IEEE RELIABILITY SOCIETY SECTION

Received April 20, 2020, accepted May 14, 2020, date of publication May 22, 2020, date of current version June 4, 2020.
Digital Object Identifier 10.1109/ACCESS.2020.2996643

A Hybrid Modular Approach for

Dynamic Fault Tree Analysis
SOHAG KABIR 1 , KOOROSH ASLANSEFAT 2 , (Member, IEEE), IOANNIS SOROKOS 2,

YIANNIS PAPADOPOULOS 2 , AND SAVAS KONUR1 , (Member, IEEE)

1 Department of Computer Science, University of Bradford, Bradford BD7 1DP, U.K.
2 Department of Computer Science and Technology, University of Hull, Hull HU6 7RX, U.K.
Corresponding author: Koorosh Aslansefat ([email protected])
This work was supported in part by the Dependability Engineering Innovation for Cyber Physical Systems (CPS) (DEIS) H2020 Project
under Grant 732242, and in part by the LIVEBIO: Light-weight Verification for Synthetic Biology Project under Grant EPSRC
EP/R043787/1.

ABSTRACT Over the years, several approaches have been developed for the quantitative analysis of
dynamic fault trees (DFTs). These approaches have strong theoretical and mathematical foundations;
however, they appear to suffer from the state-space explosion and high computational requirements,
compromising their efficacy. Modularisation techniques have been developed to address these issues by
identifying and quantifying static and dynamic modules of the fault tree separately by using binary decision
diagrams and Markov models. Although these approaches appear effective in reducing computational
effort and avoiding state-space explosion, the reliance of the Markov chain on exponentially distributed
data of system components can limit their widespread industrial applications. In this paper, we propose
a hybrid modularisation scheme where independent sub-trees of a DFT are identified and quantified in a
hierarchical order. A hybrid framework with the combination of algebraic solution, Petri Nets, and Monte
Carlo simulation is used to increase the efficiency of the solution. The proposed approach uses the advantages
of each existing approach in the right place (independent module). We have experimented the proposed
approach on five independent hypothetical and industrial examples in which the experiments show the
capabilities of the proposed approach facing repeated basic events and non-exponential failure distributions.
The proposed approach could provide an approximate solution to DFTs without unacceptable loss of
accuracy. Moreover, the use of modularised or hierarchical Petri nets makes this approach more generally
applicable by allowing quantitative evaluation of DFTs with a wide range of failure rate distributions for
basic events of the tree.

INDEX TERMS Reliability analysis, fault tree analysis, dynamic fault trees, modularisation, petri nets.

I. INTRODUCTION characteristics such as functional dependent events and

Safety-critical systems are widely used in many industries. priorities of failure events. Classical combinatorial fault
Reliability engineering concentrates on assuring safety and trees [3] are unable to capture a system’s dynamic failure
reliability of such systems by identifying potential risks that behaviour. The Dynamic Fault Tree (DFT) was introduced
may be caused by their failure and thereby determining by Dugan et al. [4] to model the dynamic failure behaviour
necessary actions to reduce the likelihood of these risks. of systems.
Research efforts have been made to develop reliability models For the quantitative analysis of DFTs, they are typically
to improve system safety and optimize system behaviour by converted to continuous-time Markov chain and then a set of
taking into account system performance and components’ ordinary differential equations representing the Markov chain
failure probability [1], [2]. Modern engineering systems are are numerically solved [5]–[8]. The computational complex-
getting increasingly complex and their behaviour is becom- ity of Markov model-based approaches increases exponen-
ing more dynamic, leading to a variety of dynamic failure tially with the increase in the number of system components
as it causes an equivalent increase of the Markov chain
The associate editor coordinating the review of this manuscript and states. Moreover, the application of Markov-chain-based
approving it for publication was Youqing Wang . approaches is under the assumption that the system failure

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
VOLUME 8, 2020 97175
 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

data is exponentially distributed. To overcome this limitation, modularisation is not performed. To address these issues,
other approaches such as Petri net-based approaches [9]–[12], Huang and Chang [41] proposed an approach which can fur-
Bayesian Network-based approaches [13]–[15], sequential ther modularise a dynamic module if an independent module
binary decision diagrams (SBDD) [16], [17], Boolean logic exists within it. The approach is also capable of performing
Driven Markov Process [18], [19], Dynamic Reliability Block sensitivity analysis even after the elimination of basic events
Diagrams [20], [21], stochastic methods [22], and a hybrid through modularisation. In [42], a modular approach was
method with the combination of stochastic methods and proposed by showing that further modularisation of a DFT
simulation [23]–[25] have been proposed. These approaches is possible in a set of cases. A Weibull-distribution-based
can provide exact solutions, however, non-exact solutions to modularisation scheme was proposed in [43] where both ana-
DFTs can be obtained via simulation approaches [26], [27]. lytical and simulation techniques were used to solve DFTs.
The simulation requires more memory and takes much longer Table 1 shows a comparison between different features of the
than analytical models to compute. The issues of state-space existing modularisation-based DFT analysis approaches. The
explosion and failure data distribution have been addressed table outlines the previous approaches with their capabilities
in [28], [29] by formalizing an algebraic approach. This and limitations.
approach can synthesise the structure-function of any DFT. In the literature, modularisation techniques have been
The computational effort required to find a closed-form solu- proven to be highly effective in improving the comput-
tion to a DFT using this approach can be prohibitively expen- ing performance of DFT quantification processes. However,
sive. Note that there are different tools developed to support there exist a few issues that require further research. For
the DFT analysis based on the concepts mentioned above. instance, it can be seen from Table 1 that most of the exist-
For instance, Galileo [30] and Altarica [31] support DFT ing modularisation approaches use Markov chains to solve
analysis through the use of Markov chains, therefore, they dynamic modules. As Markov chains are only applicable
inherit the issues associated with the Markov chain. At the given an exponentially distributed failure rate, the use of
same time, tools like DFTSim and MatCarloRe use Monte Markov chains limits the application of these approaches
Carlo simulation as a mean to quantify DFTs, thus would to a particular class of DFTs. Therefore, it is beneficial to
require long computation time due to the use of Monte Carlo utilise other DFT solution approaches in a modularisation
simulation. There are other tools, which have their strengths scheme, which can alleviate the above limitation, thus making
and weaknesses. A list of such other DFT analysis tools can the scheme capable of solving more general types of DFTs.
be found in [32]. Moreover, in most existing modularisation schemes, dynamic
modules are not decomposed further even when they con-
A. RELATED WORK AND MOTIVATION tain independent modules within them. Furthermore, most
To address the issue of high computational effort involved in of these approaches are not capable of performing sensitiv-
solving large fault trees, modularisation (a.k.a. hierarchical) ity/criticality analysis of basic events due to modularisation.
approaches have been developed and used with great effec- At this point, the contribution of the method proposed
tiveness. The early application of modularised techniques to in this publication and its improvement over previous
solve fault trees can be traced back to the 1990s [33], [34]. approaches can be stated. This paper seeks to address the
DIFtree [35], a modularisation technique for DFT analysis, issues highlighted previously by proposing a modularisation
follows the divide-and-conquer strategy to solve the DFTs scheme, which can provide all the features as mentioned
by dividing the system-level DFTs into independent static in Table 1. Like the existing approaches, firstly, the proposed
and dynamic sub-trees. The static and dynamic sub-trees are approach identifies the independent static and dynamic mod-
then solved using Binary Decision Diagrams (BDDs) [36] ules in a DFT. Afterwards, the static modules are solved
and Markov chains, respectively. Finally, these smaller solu- using algebraic formulas and the dynamic modules are solved
tions to the sub-trees are combined to solve the whole DFT. using Petri nets (PN) [44], the widespread use of which in
In DIFtree, independent sub-trees, which have no shared safety and reliability analysis is reported in [45]. In the liter-
input, were identified using the algorithm proposed by Dutuit ature, the readers can find many extensions of PNs that can
and Rauzy [37]. The same authors have further formalised model both exponentially and non-exponentially distributed
and operationalised the modular FTA approach in [38]. transition rates. For instance, the use of Weibull distribution
A similar solution to DFTs based on Rauzy’s linear in PN was shown in [46], [47]. In addition to the Weibull
time modularisation algorithm [37] can be found in [39]. distribution, the use of other types of distributions such as
Later, Manian et al. [40] extended the DIFtree approach normal and lognormal distribution was shown in [48], [49].
to allow modelling different lifetime distributions for the A detailed description of the different types of PNs is out
system components with the help of Monte Carlo simu- of the scope of this paper. However, interested readers can
lation. A major drawback of modularisation approaches is find more information about different kinds of Petri nets
that it is difficult to perform a sensitivity analysis of the in [44], [50]. The use of PNs for the evaluation of dynamic
eliminated basic events once the state space of the Markov modules can support allocating different distributions for fail-
model has been reduced. Moreover, in these approaches, ure rates. Moreover, due to the state-space explosion problem,
if the module’s top-level gate is dynamic then further while it is infeasible to create Markov states for the behaviour

