NASA/SP--2000-6111

Fault Tree Analysis

A Bibliography

National Aeronautics and Space Administration

July 2000
 The NASA STI Program Office ... in Profile

Since its founding, NASA has been dedicated to CONFERENCE PUBLICATION.

the advancement of aeronautics and space Collected papers from scientific and
science. The NASA Scientific and Technical technical conferences, symposia,
Information (STI) Program Office plays a key seminars, or other meetings sponsored or
part in helping NASA maintain this important co-sponsored by NASA.
role.
SPECIAL PUBLICATION. Scientific,
The NASA STI Program Office is operated by technical, or historical information from
Langley Research Center, the lead center for NASA programs, projects, and missions,
NASA's scientific and technical information. The often concerned with subjects having
NASA STI Program Office provides access to the substantial public interest.
NASA STI Database, the largest collection of
aeronautical and space science STI in the world. TECHNICAL TRANSLATION. English-
The Program Office is also NASA's institutional language translations of foreign scientific
mechanism for disseminating the results of its and technical material pertinent to
research and development activities. These results NASA's mission.
are published by NASA in the NASA STI Report
Series, which includes the following report types: Specialized services that complement the STI
Program Office's diverse offerings include
TECHNICAL PUBLICATION. Reports of creating custom thesauri, building customized
completed research or a major significant databases, organizing and publishing research
phase of research that present the results of results ... even providing videos.
NASA programs and include extensive data
or theoretical analysis. Includes For more information about the NASA STI
compilations of significant scientific and Program Office, see the following:
technical data and information deemed to
be of continuing reference value. NASA • Access the NASA STI Program Home
counterpart of peer-reviewed formal Page at http://www.sti.nasa.gov
professional papers, but having less
stringent limitations on manuscript length • E-mail your question via the Internet to
and extent of graphic presentations. [email protected]

TECHNICAL MEMORANDUM. • Fax your question to the NASA STI Help

Scientific and technical findings that are Desk at (301) 621-0134
preliminary or of specialized interest, e.g.,
quick release reports, working papers, and • Telephone the NASA STI Help Desk at
bibliographies that contain minimal (301) 621-0390
annotation. Does not contain extensive
analysis. Write to:
NASA STI Help Desk
CONTRACTOR REPORT. Scientific and NASA Center for AeroSpace Information
technical findings by NASA-sponsored 7121 Standard Drive
contractors and grantees. Hanover, MD 21076-1320
NASA/SP--2000-6111

Fault Tree Analysis

A Bibliography

National Aeronautics and

Space Administration

NASA Scientific and Technical

Information Program

July 2000
 Introduction

Fault tree analysis is a top-down approach to the identification of process hazards. It is touted as one
of the best methods for systematically identifying and graphically displaying the many ways
something can go wrong. This bibliography contains references to documents in the NASA
Scientific and Technical Information (STI) Database. The selections are based on the major concepts
and other NASA Thesaurus terms, including 'reliability analysis.' An abstract is included with most
citations.

Items are first categorized by 10 major subject divisions, then further divided into 76 specific subject
categories, based on the NASA Scope and Subject Category Guide. The subject divisions and
categories are listed in the Table of Contents together with a note for each that defines its scope and
provides any cross-references.

Two indexes, Subject Term and Personal Author are also included. The Subject Term Index is
generated from the NASA Thesaurus terms associated and listed with each document.

You may order one or more of the documents presented. For further details or questions, please call
the NASA STI Help Desk at 301-621-0390 or send e-mail to [email protected].
 SCAN Goes Electronic!
If you have electronic mail or if you can access the Internet, you can view biweekly issues of SCAN
from your desktop absolutely free!

Electronic SCAN takes advantage of computer technology to inform you of the latest worldwide,
aerospace-related, scientific and technical information that has been published.

No more waiting while the paper copy is printed and mailed to you. You can view Electronic SCAN
the same day it is released--up to 191 topics to browse at your leisure. When you locate a publication
of interest, you can print the announcement. You can also go back to the Electronic SCAN home page
and follow the ordering instructions to quickly receive the full document.

Start your access to Electronic SCAN today. Over 1,000 announcements of new reports, books, con-
ference proceedings, journal articles...and more--available to your computer every two weeks.

For Internet access to E-SCAN, use any of the

following addresses:
Ti eL ie tbie ete http:I/w w w°,_tLr_asa+gov
r Co p 1tgg ! ftp.sti.nasa.gov
gopher.sti.nasa.gov

To receive a free subscription, send e-mail for complete information about the service first. Enter
[email protected] on the address line. Leave the subject and message areas blank and send. You
will receive a reply in minutes.

Then simply determine the SCAN topics you wish to receive and send a second e-mail to
[email protected]. Leave the subject line blank and enter a subscribe command, denoting which
topic you want and your name in the message area, formatted as follows:

Subscribe SCAN-02-01 Jane Doe

For additional information, e-mail a message to [email protected].

Phone: (301) 621-0390

Fax: (301) 621-0134

Write: NASA STI Help Desk

NASA Center for AeroSpace Information
7121 Standard Drive
Hanover, MD 21076-1320

Looking just for Aerospace Medicine and Biology reports? ......

Although hard copy distribution has been discontinued, you can i:: ::i::::
: :::ii::ii::::
::ii::ii:
:::::::]::]:
still receive these vital announcements through your E-SCAN
subscription. Just Subscribe SCAN-AEROMED Jane Doe :: ................................
, ....
in the message area of your e-mail to [email protected].

IV
 Table of Contents

Subject Divisions

Document citations are grouped first by the following divisions. Select a division title to view the
category-level Table of Contents.

A° Aeronautics H. Physics
B, Astronautics I. SociaJ and Information Sciences

C, Chemistry and MateriaJs J, Space Sciences

D, Engineering K. General

E, Geosciences

R Life Sciences

G° Mathematical and Computer Science_,_

ndexes

Two indexes are available. You may use the find command under the tools menu while viewing the
PDF file for direct match searching on any text string. You may also select either of the two indexes
provided for searching on NASA Thesaurus subject terms and personal author names.

Subject Term Index

PersonN Author index

Document Availability

Select AvailabiJity Info for important information about NASA Scientific and Technical
Information (STI) Program Office products and services, including registration with the NASA
Center for AeroSpace Information (CASI) for access to the NASA CASI TRS (Technical Report
Server), and availability and pricing information for cited documents.
Subject Categories of the Division A. Aeronautics

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

01 Aeronautics (GenerN) 1
Includes general research topics related to manned and unmanned aircraft and the problems
of flight within the Earth's atmosphere. Also includes manufacturing, maintenance, and
repair of aircraft. For specific topics in aeronautics see categories 02 through 09. For
information related to space vehicles see 12 Astronautics.

02 Aerodynamics NoAo
Includes aerodynamics of flight vehicles, test bodies, airframe components and
combinations, wings, and control surfaces. Also includes aerodynamics of rotors, stators,
fans and other elements of turbomachinery. For related information, see also 34 Fluid
Mechanics and Heat Transfer.

O3 Air Transportation and Safety 2

Includes passenger and cargo air transport operations; aircraft ground operations; flight
safety and hazards; and aircraft accidents. Systems and hardware specific to ground
operations of aircraft and to airport construction are covered in 09 Research and Support
Facilities (Air). Air traffic control is covered in 04 Aircraft Communications and Navigation.
For related information see also 16 Space Transportation and Safety; and 85 Technology
Utilization and Surface Transportation.

04 Aircraft Communications and Navigation NoA.

Includes all modes of communication with and between aircraft; air navigation systems
(satellite and ground based); and air traffic control. For related information see also 06
Avionics and Aircraft Instrumentation; 17 Space Communications; Spacecraft
Communications, Command and Tracking, and 32 Communications and Radar.

05 Aircraft Design, '_:esting and Performance 3

Includes all stages of design of aircraft and aircraft structures and systems. Also includes
aircraft testing, performance, and evaluation, and aircraft and flight simulation technology.
For related information, see also 18 Spacecraft Design, Testing and Performance and 39
Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and
Surface Transportation.

O6 Avionh;s and Aircraft Instrumentation 5

Includes all avionics systems, cockpit and cabin display devices; and flight instruments
intended for use in aircraft. For related information, see also 04 Aircraft Communications
and Navigation; 08 Aircraft Stability and Control; 19 Spacecraft Instrumentation and
Astrionics; and 35 Instrumentation and Photography.

vi
07 Aircraft Propulsion and Power 5
Includes prime propulsion systems and systems components, e.g., gas turbine engines and
compressors; and onboard auxiliary power plants for aircraft. For related information see
also 20 Spacecraft Propulsion and Power, 28 Propellants and Fuels, and 44 Energy
Production and Conversion.

08 Aircraft Stability and Control NoAo

Includes flight dynamics, aircraft handling qualities; piloting; flight controls; and autopilots.
For related information, see also 05 Aircraft Design, Testing and Performance and 06
Avionics and Aircraft Instrumentation.

09 Research and Support Facilities (Air) 6

Includes airports, runways, hangars, and aircraft repair and overhaul facilities; wind tunnels,
water tunnels, and shock tubes; flight simulators; and aircraft engine test stands. Also
includes airport ground equipment and systems. For airport ground operations see 03 Air
Transportation and Safety. For astronautical facilities see 14 Ground Support Systems and
Facilities (Space).

Subiect Categories of the Division B, Astronautics

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

12 AstronaL_tics (Genera0 6
Includes general research topics related to space flight and manned and unmanned space
vehicles, platforms or objects launched into, or assembled in, outer space; and related
components and equipment. Also includes manufacturing and maintenance of such vehicles
or platforms. For specific topics in astronautics see categories 13 through 20. For
extraterrestrial exploration, see 91 Lunar and Planetary Science and Exploration.

13 Astrodynamics N,A.
Includes powered and free-flight trajectories; and orbital and launching dynamics.

14 Ground Support Systems and [:acilities (Space} 7

Includes launch complexes, research and production facilities; ground support equipment,
e.g., mobile transporters; and test chambers and simulators. Also includes extraterrestrial
bases and supporting equipment. For related information see also 09 Research and Support
Facilities (Air).

15 Launch Vehicles and Launch Operations NoAo

Includes all classes of launch vehicles, launch/space vehicle systems, and boosters; and
launch operations. For related information see also 18 Spacecraft Design, Testing, and
Performance; and 20 Spacecraft Propulsion and Power.

vii
16 Space Transportation and Safety NoAo
Includes passenger and cargo space transportation, e.g., shuttle operations; and space rescue
techniques. For related information, see also 03 Air Transportation and Safety and 15 Launch
Vehicles and Launch Vehicles, and 18 Spacecraft Design, Testing and Performance. For
space suits, see 54 ManSystem Technology and Life Support.

17 Space Communicatkms, Spacecraft Communicatkms, Command

and ]°racking N_A_
Includes space systems telemetry; space communications networks; astronavigation and
guidance; and spacecraft radio blackout. For related information, see also 04 Aircraft
Communications and Navigation and 32 Communications and Radar.

18 Spacecraft Design, Testing and Performance 7

Includes satellites; space platforms; space stations; spacecraft systems and components such
as thermal and environmental controls; and spacecraft control and stability characteristics.
For life support systems, see 54 ManSystem Technology and Life Support. For related
information, see also 05 Aircraft Design, Testing and Performance, 39 Structural
Mechanics, and 16 Space Transportation and Safety.

19 Spacecraft Ir-_strumentation and Astrionics NoAo

Includes the design, manufacture, or use of devices for the purpose of measuring, detecting,
controlling, computing, recording, or processing data related to the operation of space
vehicles or platforms. For related information, see also 06 Aircraft Instrumentation and
Avionics; For spaceborne instruments not integral to the vehicle itself see 35 Instrumentation
and Photography; For spaceborne telescopes and other astronomical instruments see 89
Astronomy, Instrumentation and Photography; For spaceborne telescopes and other
astronomical instruments see 89 Astronomy.

20 Spacecraft Propulsion and Power 8

Includes main propulsion systems and components, e.g., rocket engines; and spacecraft
auxiliary power sources. For related information, see also 07Aircraft Propulsion and Power;
28 Propellants and Fuels; 15 Launch Vehicles and Launch Operations; and 44 Energy
Production and Conversion.

Subject Categories of the Division C. Chemistry and

Materials

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

23 Chemistry and Materials (Genera0 12

Includes general research topics related to the composition, properties, structure, and use of
chemical compounds and materials as they relate to aircraft, launch vehicles, and spacecraft.
For specific topics in chemistry and materials see categories 24 through 29. For
astrochemistry see category 90 Astrophysics.

viii
24 Composite MateriNs 12
Includes physical, chemical, and mechanical properties of laminates and other composite
materials.

25 Inorganic, Organic, and Physical Chemistry 13

Includes the analysis, synthesis, and use inorganic and organic compounds; combustion
theory; electrochemistry; and photochemistry. For related information see also 34 Fluid
Dynamics and Thermodynamics, For astrochemistry see category 90 Astrophysics.

26 MetNs and MetalJic Materials N_A.

Includes physical, chemical, and mechanical properties of metals and metallic materials; and
metallurgy.

27 NonmetalJic Materials N_Ao

Includes physical, chemical, and mechanical properties of plastics, elastomers, lubricants,

polymers, textiles, adhesives, and ceramic materials. For composite materials see 24
Composite Materials.

28 PropelJants and Fuels NoAo

Includes rocket propellants, igniters and oxidizers; their storage and handling procedures;
and aircraft fuels. For nuclear fuels see 73 Nuclear Physics. For related information see also
07 Aircraft Propulsion and Power, 20 Spacecraft Propulsion and Power, and 44 Energy
Production and Conversion.

29 Space Processing NoAo

Includes space-based development of materials, compounds, and processes for research or

commercial application. Also includes the development of materials and compounds in
simulated reduced-gravity environments. For legal aspects of space commercialization see
84 Law, Political Science and Space Policy.

Subject Categories of the Division D. Engineering

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

31 Engineering (GenerN) 13

Includes general research topics to engineering and applied physics, and particular areas of
vacuum technology, industrial engineering, cryogenics, and fire prevention. For specific
topics in engineering see categories 32 through 39.

ix
32 Commt:_nications and Radar 15

Includes radar; radio, wire, and optical communications; land and global communications;
communications theory. For related information see also 04 Aircraft Communications and
Navigation; and 17 Space Communications, Spacecraft Communications, Command and
Tracking; for search and rescue see 03 Air Transportation and Safety, and 16 Space
Transportation and Safety.

33 Electronics and EJectrical Engineering 15

Includes development, performance, and maintainability of electrical/electronic devices and

components; related test equipment, and microelectronics and integrated circuitry. For
related information see also 60 Computer Operations and Hardware; and 76 Solid-State
Physics. For communications equipment and devices see 32 Communications and Radar.

34 Fluid Mechanics and Thermodynamics NoAo

Includes fluid dynamics and kinematics and all forms of heat transfer; boundary layer flow;
hydrodynamics; hydraulics; fluidics; mass transfer and ablation cooling. For related
information see also 02 Aerodynamics.

35 instrumentation and Photography NoA.

Includes remote sensors; measuring instruments and gauges; detectors; cameras and
photographic supplies; and holography. For aerial photography see 43 Earth Resources and
Remote Sensing. For related information see also 06 Avionics and Aircraft Instrumentation;
and 19 Spacecraft Instrumentation.

36 Lasers and Masers N_Ao

Includes lasing theory, laser pumping techniques, maser amplifiers, laser materials, and the
assessment of laser and maser outputs. For cases where the application of the laser or maser
is emphasized see also the specific category where the application is treated. For related
information see also 76 Solid-State Physics.

37 Mechanical Engineering 17
Includes mechanical devices and equipment; machine elements and processes. For cases
where the application of a device or the host vehicle is emphasized see also the specific
category where the application or vehicle is treated. For robotics see 63 Cybernetics,
Artificial Intelligence, and Robotics; and 54 ManSystem Technology and Life Support.

38 QuNity AssL._rance and Reliability 18

Includes approaches to, and methods for reliability analysis and control, inspection,
maintainability, and standardization.
39 Structural Mechanics 40
Includes structural element design, analysis and testing; dynamic responses of structures;
weight analysis; fatigue and other structural properties; and mechanical and thermal stresses
in structure. For applications see 05 Aircraft Design, Testing and Performance and 18
Spacecraft Design, Testing and Performance.

Subiect Categories of the Division Eo Geosciences

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

42 Geosciences (Genera[) NoA°

Includes general research topics related to the Earth sciences, and the specific areas of
petrology, minerology, and general geology. For other specific topics in geosciences see
categories 42 through 48.

43 Earth Resources and Remote Se_:_si_:N N°Ao

Includes remote sensing of earth features, phenomena and resources by aircraft, balloon,
rocket, and spacecraft; analysis or remote sensing data and imagery; development of remote
sensing products; photogrammetry; and aerial photographs. For instrumentation see 35
Instrumentation and Photography.

44 Er_ergy Production and Conversion 41

Includes specific energy conversion systems, e.g., fuel cells; and solar, geothermal,
windpower, and waterwave conversion systems; energy storage; and traditional power
generators. For technologies related to nuclear energy production see 73 Nuclear Physics.
For related information see also 07 Aircraft Propulsion and Power; 20 Spacecraft
Propulsion and Power, and 28 Propellants and Fuels.

45 Erwironment Pollution NoAo

Includes atmospheric, water, soil, noise, and thermal pollution.

46 Geophysics NoAo
Includes earth structure and dynamics, aeronomy; upper and lower atmosphere studies;
ionospheric and magnetospheric physics; and geomagnetism. For related information see 47
Meteorology and Climatology; and 93 Space Radiation.

47 Meteorology and C[imatok:_gy NoA.

Includes weather observation forecasting and modification.

48 Oceanography NoAo
Includes the physical, chemical and biological aspects of oceans and seas; ocean dynamics,
and marine resources. For related information see also 43 Earth Resources and Remote
Sensing.

xi
Subject Categories of the Division FoLife Sciences

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

51 Life Sciences (GenerN) N°A°

Includes general research topics related to plant and animal biology (non-human); ecology;
microbiology; and also the origin, development, structure, and maintenance, of animals and
plants in space and related environmental conditions. For specific topics in life sciences see
categories 52 through 55.

