IntroductionFTA HistoryApplicabilitySymbolsConstruction StepsCommentsBack

The fault tree analysis (FTA)


To design systems that work correctly we often need to understand and correct how they can go wrong. Fault trees provide a good framework for both qualitative and quantitative analysis because they have both a logical (Boolean algebra) and probabilistic basis. The fault tree analysis (FTA) is a professional-level hazard ID tool based on the negative type logic diagram. The FTA adds several dimensions to the basic logic tree. The most important of these additions are the use of symbols to add information to the trees and the possibility of adding quantitative risk data to the diagrams. With these additions, the FTA adds substantial hazard ID value to the basic logic diagram previously discussed.

This is a graphical technique that provides a systematic description of the combinations of possible occurrences in a system, which can result in an undesirable outcome. This method can combine hardware failures and human failures. The most serious outcome such as explosion, toxic release, etc. is selected as the Top Event. A fault tree is then constructed by relating the sequences of events, which individually or in combination, could lead to the Top Event. This may be illustrated by considering the probability of a crash at a road junction and constructing a tree with AND and OR logic gates. The tree is constructed by deducing in turn the preconditions for the top event and then successively for the next levels of events, until the basic causes are identified.

FTA History

The Beginning Years (1961 – 1970)

The Early Years (1971 – 1980)

The Mid Years (1981 – 1990)

The Present (1991 – 1999)


Because of its relative complexity and detail, it is normally not cost effective to use the FTA against risks assessed below the level of extremely high or high. The method is used extensively in the acquisition of new weapons systems and other complex systems where, due to the complexity and criticality of the system, the tool is a must. A fault tree model provides a logical framework for analyzing the failure behavior of a system. A fault tree model precisely documents which failure scenarios have been considered and which have not. Fault tree analysis can be used to support engineering and management decisions, trade-off analysis and risk assessment. The fault tree model has a well-defined boolean algebraic and probabilistic basis which relates probability calculations to Boolean logic functions. FTA application includes:

Root Cause Analysis

Risk Assessment

Design Safety Assessment

Fault Tree Analysis Symbols

Basic Events

Static fault tree gates

Sequence dependency gates

Several special purpose gates have been added to the traditional fault tree gates. These special dynamic gates capture sequence dependencies which frequently arise when modeling fault tolerant computer systems. If a dynamic gate is part of a fault tree then it is solved via a Markov chain, rather than by using traditional methods. The special dynamic gates include:

Cut Set Terms

Node Construction Steps

Construction at each gate node involves a 3 step process:

Step 1 - Immediate, Necessary and Sufficient (INS)

Step 2 - Primary, Secondary and Command (PSC)

Step 3 - State of the System or Component


The FTA is one of the few hazard ID procedures that will support quantification when the necessary data resources are available. Traditional fault trees cannot model sequence dependent failures, in which the order that events occur is important. We define special purpose gates for modeling sequence dependencies, and solve the resulting fault tree as a Markov chain. The development of a correct Markov model for a complex system can be difficult. Our approach is to use the fault tree for model development and automatically convert the fault tree to the equivalent Markov chain. The dynamic fault tree model is considerably simpler than the equivalent Markov chain. Coverage models are automatically added to the resulting Markov chain which is solved via a numerical differential equation solver.

The DFT (dynamic fault tree) methodology is ideally suited for the analysis of computer-based systems. DFT uses a modular approach to FTA, detecting modules using a fast and efficient algorithm. Modules are classified as static or dynamic, depending on the types of gates included.

Static modules are solved using the BDD approach; dynamic modules are solved using Markov chain methods. Coverage models can assess the effect of complex recovery mechanisms. Dynamic gates can allow modeling of sequence dependencies that arise from complex redundancy management.