事故樹分析課件

1、第三章 事故樹分析Chapter 3 Fault Tree Analysis第1頁，共63頁。一、事故樹分析概述 Development of Fault Tree Analysis In1961, FTA was first used by Bell Telephone Laboratories in connection with the safety analysis and assessment of the Minuteman Guidance System to predict stochastic failure probability of missile launch.196

2、1年，美國貝爾電話研究所的維森（H.A.Watson）首創(chuàng)了FTA并應用于研究民兵式導彈發(fā)射控制系統(tǒng)的安全性評價中，用它來預測導彈發(fā)射的隨機故障概率。 Technique improved by Boeing Company, and computer was used to assist the analysis and calculation.波音公司對FTA做成改進，并利用計算機進行輔助分析和計算。第2頁，共63頁。一、事故樹分析概述 Development of Fault Tree Analysis In 1974, Atomic Energy Commission executed

3、 risk assessment on the commercial nuclear power station by means of FTA and published Rasmussen Report, which draw the attention of world.1974年，美國原子能委員會應用FTA對商用核電站進行了風險評價，發(fā)表了拉斯姆遜報告，引起世界各國的關注。Nowadays, FTA has been applied in the field of electron, electric power, chemical industry, machinery indust

4、ry, transportation from aircraft industry and the nuclear power industry.目前事故樹分析法已從宇航、核工業(yè)進入一般電子、化工、交通等領域第3頁，共63頁。FTA Extensively used and extended during the Reactor safety study (WASH 1400)(Digitized and reprinted from the collections of the University of California Libraries )It can diagnose failu

5、res, analyze system weak components, guide system safe operation and maintenance and realize system optimization design.FTA可進行故障診斷、分析系統(tǒng)薄弱環(huán)節(jié)、指導系統(tǒng)的安全運行和維修，實現(xiàn)系統(tǒng)的優(yōu)化設計。 Development of Fault Tree Analysis 第4頁，共63頁。一、事故樹分析概述1. Definition of Fault Tree Analysis FTA is a deductive reasoning(演繹推理法), which can

6、 signify the logic relations between system possible faults and their causes by means of FT.Through qualitative and quantitative analysis of FT, major causes of faults are identified, which will offer solid foundation to safety countermeasures to predicate and prevent faults. 通過對事故樹的定性與定量分析，找出事故發(fā)生的主

7、要原因，為確定安全對策提供可靠依據(jù)，以達到預測與預防事故發(fā)生的目的。第5頁，共63頁。Recognize system Top undesired eventConstruction FTSimplify FTCountermeasuresInvestigate faultInvestigate causesCollect relevant materialsQualitative analysisQuantitative analysis2. Procedures of Fault Tree Analysis 第6頁，共63頁。一、事故樹分析概述3. Procedures of Fault

8、Tree Analysis 1). Seedtime 2). Construction3). Qualitative assessment of FT 4). Quantitative assessment of FT 5). Summary and application of FTA results. Define the systemGet familiar with the system Investigate faults of the system Define top undesired event (UE) of fault tree (FT)Investigate all t

9、he reason events relevant to the top UE Construct FT 第7頁，共63頁。一、事故樹分析概述3. Procedures of Fault Tree Analysis 3).Qualitative analysisQualitative analysis calculates minimal Cut set or minimal Path set and structural importance degree of basic events based on FT structure.4).Quantitative analysisCalcul

10、ate the probability of the top UE based on the probability of basic events. Probability importance degree and criticality importance degree of each basic event are worked out as well.Risk assessment is executed according to quantitative assessment results and possible harms after the fault.基本事件最小割集，

11、最小徑集結(jié)構(gòu)重要度頂上事件發(fā)生概率基本事件概率重要度、關鍵重要度第8頁，共63頁。5).Summary and application of FTA resultsTimely assessment and summary of FTA results must be made to propose improvement suggestions.提出改進建議、措施Safety assessment materials also need to be used comprehensively so as to provide foundation for system safety asses

12、sment and safety design.為系統(tǒng)安全評價和安全設計提供依據(jù)第9頁，共63頁。 Titanic Shipwreck船體鋼材不適應海水低溫環(huán)境，造成船體裂紋觀察員、駕駛員失誤，造成船體與冰山相撞船上的救生設備不足，使大多數(shù)落水者被凍死距其僅20海里的California號無線電通訊設備處于關閉狀態(tài)，無法收到求救信號，不能及時救援頂事件邏輯門 中間事件底事件4. Symbols and Means of Fault Tree Analysis第10頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree AnalysisThe sym