52 Aerosp_ce Medicine N°A°

Includes the biological and physiological effects of atmospheric and space flight
(weightlessness, space radiation, acceleration, and altitude stress) on the human being; and
the prevention of adverse effects on those environments. For psychological and behavioral
effects of aerospace environments see 53 Behavioral Science. For the effects of space on
animals and plants see 51 Life Sciences.

53 Behavioral Sciences N,A.

Includes psychological factors; individual and group behavior; crew training and evaluation;
and psychiatric research.

54 Man/System '_echnoJogy and Life Support 42

Includes human factors engineering; bionics, man-machine, life support, space suits and
protective clothing. For related information see also 16 Space Transportation and 52
Aerospace Medicine..

55 ExoNology N,A,
Includes astrobiology; planetary biology; and extraterrestrial life. For the biological effects
of aerospace environments on humans see 52 Aerospace medicine; on animals and plants see
51 Life Sciences. For psychological and behavioral effects of aerospace environments see
53 Behavioral Science.

Subject Categories of the Division G. Mathematical

and Computer Sciences

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

59 JVlathematic_l m'_d Computer Sciences (GenerN) 43

Includes general topics and overviews related to mathematics and computer science. For
specific topics in these areas see categories 60 through 67.

xii
6O Computer Operations and Hardware 43
Includes hardware for computer graphics, firmware and data processing. For components
see 33 Electronics and Electrical Engineering. For computer vision see 63 Cybernetics,
Artificial Intelligence and Robotics.

61 Computer Programming and Software 45

Includes software engineering, computer programs, routines, algorithms, and specific
applications, e.g., CAD/CAM. For computer software applied to specific applications, see
also the associated category.

62 Computer Systems 57
Includes computer networks and distributed processing systems. For information systems
see 82 Documentation and Information Science. For computer systems applied to specific
applications, see the associated category.

63 Cybernetics, Art#iciN Intelligence and Robotics 59

Includes feedback and control theory, information theory, machine learning, and expert
systems. For related information see also 54 ManSystem Technology and Life Support.

64 NumerieN Analysis 63
Includes iteration, differential and difference equations, and numerical approximation.

65 Statistics and Probability 65

Includes data sampling and smoothing; Monte Carlo method; time series and analysis; and
stochastic processes.

66 Systems Anab/sis and Operations Research 69

Includes mathematical modeling of systems; network analysis; mathematical programming;
decision theory; and game theory.

67 1FheoreticaJ Mathematics N°Ao

Includes algebra, functional analysis, geometry, topology set theory, group theory and and
number theory.

Subject Categories of the Division H, Physics

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

7O Physics (General) N oAo

Includes general research topics related to mechanics, kinetics, magnetism, and
electrodynamics. For specific areas of physics see categories 71 through 77. For related
instrumentation see 35 Instrumentation and Photography; for geophysics, astrophysics or
solar physics see 46 Geophysics, 90 Astrophysics, or 92 Solar Physics.

xiii
71 AcoL._stics NoAo

Includes sound generation, transmission, and attenuation. For noise pollution see 45
Environment Pollution. For aircraft noise see also 02 Aerodynamics and 07 Aircraft
Propulsion Propulsion and Power.

72 Atomic and IVJolecL_Jar Physics 72

Includes atomic and molecular structure, electron properties, and atomic and molecular
spectra. For elementary particle physics see 73 Nuclear Physics.

73 Nuclear Physics 72

Includes nuclear particles; and reactor theory. For space radiation see 93 Space Radiation.
For atomic and molecular physics see 72 Atomic and Molecular Physics. For elementary
particle physics see 77 Physics of Elementary Particles and Fields. For nuclear astrophysics
see 90 Astrophysics.

74 Optics NoAo

Includes light phenomena and the theory of optical devices. For lasers see 36 Lasers and
Masers.

75 Plasma Physics NoAo

Includes magnetohydrodynamics and plasma fusion. For ionospheric plasmas see 46

Geophysics. For space plasmas see 90 Astrophysics.

76 Solk:FSt_r_e Physics NoA.

Includes condensed matter physics, crystallography, and superconductivity. For related

information see also 33 Electronics and Electrical Engineering and 36 Lasers and Masers.

77 Physics of Elementary ParticJes and Fiekts NoAo

Includes quantum mechanics; theoretical physics; and statistical mechanics. For related
information see also 72 Atomic and Molecular Physics, 73 Nuclear Physics, and 25
Inorganic, Organic and Physical Chemistry.

Subiect Categories of the Division l, Social and

Information Sciences

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

80 SociN and Information Sciences (GenerN) NoAo

Includes general research topics related to sociology; educational programs and curricula.

81 Administr_{#:ion _md M_{magement 73

Includes management planning and research.

xiv
82 DocL._mentation and information Science NoAo

Includes information management; information storage and retrieval technology; technical

writing; graphic arts; and micrography. For computer documentation see 61 Computer
Programming and Software.

83 Economics and Cost AnaJysis N_A_

Includes cost effectiveness studies.

84 Law, PoliticaJ Science and Space Policy NoAo

Includes: aviation law; space law and policy; international law; international cooperation;
and patent policy.

85 T__chnology UtiJization and Surface Transportation NoAo

Includes aerospace technology transfer; urban technology; surface and mass transportation.
For related information see 03 Air Transportation and Safety, 16 Space Transportation and
Safety, and 44 Energy Production and Conversion. For specific technology transfer
applications see also the category where the subject is treated.

Subject Categories of the Division do Space Sciences

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

88 Space Sciences (Genera0 NoAo

Includes general research topics related to the natural space sciences. For specific topics in
Space Sciences see categories 89 through 93.

89 Astronomy 73

Includes observations of celestial bodies, astronomical instruments and techniques; radio,

gamma-ray, x-ray, ultraviolet, and infrared astronomy; and astrometry.

90 Astrophysics NoAo

Includes cosmology; celestial mechanics; space plasmas; and interstellar and interplanetary
gases and dust.

91 Lunar and Planetary Science and ExNoratior_ NoAo

Includes planetology; selenology; meteorites; comets; and manned and unmanned planetary
and lunar flights. For spacecraft design or space stations see 18 Spacecraft Design, Testing
and Performance.

92 Solar Physics NoAo

Includes solar activity, solar flares, solar radiation and sunspots. For related information see
93 Space Radiation.

xv
93 Sp_ce R_di_tion NoAo
Includes cosmic radiation; and inner and outer Earth radiation belts. For biological effects
of radiation on plants and animals see 52 Aerospace Medicine. For theory see 73 Nuclear
Physics.

Subiect Categories of the Division K. Generam

Select a category to view the collection of records cited. N.A. means no abstracts in that category.

99 GeneraJ 74

Includes aeronautical, astronautical, and space science related histories, biographies, and
pertinent reports too broad for categorization; histories or broad overviews of NASA
programs such as Apollo, Gemini, and Mercury spacecraft, Earth Resources Technology
Satellite (ERTS), and Skylab; NASA appropriations hearings.

xvi
Document Availability Information
The mission of the NASA Scientific and Technical (STI) Program Office is to quickly, efficiently,
and cost-effectively provide the NASA community with desktop access to STI produced by NASA
and the world's aerospace industry and academia. In addition, we will provide the aerospace
industry, academia, and the taxpayer access to the intellectual scientific and technical output and
achievements of NASA.

Eligibility and Registration for NASA STI Products and Services

The NASA STI Program offers a wide variety of products and services to achieve its mission. Your
affiliation with NASA determines the level and type of services provided by the NASA STI
Program. To assure that appropriate level of services are provided, NASA STI users are requested to
register at the NASA Center for AeroSpace Information (CASI). Please contact NASA CASI in one
of the following ways:

E-mail: help @ sti.nasa.gov

Fax: 301-621-0134
Phone: 301-621-0390
Mail: ATTN: Registration Services
NASA Center for AeroSpace Information
7121 Standard Drive
Hanover, MD 21076-1320

Limited Reproducibility

In the database citations, a note of limited reproducibility appears if there are factors affecting the
reproducibility of more than 20 percent of the document. These factors include faint or broken type,
color photographs, black and white photographs, foldouts, dot matrix print, or some other factor that
limits the reproducibility of the document. This notation also appears on the microfiche header.

NASA Patents and Patent Applications

Patents owned by NASA are announced in the STI Database. Printed copies of patents (which are not
microfiched) are available for purchase from the U.S. Patent and Trademark Office.

When ordering patents, the U.S. Patent Number should be used, and payment must be remitted in
advance, by money order or check payable to the Commissioner of Patents and Trademarks. Prepaid
purchase coupons for ordering are also available from the U.S. Patent and Trademark Office.

Patents and patent applications owned by NASA are available for licensing. Requests for licensing
terms and further information should be addressed to:

xvii
 National Aeronautics and Space Administration
Associate General Counsel for Intellectual Property
Code GP
Washington, DC 20546-0001

Sources for Documents

One or more sources from which a document announced in the STI Database is available to the

public is ordinarily given on the last line of the citation. The most commonly indicated sources and
their acronyms or abbreviations are listed below, with an Addresses of Organizations list near the
back of this section. If the publication is available from a source other than those listed, the publisher
and his address will be displayed on the availability line or in combination with the corporate source.

Avail: NASA CASI. Sold by the NASA Center for AeroSpace Information. Prices for hard copy
(HC) and microfiche (MF) are indicated by a price code following the letters HC or MF in
the citation. Current values are given in the NASA CASI Price Code Table near the end of
this section.

Note on Ordering Documents: When ordering publications from NASA CASI, use the document ID number
or other report number. It is also advisable to cite the title and other bibliographic identification.

Avail: SOD (or GPO). Sold by the Superintendent of Documents, U.S. Government Printing
Office, in hard copy.

Avail: BLL (formerly NLL): British Library Lending Division, Boston Spa, Wetherby, Yorkshire,
England. Photocopies available from this organization at the price shown. (If none is given,
inquiry should be addressed to the BLL.)

Avail: DOE Depository Libraries. Organizations in U.S. cities and abroad that maintain
collections of Department of Energy reports, usually in microfiche form, are listed in
Energy Research Abstracts. Services available from the DOE and its depositories are
described in a booklet, DOE Technical Information Center--Its Functions and Services
(TID-4660), which may be obtained without charge from the DOE Technical Information
Center.

Avail: ESDU. Pricing information on specific data, computer programs, and details on ESDU
International topic categories can be obtained from ESDU International.

Avail: Fachinformationszentrum Karlsruhe. Gesellschaft ftir wissenschaftlich-technische

Information mbH 76344 Eggenstein-Leopoldshafen, Germany.

Avail: HMSO. Publications of Her Majesty's Stationery Office are sold in the U.S. by Pendragon
House, Inc. (PHI), Redwood City, CA. The U.S. price (including a service and mailing
charge) is given, or a conversion table may be obtained from PHI.

Avail: Issuing Activity, or Corporate Author, or no indication of availability. Inquiries as to the

availability of these documents should be addressed to the organization shown in the
citation as the corporate author of the document.

xviii
Avail: NASA PublicDocumentRooms.Documentssoindicatedmaybeexaminedator purchased
from the National Aeronauticsand SpaceAdministration(JBD-4), Public Documents
Room(Room1H23),Washington,DC 20546-0001,or public documentroomslocatedat
NASA installations,andtheNASA Pasadena Office at theJetPropulsionLaboratory.
Avail: NTIS. Soldby theNationalTechnicalInformationService.Initially distributedmicrofiche
underthe NTIS SRIM (SelectedResearchin Microfiche) areavailable.For information
concerningthis service,consultthe NTIS SubscriptionSection,Springfield,VA 22161.
Avail: Univ. Microfilms. Documentsso indicatedare dissertationsselectedfrom Dissertation
Abstractsandaresoldby UniversityMicrofilms asxerographiccopy(HC) andmicrofilm.
All requestsshouldcite the authorandthe OrderNumberasthey appearin thecitation.
Avail: US PatentandTrademarkOffice. Soldby Commissionerof PatentsandTrademarks,U.S.
PatentandTrademarkOffice, atthe standardprice of $1.50each,postagefree.
Avail: (US SalesOnly). Theseforeign documentsareavailableto userswithin theUnited States
from the National TechnicalInformation Service(NTIS). They are availableto users
outsidethe United Statesthrough the InternationalNuclearInformation Service(IN1S)
representativein their country,or by applyingdirectly to the issuingorganization.
Avail: USGS.Originalsof manyreportsfrom the U.S. GeologicalSurvey,which may contain
color illustrations,or otherwisemay not havethe quality of illustrationspreservedin the
microfiche or facsimilereproduction,maybeexaminedby thepublicat thelibrariesof the
USGSfield officeswhoseaddresses arelistedon theAddressesof Organizations page.The
librariesmaybequeriedconcerningtheavailabilityof specificdocumentsandthepossible
utilization of local copyingservices,suchascolor reproduction.

xix
 Addresses of Organizations

British Library Lending Division National Technical Information Service

Boston Spa, Wetherby, Yorkshire 5285 Port Royal Road
England Springfield, VA 22161

Commissioner of Patents and Trademarks Pendragon House, Inc.

U.S. Patent and Trademark Office 899 Broadway Avenue
Washington, DC 20231 Redwood City, CA 94063

Department of Energy Superintendent of Documents

Technical Information Center U.S. Government Printing Office
EO. Box 62 Washington, DC 20402
Oak Ridge, TN 37830
University Microfilms
European Space Agency A Xerox Company
Information Retrieval Service ESRIN 300 North Zeeb Road
Via Galileo Galilei Ann Arbor, MI 48106
00044 Frascati (Rome) Italy
University Microfilms, Ltd.
ESDU International Tylers Green
27 Corsham Street London, England
London
N1 6UA U.S. Geological Survey Library National Center
England MS 95O
12201 Sunrise Valley Drive
Fachinformationszentrum Karlsruhe Reston, VA 22092
Gesellschaft fur wissenschaftlich technische
Information mbH U.S. Geological Survey Library
76344 Eggenstein Leopoldshafen, Germany 2255 North Gemini Drive
Flagstaff, AZ 86001
Her Majesty's Stationery Office
EO. Box 569, S.E. 1 U.S. Geological Survey
London, England 345 Middlefield Road
Menlo Park, CA 94025
NASA Center for AeroSpace Information
7121 S tandard Drive U.S. Geological Survey Library
Hanover, MD 21076-1320 Box 25046
Denver Federal Center, MS914
(NASA STI Lead Center) Denver, CO 80225
National Aeronautics and Space Administration
Scientific and Technical Information Program Office
Langley Research Center MS 157
Hampton, VA 23681

XX
 NASA CASI Price Tables -- Effective January 1, 2000

.......................................................................... :: ::;.::;:;::
;:?- ;:;:;::
;:;:;:;..=====================================================================
A0i $9i50 $9i50 :_i9i00
A02 ',_13i50 _;14i50 ',_29i00
A03 ',_24i50 __27i50 ',_55i00 iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii_ii_S_iii__iii_iii_
_iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
A04 ',_27i00 _;30i50 ',_6Ii00
A05 ',128i50 _;32i50 ',165i00
A06 ',;31i00 _;35i50 ',_71i00
A07 ',_34i50 _;39i50 ',_79i00
A08 ',;37i50 _;43i00 ',;86i00
A09 :_42i50 _;49i00 :O8i00
AI0 ',_45i50 _;53i00 _'d06i00
_48i50 _;56i50 _;113i00
A12 ',;52i50 _;61i00 _;I22i00
A!3 ',155i50 _;65i00 _;130i00
AI4 :_57i50 _;67i00 _;134i00
A!5 :;59i50 _;69i50 _;139i00
A!6 :_6!i50 _i72i00 _;144i00 iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii_ii_iiii_iiii_6ii_iS_iiii_iii__iIiiiiiiiiiiiiiii
A17 ',;63i50 _;74i50 _:I49i00
A18 ',;67i00 _;78i50 _i!57i00
A!9 ',_69i00 _;8!i00 _;162i00
A20 ',;7_i00 __83i50 _1!67i00
A2I ',;73i00 __86i00 _;I72i00
A22 ',;78i50 _;92i50 _1!85i00
A23 ',;80i50 __95i00 _1!90i00
A24 ',;82i50 __97i00 _;I94i00
A25 ',;84i50 __99i50 _1!99i00
A99 C o_tactNASACASI _$_ii_iii_t!_iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii

....Eiii01i_iiiiiiiiiiiiiii 002,50
iiiii _i_i¸ _i_iii¸_ iiiiiiiiiiiiiii$!2L00
i_i_i_ 242,00
ii_iii̧¸ iiiiiiiiiiiii_ ii_!_
i ii_ii¸¸ iiiiiiiiiiiiiiiiiii
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: :_:::::::::::::::::::::::::::::
: =====================================================
==================================================================
__________________________________________________
........
E02 ..........................
d!!,00 ..............................
$!31,50 ............................
263,00 .......................................
........
E03 ...........................
d20,50 ..............................
$!43,00 ............................
286,00 .......................................
........
E04 ...........................
!30,00 .............................
$!54,00 ............................ ...............................................................................
308,00 ....................................... _i$_iii$_iii_i$iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
........
E05 ..........................
d39,50 .............................
$165,50 ............................ ..............................................................................
33!,00 ....................................... i_i_ii_iiii_iiii__iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
........
E06
i ...........................
!148,00
i ............................
$176,00 ............................
;352,00 .......................................

........
E07 ..........................
d57,50 ..............................
$!87,00 ............................
374,00 .......................................
........
E08 ...........................
i!167,00i ............................
$198,50 ............................
;397,00 .......................................

