may impleme nts inte rf ace(s) or extends another class) with methods respectively;

• An entity o r inte rf ace can have multiple interchangeable imple mentations, whi ch is de fined as pol ymorphism; relati onshi ps among classes and interfaces ca n be defin ed thro ugh inheritance, whi ch eliminates redunda nt data specifica tion.

29

• OOP provides a so lid framework for the sof tware and also improves mai ntenance, fac i I itatc enhancements and code rcuti I ization.

The co ncept o f OOP provides a powerful mechanis m for in fo rmation storage, ret rieva l and eva luati on. Fault-tree ana lys is is bas ically a concise tree representation. It consists of diffe rent kinds of gates and basic events which can adopt this concept precisely. Due to the fac t that a soft ware too l like ExpertFTA is of moderate complex ity contains large number of classes to distribute its logic, co mputation and 110 functionalities, maintena nce a nd refactoring becomes complica ted if it is not designed sma rtl y in the initial phase.

2.6 ML

X ML (Extensibl e Markup Language) is an interoperabl e, easily readable (bo th by human and machine) and self-descri ptive document. The specifica tion to encode the XML doc ument is defin ed in XML 1 .0 by W3C (The Wo rld Wide Web Conso rtium to deve lop the web standards) . Comp ared to any relati onal database, XML is very light-weight, reading and writi ng is faster, and portabl e to different platfo nns without any di ffi cu lties. In add ition to all those adva ntages, a particular database does not need to be install ed a nd main ta ined to ge t those fac iliti es. A database is mostly useful where large volume o f in formation and di fferent type of relational data needs to be stored in a secured env ironme nt. As suc h, in this case, t :".x pertFTA needs to store recent and ret ri eve prev ious stra ight- forward and li ght-weight inf onnatio n. Hence, XML seems to be the most suita ble choice for the current purpose.

30

Chapter 3 ExpertFTA MODELLING AND DESIG N

This chapter describes the design of the

ExpertFTA

tool. After giving an ovcrv1cw of fundamental structure and operational steps of computer-aided Fault Tree Analysis, this chapter illustrates the requirements analysis, overview of the GUt and other major phases of development. A brief summary of lessons learned while designing this tool is also given towards the end of the chapter.

3.1 Compute1·-aided Fault Tree Analysis

From an earlier discussion (in previous chapters), it was concluded that the FTA is a complex technique which essentially requires a user friendly, optimized software tool. In order to develop a suitable tool requires a detailed understanding of software engineering. The FT A-tools developed so far maintain common fundamental structures and operational steps. Figure 3.1 shows basic operational steps adopted in a traditional computer-aided FT A.

31