13、bols of FT are divided into three categories: event, logic gate and transfer symbols.事件符號、邏輯門符號和轉(zhuǎn)移符號 (1)Event symbols/事件符號在事故樹分析中各種非正常狀態(tài)或不正常情況為事故事件各種完好狀態(tài)或正常情況為成功事件 第11頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis (1) 矩形符號。用它表示頂上事件或中間事件。 (1) Rectangle - The rectangle is the main buildin

14、g block for the Fault tree. It represents the negative event and is located at the top of the tree and can be located throughout the tree to indicate other events capable of being broken down further. This is the only symbol that will have a logic gate and input events below it. 第12頁，共63頁。一、事故樹分析概述4

15、. Symbols and Means of Fault Tree Analysis(2) Circle A circle represents a base event in the tree. These are found on the bottom tiers of the tree and require no further development or breakdown. There are no logic gates or events below the base event. (2)圓形符號基本(原因)事件，可以是人的差錯、設備/機械故障、環(huán)境因素等。它表示最基本的事件

16、，不能再繼續(xù)往下分析了。例如，影響司機瞭望條件的“視線不好”，“酒后開車” 等原因。第13頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis（3）Normal/switch event, which occurs during normal system operation.（3）屋形符號。它表示正常事件（開關事件），是系統(tǒng)在正常狀態(tài)下發(fā)生的正常事件。如：“機車或車輛經(jīng)過道岔”、“因走動取下安全帶”等。第14頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis（

17、4）Diamond The diamond identifies an undeveloped terminal event. Such an event is one not fully developed because of a lack of information or significance. A fault tree branch can end with a diamond. For example, most projects require personnel, procedures and hardware. The tree developer may decide

18、to concentrate on the personnel aspect of the procedure and not the hardware or procedural aspects. In this case the developer would use diamonds to show “procedures” and “hardware” as undeveloped terminal events.（4）菱形符號。它表示省略事件，即表示事前不能分析，或者沒有再分析下去必要的事件。例如，“天氣不好”、“操作不當”等。第15頁，共63頁。一、事故樹分析概述4. Symbol

19、s and Means of Fault Tree Analysis （5）Oval /ellipse symbol An oval symbol, meaning conditional event, represents a special situation that can only happen if certain circumstances occur.（5）橢圓形符號，為條件事件，是限制邏輯門開啟的事件。油庫爆炸火源油氣聚集達到爆炸極限1.4%7.6%氧氣瓶超壓爆炸與火源接近接近熱源在陽光下曝曬應力超過鋼瓶強度極限第16頁，共63頁。一、事故樹分析概述4. Symbols an

20、d Means of Fault Tree Analysis頂事件,事故樹分析中所關心的結(jié)果事件,位于事故樹的頂端, 事故樹中邏輯門的輸出事件而不是輸入事件。中間事件,位于事故樹頂事件和底事件之間的結(jié)果事件。它既是某個邏輯門的輸出事件,又是其他邏輯門的輸入事件。 結(jié)果事件底事件(1) 原因事件,表示導致頂事件發(fā)生的最基本的或不能再向下分析的原因或缺陷事件 (2) 省略事件,表示沒有必要進一步向下分析或其原因不明確的原因事件。另外,省略事件還表示二次事件,即不是本系統(tǒng)的原因事件,而是來自系統(tǒng)之外的原因事件 特殊事件(1) 開關事件,又稱正常事件。它是在正常工作條件下必然發(fā)生或必然不發(fā)生的事件 (

21、2) 條件事件,是限制邏輯門開啟的事件 第17頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(2)邏輯門及其符號 / Logic gates and symbols Logic gates connect event s and show their logic relations 邏輯門是連接各事件并表示其邏輯關系的符號 AND gate/與門OR gate/或門NOT gate/非門 Special gates/特殊門 第18頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault T

22、ree Analysis (1) And gate - represents a condition in which all the events shown below the gate (input gate) must be present for the event shown above the gate (output event) to occur. This means the output event will occur only if all of the input events exist simultaneously.第19頁，共63頁。一、事故樹分析概述4. S

23、ymbols and Means of Fault Tree Analysis 與門電路圖 當B1、B2都接通(B1=1，B2=1)時，電燈才亮，用布爾代數(shù)表示為X=B1B2=1。當B1、B2中有一個斷開或都斷開(B1=1，B2=0或B1=0，B2=1或B1=0，B2=0)時，電燈不亮，用布爾代數(shù)表示為X=B1B2=0。第20頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis (2) Or gate - represents a situation in which any of the events shown below

