CAPACIDADES DE DATOS PARA LA EVOLUCIÓN DE GSM A UMTS

There are many important fault tree algorithms available with a number of different purposes (e.g. qualitative analysis, quantitative analysis, sensitivity analysis, importance measures etc).

For this thesis, the most relevant algorithms are qualitative analysis algorithms. A good summary can be found in Wolforth (2005) but a couple of important algorithms that will be referred to later are briefly described below.

MOCUS – Method of Obtaining Cut Sets

MOCUS (Fussel & Vesely, 1972) is one of the main classical fault tree reduction algorithms and one upon which many other solutions are based. It is a top-down approach (a similar bottom-up approach, MICSUP, followed three years later) that consists of recursively expanding intermediate events into basic events until there are no more basic events remaining. The basic algorithm is as follows:

1. Make a table with rows and columns. Each row represents a cut set and each

column is an element in the cut set.

2. Put the top event in the first column of the first row. 3. Scan through the table, and for each gate:

a) If the gate is an AND gate, put each of its children in a new column.

b) If the gate is an OR gate, put each of its children in a new row.

4. Repeat Step 3 until there are no gates in the table. This means the fault tree has been fully expanded, and the MOCUS table contains only basic events.

5. Search for and remove all redundancies within the table, according to the usual Boolean laws (Absorption, Distributive, Idempotent etc; see Appendix II: Boolean & Temporal Laws).

The resulting table then contains a minimal cut set in each row. MOCUS is accurate and quite fast for smaller trees. However, as the table size grows much larger depending on the number and placement of OR gates in the fault tree, MOCUS struggles to store all of the necessary information for large fault trees. For example, two OR gates, each with four inputs, ANDed together, will result in 4 x 4 = 16 different cut sets. To see how the process works, consider the simple fault tree in Figure 9:

Figure 9 – Example fault tree for MOCUS

The first step is to make a table to store the top event, which in this case is the AND gate, G1:

G1

Then this is expanded, according to step 3. Because it is an AND gate, we put each of its children in a new column:

G2 G3

Next, these are expanded as well. They are OR gates, so their children are put in a new row, starting with G2: A G3 B G3 And then G3: A C A A B C B A

Now that all of the gates have been expanded, Boolean laws can be applied to check for redundancies. According to the Idempotent law, two identical events in the same row can be reduced to just one, i.e. X AND X ⇔ X, thus:

A C A

B C

B A

And finally, according to the Absorption law, if all of the events in a row also occur in another row, then the larger row is redundant, so:

A

B C

Which gives the result: two minimal cut sets, one containing just A and the other containing B and C.

Despite its problems, however, MOCUS is both one of the simplest and the most popular of FTA techniques, as evidenced by its 30 year life-span. Because it is accurate and easy to understand, it is a good technique to analyse smaller fault trees; furthermore, it makes an excellent foundation for further expansion – or extension – with new techniques. However, it is not the most efficient technique and newer algorithms like MICSUP tend to be faster.

ELRAFT – Efficient Logic Reduction Analysis of Fault Trees

ELRAFT is a mathematical reduction algorithm proposed by S. N. Semanderes in 1971 (Semanderes, 1971). Unlike the simple, logical method used in MOCUS, ELRAFT attempts to improve the performance of the reduction process by exploiting a property of prime numbers. Although it still applies the Boolean laws of Absorption and Idempotence to reduce the fault tree to its minimal cut sets, rather than checking each event against every other event to determine whether or not it can be reduced (as in MOCUS), ELRAFT can check entire cut sets at once.

Semanderes makes use of a mathematical feature to perform the analysis. It is a property of all positive integers greater than 1 that they are the exact product of only one set of prime numbers. ELRAFT exploits this fact by assigning each unique basic event a different prime number. The gates then obtain values derived from the child values. For example, using the fault tree in Figure 9, we might assign values such as A = 2, B = 3, C = 5. Expansion (in the style of MOCUS) will produce four cut sets and the value of a cut set is equal to the product of the prime values of its constituent events:

A.A = 2 x 2 = 4

A.C = 2 x 5 = 10

B.A = 3 x 2 = 6

B.C = 3 x 5 = 15

It then becomes possible to check whether or not a cut set contains a given event by performing a modulo operation on the cut set using the prime number of the event: if there is a remainder, then it does not contain that event; if there is no remainder, then it does. For example, B.C is 15 and C is 5, so B.C modulo C is 0. A is 2, so B.C modulo A is 1. Thus B.C contains C, but does not contain A.