97176 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

TABLE 1. Comparison between the existing approaches in temrs of their features.

of small-scale systems, PNs can be used for formal and com-

pact presentation of the behaviour of large-scale systems [49].
Moreover, the proposed approach allows sensitivity analysis
to be performed even after modularisation. The effectiveness
of the approach is illustrated by applying it to five different
DFTs. The results show that the approach finds an approxi-
mate solution to DFTs without losing unacceptable accuracy.
The contributions of this paper can be summarised as:
• Proposal of a modularised solution to DFTs that
can reduce the computational complexity and increase
the efficiency of the existing DFT quantification
approaches.
• Enabling the integration of multiple solutions such as
algebraic, Petri Nets and their reachability tree and
Monte Carlo simulation in a single place, thus allowing
to take advantages of their strong features to solve a wide
range of DFTs. For example, consider a DFT with two
large independent modules that can be solved very fast
and simple with the algebraic solution and one small
module that has non-exponential and shared basic events FIGURE 1. Commonly used logic gates in DFT.
that can be easily solved with Monte Carlo solution.
In the proposed approach, the best solution for each
independent module is detected and applied to increase in [4], [51], [52]. Similar to SFTs, a DFT analysis follows a
the efficiency and use the advantages of all existing top-down procedure, starting from the undesired system-level
methods. top event (TE), which represents the system failure condition.
• Introduction of a modified version of Birnbaum impor- The TE is decomposed into a combination of intermediate
tance measure as part of the proposed hybrid approach events. The intermediate events are further decomposed using
to determine the criticality of basic events. Boolean and dynamic logic gates down to the specification of
• The capabilities and accuracy of the proposed method the lowest-level event causes, named Basic Events (BEs).
are illustrated and compared through using differ- DFTs can be analysed both qualitatively and quantita-
ent well-known hypothetical and industrial case stud- tively. Through qualitative analysis, minimal cut sequences
ies facing issues such as repeated basic events and (MCSQs) can be obtained from DFTs. These MCSQs show
non-exponential failure distributions. how different sequences of events can cause a system failure.
On the other hand, the quantitative analysis focuses on calcu-
II. DYNAMIC FAULT TREE ANALYSIS lating system failure probability and other reliability indices
The DFT extends the capability of static fault trees (SFTs) based on the failure data of the DFT’s basic events. As men-
by introducing dynamic gates like the Priority AND (PAND), tioned earlier, there are several approaches available for the
Priority OR (POR), Functional dependency (FDEP), SPARE, quantitative analysis of DFTs. As the approach proposed in
and SEQ to model time-dependent failure behaviour of this paper uses the algebraic solution for the static gates and
systems. Fig. 1 shows the graphical symbols of the com- PNs for the dynamic gates, we concentrate on these only.
monly used DFT gates. Detailed information about the defi- AND and OR are the commonly used Boolean gates in
nitions and functional behaviour of these gates can be found DFTs. If the probability of a basic event (BE) i at time t is

VOLUME 8, 2020 97177

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

sub-trees are those which do not share any input among

them. These sub-trees are then further classified into static
and dynamic fault trees. Static sub-trees are solved using an
algebraic solution by utilising equations (1) and (2). Sep-
FIGURE 2. PN model of the failure behaviour of a non-repairable arating static parts and solving them with algebraic solu-
component. tion reduces the computation time and complexity. On the
other hand, unlike the existing modularisation approaches,
given as Pr{BEi }(t) and an AND gate contains n statistically dynamic sub-trees and trees with shared inputs are solved
independent BEs, then the probability of that AND can be using the PN-based approach. In case of BEs having expo-
calculated as: nential failure distribution, the PN model will be converted
n
Y to a reachability graph and can be solved through Markov
Pr{E1 ∧ E2 ∧ . . . ∧ En } (t) = Pr{Ei } (t) (1) theorem. If BEs obey non-exponential failure distribution,
i=1
the PN-model will be simulated with a number of iterations
Similarly, an OR gate with n BEs as inputs can be evaluated and the result will be gained through Monte Carlo theorem.
as: It should be noted that the proposed solution solves the DFT
n
Y hierarchically and layer by layer in each separated module.
Pr{E1 ∨ E2 ∨ . . . ∨ En } (t) = 1 − 1 − Pr{Ei } (t) (2)


