A Generalization of Dynamic Fault Trees through Boolean logic Driven Markov Processes (BDMP)®

Dynamic Fault Trees (DFT) and BDMP are both models resembling fault trees, whose function is to specify continuous time Markov chains. Their purpose is to allow the modelling of systems for which the assumption of independence of components does not hold, thus making impossible the use of standard fault tree analysis. While DFT are limited to non repairable systems and take into account only a few specific kinds of dependences, BDMP can model repairable systems and a large variety of dependences. Moreover, BDMP have mathematical properties which allow a drastic reduction of combinatorial problems inherent to the use of Markov chains. 2 BDMP DEFINITION AND PROPERTIES Although BDMP may seem similar to dynamic fault trees, they are in fact quite different. Instead of adding new kinds of gates, they assign a new semantics to the traditional graphical representation of fault trees, augmented only by a new kind of links (these links are called "triggers" and are represented by dotted arrows) and an equivalent of the so-called PAND gates of DFT. They enable the analyst to combine conventional fault trees and Markov models in a brand new way. BDMP have very interesting mathematical properties, which allow a dramatic reduction of combinatorial problems when they are converted into CTMC for their solving. Moreover, they allow to obtain particularly relevant qualitative information in the form of minimal sequences leading to the occurrence of the top event. The general idea of BDMP, as suggested by their name, is to associate a Markov process (which represents the behavior of a component or a subsystem) to each leaf of a fault-tree. This fault-tree is the structure function of the system. What is really new with BDMP is that: the basic Markov processes have two "modes", corresponding to the fact that the components/subsystems that they model are required or are in standby (of course, they can also have only one mode, and the meaning of the modes may be different in some cases), at any time, the choice of the mode of one of the Markov processes (unless it is independent) depends on the value of a Boolean function of other processes. An extreme case is when the processes are independent. This corresponds to a fault-tree, the leaves of which are associated to independent Markov processes. 2.1 The elements of a BDMP A BDMP (F, r, T, (Pi)) is made of: a multi-top coherent fault-tree F, a main top event r of F, a set T of triggers, a set of "triggered Markov processes" Pi associated to the basic events (i.e. the leaves) of F, the definition of two categories of states for the processes Pi. A trigger is represented graphically with a dotted arrow. The origin and the target of a trigger can be any gate or basic event of F. However, two triggers must not have the same target. This means that it is sometimes necessary to create an additional gate (like G1 in Figure 1) whose only function is to define the origin of a trigger. Figure 1 is an example of graphical representation of all the notions of BDMP. In this example, we have a fault-tree with two tops: r (the main one) and G1. The basic events are P1, P2, P3, and P4: they can belong to one of the two standard triggered Markov processes defined below. There is only one trigger, from G1 to G2. Figure 1. A simple BDMP 2.2 Definition of a "triggered Markov process" Such a process Pi is associated to each basic event i of the fault-tree. Pi is the following set of elements: { } i i i i f f t Z t Z 0 1 1 0 1 0 , ), ( ), ( → → { } ) ( ), ( 1 0 t Z t Z i i are two homogeneous Markov processes with discrete state spaces. For { } k ∈ 0 1 , , the state space of ) (t Z i k is Ak i . For each Ak i we will need to refer to a part i k F of the state space Ak i . In general, i k F will correspond to failure states of the component or subsystem modeled by the process Pi . f i 0 1 → and f i 1 0 → are two probability transfer functions defined as follows: for any x A ∈ 0 , f x i 0 1 → ( ) is a probability distribution on A 1 , such that if x F i ∈ 0 , then Pr( ( ) ) f x F i i 0 1 1 1 → ∈ = for any x A ∈ 1 , f x i 1 0 → ( ) is a probability distribution on A 0 , such that if x F i ∈ 1 , then Pr( ( ) ) f x F i i 1 0 0 1 → ∈ = Such a process is said to be "triggered" because it switches instantaneously from one of its modes to the other one, via the relevant transfer function, according to the state of some externally defined Boolean variable, called "process selector". The process selectors are defined by means of triggers. The function of a trigger is to modify the mode of the processes associated to the leaves in the sub-tree under its target when the event that is the origin of the trigger changes from FALSE to TRUE (or conversely). The exact definition of the semantics of a BDMP (in particular when there are several triggers) is too complex to be explained in the present paper, but it can be found in (Bouissou, Bon 2003). We give in § 2.3 and 2.4 the two standard triggered processes which are most often used in BDMP. Another triggered Markov process, that is very useful for modeling multiphase systems, is depicted in (Bouissou et al. 2005). P1 P2 P3 P4 r