........
E09 ..........................
d75,50 .............................
$209,00 ............................
418,00 .......................................
........
El0 ...........................
i!185,00 ............................
$220,00 ............................
440,00 .......................................
........
El! ...........................
d94,50 .............................
$23L50 ............................
463,00 .......................................
........
E!2 ..........................
_202,50 ..............................
$241,00 ............................
482,00 .......................................
........
E!3 ............................
212,00 .............................
$252,50 ............................
505,00 .......................................
........
E!4 ..........................
_22!,50 ..............................
$264,00 ............................ ...............................................................................
528,00 ....................................... _i$i_ii$iii_iiii_iiSiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
........
E15 ...........................
!231,00
i ............................
$275,50 ............................
;55L00 .......................................

........
E16 ..........................
_239,50 .............................
$285,50 ............................
57!,00 .......................................
........
E!7 ...........................
249,00 .............................
$297,00 ............................
594,00 .......................................
........
El8 ..........................
,258,50 .............................
$308,50 ............................
617,00 .......................................
........
E19 ...........................
i!267,00i ............................
$318,50 ............................
;637,00 .......................................

........
E20 ..........................
_276,50 .............................
$330,00 ............................
660,00 .......................................
........
E2! ............................
!286,00 ............................
$34L50 ............................ ..............................................................................
683,00 ....................................... i_i_i_iii_i_iiii_iiiSiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
........
E22 ..........................
_294,50 ..............................
$351,50 ............................
703,00 .......................................
........
E23 ............................
[304,00 .............................
$363,00 ............................
;726,00 .......................................

........
E24 ..........................
;313,50 .............................
$374,50 ............................
749,00 .......................................
E99 F __ Fi __ Fre e

xxi
Federal Depository Library Program

In order to provide the general public with greater access to U.S. Government publications, Congress
established the Federal Depository Library Program under the Government Printing Office (GPO),
with 53 regional depositories responsible for permanent retention of material, inter-library loan, and
reference services. At least one copy of nearly every NASA and NASA-sponsored publication,
either in printed or microfiche format, is received and retained by the 53 regional depositories. A list
of the Federal Regional Depository Libraries, arranged alphabetically by state, appears at the very
end of this section. These libraries are not sales outlets. A local library can contact a regional
depository to help locate specific reports, or direct contact may be made by an individual.

Public Collection of NASA Documents

An extensive collection of NASA and NASA-sponsored publications is maintained by the British

Library Lending Division, Boston Spa, Wetherby, Yorkshire, England for public access. The British
Library Lending Division also has available many of the non-NASA publications cited in the STI
Database. European requesters may purchase facsimile copy or microfiche of NASA and
NASA-sponsored documents FIZ-Fachinformation Karlsruhe-Bibliographic Service, D-76344
Eggenstein-Leopoldshafen, Germany and TIB-Technische Informationsbibliothek, RO. Box
60 80, D-30080 Hannover, Germany.

Submitting Documents

All users of this abstract service are urged to forward reports to be considered for announcement in
the STI Database. This will aid NASA in its efforts to provide the fullest possible coverage of all
scientific and technical publications that might support aeronautics and space research and
development. If you have prepared relevant reports (other than those you will transmit to NASA,
DOD, or DOE through the usual contract- or grant-reporting channels), please send them for
consideration to:
ATTN: Acquisitions Specialist
NASA Center for AeroSpace Information
7121 Standard Drive
Hanover, MD 21076-1320.

Reprints of journal articles, book chapters, and conference papers are also welcome.

You may specify a particular source to be included in a report announcement if you wish; otherwise
the report will be placed on a public sale at the NASA Center for AeroSpace Information.
Copyrighted publications will be announced but not distributed or sold.

xxii
 Federal Regional Depository Libraries

ALABAMA INDIANA MISSOURI OKLAHOMA STATE UNIV.

AUBURN UNIV. AT MONTGOMERY INDIANA STATE LIBRARY UNIV. OF MISSOURI - COLUMBIA Edmon Low Library
LIBRARY Serials/Documents Section 106B Ellis Library Stillwater, OK 74078-0375
Documents Dept. 140 North Senate Avenue Govt. Documents Sect. (405) 744-6546 Fax: (405) 744-5183
7300 University Dr. Indianapolis, IN 46204-2296 Columbia, MO 65201-5149
OREGON
Montgomery, AL 36117-3596 (317) 232-3679 Fax: (317) 232-3728 (314) 882-6733 Fax: (314) 882-8044
PORTLAND STATE UNIV.
(205) 244-3650 Fax: (205) 244-0678
IOWA MONTANA Branferd P Millar Library
UNIV. OF ALABAMA 934 Southwest Harrison
UNIV. OF IOWA LIBRARIES UNIV. OF MONTANA
Amelia Gayle Gorgas Library Govt. Publications Mansfield Library Portland, OR 97207-1151
Govt. Documents Documents Division (503) 725-4123 Fax: (503) 725-4524
Washington & Madison Streets
P.O. Box 870266 Missoula, MT 59812-1195
Iowa City, IA 52242-1166
Tuscaloosa, AL 35487-0266 PENNSYLVANIA
(319) 335-5926 Fax: (319) 335-5900 (406) 243-6700 Fax: (406) 243-2060
(205) 348-6046 Fax: (205) 348-0760 STATE LIBRARY OF PENN.

KANSAS NEBRASKA Govt Publications Section

ARIZONA UNIV. OF NEBRASKA - LINCOLN 116 Walnut & Commonwealth Ave
UNIV. OF KANSAS
DEPT. OF LIBRARY, ARCHIVES, D.L. Love Memorial Library Harrisburg, PA 17105-1601
AND PUBLIC RECORDS Govt. Documents & Maps Library
6001 Malott Hall Lincoln, NE 68588-0410 (717) 787-3752 Fax: (717) 783-2070
Research Division
Lawrence, KS 66045-2800 (402) 472-2562 Fax: (402) 472-5131
Third Floor, State Capitol SOUTH CAROLINA
1700 West Washington (913) 864-4660 Fax: (913) 864-3855 NEVADA CLEMSON UNIV.
Phoenix, AZ 85007 THE UNIV. OF NEVADA Robert Muldrew Cooper Library
KENTUCKY LIBRARIES Public Documents Unit
(602) 542-3701 Fax: (602) 542-4400
UNIV. OF KENTUCKY Business and Govt. Information PO Box 343001
ARKANSAS King Library South Center Clemsen, SC 29634-3001
ARKANSAS STATE LIBRARY Govt. Publications/Maps Dept.
Reno, NV 89557-0044 (803) 656-5174 Fax: (803) 656-3025
State Library Service Section Patterson Drive
(702) 784-6579 Fax: (702) 784-1751
Documents Service Section Lexington, KY 40506-0039 UNIV. OF SOUTH CAROLINA
One Capitol Mall (606) 257-3139 Fax: (606) 257-3139 NEW JERSEY Thomas Cooper Library
Little Rock, AR 72201-1014 NEWARK PUBLIC LIBRARY Green and Sumter Streets
LOUISIANA Science Div. - Public Access Columbia, SC 29208
(501) 682-2053 Fax: (501) 682-1529
LOUISIANA STATE UNIV. P.O. Box 630 (803) 777-4841 Fax: (803) 777-9503
CALIFORNIA Middleton Library
Five Washington Street
CALIFORNIA STATE LIBRARY Govt. Documents Dept. Newark, NJ 07101-7812 TENNESSEE
Govt. Publications Section Baton Rouge, LA 70803-3312 UNIV. OF MEMPHIS LIBRARIES
(201) 733-7782 Fax: (201) 733-5648
P.O. Box 942837 - 914 Capitol Mall (504) 388-2570 Fax: (504) 388-6992 Govt Publications Dept
Sacramento, CA 94337-0091 NEW MEXICO Memphis, TN 38152-0001
LOUISIANA TECHNICAL UNIV.
(916) 654-0069 Fax: (916) 654-0241 UNIV. OF NEW MEXICO (901) 678-2206 Fax: (901) 678-2511
Prescott Memorial Library General Library
COLORADO Govt. Documents Dept. Govt. Information Dept.
TEXAS
UNIV. OF COLORADO - BOULDER Ruston, LA 71272-0046 TEXAS STATE LIBRARY
Albuquerque, NM 87131-1466
Libraries - Govt. Publications (318) 257-4962 Fax: (318) 257-2447 United States Documents
(505) 277-5441 Fax: (505) 277-6019
Campus Box 184 PO Box 12927- 1201 Brazes
Boulder, CO 80309-0184 MAINE NEW MEXICO STATE LIBRARY Austin, TX 78701-0001
(303) 492-8834 Fax: (303) 492-1881 UNIV. OF MAINE 325 Don Gaspar Avenue (512) 463-5455 Fax: (512) 463-5436
Raymond H. Fogler Library Santa Fe, NM 87503
DENVER PUBLIC LIBRARY Govt. Documents Dept. (505) 827-3824 Fax: (505) 827-3888 TEXAS TECH. UNIV. LIBRARIES
Govt. Publications Dept. BSG Orono, M E 04469-5729 Documents Dept
1357 Broadway (207) 581-1673 Fax: (207) 581-1653
NEW YORK Lubbock, TX 79409-0002
Denver, CO 80203-2165 NEW YORK STATE LIBRARY (806) 742-2282 Fax: (806) 742-1920
MARYLAND Cultural Education Center
(303) 640-8846 Fax: (303) 640-8817
UNIV. OF MARYLAND - COLLEGE PARK Documents/Gift & Exchange Section UTAH
CONNECTICUT McKeldin Library Empire State Plaza UTAH STATE UNIV.
CONNECTICUT STATE LIBRARY Albany, NY 12230-0001 Merrill Library Documents Dept
Govt. Documents/Maps Unit
231 Capitol Avenue (518) 474-5355 Fax: (518) 474-5786 Logan, UT 84322-3000
College Park, MD 20742
Hartford, CT 06106 (801) 797-2678 Fax: (801) 797-2677
(301) 405-9165 Fax: (301) 314-9416
(203) 566-4971 Fax: (203) 566-3322 NORTH CAROLINA
UNIV. OF NORTH CAROLINA - VIRGINIA
FLORIDA MASSACHUSE'FI-S
CHAPEL HILL UNIV. OF VIRGINIA
BOSTON PUBLIC LIBRARY
UNIV. OF FLORIDA LIBRARIES Walter Royal Davis Library Alderman Library
Govt. Documents
Documents Dept. CB 3912, Reference Dept. Govt Documents
666 Boylston Street
240 Library West Chapel Hill, NO 27514-8890 University Ave & McCormick Rd
Boston, MA 02117-0286
Gainesville, FL 32611-2048 (919) 962-1151 Fax: (919) 962-4451 Charlottesville, VA 22903-2498
(617) 536-5400, ext. 226
(904) 392-0366 Fax: (904) 392-7251 (804) 824-3133 Fax: (804) 924-4337
Fax: (617) 536-7758 NORTH DAKOTA
GEORGIA NORTH DAKOTA STATE UNIV. LIB. WASHINGTON
UNIV. OF GEORGIA LIBRARIES MICHIGAN Documents WASHINGTON STATE LIBRARY
DETROIT PUBLIC LIBRARY P.O. Box 5599
Govt. Documents Dept. Govt Publications
5201 Woodward Avenue
Jackson Street Fargo, N D 58105-5599 PO Box 42478
Athens, GA 30602-1645 Detroit, MI 48202-4093
(701) 237-8886 Fax: (701) 237-7138 16th and Water Streets
(313) 833-1025 Fax: (313) 833-0156
(706) 542-8949 Fax: (706) 542-4144 Olympia, WA 98504-2478
UNIV. OF NORTH DAKOTA
LIBRARY OF MICHIGAN (206) 753-4027 Fax: (206) 586-7575
HAWAII Chester Fritz Library
Govt. Documents Unit
UNIV. OF HAWAII
P.O. Box 30007
University Station WEST VIRGINIA
Hamilton Library P.O. Box 9000 - Centennial and WEST VIRGINIA UNIV. LIBRARY
Govt. Documents Collection 717 West Allegan Street University Avenue Govt Documents Section
2550 The Mall Lansing, MI 48909 Grand Forks, ND 58202-9000 PO Box 6069 - 1549 University Ave
Honolulu, HI 96822 (517) 373-1300 Fax: (517) 373-3381 (701) 777-4632 Fax: (701) 777-3319 Mergantewn, WV 26506-6069
(808) 948-8230 Fax: (808) 956-5968 (304) 293-3051 Fax: (304) 293-6638
MINNESOTA OHIO
IDAHO UNIV. OF MINNESOTA STATE LIBRARY OF OHIO WISCONSIN
UNIV. OF IDAHO LIBRARY Govt. Publications Documents Dept. ST. HIST. SOC. OF WISCONSIN
Documents Section 409 Wilson Library 65 South Front Street LIBRARY
Rayburn Street 309 19th Avenue South Columbus, OH 43215-4163 Govt. Publication Section
Moscow, I D 83844-2353 Minneapolis, MN 55455 (614) 644-7051 Fax: (614) 752-9178 816 State Street
(208) 885-6344 Fax: (208) 885-6817 (612) 624-5073 Fax: (612) 626-9353 Madison, Wl 53706
OKLAHOMA
(608) 264-6525 Fax: (608) 264-6520
ILLINOIS MISSISSIPPI OKLAHOMA DEPT. OF LIBRARIES
ILLINOIS STATE LIBRARY UNIV. OF MISSISSIPPI U.S. Govt. Information Division MILWAUKEE PUBLIC LIBRARY
Federal Documents Dept. J.D. Williams Library 200 Northeast 18th Street Documents Division
300 South Second Street 106 Old Gym Bldg. Oklahoma City, OK 73105-3298 814 West Wisconsin Avenue
Springfield, IL 62701-1796 University, MS 38677 (405) 521-2502, ext. 253 Milwaukee, Wl 53233
(217) 782-7596 Fax: (217) 782-6437 (601) 232-5857 Fax: (601) 232-7465 Fax: (405) 525-7804 (414) 286-3073 Fax: (414) 286-8074

xxiii
 Typical Report Citation and Abstract

0 1997_)0_)11_26 NASA Langley Research Center, Hampton, VA USA

O Water "l_mne| Flow Vis_alizathm Study Thr_gh Pos_stz]! (ff 12 Nove_ P_anform Shapes
Gatlin, Gregory M., NASA Langley Research Center, USA Neuhart, Dan H., Lockheed Engineering and Sciences Co., USA;
O Mar. 1996; 130p; In English
O Contract(s)/Grant(s): RTOP 505-68-70-04
19 Report No(s): NASA-TM-4663; NAS 1.15:4663; L-17418; No Copyright; Avail: CASI; A07, Hardcopy; A02, Microfiche
O To determine the flow field characteristics of 12 planform geometries, a flow visualization investigation was conducted
in the Langley 16- by 24-Inch Water Tunnel. Concepts studied included flat plate representations of diamond wings, twin
bodies, double wings, cutout wing configurations, and serrated forebodies. The off-surface flow patterns were identified by
injecting colored dyes from the model surface into the free-stream flow. These dyes generally were injected so that the local-
ized vortical flow patterns were visualized. Photographs were obtained for angles of attack ranging from 10' to 50', and all
investigations were conducted at a test section speed of 0.25 ft per sec. Results from the investigation indicate that the forma-
tion of strong vortices on highly swept forebodies can improve poststall lift characteristics; however, the asymmetric bursting
of these vortices could produce substantial control problems. A wing cutout was found to significantly alter the position of
the forebody vortex on the wing by shifting the vortex inboard. Serrated forebodies were found to effectively generate multi-
ple vortices over the configuration. Vortices from 65' swept forebody serrations tended to roll together, while vortices from
40' swept serrations were more effective in generating additional lift caused by their more independent nature.
t9 Author
19 Water Tunnel Tests; Flow Visualization; Flow Distribution; Free Flow; Planforms; Wing Profiles; Aerodynamic
Configurations

Key

1. Document ID Number; Corporate Source

2. Title
3. Author(s) and Affiliation(s)
4. Publication Date
5. Contract/Grant Number(s)
6. Report Number(s); Availability and Price Codes
7. Abstract
8. Abstract Author
9. Subject Terms

xxiv
 FAULT TREE ANALYSIS
A Special Bibfiography from the NASA Scientific and Technical Information (STI) Program

JULY 2000

01
AERONAUTICS(GENERAL)

Includes general research topics related to manned and unmanned aircraft and the problems of flight within the Earth's atmosphere.
Also includes manufacturing, maintenance, and repair of aircraft. For specific topics in aeronautics see categories 02 through 09. For
information related to space vehicles see 12 Astronautics.

19850008446 McDonnell Aircraft Co., Saint Louis, MO, USA

--_vion:_c_;fau_t tree an_ys_ and artifieal i_lte_/igence fer _t_we a_reraft ma_tena_ee
Harris, M. E., McDonnell Aircraft Co., USA; Snodgrass, T. D., McDonnell Aircraft Co., USA; AGARD Design for Tactical
Avionics Maintainability; Oct 1, 1984, pp. 12 p; In English; See also N85-16731 08-01; Avail: CASI; A03, Hardcopy; A03,
Microfiche
The avionics fault tree analyzer (AFTA) was developed as an interim support tool for the Navy prior to attainment of total
organic support capability, and as an alternate method of support to reduce life cycle/cost for F/A-18 foreign military sales. With
the transformation of the AFTA concept from ground support equipment to avionics, a quantitative improvement in life cycle costs
will be obtained through the application of artificial intelligence (AT) techniques. The AI is expected to see applications to
practical problems in many disciplines; and one of which is the implementation of military fault diagnostic systems. A smart BIT
was developed which will reduce false alarms, identify intermittent failures, and improve fault isolation to the lowest possible
element by AI technique. Increasing density of computer memory, modularly designed avionic functions and the use of very large
scale, and high speed integrated devices will allow future aircraft to fly with the AFTA function. Ramifications such as eliminating
the need for intermediate avionic repair facilities, increased aircraft operational readiness, decrease in aircraft recurring costs, and
a reduction in spares investment are discussed. The AFTA concept, life cycle cost advantages, and the implementation of artificial
intelligence in future avionic designs relative to improved reliability and maintainability are summarized.
E.A.K.
Aircraft Maintenance; Artificial Intelligence; Avionics; Fault Trees

:199_ 00326 _7
Aging Army aircraft
Neri, Lewis, U.S. Army, Aviation Systems Command, Corpus, USA; Jan 1, 1990; 10p; In English; 46th; AHS, Annual Forum,
May 21-23, 1990, Washington, DC, USA; See also A91-17201; Copyright; Avail: Issuing Activity
Reliability-centered maintenance is a broadbased management and system engineering program that emphasizes a preventive
approach to maintenance. Corrosion detection and prevention are principal concerns in this program which utilizes an analytical
approach based on fault tree analysis to facilitate development of improved airframe condition evaluation/aircraft analytical
corrosion evaluation and preshop analysis. The U.S. Army Depot Engineering and Reliability Centered Maintenance Support
Office is also investigating ion implantation and plasma chemical vapor deposition techniques to determine their feasiblity for
prevention of corrosion.
AIAA
Aging (Materials); Corrosion Prevention; Military Aircraft; Military Technology; Structural Failure
 03
AIR TRANSPORTATION AND SAFETY

Includes passenger and cargo air transport operations; aircraft ground operations; flight safety and hazards; and aircraft accidents.
Systems and hardware specific to ground operations of aircraft and to airport construction are covered in 09 Research and Support
Facilities (Air). Air traffic control is covered in 04 Aircraft Communications and Navigation. For related information see also 16 Space
Transportation and Safety, and 85 Technology Utilization and Surface Transportation.