Afterwards, these independent solutions are combined to
i=1 achieve the solution of the system-level DFT.
PNs have been used to evaluate fault trees. For example,
in [53]–[55], classical fault trees have been converted into A. MODULE IDENTIFICATION
PNs for reliability analysis. Furthermore, PN-based DFT Several algorithms have been developed for the identifica-
quantification methods have been proposed in [9], [56], [57]. tion of modules in fault trees [37], [58]–[63]. Among these,
In these approaches, DFTs are transformed into PNs. In the the algorithm proposed by Dutuit and Rauzy [37] is the
transformation process, each DFT node is translated to a simplest and most efficient one. This is a highly efficient
particular sub-PN with a ‘place’ indicating the status of the linear time algorithm [38].
DFT node. Places are therefore used to indicate the state of The basic idea of this algorithm is as follows: ‘‘Let v be an
the system, while timed transitions, symbolised by white rect- internal event and t1 and t2 respectively the first and second
angles, represent random faults and immediate transitions, dates of visits of v in a depth-first left most traversal of the
symbolised by black rectangles, indicate the propagation fault tree. Then v is a module iff none of its descendents is vis-
of failures. The firing rate of a timed transition is charac- ited before t1 and after t2 during the traversal’’ [37]. We used
terised by the failure rate of the component it is representing. this algorithm to identify the independent sub-trees (modules)
For instance, the PN model of the failure behaviour of a in the original fault tree. To compute and facilitate the integra-
non-repairable component is shown in Fig. 2. In this model, tion of the sub-tree solutions, we used two flags: TypeofNode
the places ‘x.up’ and ‘x.dn’ represent the functional and to indicate whether the independent sub-tree is static or
non-functional state of the component x, respectively. At the dynamic, and Independent_Child to indicate whether the
beginning of system operation, the place ‘x.up’ contains a current independent sub-tree contains other independent sub-
token (the black dot symbolises it), meaning the component trees. The latter flag helps further modularisation of sub-trees
is fully operational (i.e., operating as a new component). if they contain independent sub-trees.
The timed transition ‘x.f’ is characterized by the time to
failure distribution of the component. Note that depending on B. RELIABILITY QUANTIFICATION THROUGH
the failure behaviour of a component, i.e., exponentially on INTEGRATION
non-exponentially distributed time to failure, a transition can Once the independent sub-trees are identified, a recursive
be modelled accordingly. For instance, if the component has approach is used to solve independent sub-trees because an
an exponentially distributed failure rate λ, then the probability independent sub-tree may contain other independent sub-
of the transition x.f firing at time t is 1 − e−λt . On the firing trees. The solutions of sub-trees at different levels are com-
of the transition x.f the place x.dn will get a token, which bined in the recursion process to obtain the probability of the
will mark the occurrence of the basic event, i.e., failure of top event. As static and dynamic gates can be combined in
the corresponding component. PN models of the DFT’s logic different ways to form different tree structures, we consider
gates are shown in Fig. 3 and further details on how these these distinct scenarios and provide ways of addressing each.
transformations are made can be found in [9], [51]. The first scenario is shown in Fig. 5. In this case, the top
event (TE) is a static gate and input to this gate is the output
III. A MODULAR APPROACH FOR DFT ANALYSIS of another static sub-tree. To solve this tree, at first, the static
The flowchart of the proposed modular approach is shown sub-tree is solved using an algebraic formula to obtain the
in Fig. 4. Similar to the existing modularisation techniques, probability of the sub-tree. This probability is used directly
the proposed approach takes the system level DFTs as input as an input to the parent tree and the parent tree is then solved
and then identifies the independent sub-trees. Independent using an algebraic formula to calculate the TE probability.

97178 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

FIGURE 3. PN models of Boolean and dynamic gates.

Fig. 6 shows the second scenario, where the TE of the exponentially distributed, then the PN model can be evaluated
trees is a dynamic gate and the sub-trees are static gates. by evaluating an underlying Markov model. On the other
To solve these trees, firstly, the static sub-trees are solved hand, if the PN model contains non-exponentially distributed
using mathematical formulas to obtain their probability. timed transitions, then simulation like Monte Carlo simu-
As probability values cannot be used directly to quantify lation can be used for evaluation. In this paper, we eval-
dynamic gates, we obtain the failure rate from the probability uated PNs containing exponentially distributed transitions
value. After that, the static sub-tree is replaced by a single by converting them to reachability graph and then solved
node and a PN model of the dynamic gate is created for it via Markov theorem. On the other hand, we used Monte
evaluation. The PN model can be evaluated in many different Carlo simulation to evaluate PNs having non-exponentially
ways to obtain the unreliability of the dynamic module. For distributed timed transitions. More details about this process
instance, in the PN model, if all the timed transitions are are provided in section III-C.

VOLUME 8, 2020 97179

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

FIGURE 4. Flowchart of the proposed hybrid modularised approach.

The third scenario (see Fig. 7) is the opposite of scenario 2. the dynamic sub-tree using the PN-based method to obtain
In this case, the TE of the trees is a static gate and the sub-tree the probability of the dynamic tree. Subsequently, a single
is a dynamic tree. Therefore, to solve this tree, we first solve node is used to replace the sub-tree and the probability value

97180 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

FIGURE 5. Hierarchically arranged static trees.

FIGURE 8. DFT with cascaded dynamic gates.

FIGURE 6. DFT having dynamic gate as top event with an independent

static sub-tree.

FIGURE 9. DFT with shared events.

However, it is possible to solve them one at a time using the

PN model, i.e., solving the child tree first and then the parent
tree. Since a PN model is needed to address both parent and
child, we use a single PN model to solve the whole tree in
one go. Fig. 9 shows a case where an input is shared between
two logic gates, thus making them dependent. In such cases,
we use the PN approach to solve the tree.

C. REACHABILITY SOLUTION
FIGURE 7. DFT having static gate as top event with an independent
To demonstrate the quantitative solution of the proposed
dynamic sub-tree. method, a simple DFT consisting of a PAND and a POR gate
with three basic events is considered as shown in Fig. 10.
of this node is used directly as an input to the evaluation of The DFT of Fig. 10 can be converted to an equivalent PN
the parent tree. As the parent tree is static, it can be evaluated as illustrated in Fig. 11. It is assumed that the PN models
algebraically using equations (1) or (2). of all gates in DFT are bounded. Therefore, from the PN
In the fourth scenario, as can be seen from Fig. 8, two model of each gate, a reachability graph can be obtained. By
dynamic gates are arranged hierarchically, i.e., the output removing immediate transitions the reachability graph will be
of one dynamic gate is an input to another dynamic gate. converted to a Markov process. Interested readers are referred
We solve this DFT by converting it to a PN model directly. to [64] to find more information about how this can be done.

VOLUME 8, 2020 97181

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

1 − ξ 1t
 
0 0 0 0
 λA 1t 1 − ϕ1t 0 0 0
 λB 1t 1 − ψ1t
 
M = 0 0 0 (5)
λB 1t λA 1t

 0 1 0
λC 1t λC 1t λC 1t 0 1

where ξ = (λA + λB + λC ) , ψ = (λA + λC ) , and ϕ =

(λB + λC ) . Eq. (3) can be recursively solved if the initial
probability vector P (0) is known. The result at times n1t is
given by eq.(6).

P (n1t) = M n P (0) (6)

Eq. (6) in its continuous form is written as (7).

FIGURE 10. A Simple DFT with a PNAD and a POR gate.

Ṗ (t) = AP (0) (7)

where A is the continuous Markov transition matrix in the

form of (8).
∂M
A=
∂1t
 
−λA −λB −λC 0 0 0 0
 λA −λB − λC 0 0 0
λB −λA − λC
 
= 0 0 0
λB λA
 
 0 0 0
λC λC λC 0 0
FIGURE 11. PN model for a simple DFT of Figure 10. (8)

Solving (7) gives the probability of system states at any time

t and the unreliability of the system can be calculated through
the probability of failed state.