This applies also to entire cut sets; if there was a cut set A.B.C, it would have the value 2 x 3 x 5 = 30, and so to check whether it contained B.C (which is 15), 30 modulo 15 gives us the answer 0, thus A.B.C contains B.C. Of course, before this is possible, it is first necessary to ensure that there are no duplicates in the cut set, e.g. by scanning through and checking for repeated events. Then, by dividing the product of each cut set against the product of every other cut set, we can determine whether or not it is redundant.

This method is purely mathematical and does not require any searching through pairs of cut sets to test each event against every other event; instead, a simple mathematical calculation is performed for each cut set, which is much faster. It should be noted, however, that in practice there are often problems with storing the products of prime numbers in computer programs, as they can grow very large very quickly and often exceed the ranges of most numeric representations.

Linear Time Modularisation Algorithm

The linear time modularisation algorithm (Dutuit & Rauzy, 1996) is not a traditional qualitative or quantitative analysis technique: instead, it is used to find independent modules in fault trees. An independent module is a sub-tree in which none of the basic events are repeated elsewhere in the tree. This independent sub-tree can then be analysed separately as part of qualitative or quantitative analysis, making the process more efficient by avoiding repeatedly analysing the same branches of the tree. The division of the tree helps to simplify the analysis process, and in the case of certain techniques, allows for different algorithms to be used depending on the nature of the sub-tree in question.

The modularisation algorithm itself consists of two depth-first left-most traversals through the fault tree and a set of three variables for each node. The first pass sets a counter v1 indicating the

first visit, i.e. the number of nodes visited so far. During the same pass, on the way back up the tree, moving from the right-most child to its parent, it sets a second counter v2 with the number of its first return visit. Any subsequent visits to the same node set v3, which stores the number of the most recent visit. A second traversal of the tree is then made to determine whether each node is a module. A node is then head of an independent module if none of its children have a v1 less than its own v1 and none have a v3 greater than its own v2. By contrast, if the most recent visit counter v3 of a child is higher than the first return visit counter v2 of the node, it contains a shared branch. The name of the algorithm comes from the fact that performance is linear because each link in the fault tree is only visited twice and so the algorithm has a performance of O(n).

To see how this process works, consider the simple fault tree in Figure 9, which consists of (A OR B) AND (A OR C). For each event, the 'visited' values are as follows:

Event v1 (1st visit) v2 (1st return) v3 (last visit) G1 0 9 9 G2 1 4 4 A 2 2 7 B 3 3 4 G3 5 8 8 C 6 6 6

Table 2 – Linear Time Modularisation Algorithm

The numbers represent the number of nodes visited so far, so G1 has the first visit counter 0

because no other nodes have been visited yet. The visitation of nodes is G1
_G2
A
(G2)

B
G2
(G1)
G3
C
(G3)
A
G3
G1. Notice that because A occurs beneath both G2 and G3, they are not independent; the maximum of G2's childrens' v3 values is 7, which is greater than its own v2 counter of 4; similarly for G3, the minimum of its childrens'

v1 values is 2, which is before its own first visit counter of 5. Only G1 is an independent tree, but in this case it always would be since there are no higher nodes.

Modularisation is useful for many reasons, not least because it can break the tree down into parts that can then be more readily analysed. This is very useful with Boolean analysis techniques such as MOCUS, because it means the algorithm can deal with several smaller trees of reduced complexity rather than one big tree. Because of the combinatorial explosion effect of lots of OR gates high up in a fault tree, analysing modules can result in much reduced demands

on memory for MOCUS-style techniques. However, one of the more subtle benefits of modularisation is that different modules can be analysed independently with different techniques, as exploited by Dynamic Fault Trees (see 2.4.2).