119950004035 Rolls-Royce Ltd., Industrial and Marine Gas Turbines., Coventry, West Midlands, UK
The _lppfic_ltim_ o_° aerospace sa_*._' and refi_lb_fity amllysis teehnh_ues to high speed marine tnmsport
Moore, T. C., Rolls-Royce Ltd., UK; Wilkinson, B., Rolls-Royce Ltd., UK; May 7, 1992; 14p; In English; Safety for High Speed
Passenger Craft: The Way Ahead, 7-8 May 1992, London, UK
Report No.(s): PNR-91071; Copyright; Avail: Issuing Activity (European Space Agency (ESA)), Unavall. Microfiche; Limited
Reproducibility: More than 20% of this document may be affected by microfiche quality
The application of aerospace safety and reliability techniques to high speed marine craft is discussed, taking into account
the following: why failures occur; how safety is demonstrated; what is gained from safety and reliability analyses; the techniques
used; and the cost of such analyses. It is concluded that the application of aerospace safety and reliability techniques in their
entirety to high speed marine craft would impose an unnecessary burden both in terms of the time scales, complexity of the task,
and the associated costs involved. The judicious use of Fault Tree Analysis (FTA), coupled with a Failure Mode Effect
Significance Analysis (FMESA) study at a functional rather than at a component level, can provide a cost effective means of
demonstrating objectively the safety and reliability levels of a high speed marine craft. This is of vital importance to an industry
where the individual craft design production levels are unlikely to be high when compared with the aircraft industry. The use of
PC (Personal Computer) based FMEA and FTA software could further reduce the cost, particularly the 'first time' cost.
ESA
Air Transportation; Failure Analysis; Fault Trees; Marine Transportation

19980160660
lmp/eme_tafion of a_ h_tegrated sa_°ety-program - The MI)-90 znt_skid system
Redgate, Marianne L., Douglas Aircraft Co., USA; McKelvey, Michael H., Douglas Aircraft Co., USA; Jolly, Carolyn L., Douglas
Aircraft Co., USA; 1994, pp. 52-58; In English; Copyright; Avail: Aeroplus Dispatch
At Douglas Aircraft Company (DAC), an integrated safety program is comprised of four major analyses, each of which is
intended to provide design requirements and results that satisfy DAC, FAA, and Joint Aviation Administration requirements to
maximize safety for the airplane, the flying public, and the public-at-large. These four analyses are: functional hazard analysis,
system failure mode and effects analysis, fault tree analysis, and zonal analysis. Every new or major-modified system designed
for DAC's latest airplane, the MD-90, incorporates an integrated safety program. One such system, the antiskid system, has
repeatedly used the integrated safety program as a primary design tool and is a particularly satisfying example of what DAC calls
'Design for Safety'.
Author (AIAA)
Aircraft Safety; Systems Integration; Failure Modes; Fault Trees; Aircraft Design

199g0207345
Safety assessment of aireraR mou_lted systems
Trotta, Luigi, Alenia Aerospazio, Italy; Buffardi, Riccardo, Alenia Aerospazio, Italy; Querzoli, Rodolfo, Alenia Aerospazio,
Italy; Sep. 1998; In English
Report No.(s): ICAS Paper 98-6,7,3; Copyright; Avail: Aeroplus Dispatch
This contribution highlights methodology to assess the safety aspects of military aircraft systems, a part of a fly-by-wire A/C.
The correlations between FMECA and Safety Assessment will be shown to identify all possible hazards caused by single failures.
A tool using fault tree analysis approach, to assess from a quantitative and qualitative point of view the discovered hazards,
identifies the minimal cut sets and critical items in the system configuration. Zonal hazard analysis is used to show how to identify
the hazards due to the physical location of the system components and the possible effects due to component failures,
disadvantageous operating conditions, maintenance errors, and environment induced faults. Software safety assessment is
performed to analyze and assess the safety of the software configuration items of a system and ensure that a risk classification
is allocated appropriate to the severity of hazard which could be caused by a software error. These results lead to a definition of

2
the critical areas and the possible corrective actions, providing a compliance statement for system qualification and airworthiness
requirements.
Author (AIAA)
Military Aircraft; Aircraft Safety; Fly by Wire Control; Fault Trees; Software Development Tools

_99g02_0315 Brookhaven National Lab., Upton, NY USA

()_ the safety of aircraft system,s: A case study
Martinez_Guridi, G., Brookhaven National Lab., USA; Hall, R. E., Brookhaven National Lab., USA; Fullwood, R. R.,
Brookhaven National Lab., USA; May 14, 1997; 45p; In English
Contract(s)/Grant(s): DE-AC02-76CH-00016; 95-G-039
Report No.(s): BNL-64946; DE98-002766; No Copyright; Avail: Issuing Activity (Natl Technical Information Service (NTIS)),
Hardcopy, Microfiche
An airplane is a highly engineered system incorporating control- and feedback-loops which often, and realistically, are
non-linear because the equations describing such feedback contain products of state variables, trigonometric or square-root
functions, or other types of non-linear terms. The feedback provided by the pilot (crew) of the airplane also is typically non-linear
because it has the same mathematical characteristics. An airplane is designed with systems to prevent and mitigate undesired
events. If an undesired triggering event occurs, an accident may process in different ways depending on the effectiveness of such
systems. In addition, the progression of some accidents requires that the operating crew take corrective action(s), which may
modify the configuration of some systems. The safety assessment of an aircraft system typically is carried out using ARP
(Aerospace Recommended Practice) 4761 (SAE, 1995) methods, such as Fault Tree Analysis (FTA) and Failure Mode and Effects
Analysis (FMEA). Such methods may be called static because they model an aircraft system on its nominal configuration during
a mission time, but they do not incorporate the action(s) taken by the operating crew, nor the dynamic behavior (non-linearities)
of the system (airplane) as a function of time. Probabilistic Safety Assessment (PSA), also known as Probabilistic Risk
Assessment (PRA), has been applied to highly engineered systems, such as aircraft and nuclear power plants. PSA encompasses
a wide variety of methods, including event tree analysis (ETA), FTA, and common-cause analysis, among others. PSA should not
be confused with ARP 4761's proposed PSSA (Preliminary System Safety Assessment); as its name implies, PSSA is a
preliminary assessment at the system level consisting of FTA and FMEA.
DOE
Failure Analysis; Safety Factors; Feedback Control; Aeronautics

05
AIRCRAFT DESIGN, TESTING AND PERFORMANCE

Includes all stages of design of aircraft and aircraft structures and systems. Also includes aircraft testing, performance, and
evaluation, and aircraft and flight simulation technology. For related information, see also 18 Spacecraft Design, Testing and
Performance and 39 Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and Surface
Transportation.

:19720011367 University of Southern California, Inst. of Aerospace Safety and Management., Los Angeles, CA, USA
A_a/ytieal techniques for effective ma_ntena_lee
Hall, D. S., University of Southern California, USA; Holt, E. L., University of Southern California, USA; Jan 1, 1971; 14p; In
English; 7th; Ann. Intern. Aviation Maintenance Symp., 7-9 Dec. 1971, Oklahoma City; Avail: CASI; A03, Hardcopy; A01,
Microfiche
Systems analysis techniques are applied to aircraft maintenance to achieve aviation safety. The failure mode analysis method
is discussed along with the fault tree analysis method. It is concluded: (1) The maintenance manager needs to know how to make
decisions and that these decisions affect the safety and efficiency of his operation. (2) Many of these decisions can be made in
advance when time or other pressure is not a factor. (3) Greater knowledge of the implications of a decision is available to the
individual who approaches each problem systematically. (4) Systematic and analytical decision making is within the capability
of today's maintenance activity.
CASI
Aircraft Maintenance; Aircraft Safety; Failure Analysis; Systems Analysis
19760057_60
Seeking_i_are-free
systems
Merkling,
R.E.,USAF, USA;Air University Review; Aug 1, 1976; 27, pp. July-Aug; In English; 1976, p. 41-50; Avail: Issuing
Activity
The need for developing failure-free systems for USAF aircraft is advocated, with figures relating major aircraft accidents
and costs. Fault tree analysis is described and applied to fire threat and prevention on fighter aircraft.
AIAA
Accident Prevention; Aircraft Accidents; Fail-Safe Systems; Fighter Aircraft; Fire Prevention

1989OO59099
Probabiiistie a_alysis of aircraft structure
Zielinski, Paul A., Boeing Military Airplane Co., USA; Jan 1, 1989; 6p; In English; Annual Reliability and Maintainability
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38; Copyright; Avail: Issuing Activity
Probabilistic structural mechanics (PSM) has been promoted for use in the design of products. The author presents the
practical methods for applying PSM to critical aircraft component fanlt-tree analysis. The B-1B Common Strategic Rotary
Launcher (CSRL) fault-tree analysis is used as a demonstative example of mechanical component failure probabilities calculated
using PSM. The CSRL components demonstrate how this methodology accounts for aircraft limit loads, limit load exceedances
per flight hour, material properties, and stress analysis or structural test results.
AIAA
Aircraft Structures; Failure Analysis; Fault Trees; Probability Theory; Stress Analysis; Structural Reliability

19980117945
The service reliability a_mlysis _i_r the brake _n_t _ff a certain m_del aircraft
Fu, Changan, Air Force Aero College No. 2, China; Wang, Yuanda, Air Force Aero College No. 2, China; 1995, pp. 79-82; In
English; Copyright; Avail: Aeroplus Dispatch
When aircraft of certain models land and the pilots brake, the service tire skidding and tire blowout are frequently occurring
faults, endangering the landing safety. After having investigated and analyzed such incidents, the departments concerned think
the fault is mainly caused by the improper brake operation when the aircraft lands. Using the fault tree analysis method, the paper
first discusses the causes which result in severe tire skidding and blowout when the aircraft is braked, then presents some factors
which the pilots and the ground crew should pay attention to in the actual use and maintenance work. Finally, improvements in
the structure of the decelostat are proposed.
Author (AIAA)
Service Life; Reliability Analysis; Aircraft Brakes; Aircraft Models; Fault Trees; Skidding

19980139 _ 58
Heavy transport aircraft reliability study
Chiesa, S., Torino, Politecnico, Italy; Gianotti, R, Torino, Politecnico, Italy; Maggiore, R, Torino, Politecnico, Italy; 1996, pp.
682-690; In English; Copyright; Avail: AIAA Dispatch
The analysis of safety and reliability is of primary importance during the design of a modern, large complex aircraft. On the
other other hand, the intrinsic complexity of large, multiple-redundant systems usually impose severe limitations on both the depth
and the extension of this analysis. In this work, a computer program for the reliability analysis of a generic system is presented,
underlining the advantages of a computer-based approach to the problem. The philosophy which stands behind such an approach
consists of a tailoring of well-known Failure Modes and Effect Analysis and Fault Tree Analysis techniques. The results of the
automatic analysis include symbolic evaluation of fault and functional trees, minimal-paths and minimal cut sets determination,
and sensitivity analysis.
Author (AIAA)
Transport Aircraft; Aircraft Reliability; Aircraft Design; Expert Systems; Fault Trees

4
 06
AVIONICS AND AIRCRAFT INSTRUMENTATION

Includes all stages of design of aircraft and aircraft structures and systems. Also includes aircraft testing, performance, and
evaluation, and aircraft and flight simulation technology. For related information, see also 18 Spacecraft Design, Testing and
Performance and 39 Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and Surface
Transportation.

19940034825 NASA Ames Research Center, Moffett Field, CA, USA

A quantitative a_a_ys_s (_f the Flg flight eontro_ system
Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B., Virginia Univ., USA; Patterson Hine, Ann, NASA Ames Research Center,
USA; In: AIAA Computing in Aerospace Conference, 9th, San Diego, CA, Oct. 19-21, 1993, Technical Papers. Pt. 1 (A94-11401
01-62); 1993, pp. 668-675.; In English; See also A94-11401
Contract(s)/Grant(s): NCA2-617
Report No.(s): AIAA PAPER 93-4574; Copyright; Avail: Issuing Activity
This paper presents an informal quantitative analysis of the F18 flight control system (FCS). The analysis technique combines
a coverage model with a fault tree model, to demonstrate the method's extensive capabilities, we replace the fault tree with a
digraph model of the F18 FCS, the only model available to us. The substitution shows that while digraphs have primarily been
used for qualitative analysis, they can also be used for quantitative analysis. Based on our assumptions and the particular failure
rates assigned to the F18 FCS components, we show that coverage does have a significant effect on the system's reliability and
thus it is important to include coverage in the reliability analysis.
Control Systems Design; F-18 Aircraft; Failure Modes; Fault Trees; Flight Control; Reliability Analysis

19980147707
Dynamic fault tree analysis fl_r the Digital FlyqSy-W_re Flight Contrail System
Yao, Yiping, Beijing Univ. of Aeronautics and Astronautics, China; Yang, Xiaojun, Beijing Univ. of Aeronautics and
Astronautics, China; Li, Peiqiong, Beijing Univ. of Aeronautics and Astronautics, China; 1996, pp. 479-484; In English;
Copyright; Avail: AIAA Dispatch
The Digital Fly-By-Wire (FBW) FCS is designed to a achieve high level of reliability, and frequently employs high level of
redundancy. The dynamic redundancy employed in the FBW system can realize complex fault and error diagnosis, recovery, and
reconfignration. It is very difficult to analyze the reliability of the FBW system by traditional methods, such as fault tree analysis
(FTA) or network analysis. This paper describes dynamic fanlt-tree modeling techniques for handling these difficulties and
provides a Markov chain generation modeling method for converting the dynamic fault tree to the Markov chain. The software
failure of the FBW system can also be considered in the model. An example of a quadruple FBW redundant system and a Markov
state transition chain software package is given.
Author (AIAA)
Fault Trees; Fly by Wire Control; Digital Systems; Dynamic Models

07
AIRCRAFT PROPULSION AND POWER

Includes prime propulsion systems and systems components, e.g., gas turbine engines and compressors; and onboard auxiliary
power plants for aircraft. For related information see also 20 Spacecraft Propulsion and Power, 28 Propellants and Fuels, and 44
Energy Production and Conversion.

19800072732 Science Applications, Inc., Palo Alto, CA, USA

Fm_lt tree analysis for reliability prediction of gas turMne type power plants_ Volume 2: Appendixes Final R_Tort
Kelly, J. E., Science Applications, Inc., USA; Erdmann, R. C., Science Applications, Inc., USA; Gilbert, K., Science Applications,
Inc., USA; Jun 1, 1978; 85p; In English; Sponsored by EPRI
Report No.(s): EPRI-AF-811-VOL-2-APP; Avail: CASI; A05, Hardcopy, Microfiche
No abstract.
Electric Power Plants; Fault Trees; Gas Turbines; Performance Prediction; Systems Analysis
19950004033 Rolls-Royce
Ltd.,Industrial
andMarineGasTurbines.,
Coventry,
WestMidlands,
UK
Thereliabilityofaero-derived
marinegas turbines
Moore, Tim C., Rolls-Royce Ltd., UK; Wilkinson, Brian, Rolls-Royce Ltd., UK; Jan l, 1992; 17p; In English; High Speed Surface
Craft Conference, Jan. 1992, London, UK
Report No.(s): PNR-90982; Copyright; Avail: Issuing Activity (European Space Agency (ESA)), Unavall. Microfiche; Limited
Reproducibility: More than 20% of this document may be affected by microfiche quality
An overview of work carried out to assess the safety and reliability of the Marine Spey, a marine propulsion gas turbine unit,
is reported. The question of the limit of safety inherent in reliability of an aeroengine is considered. Failure probabilities are
defined both qualitatively and quantitatively, and it is shown how the combination of failure effect category and probability rank
defines the risk level. Means of assessing the capability of a design to comply to the reliability standards are addressed. These can
take the form of a Failure Mode Effects Analysis (FMEA), Failure Mode Effect Criticality Analysis (FMECA), or a Failure Mode
Effect Systems Analysis (EMESA). The latter investigates the significance of a system or subsystem failure on the operation of
the overall plant. The use of FMESA studies on aero derived marine gas turbines is considered, and the safety and reliability in
fast ferries is discussed. Modem FEA techniques, which include the Fault Tree Analysis (ETA) used to assess safety, control and
protection system reliability, are considered.
ESA
Engine Design; Engine Failure; Failure Analysis; Gas Turbine Engines; Marine Propulsion; Reliability; System Failures

09
RESEARCH AND SUPPORT FACILITIES (AIR)

Includes airports, runways, hangars, and aircraft repair and overhaul facilities/wind tunnels, water tunnels, and shock tubes/flight
simulators; and aircraft engine test stands. Also includes airport ground equipment and systems. For airport ground operations see
03 Air Transportation and SafeO/.For astronautical facilities see 14 Ground Support Systems and Facilities (Space).