U (t) = PF (t)
λB λA + λB e−(λA +λB +λC )t + λC e−(λA +λB +λC )t


=
(λB + λC ) (λA + λB + λC )
λB (λA + λB + λC ) e−(λB +λC )t
− (9)
(λB + λC ) (λA + λB + λC )
FIGURE 12. Markov process model for a simple DFT of Figure 10.
In the case of having non-exponential failure distribution,
the proposed approach will use the combined Monte Carlo
For the PN model presented in Fig. 11, a Markov process Simulation and PN. Consider N is the number of total itera-
of Fig. 12 can be achieved. Note that as the Markov process tions in which the Petri Net model can be simulated. The time
of Fig. 12 is obtained by optimising the original reachability to failure can be calculated for each timed arc transition in
graph of the PN model of Fig. 11, it would not be possible to the model based on its probability distribution. For example,
find a one-to-one correspondence between the two models. in the case of having exponential failure distribution, the time
However, in Fig.12, λA , λB , and λC correspond to the failure for arc transition can be calculated through an exponential
rates of events A, B, and C, respectively, which are denoted by distribution.
the timed transitions (white rectangles) with values 0.0002,
0.0003, and 0.0001, respectively in Fig. 11. (1 − rand)
PA = e−λA t → t A = −ln (10)
For the Markov process of Fig. 12, the equations can be λA
formed as eq.(3).
where rand is the uniformly generated random number and λA
P (t + 1t) = MP (t) (3) is the failure rate of event A. The unreliability of the system
can be calculated by dividing the number of time that a token
where P is the ‘‘states vector’’ denoted by eq.(4) and M is the
reaches the place denoting the TE by the total number of
discrete state transition matrix denoted by eq.(5).
iterations. For Weibull distribution, it is also possible to use
P (t) = P1 (t) , P2 (t) , P3 (t) , Pop (t) , PF (t)
 
(4) inverse distribution. In MATLAB ‘‘wblinv’’ can be used.

97182 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

D. CRITICALITY ANALYSIS
In FTA, criticality analysis plays an important role by iden-
tifying the critical events causing the top event of a fault
tree. Criticality is measured in terms of the relative contri-
butions of the events to the occurrence of the TE. Differ-
ent approaches such as Fussel-Vesely importance measures,
Birnbaum importance measures (BIM), and Risk Reduction
Worth (RRW) are available to perform the criticality anal-
ysis [65]. For illustration, in this paper, we show how BIM
can be used for identifying critical basic events using our
proposed approach. Note that other approaches can also be
used for this purpose.
The BIM of an event is calculated by taking the difference FIGURE 13. An example abstract temporal FT.

between the conditional TE probability given the occurrence

or absence of that event. The event’s occurrence and absence TABLE 2. Failure rate and probability of the basic events of the TFT
are represented by setting the basic event’s probability as in Fig. 13.

1 and 0, respectively. Mathematically, the BIM of an event

can be expressed as:

BIM (BEi ) = Pr(TE|Pr(BEi = 1))−Pr(TE|Pr(BEi = 0))

(11)

where Pr(TE|Pr(BEi = 1)) and Pr(TE|Pr(BEi = 0)) is

the probability of the TE given that the probability of BEi is
1 and 0, respectively.
Most of the existing modularisation approaches are not
able to perform criticality analysis. This is because when
modularisation is performed to replace a sub-tree using a
single event, the basic events involved in the sub-tree are
eliminated, thus are absent from the further analysis. For this
reason, it is not possible to set the probability of non-existent
events. The methodology proposed in this paper provides a
way to perform criticality analysis event after modularisation.
Consider that we want to find the criticality of an event ‘e’, combined to obtain the TE (G1) probability. According to the
which is part of an independent tree ‘tr’. In the general case, proposed modularisation technique, the TE probability of the
when we replace the sub-tree with a single event, the exis- TFT is 0.0289564056. To compare the result, we evaluated
tence of event ‘e’ will be lost. To facilitate the criticality this TFT using PN approach without modularisation and
analysis, when evaluating the sub-tree, firstly, we set event the TE probability obtained was 0.0289692416. As can be
e’s probability to the pre-specified value (either 0 or 1). seen, these two values start differing from the fifth digit after
After that, the sub-tree is evaluated and the probability is the decimal point. That means the result approximated by
calculated. As a result, the calculated new node’s probability the proposed modularisation approach is very to close the
reflects the effect of the change in event e’s probability. In this solution provided by typical PN-based approach.
way, the effect of the change in the probability of a basic The second DFT, as seen in Fig. 14, was selected
event is calculated despite the basic event itself becoming from [22], [66]. In [66], an inclusion-exclusion based for-
non-existent. mula is used to achieve the TE probability through cut-sets
considering repeated events. Yuge and Yanagi evaluated this
IV. NUMERICAL EXAMPLES AND EVALUATION DFT using their proposed approach as well as using the
In this section, five different DFTs are evaluated using the Galileo tool and Monte Carlo Simulation by setting the failure
proposed method to illustrate its effectiveness. The first rates of the BEs as 0.01 h−1 . The same DFT was evalu-
example of an abstract temporal fault tree (TFT) is shown ated in [67] under the same setting using a semi-Markov
in Fig. 13 and the failure rates and probabilities of the BEs of process-based approach. In [67], Aslansefat et al. evaluated
the TFT are shown in Table 2. In this TFT, the identified inde- this DFT through a hierarchical procedure in which starting
pendent static modules are G1, G6, G3, G7, and G4. The inde- from BE level, the cumulative failure distribution function of
pendent dynamic modules are G2 and G8. These independent each gate was calculated and used as an input of next layer
modules are evaluated according to the process described gates. This process was repeated to obtain the cumulative
in section III. The results of these individual solutions are failure distribution function of the TE. The results produced

VOLUME 8, 2020 97183

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

TABLE 3. Comparison between the results obtained by different approaches.

FIGURE 15. SAP2 DFT [43].

FIGURE 14. An example DFT [22], [66].

by different approaches were compared in [66], [67] and it

was argued that the results produced by Galileo tool were
more accurate because of the tool’s ability to provide more
exact closed-form solution. In this paper, for comparison,
we have evaluated the DFT of Fig.14 using the proposed
modularisation approach under the same setting as used in FIGURE 16. Numerical results of DFT illustrated in figure 15.
other mentioned papers. Table 3 provides a comparison of
the probability of the TE for mission times ranging from 0 to
300 hours. From the comparison, it can be seen that the results To illustrate the evaluation of DFTs with a wider number of
produced by the proposed approach are almost the same as the dynamic gates, the DFT shown in Fig. 15 is selected. This
results produced by the Galileo tool. Therefore, it can be said is the DFT of a subsystem of a real industrial plant, taken
that the proposed modularisation is effective in evaluating from [43]. The quantitative parameters for the BEs of this
DFTs without losing accuracy. DFT are shown in Table 5. Considering the mission time
As we know the exact results belong to Galileo. To com- 0 to 9000 hours, the unreliability of the SAP2 system can be
pare the different results provided in table 3, the Mean Abso- achieved as shown in Fig. 16, which is in line with the original
lute Percentage Error (MAPE) of each method with regards to study presented in [43].
the reference method (Galileo) has been used in table 4. It can The fourth example used in this paper is the TFT (see
be seen the proposed method has less deviation percentage Fig. 17) of an aircraft fuel distribution system taken from [11].
in comparison to the others such as Yuge’s, Aslansefat’s or Table 6 shows the numerical data for the BEs of this TFT.
Monte Carlo based methods. This TFT is the most complex compared to the other DFTs
The DFTs in the examples seen so far contains only a shown earlier. It presents many complex relationships and
limited number of dynamic gates, e.g., PAND and POR gates. dependencies among the events at different levels of the tree.