24、the gate (input gate) will lead to the event shown above the gate (output event). The event will occur if only one or any combination of the input events exists.第21頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis邏輯門符號舉例燈亮K1閉合K2閉合燈亮K1閉合K2閉合燈不亮K1斷開K2斷開燈不亮K1斷開K2斷開第22頁，共63頁。一、事故樹分析概述4. Symbol

25、s and Means of Fault Tree Analysis 與門可以連接數(shù)個輸入事件 E1 、 E2 , ,En 和一個輸出事件 E, 表示僅當所有輸入事件都發(fā)生時,輸出事件 E 才發(fā)生的邏輯關系。 與門或門非門非門表示輸出事件是輸入事件的對立事件 或門可以連接數(shù)個輸入事件 E1 ,E2 , ,En 和一個輸出事件 E, 表示至少一個輸入事件發(fā)生時,輸出事件 E 就發(fā)生。 第23頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis (3)條件與門符號。表示只有當B1、B2同時發(fā)生，且滿足條件的情況下，A才會發(fā)生，相當于

26、三個輸入事件的與門，即A=B1B2 Priority AND gate. The output event occurs if all the input events occur and simultaneously Condition is met. 第24頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(4)條件或門符號。表示B1或B2任何一個事件發(fā)生，且滿足條件，輸出事件A才會發(fā)生。Priority OR gate. The output event occurs if at least one of the inp

27、ut events occurs and simultaneously Condition is met. 第25頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis邏輯門符號舉例油庫爆炸氧氣瓶超壓爆炸火源油氣聚集與火源接近接近熱源在陽光下曝曬達到爆炸極限1.4%7.6%應力超過鋼瓶強度極限第26頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(5) 限制門（禁門）符號。它是邏輯上的一種修正符號，即輸入事件發(fā)生且滿足條件時，才產(chǎn)生輸出事件。相反，如果不滿足，則

28、不發(fā)生輸出事件。Inhibit gate. The output event occurs if input event occurs and conditional event occurs. 第27頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(6) 表決門。表示僅當輸入事件有 m 個或 m 個以上事件同時發(fā)生時(mn) , 輸出事件才發(fā)生。 Voting gate. Only when m or more than m（mn）input events happen, the output event occurs.

29、It is obviously that OR gate and AND gate are special cases of voting gate. Thinking：Relation between VOTING gate and OR and AND gate?m/nE1E2EnEIf m=1, the voting gates is OR gate; if m=n, the voting gate is AND gates. 第28頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(7) 異或門。表示僅當單個輸入事件發(fā)

30、生時，輸出事件才發(fā)生。(7) XOR gate(Exclusive OR gate). The output event occurs if only exactly one input event occurs. +E1E2EnENot concurrence第29頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis表決門異或門禁門表示僅當單個輸入事件發(fā)生時,輸出事件才發(fā)生 表示僅當輸入事件有 m (mn) 個或 m 個以上事件同時發(fā)生時, 輸出事件才發(fā)生。 表示僅當條件事件發(fā)生時,輸入事件的發(fā)生方導致輸出事件的發(fā)生。 條件與

31、門條件或門表示輸入事件不僅同時發(fā)生,而且還必須滿足條件A,才會有輸出事件發(fā)生 表示輸入事件中至少有一個發(fā)生,在滿足條件 A 的情況下,輸出事件才發(fā)生。 E1E2EnEA+E1E2EnEAm/nE1E2EnE+E1E2EnENot concurrenceAEE1第30頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis轉(zhuǎn)移符號的表示部分事故樹圖的轉(zhuǎn)入和轉(zhuǎn)出Transfer symbolswhich indicate the transfer in and out of a part of FT. Transfer in and t

32、ransfer out symbols will be applied to simplify the whole tree if FT is too complicated or it contains many same parts. 轉(zhuǎn)入轉(zhuǎn)出 Transfer in Transfer out第31頁，共63頁。第32頁，共63頁。編制舉例列車冒進信號事故樹一、事故樹分析概述第33頁，共63頁。第34頁，共63頁。吊裝物墜落傷人事故樹第35頁，共63頁。第36頁，共63頁。第37頁，共63頁。第38頁，共63頁。第39頁，共63頁。2. FTA的特點事故樹分析是一種圖形演繹方法,是事故事件