19840068890 Minority Enterprise Service Associates, Orem, UT, USA

Large-coil_test facility face, t-tree a_mlysis
May 31, 1982; 168p; In English
Contract(s)/Grant(s): DE-AC01-81ER-52074
Report No.(s): DE83-002783; DOE/ER-52074-T1; Avail: CASI; A08, Hardcopy, Microfiche
No abstract.
Cryogenics; Fault Trees; Parameter Identification; Safety; Systems

19690031585 Battelle Northwest Labs., Pacific Northwest Lab., Richland, WA, USA
Preliminary fa_dt tree analysis for the FFTF
Mc Laughlin, M. A., Battelle Northwest Labs., USA; May 1, 1969; 37p; In English
Contract(s)/Grant(s): AT/45-1/- 1830
Report No.(s): BNWL-874; Avail: CASI; A03, Hardcopy; A01, Microfiche
Preliminary fault tree analysis for FFTF
CASI
Failure Analysis; Nuclear Research and Test Reactors; Reactor Safety; Trees (Mathematics)

12
ASTRONAUTICS (GENERAL)

Includes general research topics related to space flight and manned and unmanned space vehicles, platforms or objects launched
into, or assembled in, outer space; and related components and equipment. Also includes manufacturing and maintenance of such
vehicles or platforms. For specific topics in astronautics see categories 13 through 20. For extraterrestrial exploration, see 91 Lunar
and Planetary Science and Exploration.

19920073157 NASA Goddard Space Flight Center, Greenbelt, MD, USA

Maki_g the H_bWe Space Te|escope servici_g mission safe
Bahr, N. J., NASA Goddard Space Flight Center, USA; Depalo, S. V., Hemandez Engineering, Inc., USA; Aug l, 1992; 12p; In
English
Contract(s)/Grant(s): NAS5-30917

6
ReportNo.(s):IAFPAPER 92-0380;Copyright;Avail:IssuingActivity
TheimplementationoftheHSTsystem safety
program isdetailed.
Numerous safety
analysesareconducted through
various
phasesofdesign,test,andfabrication,
andresults
arepresented toNASAmanagement fordiscussionduringdedicatedsafety
reviews.Attention
isgiventothesystem safety
assessment andriskanalysismethodologies
used,i.e.,hazard
analysis,
faulttree
analysis,
andfailuremodesandeffectsanalysis,
andtohowtheyarecoupled withengineering
andtestanalysis
fora'synergistic
picture'ofthesystem.Some preliminary
safetyanalysisresults,
showing therelationship
betweenhazardidentification,
control
orabatement,andfinallycontrol
verification,
arepresented asexamples ofthissafety
process.
AIAA
FlightSafety;HubbleSpace Telescope;NASASpace Programs; OrbitalServicing;
Space Shuttle
Missions

14
GROUND SUPPORT SYSTEMS AND FACILITIES (SPACE)

Includes launch complexes, research and production facilities; ground support equipment, e.g., mobile transporters; and test
chambers and simulators. Also includes extraterrestrial bases and supporting equipment. For related information see also 09
Research and Support Facilities (Air).

99g0_73949
Dynamic rca/4_mc _'ad_oscopy o:f Space Shuttle reusable _(_l_d rocket motor durirlg static fir_ng
Rogerson, D. J., U.S. Navy, Naval Air Warfare Center, USA; Jul. 1995; In English
Report No.(s): AIAA Paper 95-2727; Copyright; Avail: Aeroplus Dispatch
In 1993, engineers were tasked to investigate the cause of the pressure perturbations occurring in the Reusable Solid Rocket
Motor (RSRM) following the deviation in the predicted pressure trace in STS-54. An initial fault tree analysis indicated that the
most probable source for pressure perturbation in the RSRM was the expulsion of aluminum oxide slag accumulated between the
submerged portion of the nozzle and the motor aft dome. Three static firings were completed using real-time radioscopy (RTR).
The dynamic data from the RTR system, in conjunction with data from other instrumentation, strongly supported slag expulsion
as the primary cause for pressure perturbations in the RSRM.
Author (AIAA)
Real Time Operation; Space Shuttles; Solid Propellant Rocket Engines; Rocket Firing; Reusable Rocket Engines; X Ray Imagery

18
SPACECRAFT DESIGN, TESTING AND PERFORMANCE

Includes satellites; space platforms; space stations; spacecraft systems and components such as thermal and environmental
controls; and spacecraft control and stability characteristics. For life support systems, see 54 Man/System Technology and Life
Support. For related information, see also 05 Aircraft Design, Testing and Performance, 39 Structural Mechanics, and 16 Space
Transportation and Safety.

19930016042 NASA, Washington, DC, USA

3k_thered S_teH_tc System Cont_ngency h_vesfigafio_ Bo_rd Final Rep_rg
Nov 6, 1992; 51p; In English
Report No.(s): NASA-TM-108704; NAS 1.15:108704; Avail: CASI; A04, Hardcopy; A01, Microfiche
The Tethered Satellite System (TSS-1) was launched aboard the Space Shuttle Atlantis (STS-46) on July 31, 1992. During
the attempted on-orbit operations, the Tethered Satellite System failed to deploy successfully beyond 256 meters. The satellite
was retrieved successfully and was returned on August 6, 1992. The National Aeronautics and Space Administration (NASA)
Associate Administrator for Space Flight formed the Tethered Satellite System (TSS-1) Contingency Investigation Board on
August 12, 1992. The TSS-1 Contingency Investigation Board was asked to review the anomalies which occurred, to determine
the probable cause, and to recommend corrective measures to prevent recurrence. The board was supported by the TSS Systems
Working group as identified in MSFC-TSS-11-90, 'Tethered Satellite System (TSS) Contingency Plan'. The board identified five
anomalies for investigation: initial failure to retract the U2 umbilical; initial failure to flyaway; unplanned tether deployment stop
at 179 meters; unplanned tether deployment stop at 256 meters; and failure to move tether in either direction at 224 meters. Initial
observations of the returned flight hardware revealed evidence of mechanical interference by a bolt with the level wind mechanism
travel as well as a helical shaped wrap of tether which indicated that the tether had been unwound from the reel beyond the travel
by the level wind mechanism. Examination of the detailed mission events from flight data and mission logs related to the initial
failuretoflyawayandthefailuretomoveineither
direction
at224meters,
together
withknownpreflightconcerns regarding
slack
tether,
focused theassessmentoftheseanomaliesontheuppertethercontrolmechanism.Afterthesecond meeting,theboard
requested theworkinggrouptocomplete andvalidateadetailed
integrated
missionsequence tofocusthefaulttreeanalysis
on
astuckU2umbilical, levelwindmechanical interference,
andslacktetherinuppertethercontrolmechanismandtopreparea
detailedplanforhardwareinspection,
test,andanalysis
includinganyappropriate
hardware disassembly.
Author
FailureAnalysis;SpaceShuttlePayloads;SpaceborneExperiments;
TetheredSatellites;
Tethering

19940021785
NASAAmesResearch
Center, Moffett Field, CA, USA
Simulation modelh_g _r hmg durafios spacecraft control systems
Boyd, Mark A., NASA Ames Research Center, USA; Bavuso, Salvatore J., NASA Langley Research Center, USA; NASA.
Langley Research Center, Selected Topics in Robotics for Space Exploration; Dec 1, 1993, pp. p 213-221; In English; See also
N94-26278 07-12; Avail: CASk A02, Hardcopy; A03, Microfiche
The use of simulation is described and it is contrasted to analytical solution techniques for evaluation of analytical reliability
models. The role importance sampling plays in simulation of models of this type was also discussed. The simulator tool used for
our analysis is described. Finally, the use of the simulator tool was demonstrated by applying it to evaluate the reliability of a fault
tolerant hypercube multiprocessor intended for spacecraft designed for long duration missions. The reliability analysis was used
to highlight the advantages and disadvantages offered by simulation over analytical solution of Markovian and non-Markovian
reliability models.
Author (revised)
Fault Tolerance; Fault Trees; Hypercube Multiprocessors; Long Duration Space Flight; Mathematical Models; Reliability
Analysis

19960047793 Naval Postgraduate School, Monterey, CA USA

Critical Failure Mode Analysis of The Petite Amate_r Navy Sate|/_te (FANSAT)
Alldridge, David W., Naval Postgraduate School, USA; Sep. 1995; 174p; In English
Report No.(s): AD-A303881; No Copyright; Avail: CASI; A08, Hardcopy; A02, Microfiche
System reliability analysis is an essential element is the design process. A reliability study should proceed from system
inception through final deployment. As the PANSAT project approaches the final design stage and begins initial flight production,
the absence of any significant reliability analysis becomes increasingly troubling. This thesis initiates the program's reliability
analysis obligation by investigating spacecraft failure modes. Typically referenced as critical failure modes, these events will
cause complete and permanent system failure. A reliability analysis tool, called Fault Tree Analysis (FTA), is used to conduct a
systematic review of current hardware design architecture to expose potential critical failure points or weak links. The analytical
result is a Boolean logic tree that describes critical failure events and all the potential causes. This causal output relationship
describes each component failure (i.e., single point failures), or component failure combinations (i.e., multi-point failures), which
could cause the undesirable failure event, or Top Event. The fault tree will provide design engineers and management personnel
with an effective tool and reference point from which to implement design modifications to circumvent potential problems.
DTIC
Systems Analysis; Reliability Analysis; Deployment; Failure Modes; System Failures; Logic

20
SPACECRAFT PROPULSION AND POWER

Includes main propulsion systems and components, e.g., rocket engines; and spacecraft auxiliary power sources. For related
information, see also 07 Aircraft Propulsion and Power; 28 Propellants and Fuels; 15 Launch Vehicles and Launch Operations; and 44
Energy Production and Conversion.

1974O060462
The case for digit'M techniques applied to powerplant controls
Evans, J. F. O., Smiths Industries, Ltd., UK; Jan 1, 1974; 20p; In English; Symposium on the Application of Electrical Control
to Aircraft Propulsion Systems, February 20-21, 1974, London; See also A74-43201 22-28; Avail: Issuing Activity
The present work argues for the application of digital computing techniques to on-line powerplant control in aircraft. The
analysis is based on the cost effectiveness of digital control techniques and hardware solutions in the light of the particular
problems associated with aircraft engine control. The use of digital systems with their ability to change programs easily and

8
cheaply during development permits important decisions to be delayed until the necessary data to base them on becomes available.
The computer in a digital system can be employed for overall system check-out, thus avoiding the necessity for separate
equipment at dispersed sites and additional connectors for ground check equipment. Digital systems reduce the number and
frequency of control setting adjustments, thus improving aircraft availability and maintainability. The application of Fault Tree
Analysis is illustrated for a hypothetical analysis of a VTOL aircraft.
AIAA
Aircraft Engines; Digital Techniques; Engine Control; Numerical Control

19850010853 Naval Weapons Center, China Lake, CA, USA

Caleu_afi_m through Fa_t Tree AnMysis of t_e probab_l_ty _f a warhead being armed pr_r to lmmch
Stefan, G., Jr., Naval Weapons Center, USA; Spille, E, Naval Weapons Center, USA; APL The 1984 JANNAF Propulsion
Systems Hazards Subcomm. Meeting, Vol. 1; Jun 1, 1984, pp. p 1-7; In English; See also N85-19162 10-28
Report No.(s): AD-P004339; Avail: Issuing Activity
This paper is presented to illustrate the usefulness of Fault Tree Analysis (FTA), which, when quantified can yield the
probability of occurrence of a given undesired event. A Fault Tree is a symbolic logic diagram which provides the deductive
analytical means to identify failure modes contributing to the occurrence of the undesired event. As an illustrative example, an
analysis was performed to assess the design safety of the MK 76 MOD 0 Safety-Arming (S-A) device, which is used on Standard
Missile SM-1 Block VI. This analysis was performed with the primary intent of determining the various scenarios leading to an
armed prior to launch event. These scenarios are made possible only by the assumed failure, or assumed bypassing, of the safety
interlocks in the S-A device.
DTIC
Fault Trees; Fuses (Ordnance); Warheads

19920066467
Tutorial (_n n_c/ear thermal prop_Mon safety _k_rMars
Buden, David, Idaho National Engineering Laboratory, USA; Jul 1, 1992; 15p; In English
Contract(s)/Grant(s): DE-AC07-76ID-O1570
Report No.(s): AIAA PAPER 92-3696; Avail: Issuing Activity
A range of safety topics related to the use of nuclear thermal propulsion (NTP) are examined including risk and safety analysis
methodologies, NERVA reliability, and life-cycle risk assessments. A list of goals for the safe use of NTP is given which includes
low radiation levels, avoiding unplanned core destruction, and preventing inadvertent criticality. Safety analysis and failure-mode
analysis for NTP are illustrated by means of the fault tree analysis, event tree analysis, failure modes and effects analysis, and
preliminary hazards analysis. Data from the NERVA propulsion program show that safety requirements built into the NTP engine
are important for diagnostic and preventive assessments. Other key issues affecting the safety of an NTP program encompass
precautions at the launch pad, crew isolation from reactor radiation, flight operations safety, and final disposal of the NTP engines
and wastes.
AIAA
Failure Modes; Flight Safety; Mars (Planet); Nuclear Engine For Rocket Vehicles; Nuclear Propulsion; Space Exploration

19930017833 NASA Lewis Research Center, Cleveland, OH, USA

Re_abi_ty studies of _ntegrated modular e_gi_e system de_ign_
Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun 1, 1993; 19p; In
English; 29th; Joint Propulsion Conference and Exhibit, 28-30 Jun. 1992, Monterey, CA, USA; Sponsored by AIAA
Contract(s)/Grant(s): RTOP 468-02-11
Report No.(s): NASA-TM-106178; E-7774; NAS 1.15:106178; AIAA PAPER 93-1886; Avail: CASI; A03, Hardcopy; A01,
Microfiche
A study was performed to evaluate the reliability of Integrated Modular Engine (IME) concepts. Comparisons were made
between networked IME systems and non-networked discrete systems using expander cycle configurations. Both redundant and
non-redundant systems were analyzed. Binomial approximation and Markov analysis techniques were employed to evaluate total
system reliability. In addition, Failure Modes and Effects Analyses (FMEA), Preliminary Hazard Analyses (PHA), and Fault Tree
Analysis(FTA)wereperformed
toallowdetailed
evaluation
oftheIMEconcept.A discussion
ofthese
system
reliability
concepts
isalsopresented.
Author
EngineDesign;FailureAnalysis;
FailureModes;FaultTrees;Modularity;
Propulsion
System Configurations;
Reliability
Analysis;Rocket
EngineDesign

19930065762
NASALewisResearch
Center, Cleveland, OH, USA
Reliability studies of Integrated Mo(lular Engine system designs
Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun 1, 1993, pp. 18
p.; In English; 29th; AIAA, SAE, ASME, and ASEE, Joint Propulsion Conference and Exhibit, June 28-30, 1993, Monterey, CA,
USA; Sponsored by AIAA; Previously announced in STAR as N93-27022
Report No.(s): AIAA PAPER 93-1886; Copyright; Avail: Issuing Activity
A study was performed to evaluate the reliability of Integrated Modular Engine (IME) concepts. Comparisons were made
between networked IME systems and non-networked discrete systems using expander cycle configurations. Both redundant and
non-redundant systems were analyzed. Binomial approximation and Markov analysis techniques were employed to evaluate total
system reliability. In addition, Failure Modes and Effects Analyses (FMEA), Preliminary Hazard Analyses (PHA), and Fault Tree
Analysis (FTA) were performed to allow detailed evaluation of the IME concept. A discussion of these system reliability concepts
is also presented.
Engine Design; Failure Analysis; Failure Modes; Fault Trees; Modularity; Propulsion System Configurations; Reliability
Analysis; Rocket Engine Design

19940024900 NASA Lewis Research Center, Cleveland, OH, USA

Rocket engine system reliaMJ_ty m_alyses _s_ng probaMlistie and fuzzy logic techniques
Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., NASA Lewis Research Center, USA; Apr 1, 1994; 18p;
In English; 30th; Joint Propulsion Conference, 27-29 Jun. 1994, Indianapolis, IN, USA; Sponsored by AIAA, ASME, SAE, and
ASEE
Contract(s)/Grant(s): RTOP 506-42-72
Report No.(s): NASA-TM-106519; E-8640; NAS 1.15:106519; AIAA PAPER 94-2750; Avail: CASI; A03, Hardcopy; A01,
Microfiche
The reliability of rocket engine systems was analyzed by using probabilistic and fuzzy logic techniques. Fault trees were
developed for integrated modular engine (IME) and discrete engine systems, and then were used with the two techniques to
quantify reliability. The IRRAS (Integrated Reliability and Risk Analysis System) computer code, developed for the U.S. Nuclear
Regulatory Commission, was used for the probabilistic analyses, and FUZZYFYA (Fuzzy Fault Tree Analysis), a code developed
at NASA Lewis Research Center, was used for the fuzzy logic analyses. Although both techniques provided estimates of the
reliability of the IME and discrete systems, probabilistic techniques emphasized uncertainty resulting from randomness in the
system whereas fuzzy logic techniques emphasized uncertainty resulting from vagueness in the system. Because uncertainty can
have both random and vague components, both techniques were found to be useful tools in the analysis of rocket engine system
reliability.
Author (revised)
Engine Failure; Fault Trees; Fuzzy Systems; Probability Distribution Functions; Reliability; Reliability Analysis; Rocket Engines

19980025783
Current and emergi_lg teehn<_lo_, :fi_r p<_wering small satellites with see<mdaw ed/s a_ld batteries
Klein, G. C., Gates Aerospace Batteries, USA; Schmidt, D. F., Gates Aerospace Batteries, USA; 1993; In English; Copyright;
Avail: Aeroplus Dispatch
A generic discussion is presented of cell and battery technologies of 17 A-H capacity and below for application in the
emerging small satellite market. Attention is given to NiCd technology, NiMH technology, NiH2 planar cell and battery design
concepts. Reliability analyses and assessments, analysis of failure modes and effects and criticality, fault tree analysis, design
tradeoffs and simplifications, cell assembly improvements, volume and mass reductions are considered.
AIAA
Small Scientific Satellites; Spacecraft Power Supplies; Electric Batteries; Technology Utilization; Design Analysis