97184 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

TABLE 4. A comparison of Mean Absolute Percentage Error (MAPE) of existing methods with regards to Galileo’s results.

TABLE 5. Failure rates of the basic events of the DFT in Fig. 15.

TABLE 6. Failure rate, failure probability, and criticality ranking of the

basic events of the TFT in Fig. 17.

FIGURE 17. TFT of the aircraft of the fuel distribution system.

To reveal the capabilities of the proposed method in the

case of having non-exponential failure distribution, an exam-
ple of DFT consists of PAND, AND and OR gates with ten
basic events (seven exponentially distributed BEs and three
BEs with Weibull failure distribution) has been considered.
It is assumed that three BEs including I, J and K have Weibull
failure distribution with the scale factor of ω = 20 and the
shape factor of α = 0.1 that can be formulated as follows:
α
P = e−(t/ω) (12)
Using a laptop with a 64-bit Intel core i7 processor at 2.8 GHz
(8 CPUs) and 16 GB RAM, an attempt was made to quantify The rest of the BEs obeys exponential failure distribution
this TFT using the PN-based approach proposed in [11]. The with the failure rate of λA = 0.0110, λB = 0.0120, λC =
approach failed to provide a solution because after generating 0.0130, λD = 0.0140, λE = 0.0150, λH = 0.0011, and λL =
a certain number of states, due to the state space explosion 0.0015 failure per hour, respectively. Figure 18 illustrates the
the approach could not proceed further. However, with the DFT of the elucidated example.
help of the High-Performance Computing (HPC) facility at Considering the mission time of zero to three hundred
the University of Hull, we were able to find a solution to hours, the unreliability of the system can be obtained as
this TFT. Across 10 executions, finding a solution required, shown in figure 19. In this figure, the blue curve is the result
on an average, 747 seconds. The modularisation technique that can be obtained from Algebraic solution provided by [28]
proposed in this paper was able to avoid the state space explo- and red circles are the results obtained from the proposed
sion problem without using the HPC facility and provided method in which a combination of PN and Monte Carlo
a solution in a matter of seconds. Moreover, for 100 hours simulation with 10e6 iterations has been used. As can be seen,
of mission time, the values estimated by both the PN and both solutions have the same results.
modularisation approaches for the TE probability are 0.049. From the results obtained by the modularised approach
The criticality of the BEs are also calculated, the events are for five different examples, we can see that the proposed
ranked based on their criticality and the ranking is shown modularisation technique estimates results without unaccept-
in Table 6. This ranking agrees with the ranking suggested able loss of accuracy while making a major improvement
in [11] by the PN-based approach. in the execution performance. Regarding the computation

VOLUME 8, 2020 97185

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

assumed that numerical discretization of the problem follows

weak convergence, and quality obeyed by Euler–Maruyama
and Milstein schemes.
In the proposed hybrid method, currently, repairable DFTs
are not considered and it can be considered in the future
research work. In addition, components are considered to
have binary states (working and failed), thus complex failure
behaviour of components with multiple modes of operation
are not considered. In the future, research can be performed
to find ways to incorporate such complex failure behaviour
of components, for instance, using a concept like complex
BEs. Currently, uncertainty with failure data is not consid-
FIGURE 18. An example DFT consists of exponential and Weibull BEs. ered. Exploring the ways of handling uncertainty could be a
potential future research avenue.
V. CONCLUSION
In this paper, we have addressed the limitations of the existing
modularisation techniques for DFT analysis by proposing
a novel approach based on algebraic solutions and PN to
quantify dynamic fault trees. We have outlined the differences
and contribution by our approach against existing methods
extensively, both in the related work and motivation section
and as part of the detailed discussion of our method. The
effectiveness of the approach is evaluated by applying it to
five different DFTs. The comparison of the results approxi-
mated by the proposed approach with the existing approaches
confirms that the modularisation approach yields comparable
FIGURE 19. A comparison of the numerical unreliability results (Algebraic results with regards to accuracy. However, the time required
and proposed method) of the DFT shown in figure 18. by our modular approach to evaluate DFTs is significantly
less than that required by the classical state-space based DFT
complexity of the proposed hybrid method, we can divide it evaluation approaches. Thus, the modular approach proposed
into three parts, (A) Algebraic, (B) Petri Nets and (C) Monte in this paper allows analysis of much larger systems with
Carlo Simulation. The computation complexity of proba- complex inter-dependencies among the components than
bilistic algebraic method that represents DFT operation can with the classical non-modular approaches. As the proposed
be achieved by O(a) where a is the number of gates in a approach allows the use of both constant failure probabilities
DFT [68]. As mentioned before, the Petri Nets model is and rates in the same analysis, it is therefore equally appli-
converted to a reachability tree that is equivalent to a Markov cable to evaluate hardware, software and human operator
chain. The cumulative required time to obtain the probability failures. At present, we have considered PN as a solution
vector in a Markov model can be calculated as (13) assuming technique to alleviate the limitations of Markov chain based
that n ≤ x[00] and x[01]. modularisation techniques for DFT evaluation. There exist
other solution techniques like semi-Markov process, SBDD,
O((x[00] + x[01])n) (13) etc., which can relax the limitation of the Markov chain,
where x[00] stands for the number of non-zero transitions therefore, in the future, it is worth exploring these alternative
between functional states and x[01] stands for the number of solutions as part of modularisation.
non-zero transitions between functional states and absorbing ACKNOWLEDGMENT
failure state(s). Therefore, [69] showed that the computation The authors would like to thank EDF Energy R&D UK Centre
complexity of the model can be simplified to O(n2 ) where n and AURA Innovation Centre for their support.
can be determined by the total number of states. However,
in the proposed method, DFTs are solved through the hier- REFERENCES
archical model and the computation complexity is reduced [1] V. Calderaro, V. Lattarulo, A. Piccolo, and P. Siano, ‘‘Optimal switch
to O(k) where k is the number of gates in DFT [67]. This placement by alliance algorithm for improving microgrids reliability,’’
IEEE Trans. Ind. Informat., vol. 8, no. 4, pp. 925–934, Nov. 2012.
helps the proposed approach to avoid the issues associated [2] B. Zhao, H. Aydin, and D. Zhu, ‘‘On maximizing reliability of real-time
with the state-space explosion. The computation complexity embedded applications under hard energy constraint,’’ IEEE Trans. Ind.
of Monte Carlo Simulation is O(h) where h is the number Informat., vol. 6, no. 3, pp. 316–328, Aug. 2010.
[3] S. Kabir, ‘‘An overview of fault tree analysis and its application in model
of steps in each iteration. However, based on [70], in an based dependability analysis,’’ Expert Syst. Appl., vol. 77, pp. 114–135,
optimized implementation, it can be reduced to O(h−2 ). It is Jul. 2017.