33、在一定條件下的邏輯推理方法。它可以圍繞某特定的事故作層層深入的分析,因而在清晰的事故樹圖形下,表達系統(tǒng)內(nèi)各事件間的內(nèi)在聯(lián)系,并指出單元故障與系統(tǒng)事故之間的邏輯關系,便于找出系統(tǒng)的薄弱環(huán)節(jié)。FTA具有很大的靈活性,不僅可以分析某些單元故障對系統(tǒng)的影響,還可以對導致系統(tǒng)事故的特殊原因如人為因素、環(huán)境影響進行分析。一、事故樹分析概述第40頁，共63頁。進行FTA的過程,是一個對系統(tǒng)更深入認識的過程,它要求分析人員把握系統(tǒng)內(nèi)各要素間的內(nèi)在聯(lián)系,弄清各種潛在因素對事故發(fā)生影響的途徑和程度,因而許多問題在分析的過程中就被發(fā)現(xiàn)和解決了,從而提高了系統(tǒng)的安全性利用事故樹模型可以定量計算復雜系統(tǒng)發(fā)生事故的概率,

34、為改善和評價系統(tǒng)安全性提供了定量依據(jù)。一、事故樹分析概述2. FTA的特點第41頁，共63頁。FTA 需要花費大量的人力、物力和時間；FTA 的難度較大,建樹過程復雜,需要經(jīng)驗豐富的技術人員參加,即使這樣,也難免發(fā)生遺漏和錯誤；FTA 只考慮 (0,1) 狀態(tài)的事件,而大部分系統(tǒng)存在局部正常、局部故障的狀態(tài),因而建立數(shù)學模型時,會產(chǎn)生較大誤差；FTA 雖然可以考慮人的因素,但人的失誤很難量化。 一、事故樹分析概述2. FTA的特點第42頁，共63頁。一、事故樹分析概述3. Procedures of Fault Tree Analysis 準備階段(1) 確定所要分析的系統(tǒng)。在分析過程中,合理

35、地處理好所要分析系統(tǒng)與外界環(huán)境及其邊界條件,確定所要分析系統(tǒng)的范圍, 明確影響系統(tǒng)安全的主要因素。(2) 熟悉系統(tǒng)。對于已經(jīng)確定的系統(tǒng)進行深入的調(diào)查研究,收集系統(tǒng)的有關資料與數(shù)據(jù), 包括系統(tǒng)的結(jié)構(gòu)、性能、工藝流程、運行條件、事故類型、維修情況、環(huán)境因素等。(3) 調(diào)查系統(tǒng)發(fā)生的事故。收集、調(diào)查所分析系統(tǒng)曾經(jīng)發(fā)生過的事故和將來有可能發(fā)生的事故,同時還要收集、調(diào)查本單位與外單位、國內(nèi)與國外同類系統(tǒng)曾發(fā)生的所有事故。第43頁，共63頁。一、事故樹分析概述3. Procedures of Fault Tree Analysis 事故樹的編制(1) 確定事故樹的頂事件。確定頂事件是指確定所要分析的對象事

36、件。根據(jù)事故調(diào)查報告分析其損失大小和事故頻率, 選擇易于發(fā)生且后果嚴重的事故作為事故的頂事件。(2) 調(diào)查與頂事件有關的所有原因事件。從人、機、環(huán)境和信息等方面調(diào)查與事故樹頂事件有關的所有事故原因。 (3) 編制事故樹。采用一些規(guī)定的符號,按照一定的邏輯關系,把事故樹頂事件與引起頂事件的原因事件,繪制成反映因果關系的樹形圖。 第44頁，共63頁。一、事故樹分析概述3. Procedures of Fault Tree Analysis 事故樹定性分析 事故樹定性分析主要是按事故樹結(jié)構(gòu),求取事故樹的最小割集或最小徑集,以及基本事件的結(jié)構(gòu)重要度,根據(jù)定性分析的結(jié)果,確定預防事故的安全保障措施。事故

37、樹定量分析 事故樹定量分析主要是根據(jù)引起事故發(fā)生的各基本事件的發(fā)生概率,計算事故樹頂事件發(fā)生的概率；計算各基本事件的概率重要度和關鍵重要度。根據(jù)定量分析的結(jié)果以及事故發(fā)生以后可能造成的危害,對系統(tǒng)進行風險分析,以確定安全投資方向。事故樹分析的結(jié)果總結(jié)與應用必須及時對事故樹分析的結(jié)果進行評價、總結(jié),提出改進建議,整理第45頁，共63頁。Define the top eventTo define the top event the type of failure to be investigated must be identified. This could be whatever the en