10
199g0071382
St_,dy _ff synthetic a_alysis on design re_iaMity (_f a |iq_id rocket engine
Kuang, Wuyue, Shaanxi Engine Design Inst., China; Tan, Songlin, Shaanxi Engine Design Inst., China; Journal of Propulsion
Technology; Oct. 1997; ISSN 1001-4055; Volume 18, no. 5, pp. 9-12; In Chinese; Copyright; Avail: Aeroplus Dispatch
A synthetic analysis on the design reliability of a liquid rocket engine is presented. A rigorous yet practicable approach for
evaluating engine reliability during the conceptual study phase is put forward. The approach uses the proven reliability methods
of reliability modeling analysis, Failure Modes and Effects Analysis (FMEA), failure data analysis, and Fault Tree Analysis (FTA)
to estimate the probability of mission success at the vehicle level for different engine designs. An example is provided in which
the approach is used to evaluate an engine design concept.
Author (AIAA)
Liquid Propellant Rocket Engines; Rocket Engine Design; Reliability Analysis; Engine Failure; Fault Trees

19980148550
The fanlt tree amflys_s on system reliability on solid rocket motor design
Fang, Guoyao, Beijing Univ. of Aeronautics and Astronautics, China; Ma, Zhibo, Beijing Univ. of Aeronautics and Astronautics,
China; Tang, Zhidong, Beijing Univ. of Aeronautics and Astronautics, China; Sun, Zhexi, Beijing Univ. of Aeronautics and
Astronautics, China; Journal of Propulsion Technology; Oct. 1994; ISSN 1001-4055, no. 5, pp. 28-33; In Chinese; Copyright;
Avail: Aeroplus Dispatch
A fault tree analysis is carried out based on a real air-air missile solid rocket motor. Thus, the frame figure of system reliability,
the fault tree analysis, and structure functions are developed, and the reliability is predicted. The results show that the model
developed is correct and available for other solid rocket motors.
Author (AIAA)
Solid Propellant Rocket Engines; Fault Trees; Rocket Engine Design; Reliability Analysis

19980188713
Rocket engine system reliabNty analyses using pr_babilistie and f_z_' log4e techniqnes
Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun. 1994; In English
Report No.(s): AIAA Paper 94-2750; Copyright; Avail: Aeroplus Dispatch
The reliability of rocket engine systems was analyzed by using probabilistic and fuzzy logic techniques. Fault trees were
developed for Integrated Modular Engine (IME) and Discrete engine systems, and then were used with the two techniques to
quantify reliability. The IRRAS (Integrated Reliability and Risk Analysis System) computer code, developed for the U.S. Nuclear
Regulatory Commission, was used for the probabilistic analyses, and FUZZYFTA (Fuzzy Fault Tree Analysis), a code developed
at NASA Lewis Research Center, was used for the fuzzy logic analyses. Although both techniques provided estimates of the
reliability of the IME and Discrete systems, probabilistic techniques emphasized uncertainty resulting from randomness in the
system whereas fuzzy logic techniques emphasized uncertainty resulting from vagueness in the system. Because uncertainty can
have both random and vague components, both techniques were found to be useful tools in the analysis of rocket engine system
reliability.
Author (AIAA)
Rocket Engines; Reliability Analysis; Fuzzy Systems; Logic Programming; Systems Integration; Fault Trees

19990038408
Pr_pellants_ explosives, rockets, a_d guns; Proceedings of the 2rid Internati(ma] HigJ_ Energy Materials Conference and
Exhibit_ I_dia_ Inst. ef Teehnology_ ChennaL I_dia, Dee. 8-I0_ 1998,
1998; In English; ISBN 81-7023-885-4; Copyright; Avail: AIAA Dispatch
The papers presented in this volume are grouped under the following headings: ballistics; combustion; emergetic material
chemistry; explosives and igniters; hazards, safety, and implementation; measurement technology; and reactive systems
modeling. Specific topics discussed include development of large solid propulsion systems for launch vehicles; high muzzle
velocity guns; combustion of high energy heterogeneous condensed systems; low temperature behavior of polymeric systems
used in rocket motors; and performance of metailized liquid propellants. Papers are also included on studies of the ignition
characteristics of boron-potassium nitrate pellets; fault tree analysis of powder compaction in fuel rich propellant processing;
neutron radiography of pyrodevices used in spacecraft; and underwater ignition of a solid propellant system.
AIAA
Conferences; Rocket Propellants; Explosives; Guns (Ordnance); Propellant Combustion; Propellant Properties

11
:1999O1O4529
Application ofqua_ltitativehazardanalysis technique in mixingoperatio_ls
ofMghe_ergymaterials
Jain,A. K.,Cent.forEnvironment & Explosives Safety,
India;Rajagopal,
C.;Defence ScienceJournal;Jan,1999;ISSN
0011-748X; Volume 49,no.1,pp.19-26; InEnglish; Copyright;
Avail:Issuing
Activity
Productionofcomposite propellantsinvolves avarietyofoperations,
ofwhichmixingofvarious ingredientsisakeystep.
Giventheintrinsically
hazardous nature ofmanyofthese ingredients,
mixingoperation,
whichiscarriedoutinastepwisemanner
withcarefullyweighed ratiosofthereactantsandundercontrolled conditions,
isoneofthehazardous stepsintheproduction
process.Inthispaper, quantitative
assessment of thehazardsinvolvedinsucha mixingoperationhasbeencarriedoutusing
fault-tree
analysis
technique toidentifyallthepossiblebasiceventcombinations
whichcouldleadtotheoccurrence ofaselected
'topevent',suchasfireorexplosion in themixerbuilding. Measurestoimprovethesafetyfeatures
inthemixerbuilding arealso
suggested.
Author(EI)
SolidPropellants;
Mixing;Assessments; Risk;Accident Prevention

23
CHEMISTRY AND MATERIALS (GENERAL)

Includes general research topics related to the composition, properties, structure, and use of chemical compounds and materials as
they relate to aircraft, launch vehicles, and spacecraft. For specific topics in chemistry and materials see categories 24 through 29.
For astrochemistry see category 90 Astrophysics.

19910032228 NASA White Sands Test Facility, NM, USA

Flammability and sensitivity of materia]_ in oxygens-enriched atmospheres; Proeeedings of the Fourth [l_ternational
Symposium_ Las Crnces, NM, Apn ll=:13_ 1989. Volume 4
Stoltzfus, Joel M., editor, NASA White Sands Test Facility, USA; Benz, Frank J., editor, NASA White Sands Test Facility, USA;
Stradling, Jack S., editor, NASA White Sands Test Facility, USA; Jan 1, 1989; 426p; In English; 4th; International Symposium
on Flammability and sensitivity of materials in oxygen-enriched atmospheres, Apr. 11-13, 1989, Las Cruces, NM, USA;
Sponsored by ASTM
Report No.(s): ASTM STP-1040; Copyright; Avail: Issuing Activity
The present volume discusses the ignition of nonmetallic materials by the impact of high-pressure oxygen, the promoted
combustion of nine structural metals in high-pressure gaseous oxygen, the oxygen sensitivity/compatibility ranking of several
materials by different test methods, the ignition behavior of silicon greases in oxygen atmospheres, fire spread rates along
cylindrical metal rods in high-pressure oxygen, and the design of an ignition-resistant, high pressure/temperature oxygen valve.
Also discussed are the promoted ignition of oxygen regulators, the ignition of PTFE-lined flexible hoses by rapid pressurization
with oxygen, evolving nonswelling elastomers for high-pressure oxygen environments, the evaluation of systems for oxygen
service through the use of the quantitative fault-tree analysis, and oxygen-enriched fires during surgery of the head and neck.
AIAA
Conferences; Controlled Atmospheres; Flammability; Liquid Oxygen; Materials Science; Oxygen Tension

24
COMPOSITE MATERIALS

Includes physical, chemical, and mechanical properties of laminates and other composite materials.

:19770045905
A qnalitaflve faMt tree analysis for the tensile faihwe of fibrous laminated composites
Masters, J. E.; Yeow, Y. T.; Louthan, M. R., Jr.; Reifsnider, K. L.; Brinson, H. F., Virginia Polytechnic Institute and State
University, USA; Composites; Apr 1, 1977; 8, pp. Apr. 197; In English; p. 111-117; Copyright; Avail: Issuing Activity
A fault tree is referred to as a graphical technique that provides a systematic description of the combinations of possible
occurrences in a system which can result in a fault or undesirable event. It is shown that by defining the failure of a structure as
the undesirable event, one can apply a fault tree to determine the pertinent underlying factors and their interrelations. A qualitative

12
faulttreetechnique
isproposed
forexamining
thestatictensile
failureof a fibrous composite laminate. The technique is suitable
for relating the basic micromechanical mechanisms to the macroscopic events of delamination and oblique/transverse failure.
AIAA
Carbon Fiber Reinforced Plastics; Failure Analysis; Laminates; Tensile Tests; Trees (Mathematics)

25
INORGANIC, ORGANIC AND PHYSICAL CHEMISTRY

Includes the analysis, synthesis, and use inorganic and organic compounds; combustion theory, electrochemistry, and
photochemistry. For related information see also 34 Fluid Dynamics and Thermodynamics, For astrochemistry see category 90
Astrophysics.

19800072749 California Univ., Berkeley. Lawrence Berkeley Lab, CA, USA

App/_catim_ of fau|t tree analysis to ignition of :_re
Ling, W. C. T., California Univ., USA; Williamson, R. B., California Univ., USA; Oct 1, 1978; 23p; In English
Contract(s)/Grant(s): W-7405-ENG-48
Report No.(s): LBL-8297; CONF-781060-1; Avail: CASI; A03, Hardcopy, Microfiche
No abstract.
Failure Analysis; Fault Trees; Fire Damage; Fires; Flame Propagation; Ignition

31
ENGINEERING (GENERAL)

Includes general research topics to engineering and applied physics, and particular areas of vacuum technology, industrial
engineering, cryogenics, and fire prevention. For specific topics in engineering see categories 32 through 39.

19790049590
A method of sched_le acceleration for system safety programs
Lemon, G. H., General Dynamics Corp., USA; Jan 1, 1979; 6p; In English; 16th; Survival and Flight Equipment Association,
Annual Symposium, October 8-12, 1978, San Diego, CA; See also A79-33601 13-03; Copyright; Avail: Issuing Activity
The principal advantage of an accelerated program is that the cost of redesign and retrofit for safety improvement is
minimized. Current fault tree analysis provides its greatest payoff after retrofit becomes expensive. This paper presents a method
for solving this problem: It is suggested that subsystem hazard analysis data be purchased from equipment suppliers and fault tree
logic allocation be developed concurrently with data preparation.
AIAA
Human Factors Engineering; Project Management; Safety Management; Work Capacity

19810034877
A_ example of predictive rather tha_ responsive safety research for _sio_ energy systems
Alvares, N. J.; Hasegawa, H. K., California, University, USA; Jan 1, 1979; 6p; In English; 8th; Symposium on Engineering
Problems of Fusion Research, November 13-16, 1979, San Francisco, CA; See also A81-18901 06-75
Contract(s)/Grant(s): W-7405-ENG-48; Copyright; Avail: Issuing Activity
A fault tree analysis is used to study the fire-management system of fusion experiments. The technique is shown to identify
failure modes of the existing system components and indicate the possible effects of component failure in the event of fire in the
protected spaces. The results of the initial analytical phase of the project are presented together with critical unknown parameters
required for further analysis.
AIAA
Fusion Reactors; Nuclear Research; Reactor Safety; Safety Management

19860011164 IIT Research Inst., Chicago, IL, USA

Tot_ system hazards ana|ysis for the western area demi/itarizati(m facility
Pape, R., HT Research Inst., USA; Mniszewski, K., HT Research Inst., USA; Swider, E., HT Research Inst., USA; Department
of Defense Explosives Safety Board Minutes of the 21st Explosives Safety Seminar, Volume 2; Aug 1, 1984, pp. p 1529-1551;
In English; See also N86-20623 11-31

13
Report No.(s):AD-P004894;
Avail:CASI;A03,Hardcopy; A10,Microfiche
Theresultsof a hazards analysis
of theWestern AreaDemilitarization
facility(WADF)at Hawthorne, Nevada are
summarized.Anoverview oftheWADFsystems, thehazards
analysis
methodologythatwasapplied,
ageneraldiscussion ofthe
faulttreeanalysis
results,
andacompilation oftheconclusions
andrecommendations foreachareaofthefacilityaregiven.
CASI
Disposal;Explosives;
Hazards;SystemsAnalysis

19910032248
Evaluati_g
systems for oxyge_ service through the t_se of quantitative fau_t tree a_alys_s
Santay, Anthony J., Air Products and Chemicals, Inc., USA; Jan 1, 1989; 10p; In English; 4th; International Symposium on
Flammability and sensitivity of materials in oxygen-enriched atmospheres, Apr. 11-13, 1989, Las Cruces, NM, USA; Sponsored
by ASTM; See also A91-16851; Copyright; Avail: Issuing Activity
In the event of a process plant upset, systems not normally intended for use in oxygen service may be suddenly subject to
an oxygen-enriched atmosphere. If the upset condition occurs frequently, a conservative approach would be to design all
components as if they were normally in oxygen service. As an alternative, one could calculate the probability of the upset condition
to quantitatively assess the risk and recommend corrective measures to further reduce the risk. Quantified fault tree techniques
are used to determine a system's compatibility when exposed to oxygen in this manner.
AIAA
Controlled Atmospheres; Fault Trees; Flammability; High Pressure Oxygen; Oxygen Supply Equipment

19930049795
The safety of process aut(_mafi(m
Toola, A., Technical Research Centre of Finland, USA; Automatica; March 1993; ISSN 0005-1098; 29, 2, pp. 541-548.; In
English; Copyright; Avail: Issuing Activity
The effect of automation on process safety is examined. The methods of safety analysis can be applied during the designing
stages of safe process automation. The hazard and operability study makes it possible to take into account the potential process
disturbances and to develop countermeasures. Action error analysis studies the consequences of potential human errors in task
execution. Fault tree analysis can be used to study the causes of potential accidents and to examine the control actions suitable
for providing protection against them thereby reducing the probability of accidents. Event tree analysis is a method for considering
the consequences of potential hazardous situations and for developing countermeasures to reduce such consequences. Failure
mode and effect analysis is a method for checking that the potential failures of the control and automation system are not
overlooked. Reliability assessment can be used with safety analysis methods to study the bottlenecks in the design and to prioritize
the countermeasures whereby the risk can be reduced to attain an acceptable level.
AIAA
Automation; Process Control (Industry); Safety

19950056419 NASA Goddard Space Flight Center, Greenbelt, MD, USA

Maki_g the Hubble Space Telescope servici_g mission safe
Bahr, N. J., Hernandez Engineering, Inc., USA; Depalo, S. V., Hernandez Engineering, Inc., USA; 1992; ISSN 0278-4017, pp.
: Composite material; In English; See also A95-88012
Contract(s)/Grant(s): NAS5-30917; Copyright; Avail: Issuing Activity
This paper will detail how the Hubble Space Telescope (HST) system safety program is conducted. Numerous safety analyses
are conducted through the various phases of design, test, and fabrication, and results are presented to NASA management for
discussion during dedicated safety reviews. This paper will then address the system safety assessment and risk analysis
methodologies used (i.e. hazard analysis, fault tree analysis, and failure modes and effects analysis), and how they are coupled
with enginering and test analyses for a 'synergistic picture' of the system. Some preliminary safety analysis results, showing the
relationship between hazard identification, control or abatement, and finally control verification, will be presented as examples
of this safety process.
Author (Herner)
Aerospace Safety; Hubble Space Telescope; Orbital Servicing; Risk; Space Maintenance

14
 32
COMMUNICATIONS AND RADAR

includes radar, radio, wire, and optical communications; land and global communications; communications theory. For related
information see also 04 Aircraft Communications and Navigation; and 17 Space Communications, Spacecraft Communications,
Command and Tracking; for search and rescue see 03 Air Transportation and Safety and 16 Space Transportation and Safety.

]9970001445 Sandia National Labs., Risk Assassment and Systems Modeling., Albuquerque, NM USA
R_sk a_d Rdiabi]ity Assessment _r Teleeommm_catim_s Netwerks
Wyss, Gregory D., Sandia National Labs., USA; Schriner, Heather K., Sandia National Labs., USA; Gaylor, Timothy R., Sandia
National Labs., USA; 1996; 9p; In English; Probabilistic Safety Assessment - Moving Toward Risk Based Regulation, 29 Sep.
1996 - 3 Oct. 1996, Park City, UT, USA
Contract(s)/Grant(s): DE-AC04-94AL-85000
Report No.(s): SAND-96-1543C; CONF-960912-8; DE96-011708; No Copyright; Avail: Issuing Activity (Department of Energy
(DOE)), Microfiche
Sandia National Laboratories has assembled an interdisciplinary team to explore the applicability of probabilistic logic
modeling (PLM) techniques to model network reliability for a wide variety of communications network architectures. The authors
have found that the reliability and failure modes of current generation network technologies can be effectively modeled using fault
tree PLM techniques. They have developed a 'plug-and-play' fault tree analysis methodology that can be used to model
connectivity and the provision of network services in a wide variety of current generation network architectures. They have also
developed an efficient search algorithm that can be used to determine the minimal cut sets of an arbitrarily-interconnected
(non-hierarchical) network without the construction of a fault tree model. This paper provides an overview of these modeling
techniques and describes how they are applied to networks that exhibit hybrid network structures (i.e., a network in which some
areas are hierarchical and some areas are not hierarchical).
DOE
Risk; Reliability; Fault Trees; Computer Networks; Information Systems; Data Transfer (Computers)

19980047381 Department of the Navy, Washington, DC USA

Constant False Pr(>babi_ty Data I:'_sio_ System
Pawlak, Robert J., Inventor, Department of the Navy, USA; Aug. 26, 1997; 6p; In English; Supersedes
US-Patent-Appl-SN-972339, AD-D015624.
Patent Info.: Filed 6 Nov. 1992; US-Patent-Appl-SN-972339; US-Patent-5,661,666
Report No.(s): AD-D018729; No Copyright; Avail: US Patent and Trademark Office, Microfiche
A system for determining whether a given phenomenon has occurred based on multiple sensor decisions is provided. Each
sensor samples input data and attempts to decide if the given phenomenon exists. These sensor decisions are provided to the data
fusion processor. The data ills ion processor uses a sum of the sensor decisions multiplied by a logarithmic gain indicating the
relative reliability of each sensor to generate a test existence metric. The test existence metric is compared to two threshold limits.
The results of this comparison are used to provide a final decision indicating the existence of the given phenomenon. An
optimization is used to determine the threshold values used in the threshold table to guarantee that the false alarm rate and the data
fusion processor is constant, even in cases where data from some sensor is missing.
DTIC
Data Processing Equipment; Multisensor Fusion; Probability Theory

33
ELECTRONICS AND ELECTRICAL ENGINEERING

Includes development, performance, and maintainability of electrical/electronic devices and components; related test equipment.
and microelectronics and integrated circuitry. For related information see also 60 Computer Operations and Hardware; and 76
Solid-State Physics. For communications equipment and devices see 32 Communications and Radar.