97186 VOLUME 8, 2020

S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

[4] J. B. Dugan, S. J. Bavuso, and M. A. Boyd, ‘‘Dynamic fault-tree models [25] F. Chiacchio, A. Iacono, L. Compagno, and D. D’Urso, ‘‘A general frame-
for fault-tolerant computer systems,’’ IEEE Trans. Rel., vol. 41, no. 3, work for dependability modelling coupling discrete-event and time-driven
pp. 363–377, Sep. 1992. simulation,’’ Rel. Eng. Syst. Saf., vol. 199, Jul. 2020, Art. no. 106904.
[5] J. B. Dugan, S. J. Bavuso, and M. A. Boyd, ‘‘Fault trees and Markov models [26] K. D. Rao, V. Gopika, V. V. S. S. Rao, H. S. Kushwaha, A. K. Verma, and
for reliability analysis of fault-tolerant digital systems,’’ Rel. Eng. Syst. A. Srividya, ‘‘Dynamic fault tree analysis using Monte Carlo simulation
Saf., vol. 39, no. 3, pp. 291–307, Jan. 1993. in probabilistic safety assessment,’’ Rel. Eng. Syst. Saf., vol. 94, no. 4,
[6] H. Boudali, P. Crouzen, and M. Stoelinga, ‘‘Dynamic fault tree analy- pp. 872–883, Apr. 2009.
sis using input/output interactive Markov chains,’’ in Proc. 37th Annu. [27] G. Manno, F. Chiacchio, L. Compagno, D. D’Urso, and N. Trapani,
IEEE/IFIP Int. Conf. Dependable Syst. Netw. (DSN), Washington, DC, ‘‘MatCarloRe: An integrated FT and Monte Carlo Simulink tool for the
USA, Jun. 2007, pp. 708–717. reliability assessment of dynamic fault tree,’’ Expert Syst. Appl., vol. 39,
[7] H. Boudali, P. Crouzen, and M. Stoelinga, ‘‘A compositional semantics no. 12, pp. 10334–10342, 2012.
for dynamic fault trees in terms of interactive Markov chains,’’ in Proc. [28] G. Merle, J.-M. Roussel, J.-J. Lesage, and A. Bobbio, ‘‘Probabilistic
Int. Symp. Automat. Technol. Verification Anal. Berlin, Germany: Springer, algebraic analysis of fault trees with priority dynamic gates and repeated
2007, pp. 441–456. events,’’ IEEE Trans. Rel., vol. 59, no. 1, pp. 250–261, Mar. 2010.
[8] H. Boudali, P. Crouzen, and M. Stoelinga, ‘‘A rigorous, compositional, [29] G. Merle, J.-M. Roussel, and J.-J. Lesage, ‘‘Quantitative analysis of
and extensible framework for dynamic fault tree analysis,’’ IEEE Trans. dynamic fault trees based on the structure function,’’ Qual. Rel. Eng. Int.,
Depend. Sec. Comput., vol. 7, no. 2, pp. 128–143, Apr. 2010. vol. 30, no. 1, pp. 143–156, Feb. 2014.
[30] K. J. Sullivan, J. B. Dugan, and D. Coppit, ‘‘The galileo fault tree analysis
[9] D. Codetta-Raiteri, ‘‘The conversion of dynamic fault trees to stochastic
tool,’’ in 29th Annu. Int. Symp. Fault-Tolerant Comput. Dig. Papers, 1999,
Petri nets, as a case of graph transformation,’’ Electron. Notes Theor.
pp. 232–235.
Comput. Sci., vol. 127, no. 2, pp. 45–60, Mar. 2005.
[31] M. Batteux, T. Prosvirnova, A. Rauzy, and L. Kloul, ‘‘The AltaRica 3.0
[10] T. P. K. Nguyen, J. Beugin, and J. Marais, ‘‘Method for evaluating an project for model-based safety assessment,’’ in Proc. 11th IEEE Int. Conf.
extended fault tree to analyse the dependability of complex systems: Appli- Ind. Informat. (INDIN), Jul. 2013, pp. 741–746.
cation to a satellite-based railway system,’’ Rel. Eng. Syst. Saf., vol. 133, [32] K. Aslansefat, S. Kabir, Y. Gheraibia, and Y. Papadopoulos, ‘‘Dynamic
pp. 300–313, Jan. 2015. fault tree analysis: State-of-the-art in modeling, analysis, and tools,’’ in
[11] S. Kabir, M. Walker, and Y. Papadopoulos, ‘‘Dynamic system safety Reliability Management and Engineering: Challenges and Future Trends.
analysis in HiP-HOPS with Petri nets and Bayesian networks,’’ Saf. Sci., Boca Raton, FL, USA: CRC Press, 2020, ch. 4, pp. 73–111.
vol. 105, pp. 55–70, Jun. 2018. [33] F. A. Patterson-Hine and J. B. Dugan, ‘‘Modular techniques for dynamic
[12] H. Song and E. Schnieder, ‘‘Evaluating fault tree by means of colored fault tree-analysis,’’ in Proc. Annu. Rel. Maintainability Symp., 1992,
Petri nets to analyze the railway system dependability,’’ Saf. Sci., vol. 110, pp. 363–369.
pp. 313–323, Dec. 2018. [34] L. L. Pullum and J. B. Dugan, ‘‘Fault tree models for the analysis of
[13] H. Boudali and J. B. Dugan, ‘‘A continuous-time Bayesian network relia- complex computer-based systems,’’ in Proc. Annu. Rel. Maintainability
bility modeling, and analysis framework,’’ IEEE Trans. Rel., vol. 55, no. 1, Symp., 1996, pp. 200–207.
pp. 86–97, Mar. 2006. [35] J. B. Dugan, B. Venkataraman, and R. Gulati, ‘‘DIFtree: A software
[14] S. Montani, L. Portinale, A. Bobbio, and D. Codetta-Raiteri, ‘‘Radyban: package for the analysis of dynamic fault tree models,’’ in Proc. Annu.
A tool for reliability analysis of dynamic fault trees through conversion Rel. Maintainability Symp., 1997, pp. 64–70.
into dynamic Bayesian networks,’’ Rel. Eng. Syst. Saf., vol. 93, no. 7, [36] R. E. Bryant, ‘‘Graph-based algorithms for Boolean function manipula-