38、d result of an incident may have been, such as a forklift overturning.Determine all the undesired events in operating a system.Separate this list into groups having common characteristics. Several FTA may be necessary to study a system completely. Finally, one event should be established representin

39、g all events within each group. This event becomes the undesired event to study.一、事故樹分析概述3. Procedures of Fault Tree Analysis 第46頁，共63頁。Know the system. All available information about the system and its environment should be studied. A job analysis may prove helpful in determining the necessary inf

40、ormation.Construct the fault tree. This step is perhaps the simplest because only the few symbols are involved and the actual construction is pretty straightforward.一、事故樹分析概述3. Procedures of Fault Tree Analysis 第47頁，共63頁。Principles of construction. The tree must be constructed using the event symbol

41、s listed above. It should be kept simple. Maintain a logical, uniform, and consistent format from tier to tier. Use clear, concise titles when writing in the event symbols. The logic gates used should be restricted to the and gate and or gate with constraint symbols used only when necessary. An exam

42、ple would be the use of the oval constraint symbol to illustrate a necessary order of events that must happen to have an event occur. The transfer triangle should be used sparingly if at all. The more the transfer triangle is used, the more complicated the tree becomes. The purpose of the tree is to

43、 keep the procedure as simple as possible.一、事故樹分析概述3. Procedures of Fault Tree Analysis 第48頁，共63頁。Study tradeoffs. In this step, any alternative methods that are implemented should be further evaluated. This will allow evaluators to see any problems that may be related with the new procedure prior t

44、o implementation.Consider alternatives and recommend action. This is the last step in the process where corrective action or alternative measures are recommended.一、事故樹分析概述3. Procedures of Fault Tree Analysis 第49頁，共63頁。Validate the tree. This requires allowing a person knowledgeable in the process to

45、 review the tree for completeness and accuracy.Evaluate the fault tree. The tree should then be scrutinized for those areas where improvements in the analysis can be made or where there may be an opportunity to utilize alternative procedures or materials to decrease the hazard.一、事故樹分析概述3. Procedures

46、 of Fault Tree Analysis 第50頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(1)與門符號。與門連接表示輸入事件B1、B2同時發(fā)生的情況下，輸出事件A才會發(fā)生的連接關系。二者缺一不可，表現(xiàn)為邏輯積的關系，即A=B1B2。在有若干輸入事件時，也是如此，如圖所示。第51頁，共63頁。一、事故樹分析概述4. Symbols and Means of Fault Tree Analysis(2)或門符號。表示輸入事件B1或B2中，任何一個事件發(fā)生都可以使事件A發(fā)生，表現(xiàn)為邏輯和的關系即A=B1B2。在有若干

47、輸入事件時，情況也是如此。第52頁，共63頁。一、事故樹分析概述5. Regulations of Construct Fault Tree 事故樹編制是事故樹分析中最基本、最關鍵的環(huán)節(jié)。編制工作一般應由系統(tǒng)設計人員、操作人員和可靠性分析人員組成的編制小組來完成，經(jīng)過反復研究，不斷深入，才能趨于完善。 Constructs FT is the most fundamental and critical link in FTA. It is completed by a team composed of system designers, operators and reliable analy

48、sts. The FT must undergo repeated research and further development so as to approach perfection. 第53頁，共63頁。一、事故樹分析概述5. Regulations of Construct Fault Tree 編制方法一般分為兩類，一類是人工編制，另一類是計算機輔助編制。 The compiling methods are commonly divided into two categories: artificial construct and computer assistant const

49、ruct. Constructing a FT is a rigorous logic reasoning process. It should follow the following regulations:第54頁，共63頁。一、事故樹分析概述5. Regulations of Construct Fault Tree （1）確定頂事件應優(yōu)先考慮風險大的事故事件。 （2）合理確定邊界條件。 （3）保持門的完整性，不允許門與門直接相連。 （4）確切描述頂事件。 （5）編制過程中及編成后，需及時進行合理的簡化。第55頁，共63頁。事故樹的編制過程是一個嚴密的邏輯推理過程，應遵循以下規(guī)則：確定頂事件應優(yōu)先考慮風險大的事故事件。能否正