19_6004g 102
General metJ_odolegies _k_rassessing EMI/|_;MC in complex electronic e_retfits a_d systems
Slanson, W. E.; Lessard, B. J.; Hurley, M. T.; Bossart, R. K., Sanders Associates, Inc., USA; Paludi, C. A., Jr., USAF, Rome Air
Development Center, USA; Jan 1, 1985; 2p; In English; See also A86-32801
Contract(s)/Grant(s): F30602-82-C-0174; Copyright; Avail: Issuing Activity

15
 This paper introduces the procedures for utilizing two techniques, namely Fault Tree Analysis (FTA) and Electromagnetic
Effects Criticality Analysis (EMECA), for assessing EMI/EMC in complex electronic circuits and systems. Application of these
techniques are demonstrated by means of examples where, because of the use of digital, high-speed, high-density integrated circuit
technologies, EMI/EMC assessments by traditional deterministic methods are inappropriate. The results illustrate the probability
of achieving EMC while accounting for the statistical nature of EMI.
AIAA
Electromagnetic Compatibility; Electromagnetic Interference; Electromagnetic Noise; Electronic Equipment Tests; Fault Trees;
Integrated Circuits

19880001643 Johns Hopkins Univ., Space Reliability Group., Laurel, MD, USA
Fault tree sai_.ty ana_ys_s _ffa large L_lS()C_(sub)2 spacecraft batte_-
Uy, O. Manuel, Johns Hopkins Univ., USA; Maurer, R. H., Johns Hopkins Univ., USA; NASA Goddard Space Flight Center,
Greenbelt, Md. The 1986 Goddard Space Flight Center Battery Workshop; Sep 1, 1987, pp. p 93-119; In English; See also
N88-11021 02-33; Avail: CASI; A03, Hardcopy; A03, Microfiche
The results of the safety fault tree analysis on the eight module, 576 F cell Li/SOC12 battery on the spacecraft and in the
integration and test environment prior to launch on the ground are presented. The analysis showed that with the right combination
of blocking diodes, electrical fuses, thermal fuses, thermal switches, cell balance, cell vents, and battery module vents the
probability of a single cell or a 72 cell module exploding can be reduced to .000001, essentially the probability due to explosion
for unexplained reasons.
B.G.
Electrochemistry; Failure Analysis; Fault Trees; Lithium Sulfur Batteries; Requirements

199:10007993 Sandia National Labs., Albuquerque, NM, USA

IAttfium battery safety and re_ability
Levy, Samuel C., Sandia National Labs., USA; Jan 1, 1991; 12p; In English; 5th; International Seminar on Lithium Battery
Technology and Applications, 4-8 Mar. 1991, Deerfield Beach, FL, USA
Contract(s)/Grant(s): DE-AC04-76DP-00789
Report No.(s): DE91-005800; SAND-91-0012C; CONF-910344-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
Lithium batteries have been used in a variety of applications for a number of years. As their use continues to grow, particularly
in the consumer market, a greater emphasis needs to be placed on safety and reliability. There is a useful technique which can help
to design cells and batteries having a greater degree of safety and higher reliability. This technique, known as fault tree analysis,
can also be useful in determining the cause of unsafe behavior and poor reliability in existing designs.
DOE
Electric Batteries; Lithium; Reliability Engineering; Safety

1998OO53939
Combining _kmetional m_d structt_ra_ reasovdng for safety analysis of eleetrkal designs
Price, C. J., Univ. of Wales, UK; Snooke, N.; Pugh, D. R.; Hunt, J. E.; Wilson, M. S.; Knowledge Engineering Review; Sep, 1997;
ISSN 0269-8889; Volume 12, no. 3, pp. 271-287; In English; Copyright; Avail: Issuing Activity
Increasing complexity of design in automotive electrical systems has been paralleled by increased demands for analysis of
the safety and reliability aspects of those designs. Such demands can place a great burden on the engineers charged with carrying
out the analysis. This paper describes how the intended functions of a circuit design can be combined with a qualitative model
of the electrical circuit that fulfills the functions, and used to analyze the safety of the design. FLAME, an automated failure mode
and effects analysis system based on these techniques, is described in detail. FLAME has been developed over several years, and
is capable of composing an FMEA report for many different electrical subsystems. The paper also addresses the issue of how the
use of functional and structural reasoning can be extended to sneak circuit analysis and fault tree analysis.
Author (EI)
Failure Analysis; Failure Modes; Structural Analysis; Computer Techniques; Network Analysis; Artificial Intelligence;
Human-Computer Interface

:19990068673
Hybrid escalation meehm_ism for the efficient restoration of ATM networks
Lee, Dong Itee, Kyungpook Natl. Univ., Republic of Korea; Park, Jon_Tae; Lee, Ki_Haeng; Woo, Wang Don; Computers &
Industrial Engineering; Oct, 1998; ISSN 0360-8352; Volume 35, no. 1-2, pp. 279-282; In English; 1997 23rd International

16
Conference onComputers andIndustrialEngineering,
Mar.29-Apr.1,1997,Chicago, IL, USA;Copyright; Avail:Issuing
Activity
In thispaper,
wecomparatively analyzethecharacteristics
of variousescalation
mechanisms fortherestoration
ofATM
networks. Wepropose
anewescalationmethod, calledhybridescalation,
whichisabletorestorethedefective
servicesaccording
totheconditions
offaults.Additionally,
wepropose theTelecommunication Management Network (TMN) based management
architecture incorporating the escalation strategy.
Author (EI)
Data Transmission

19990093859
FaMt diagnosi_ of Barge scare ana|og eire_its ba_ed on symbolic method
We|, T., The Hong Kong Polytechnic Univ., China; Wong, M. W. T.; Lee, Y. S.; Chinese Journal of Electronics; Oct, 1998; ISSN
1022-4653; Volume 7, no. 4, pp. 395-399; In English; Copyright; Avail: Issuing Activity
The problem of testing and diagnosis of large linear analog circuits has not been adequately addressed. In this paper, an
effective procedure to test and diagnose faults in large scale linear analog circuits has been proposed. We first use large change
sensitivity analysis to obtain the diagnostic voltages and currents. Decomposition technique is then applied and algorithms for
isolation of faulty nodes, faulty connections and faulty subcircuits are proposed. Next the hardware overhead problem is
considered and it leads to an optimization of test nodes. The circuit analysis is based on a new symbolic technique which is less
costly than traditional method in terms of time complexity. We apply the proposed fault diagnosis technique to a benchmark circuit
to demonstrate the efficiency of this method.
Author (EI)
Electric Current; Electric Networks; Sensitivity; Algorithms

37
MECHANICAL ENGINEERING

Includes mechanical devices and equipment, machine elements and processes. For cases where the application of a device or the
host vehicle is emphasized see also the specific category where the application or vehicle is treated. For robotics see 63
Cybernetics, Artificial Intelligence, and Robotics; and 54 Man/System Technology and Life Support.

119729665773 Jet Propulsion Lab., California Inst. of Tech., Pasadena, CA, USA
Re_abi|ity computation _sing fault tree analysis
Chelson, R O., Jet Propulsion Lab., California Inst. of Tech., USA; Dec 1, 1971; 23p; In English
Contract(s)/Grant(s): NAS7-100
Report No.(s): NASA-CR-124740; JPL-TR-32-1542; Avail: CASI; A03, Hardcopy; A01, Microfiche
A method is presented for calculating event probabilities from an arbitrary fault tree. The method includes an analytical
derivation of the system equation and is not a simulation program. The method can handle systems that incorporate standby
redundancy and it uses conditional probabilities for computing fault trees where the same basic failure appears in more than one
fault path.
CASI
Distribution Functions; Probability Theory; Reliability Engineering

19740014961 California Univ., Operations Research Center., Berkeley, CA, USA

Iutred_efion to _uit tree m_a_ys_s
Barlow, R. E., California Univ., USA; Purnendu, C., California Univ., USA; Dec 1, 1973; 48p; In English
Contract(s)/Grant(s): N00014-69-A-0200-1036; F33615-73-C-4078
Report No.(s): AD-774072; ORC-73-30; Avail: CASI; A03, Hardcopy; A01, Microfiche
Fault tree analysis has proved to be a useful analytical tool for the reliability and safety analysis of complex systems. This
is a semi-expository introduction to the mathematics of fault tree analysis. Many of the concepts of coherent structure theory have
been used. Bounds on the system reliability when components are dependent (that is, are associated) are given. Algorithms to
find the rain-cut-sets and related bounds, together with various means for computing the probability of the Top Event are
presented. Measures of event importance are discussed. Numerical examples are presented to illustrate the concepts.
CASI
Electrical Faults; Reliability Engineering; Statistical Distributions

17
:19930002773 Rice Univ., Dept. of Electrical and Computer Engineering., Houston, TX, USA
Fmdt deteeti__m a_d fau_t t___lera_ee _n robotics
Visinsky, Monica, Rice Univ., USA; Walker, fan D., Rice Univ., USA; Cavallaro, Joseph R., Rice Univ., USA; NASA. Lyndon
B. Johnson Space Center, Fifth Annual Workshop on Space Operations Applications and Research (SOAR 1991), Volume 1; Jan
1, 1992, pp. p 262-271; In English; Sponsored in part by Mitre Corp.
Contract(s)/Grant(s): NSF MIP-89-09498; NSF MSS-90-24391; Avail: CASI; A02, Hardcopy; A04, Microfiche
Robots are used in inaccessible or hazardous environments in order to alleviate some of the time, cost and risk involved in
preparing men to endure these conditions. In order to perform their expected tasks, the robots are often quite complex, thus
increasing their potential for failures. If men must be sent into these environments to repair each component failure in the robot,
the advantages of using the robot are quickly lost. Fault tolerant robots are needed which can effectively cope with failures and
continue their tasks until repairs can be realistically scheduled. Before fault tolerant capabilities can be created, methods of
detecting and pinpointing failures must be perfected. This paper develops a basic fault tree analysis of a robot in order to obtain
a better understanding of where failures can occur and how they contribute to other failures in the robot. The resulting failure flow
chart can also be used to analyze the resiliency of the robot in the presence of specific faults. By simulating robot failures and fault
detection schemes, the problems involved in detecting failures for robots are explored in more depth.
Author
Algorithms; Component Reliability; Fault Detection; Fault Tolerance; Fault Trees; Redundancy Encoding; Robots

19990036253 Department of Energy, Washington, DC USA

EvahJ_fion of spindle=shaft seiz_re acddent seq_e_ees fer the Sehe_ek Dymm_e Balaneer
Bott, T. F., Department of Energy, USA; Fischer, S. R., Department of Energy, USA; Dec. 31, 1998; 150p; In English
Report No.(s): DE99-000574; LA-UR-98-1824; No Copyright; Avail: Department of Energy Information Bridge, Microfiche
This study was conducted at the request of the USDOE/AL Dynamic Balancer Project Team to develop a set of representative
accident sequences initiated by rapid seizure of the spindle shaft of the Schenck dynamic balancing machine used in the mass
properties testing activities in Bay 12-60 at the Pantex Plant. This Balancer is used for balancing reentry vehicles. In addition,
the study identified potential causes of possible spindle-shaft seizure leading to a rapid deceleration of the rotating assembly. These
accident sequences extend to the point that the reentry vehicle either remains in stable condition on the balancing machine or leaves
the machine with some translational and rotational motion. Fault-tree analysis was used to identify possible causes of spindle-
shaft seizure, and failure modes and effects analysis identified the results of shearing of different machine components.
Cause-consequence diagrams were used to help develop accident sequences resulting from the possible effects of spindle-shaft
seizure, to make these accident sequences physically reasonable, the analysts used idealized models of the dynamics of rotating
masses. Idealized physical modeling also was used to provide approximate values of accident parameters that lead to branching
down different accident progression paths. The exacerbating conditions of balancing machine over-speed and improper assembly
of the fixture to the face plate are also addressed.
NTIS
Test Facilities; Shafts (Machine Elements); Seizures; Fault Trees; Spindles; Balancing; Accidents

38
QUALITY ASSURANCE AND RELIABILITY

Includes approaches to, and methods for reliability analysis and control, inspection, maintainability and standardization.

19750008795 Lawrence Livermore National Lab., Livermore, CA, USA

FaMt tree analys_s: An o_,erv_ew
Lambert, H., Lawrence Livermore National Lab., USA; Aug 6, 1974; 17p; In English; Conf. on Reliability and Fault Tree
Analysis, 3-4 Sep. 1974, Berkeley, CA, USA; Sponsored by AEC
Report No.(s): UCRL-75904; CONF-740906-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
The construction, evaluation, and uses of the fault tree analysis of systems are discussed.
NSA
Safety Management; System Failures; Systems Analysis; Systems Engineering

18
197500 H642, USA
Re|iabi/_ty aaa|ys_s on e|eetronie eirea_its_ Praetiea| application of reliability predicti<_ns with applieati_n _ff fai|ure mode
analysis sod fault tree analysis palidl_4_edsana@se af elektroniske k_edsleb, prakisk brug aj)_alide@hed,_'jbr_&'igeIse saint
brug qf fejle_Jbk.tanagyse og j?jltraeanalyse
Hogsholm, A., USA; Nov 1, 1974; 61p; In Danish
Report No.(s): ECR-46; Avail: CASI; A04, Hardcopy; A01, Microfiche
Two phases in the design of a reliable electronic circuit are treated. In the first phase the aim is to estimate the circuit reliability
and if the latter is not sufficient, advise how the reliability can be improved. The circuit reliability is computed using parts count
technique and reliability block diagrams. In second, the phase, the effects of component failures that will occur are investigated.
In applying failure mode effect analysis and fault tree analysis the critical failures are found. Some general rules for avoiding
critical failures are presented and examples showing the use of these are given.
CASI
Circuit Diagrams; Failure Analysis; Reliability Engineering

19750019337 California Univ., Operations Research Center., Berkeley, CA, USA

Fau|t tree analysis: Reliability the(_ry and systems safety ar_a|ysis
Chatterjee, R, California Univ., USA; Nov 1, 1974; 130p; In English
Contract(s)/Grant(s): N00014-69-A-0200-1036; F33615-73-C-4078; NR PROJ. 042-238
Report No.(s): AD-A004209; ORC-74-34; Avail: CASI; A07, Hardcopy; A02, Microfiche
In this report the author solves various problems in fault tree analysis and coherent structure theory. In Chapter 1, fault tree
construction methodology and mathematical notations are presented. Chapter 2 deals with minimal cut sets. Two algorithms,
complete with proofs, are presented. In Chapter 3, the concept of module and an algorithm to obtain the finest modular
decomposition is presented. Its potential use in obtaining various systems characteristics efficiently is pointed out. The concept
of module is similar to that of committee in Game Theory. In Chapter 4, various concepts of importance and methods for
computing them are presented.
DTIC
Reliability; Safety Factors; Systems Analysis

19750062855
Re,ability sod fault tree analysis: Theoretical m_d applied aspects of system reliability sod safety assessment; Proceedings
of the C_m_re_ee, University (ff CN_i_rnia_ Berkeley, Calif., September 3:7, 1974
Barlow, R. E., editor, California, University, USA; Fussell, J. B., Aerojet Nuclear Co., USA; Singpurwaila, N. D., George
Washington University, USA; Jan 1, 1975; 965p; In English; Reliability and fault tree analysis: Theoretical and applied aspects
of system reliability an safety assessment: Conference, September 3-7, 1974, Berkeley, CA; Sponsored by AEC
Contract(s)/Grant(s): N00014-69-A-0200-1070; N00014-67-A-0214; NR PROJECT 347-020; NAVY TASK 0001; Copyright;
Avail: Issuing Activity
Aspects of fault tree methodology are examined, taking into account a computer aided fault tree construction for electrical
systems, a safety simulation language for chemical processes, and a method to reduce the cost of analysis. The computer analysis
of fault trees and systems is discussed along with the mathematical theory of reliability, the theory of maintained systems, the
statistical theory of reliability, questions of network reliability, and computer reliability. Subjects related to reliability and fault
tree applications are also considered, giving attention to reliability quantification techniques used in the Rasmussen study, the
application of the fault tree technique to a nuclear reactor containment system, and an approach to reliability assessment.
AIAA
Computerized Simulation; Conferences; Failure Analysis; Reliability Engineering; System Failures; Trees (Mathematics)