pp. 922–932, Jul. 2008. tion,’’ IEEE Trans. Comput., vol. C-35, no. 8, pp. 677–691, Aug. 1986.
[15] D. Marquez, M. Neil, and N. Fenton, ‘‘Solving dynamic fault trees using a [37] Y. Dutuit and A. Rauzy, ‘‘A linear-time algorithm to find modules of fault
new hybrid Bayesian network inference algorithm,’’ in Proc. 16th Medit. trees,’’ IEEE Trans. Rel., vol. 45, no. 3, pp. 422–425, Sep. 1996.
Conf. Control Automat., Jun. 2008, pp. 609–614. [38] R. Gulati and J. B. Dugan, ‘‘A modular approach for analyzing static and
[16] L. Xing, O. Tannous, and J. B. Dugan, ‘‘Reliability analysis of non- dynamic fault trees,’’ in Proc. Annu. Rel. Maintainability Symp., 1997,
repairable cold-standby systems using sequential binary decision dia- pp. 57–63.
grams,’’ IEEE Trans. Syst., Man, Cybern. A, Syst., Humans, vol. 42, no. 3, [39] A. Anand and A. K. Somani, ‘‘Hierarchical analysis of fault trees with
pp. 715–726, May 2012. dependencies, using decomposition,’’ in Proc. Annu. Rel. Maintainability
[17] D. Ge, M. Lin, Y. Yang, R. Zhang, and Q. Chou, ‘‘Quantitative analysis of Symp., 1998, pp. 69–75.
dynamic fault trees using improved sequential binary decision diagrams,’’ [40] R. Manian, J. B. Dugan, D. Coppit, and K. J. Sullivan, ‘‘Combining various
Rel. Eng. Syst. Saf., vol. 142, pp. 289–299, Oct. 2015. solution techniques for dynamic fault tree analysis of computer systems,’’
in Proc. 3rd IEEE Int. High-Assurance Syst. Eng. Symp., Washington, DC,
[18] S. Khan, J.-P. Katoen, M. Volk, and M. Bouissou, ‘‘Synergizing reliability
USA, 1998, pp. 21–28.
modeling languages: BDMPs without repairs and DFTs,’’ in Proc. IEEE
24th Pacific Rim Int. Symp. Dependable Comput. (PRDC), Dec. 2019, [41] C.-Y. Huang and Y.-R. Chang, ‘‘An improved decomposition scheme for
pp. 266–275. assessing the reliability of embedded systems by using dynamic fault
trees,’’ Rel. Eng. Syst. Saf., vol. 92, no. 10, pp. 1403–1412, Oct. 2007.
[19] P.-Y. Piriou, J.-M. Faure, and J.-J. Lesage, ‘‘Finding the minimal cut
[42] O. Yevkin, ‘‘An improved modular approach for dynamic fault tree analy-
sequences of dynamic, repairable, and reconfigurable systems from gen-
sis,’’ in Proc. Annu. Rel. Maintainability Symp., Jan. 2011, pp. 1–5.
eralized Boolean logic driven Markov process models,’’ Proc. Inst. Mech.
[43] F. Chiacchio, M. Cacioppo, D. D’Urso, G. Manno, N. Trapani, and
Eng., O, J. Risk Rel., pp. 1–12, Feb. 2019.
L. Compagno, ‘‘A Weibull-based compositional approach for hierarchical
[20] S. Distefano and A. Puliafito, ‘‘Dependability evaluation with dynamic dynamic fault trees,’’ Rel. Eng. Syst. Saf., vol. 109, pp. 45–52, Jan. 2013.
reliability block diagrams and dynamic fault trees,’’ IEEE Trans. Depend. [44] R. Zurawski and M. Zhou, ‘‘Petri nets and industrial applications: A tuto-
Sec. Comput., vol. 6, no. 1, pp. 4–17, Jan. 2009. rial,’’ IEEE Trans. Ind. Electron., vol. 41, no. 6, pp. 567–583, 1994.
[21] S. Distefano and A. Puliafito, ‘‘Reliability and availability analysis of [45] S. Kabir and Y. Papadopoulos, ‘‘Applications of Bayesian networks and
dependent-dynamic systems with DRBDs,’’ Rel. Eng. Syst. Saf., vol. 94, Petri nets in safety, reliability, and risk assessments: A review,’’ Saf. Sci.,
no. 9, pp. 1381–1393, Sep. 2009. vol. 115, pp. 154–175, Jun. 2019.
[22] P. Zhu, J. Han, L. Liu, and M. J. Zuo, ‘‘A stochastic approach for the [46] C. Fecarotti, J. Andrews, and R. Chen, ‘‘A Petri net approach for perfor-
analysis of fault trees with priority AND gates,’’ IEEE Trans. Rel., vol. 63, mance modelling of polymer electrolyte membrane fuel cell systems,’’ Int.
no. 2, pp. 480–494, Jun. 2014. J. Hydrogen Energy, vol. 41, no. 28, pp. 12242–12260, 2016.
[23] F. Chiacchio, J. I. Aizpurua, L. Compagno, and D. D’Urso, ‘‘SHyFTOO, [47] B. Le and J. Andrews, ‘‘Petri net modelling of bridge asset manage-
an object-oriented Monte Carlo simulation library for the modeling of ment using maintenance-related state conditions,’’ Struct. Infrastruct. Eng.,
stochastic hybrid fault tree automaton,’’ Expert Syst. Appl., vol. 146, vol. 12, no. 6, pp. 730–751, Jun. 2016.
May 2020, Art. no. 113139. [48] S. Bernardi, J. Campos, and J. Merseguer, ‘‘Timing-failure risk assessment
[24] F. Chiacchio, J. I. Aizpurua, L. Compagno, S. M. Khodayee, and of UML design using time Petri net bound techniques,’’ IEEE Trans. Ind.
D. D’Urso, ‘‘Modelling and resolution of dynamic reliability problems by Informat., vol. 7, no. 1, pp. 90–104, Feb. 2011.
the coupling of simulink and the stochastic hybrid fault tree object oriented [49] V. Volovoi, ‘‘Modeling of system reliability Petri nets with aging tokens,’’
(SHyFTOO) library,’’ Information, vol. 10, no. 9, p. 283, Sep. 2019. Rel. Eng. Syst. Saf., vol. 84, no. 2, pp. 149–161, May 2004.

VOLUME 8, 2020 97187

 S. Kabir et al.: Hybrid Modular Approach for DFT Analysis

[50] W. Reisig, Petri Nets: An Introduction, vol. 4. Berlin, Germany: Springer, KOOROSH ASLANSEFAT (Member, IEEE) was
2012. born in Tehran, Iran, in 1989. He received the B.Sc.
[51] S. Kabir, M. Yazdi, J. I. Aizpurua, and Y. Papadopoulos, ‘‘Uncertainty- degree in marine electronic and communication
aware dynamic reliability analysis framework for complex systems,’’ IEEE engineering from Chabahar Maritime University,
Access, vol. 6, pp. 29499–29515, 2018. Chabahar, Iran, in 2011, and the M.Sc. degree in
[52] S. Kabir, M. Walker, Y. Papadopoulos, E. Rüde, and P. Securius, ‘‘Fuzzy control engineering from Shahid Beheshti Univer-
temporal fault tree analysis of dynamic systems,’’ Int. J. Approx. Reason- sity, Tehran, Iran, in 2014. He is currently pursuing
ing, vol. 77, pp. 20–37, Oct. 2016.
the Ph.D. degree with the University of Hull, Hull,
[53] G. S. Hura and J. W. Atwood, ‘‘The use of Petri nets to analyze coherent
U.K., working on data-driven reliability-centered
fault trees,’’ IEEE Trans. Rel., vol. R-37, no. 5, pp. 469–474, Dec. 1988.
[54] M. Malhotra and K. S. Trivedi, ‘‘Dependability modeling using Petri-nets,’’ evolutionary and automated maintenance for off-
IEEE Trans. Rel., vol. 44, no. 3, pp. 428–440, Sep. 1995. shore wind farms. His main research interests are in Markov modeling,
[55] A. Bobbio, G. Franceschinis, R. Gaeta, and L. Portinale, ‘‘Exploiting performance assessment, artificial intelligence, optimization, and stochastic
Petri nets to support fault tree based dependability analysis,’’ in Proc. modeling.
8th Int. Workshop Petri Nets Perform. Models, Zaragoza, Spain, 1999,
pp. 146–155.
[56] X. Zhang, Q. Miao, X. Fan, and D. Wang, ‘‘Dynamic fault tree analysis
based on Petri nets,’’ in Proc. 8th Int. Conf. Rel., Maintainability Saf.,
Chengdu, China, Jul. 2009, pp. 138–142. IOANNIS SOROKOS received the B.Sc. degree
[57] S. Kabir, M. Walker, and Y. Papadopoulos, ‘‘Quantitative evaluation of in computer science from the Athens University
pandora temporal fault trees via Petri nets,’’ IFAC-PapersOnLine, vol. 48, of Economics and Business, Greece, in 2011, and
no. 21, pp. 458–463, 2015. the M.Sc. and Ph.D. degrees in computer science
[58] Z. W. Birnbaum and J. D. Esary, ‘‘Modules of coherent binary systems,’’ from the University of Hull, U.K., in 2017 and
J. Soc. Ind. Appl. Math., vol. 13, no. 2, pp. 444–462, Jun. 1965.
2013, respectively. He is currently a Postdoc-
[59] P. Chatterjee, ‘‘Modularization of fault trees: A method to reduce the cost
toral Researcher with the University of Hull. His
of analysis,’’ SIAM Rel. Fault Tree Anal., vol. 8, no. 4, pp. 101–137, 1975.
[60] A. Rosenthal, ‘‘Decomposition methods for fault tree analysis,’’ IEEE research interests include model-based depend-
Trans. Rel., vol. R-29, no. 2, pp. 136–138, Jun. 1980. ability analysis and assurance, metaheuristic
[61] M. O. Locks, ‘‘Modularizing, minimizing, and interpreting the K&H fault- optimization, artificial intelligence, computer
tree,’’ IEEE Trans. Rel., vol. R-30, no. 5, pp. 411–415, Dec. 1981. graphics, and computational game theory.
[62] J. M. Wilson, ‘‘Modularizing and minimizing fault trees,’’ IEEE Trans.
Rel., vol. R-34, no. 4, pp. 320–322, Oct. 1985.
[63] T. Kohda, E. J. Henley, and K. Inoue, ‘‘Finding modules in fault trees,’’
IEEE Trans. Rel., vol. 38, no. 2, pp. 165–176, Jun. 1989.
[64] A. Bobbio, ‘‘System modelling with Petri nets,’’ in Systems Reliability YIANNIS PAPADOPOULOS has pioneered work
Assessment. Dordrecht, The Netherlands: Springer, 1990, pp. 103–143. on model-based dependability assessment and
[65] W. Vesely, J. Dugan, J. Fragola, J. Minarick, and J. Railsback, ‘‘Fault evolutionary optimization of complex engineering
tree handbook with aerospace applications,’’ NASA Office Saf. Mission systems known as Hierarchically Performed Haz-
Assurance, Washington, DC, USA, Tech. Rep. Version 1.1, 2002. ard Origin and Propagation Studies (HiP-HOPS).
[66] T. Yuge and S. Yanagi, ‘‘Quantitative analysis of a fault tree with pri-
He has coauthored EAST-ADL, an emerging auto-
ority AND gates,’’ Rel. Eng. Syst. Saf., vol. 93, no. 11, pp. 1577–1583,
motive architecture description language working
Nov. 2008.
[67] K. Aslansefat and G.-R. Latif-Shabgahi, ‘‘A hierarchical approach for with Volvo, Honda, Continental, Honeywell, and
dynamic fault trees solution through semi-Markov process,’’ IEEE Trans. DNV-GL, among others. He is currently a Pro-
Rel., early access, Jul. 16, 2019, doi: 10.1109/TR.2019.2923893. fessor and Leader of the Dependable Intelligent
[68] J.-M. Fourneau and N. Pekergin, ‘‘A numerical analysis of dynamic fault Systems Research Group, University of Hull. He is also actively involved
trees based on stochastic bounds,’’ in Proc. Int. Conf. Quant. Eval. Syst. in two technical committees of IFAC (TC 1.3 & 5.1). He is also working on
Cham, Switzerland: Springer, 2015, pp. 176–191. new metaheuristics inspired by the hunting behavior of penguins and devel-
[69] G. Ciardo, R. A. Marie, B. Sericola, and K. S. Trivedi, ‘‘Performability oping technologies for self-certification of cyber-physical and autonomous
analysis using semi-Markov reward processes,’’ IEEE Trans. Comput., systems. He is interested in digital art and various aspects of philosophy and
vol. 39, no. 10, pp. 1251–1264, 1990. its interactions with science.
[70] H. A. Lay, Z. Colgin, V. Reshniak, and A. Q. M. Khaliq, ‘‘On the imple-
mentation of multilevel Monte Carlo simulation of the stochastic volatility
and interest rate model using multi-GPU clusters,’’ Monte Carlo Methods
Appl., vol. 24, no. 4, pp. 309–321, Dec. 2018.

SOHAG KABIR received the Ph.D. degree in com- SAVAS KONUR (Member, IEEE) is currently a
puter science and the M.Sc. degree in embed- Reader in computer science with the University
ded systems from the University of Hull, U.K., of Bradford. He has published in numerous presti-
in 2016 and 2012, respectively. He was a Research gious journals, as well as leading conferences. His
Associate with the Dependable Intelligent Sys- research interests mainly involve computational
tems (DEIS) Research Group, University of Hull. modeling, formal verification, high-performance
He has worked in EU projects on safety, including stochastic simulations and machine learning with
MAENAD and DEIS. He is currently working applications to real-time and safety critical sys-
as an Assistant Professor with the Department of tems, membrane computing, and systems and syn-
Computer Science, University of Bradford, U.K. thetic biology. He has led several research projects
His research interests include model-based safety assessment, probabilistic (funded by EPSRC, Innovate U.K., and EU Access Innovation), requiring a
risk and safety analysis, fault tolerant computing, and stochastic modeling wide range of interdisciplinary collaborations.
and analysis.

97188 VOLUME 8, 2020