19760006423 Stanford Univ., Dept. of Statistics., CA, USA

The first passage time d_str_b_t_on for a parallel exponential system Mth repair
Brown, M., Stanford Univ., USA; Aug 15, 1974; 21p; In English
Contract(s)/Grant(s): N00014-67-A-0112-0085; NR PROJ. 042-267
Report No.(s): AD-A013276; SU-TR-205; Avail: CASI; A03, Hardcopy; A01, Microfiche
In system reliability studies, one obtains via a fault tree analysis, the various combinations of possible events which lead to
system failure. These events can be characterized by a collection of minimal cut sets; a minimal cut set of components has the
property that if all components in the set are simultaneously out of order the system fails, independently of the behavior of other
components, and is minimal in that none of its proper subsets has this property. The author obtains the generating function,

19
moments
andasymptotic
distribution
forthefirstpassagetimedistribution
ofaparallel system.
These,
usedinconjunction
with
theESAry-Proschan
inequality,
should yieldgoodapproximations tosystemreliability.
DTIC
Exponential
Functions;
Reliability
Engineering;Statistical
Analysis

19760009395
KamanSciences
Corp.,ColoradoSprings,
CO,USA
GOeva_uatkm
ofPWRspraysystemFinal Report
Long, W. T., Kaman Sciences Corp., USA; Aug 1, 1975; 92p; In English; Sponsored by Electric Power Research Inst.
Report No.(s): PB-245114/4; EPRI-350-1; Avail: CASI; A05, Hardcopy; A01, Microfiche
GO methodology is presented and its application demonstrated by performing a reliability analysis of a conceptual PWR
containment spray system. Certain numerical results obtained are compared with those of a prior fault tree analysis of the same
system. Basic data on the PWR containment spray system analyzed herein was provided in the form of schematics, functional
descriptions, and subsystem failure data. Using this information, a GO model was created and exercised to ascertain the
probabilities of occurrence (point estimates) of all events of interest including specifically the likelihoods of reducing pressure
and removing radioactive iodine. These results do not vary significantly from those obtained in the prior study. Reasons for
variations are noted.
GRA
Nuclear Power Reactors; Reliability Engineering; Sprayers

197600_7527 Aerojet Nuclear Co., Idaho Falls, ID, USA

Review of _lt tree anNysis u,_h emphasis on limitatio_
Fussell, J. B., Aerojet Nuclear Co., USA; Jan 1, 1975; 18p; In English; Conf. on Intern. Federation of Autom. Control, Cambridge,
MA, USA
Report No.(s): CONF-750860-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
An overview, with references for additional detail, is given for the analyst who wishes to apply the fault tree method for system
reliability and safety analysis to industrial situations. The applicability of fault tree analysis and the limitations of such analysis
are discussed. The various quantitative measures of system safety and reliability are presented.
CASI
Reliability Engineering; Systems Analysis; Trees (Mathematics)

19760045890
Computer-aided reliabNty aed safety aeab, s]s of complex systems
Inoue, K., Kyoto University, Japan; Henley, E. J., Houston, University, USA; Jan 1, 1975; 10p; In English; 6th; International
Federation of Automatic Control, Triennial World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by
International Federation of Automatic Control; See also A76-28778 13-63; Copyright; Avail: Issuing Activity
This paper is a review of the state of the art in the area of computer-aided reliability and safety analysis. It covers both
reliability graph analysis and fault tree analysis, by comparing the methods developed for reliability graph analysis with those
of fault tree analysis, it is seen that the two fields have been developed rather independently and yet a unified view and a more
integrated approach to the problem is shown to be possible. Several new algorithms developed by the authors are given which
detect minimal path and cut sets from a reliability graph and a fault tree.
AIAA
Complex Systems; Computer Techniques; Reliability Analysis; System Failures; Systems Analysis

19760O4589 i
A_ integrated approach to system _)_hwe effects
Reid, R. A., Philips' Gloeilampenfabrieken, Netherlands; Jan 1, 1975; 7p; In English; 6th; International Federation of Automatic
Control, Triennial World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by International Federation of
Automatic Control; See also A76-28778 13-63; Copyright; Avail: Issuing Activity
The failure modes and fault tree analysis techniques as used on spacecraft have been applied to a transport system study. A
general approach to systems reliability has evolved and been applied to other systems. Based on an analysis of systems functional
modes, the system level effects of component deviation from nominal are derived. A grouped tree analysis of these events
facilitates the allocation of probahalistic reliability requirements and provides good visibility when fail-safe or similar conditions

20
apply.
Theapproach
isnotlimitedtohardware.
Computerprograms
andothersoftware
canalsobeanalyzed
andrisksdefined
andminimized.
AIAA
FailureModes;
Reliability
Engineering;
System
Failures;
SystemsAnalysis;
Transportation;
Trees(Mathematics)
19760045_93
A reviewof fatdt tree anMysis ,_,ith emphasis on limitations
Fussell, J. B., Aerojet Nuclear Co., USA; Jan 1, 1975; 6p; In English; 6th; International Federation of Automatic Control, Triennial
World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by International Federation of Automatic Control;
See also A76-28778 13-63; Copyright; Avail: Issuing Activity
The fault tree method for system reliability and safety analysis is reviewed, with particular reference to industrial applications.
A fault tree is a graphical representation of a Boolean failure logic associated with the development of a particular top event for
a particular system. The top event of a fault tree occurs when the system passes from the unfailed to the failed state. Components
reliability characteristics are completely described by their time-dependent failure rate and repair rate. The discussion covers such
parameters as reliability and unreliability, availability and unavailability, expected number of failures, and failure rate and repair
rate. Theoretical and implementational limitations of the fault tree methodology are discussed. In particular, degraded
performances other than totally failed cannot be evaluated. Fault tree analysis is shown to be suitable for problems concerning
tangible and intangible systems.
AIAA
Component Reliability; Failure Modes; Reliability Analysis; System Failures; Systems Analysis; Trees (Mathematics)

19770003607 Georgia Inst. of Tech., School of Industrial and Systems Engineering., Atlanta, GA, USA
An applic_t_on of fm_R tree _nm_ysis to open_tiomfl testing
Rankin, G. L., Georgia Inst. of Tech., USA; Jun 1, 1975; 91p; In English
Contract(s)/Grant(s): DAAG39-75-C-0095
Report No.(s): AD-A024206; Avail: CASI; A05, Hardcopy; A01, Microfiche
The problem of designing an operational test for complex military systems is approached using fault tree analysis. Operational
testing, as opposed to developmental testing, must encompass all the various systems, doctrines, organizations, hardwares, and
personnel that impact upon the system. Fault tree analysis is suggested as a method of modeling the entire system for various
critical issues.
DTIC
Reliability Analysis; Tests; Trees (Mathematics)

19770019584 HT Research Inst., Chicago, IL, USA

Update t_} reliabi_Ry _md main*_inability p_mming guide _r Army aviation systems _md components Final Report, JuL
1975 - A_,g. 1976
Mihalkanin, P. A., IIT Research Inst., USA; Aug 1, 1976; 428p; In English
Contract(s)/Grant(s): DAAJ01-75-C- 1094
Report No.(s): AD-A037446; IITRI-E6337-FR; USAAVSCOM-TR-77-15; Avail: CASI; A19, Hardcopy; A04, Microfiche
This guidebook has been prepared to serve as a tool for the R and M Division of AVSCOM and for Program Managers to
use in planning, managing and monitoring R and M programs for aviation systems. Included in the guidebook are basic concepts,
program provisions, guidelines, recommendations and specific R and M plans and procedures. The various provisions presented
in this guidebook were formulated to meet the specific mission needs of AVSCOM's R and M Division, and are planned for use
in support of the acquisition, operation and maintenance of Army aircraft systems and components. The major thrust of the
guidebook is directed toward activities that take place during system development and production. Emphasis has been placed on
mechanical reliability prediction, reliability growth testing, fault-tree analysis, and production reliability assurance techniques
with specific examples applicable to helicopter systems.
DTIC
Armed Forces (USA); Avionics; Reliability

119770020478 Lawrence Livermore National Lab., Livermore, CA, USA

Fm_lt trees _br location of sensors _n chemical processing systems
Lambert, H., Lawrence Livermore National Lab., USA; Jul 30, 1976; 28p; In English; Am. Inst. of Chem. Engr. 69th Ann.
Meeting, 28 Nov. - 2 Dec. 1974, Chicago

21
Contract(s)/Grant(s): W-7405-ENG-48
Report No.(s): UCRL-78442; CONF-761109-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
The concepts of probabilistic importance within the context of fault tree analysis is presented. On the basis of probabilistic
importance of events in fault trees, it is shown how to optimally locate sensors in a system. Two kinds of sensors are described:
preventive sensors to detect early failures of critical redundant components and diagnostic sensors to detect potentially
catastrophic system fault conditions. A SO2-O2 conversion process is chosen as an example to illustrate the methods that are
presented.
ERA
Chemical Reactions; Circuits; Measuring Instruments

197700360gg
On the q_a_lgmgve analysis of prh_r_ty-AND fai|ure hN_e
Fussell, J. B., Tennessee, University, USA; Aber, E. F.; Rahl, R. G., Idaho National Engineering Laboratory, USA; IEEE
Transactions on Reliability; Dec 1, 1976; R-25, pp. Dec. 197; In English; p. 324-326; Copyright; Avail: Issuing Activity
An exact and an approximate method for calculating the probability of occurrence of the output event from priority-AND
(sequential) failure logic is given. The approximate method can be used during fault-tree analysis without modification to existing
quantitative evaluation techniques. Assumptions made include s-independent, exponentially distributed, nonrepairable basic
events as input to the priority-AND failure logic.
AIAA
Circuit Reliability; Failure Analysis; Gates (Circuits); Logical Elements; Reliability Analysis

19780021543 National Technical Information Service, Springfield, VA, USA

Refiabi_ty: Mathemagcal teehnh_ues_ v_}h_me L A b_MhNraphy w_th abstracts Pr_grexs Rep_rt, 1970 - May 1977
Reimherr, G. W., National Technical Information Service, USA; May 1, 1978; 300p; In English
Report No.(s): NTIS/PS-78/0438/8; Avail: CASI; A13, Hardcopy; A03, Microfiche
Topics covered include statistical analysis, fault tree analysis, life testing, failure analysis, and mathematical models as
applied to reliability prediction.
GRA
Reliability Analysis

19780049523
Computer methods for qualitative far,It tree analysis
Gangadharan, A. C.; Rao, M. S. M.; Sundararajan, C., Foster Wheeler Development Corp., USA; Jan 1, 1977; 12p; In English;
Design Engineering Technical Conference, September 26-28, 1977, Chicago, IL; See also A78-33426 13-39; Copyright; Avail:
Issuing Activity
The paper describes the different computer methods used for the reduction of fault trees to minimal cut sets and path sets.
The concepts behind the Monte Carlo simulation technique, the combination testing method, the algorithm using Boolean
Indicated Cut Sets (BICS) and the use of primary numbers are illustrated with a simple example. Computer programs developed
on the basis of these concepts are identified. A new concept of binary bit string (BBS) representation of events and the use of binary
logic operators within the computer for reduction of fault tree are introduced. A computer program, FALTREE, written by the
second author using this new concept is briefly described. It is shown that BBS representation and the binary reduction can result
in substantial savings in computer time.
AIAA
Computer Programs; Failure Analysis; Reliability Analysis; Trees (Mathematics)

19790017233 California Univ., Operations Research Center., Berkeley, CA, USA

Comp_ter_aided fa_flt tree analysis "lbpicaI Research Repor_
Willie, R. R., California Univ., USA; Aug 1, 1978; 104p; In English
Contract(s)/Grant(s): N00014-75-C-0781; AF-AFOSR-3179-77
Report No.(s): AD-A066567; ORC-78-14; Avail: CASI; A06, Hardcopy; A02, Microfiche
Part I of this report discusses a computer-oriented methodology for deriving minimal cut and path set families associated with
arbitrary fault trees. Part II describes the use of the Fault Tree Analysis Program (FTAP), an extensive FORTRAN computer
package that implements the Part I methodology. An input fault tree to FTAP may specify the system state as any logical function
of subsystem or component state variables or complements of these variables. When fault tree logical relations involve

22
complements
of state variables, the analyst may instruct FTAP to produce a family of prime implicants, a generalization of the
minimal cut set concept. FTAP can also identify certain subsystems associated with the tree as system modules and provide a
collection of minimal cut set families that essentially expresses the state of the system as a function of these modules state
variables. Another FTAP feature allows a subfamily to be obtained when the family of minimal cut sets of prime implicants is
too large to be found in its entirety; this subfamily consists only of sets that are interesting to the analyst in a special sense.
CASI
Boolean Algebra; Computer Programs; Operations Research; Trees (Mathematics)

19790020431 National Technical Information Service, Springfield, VA, USA

Refiabi_ity - mathematical tech_fiq_es_ v(_lume 2o A b_Miography w_th abstracts Progress Report, Jun_ 1977 - Apr. 1979
Reimherr, G. W., National Technical Information Service, USA; May 1, 1979; 87p; In English
Report No.(s): NTIS/PS-79/0451/9; NTIS/PS-78/0439; NTIS/PS-77/0445; NTIS/PS-76/0221; Avail: CASI; A05, Hardcopy;
A01, Microfiche
The cited reports discuss reliability prediction using mathematical techniques. Topics covered include statistical analysis,
fault tree analysis, life testing, failure analysis, and mathematical models as applied to reliability prediction.
GRA
Reliability; Statistical Analysis

1979003133g
A mmal Rel_abiIRy and Ma_ltainabil_ty Symposium_ Los Ange|es_ CaliL, 3 am_ary 1% i 9_ 1978_ Proeeeding_
Jan 1, 1978; 557p; In English; Annual Reliability and Maintainability Symposium, January 17-19, 1978, Los Angeles, CA;
Sponsored by IEEE; Copyright; Avail: Issuing Activity
Models of reliability and maintainability of systems are studied, and reliability concepts, attitudes, and policies are described.
Topics discussed include logistics supportability testing, Air Force experience with reliability improvement warranties (RIW),
time series analysis of failure data, contractor risk associated with RIWs, mechanical reliability for low cycle fatigue, effects of
on-off cycling on equipment reliability, a life-cycle management cost model, fault-tree analysis with probability evaluation,
computer-graphic design for human performance, and early identification of high-maintenance helicopters.
AIAA
Conferences; Maintainability; Reliability Engineering

19790032572
Applieafien of the fault tree in fat_t testing and design h_proveme_t Ueber die At_we_du_g des Fehlerbaumes bet der
Fehler_'tgeke u_td K(msCrulrgonsverbesserung
Broschk, K.; Keller, H.; Jan 1, 1978; 6p; In German; Copyright; Avail: Issuing Activity
The method of fault tree analysis is illustrated on some simple systems such as a switchable electric circuit and an aircraft
spoiler system. The technique of fault finding by means of the fault tree is described. An example of how fault tree analysis helps
improve a design by revealing critical events with high probability that can be replaced by ones with lower probability is discussed.
AIAA
Aircraft Reliability; Design Analysis; Failure Analysis; Reliability Engineering; Systems Analysis; Trees (Mathematics)

19g0002023g National Technical Information Service, Springfield, VA, USA

Re|iabRity: Mathemafiea_ techniques. Citafi(m_ fl'(_m the NTIS data base Progress Report, .[_n_ 1977- Ap_; 1980
Reimherr, G. W., National Technical Information Service, USA; Apr 1, 1980; 106p; In English
Report No.(s): PB80-809486; NTIS/PS-79/0451; NTIS/PS-78/0439; Avail: CASI; A06, Hardcopy; A02, Microfiche
The cited reports discuss reliability prediction using mathematical techniques. Topics covered include statistical analysis,
fault tree analysis, life testing, failure analysis, and mathematical models as applied to reliability prediction. This updated
bibliography contains 99 abstracts, 20 of which are new entries to the previous edition.
NTIS
Confidence Limits; Failure Analysis; Reliability

19800037897
An et_eient bottom-up algeritbm for emm_erating minimal cut sets of fault trees
Nakashima, K., Himeji Institute of Technology, Japan; Hattori, Y., Kyoto University, Japan; IEEE Transactions on Reliability;
Dec 1, 1979; R-28, pp. Dec. 197; In English; p. 353-357; Copyright; Avail: Issuing Activity

23
 Thepaperimproves theconventional
bottom-upalgorithmforenumeratingminimalcutsetsoffaulttree.It isprovedthat,
whenthelogicalproduct oftworeducedsum-of-product
formsisexpanded bythedistribution
rule,oneneedonlycheckif each
resulting
termis absorbed bysometermsoftwooriginalsum-of-product forms.Thealgorithmforexecuting thisprocessis
presentedandillustrated
byanexample. Theentirecomputer
program isgiveninasupplementandthecomputational results
for
severalexamples arepresented
todemonstrate
theefficiency
ofthealgorithm.
AIAA
Algorithms;
Computer Programs;FaultTrees;
ReliabilityAnalysis;
RunTime(Computers)

19{g00054967
Dagger-samp_h_g MonteCarlo_r system tmavaiJabRRy evaluatiou
Kumamoto, H.;Tanaka,K.;Inoue,K.,KyotoUniversity,Japan; Henley,
E.J.,Houston, University,
USA;IEEETransactions on
Reliability;
Jun1,1980;R-29,pp.June198;InEnglish; p.122-125; Copyright;Avail:Issuing
Activity
Reliability
problemsusually
resultinrare-eventsimulations,
andhencedirectMonteCarlomethods areextremelywasteful
ofcomputer time.Thispaperpresents
anewapplication of'dagger-sampling',
forcalculating
thesystem unavailability
ofalarge
complicated systemrepresented
byacoherent faulttree.Sinceasmallnumber ofuniform random numbersgenerateanumber
oftrials,dagger-sampling
appreciably
reduces computation time,andhence a largenumber oftrialsbecomepossible forthe
rare-eventproblems.Further,dagger-samplingdecreases thevarianceof theMonteCarloestimator becauseit generates
negativelycorrelated
samples.
AIAA
Availability;
FaultTrees;
MonteCarloMethod; Random Sampling;Reliability
Analysis;RunTime(Computers)

19800056179
ABoolean approach tocommm_ ca_lse
anallysis
Worrell,R.B.; Stack, D.W.,Sandia Laboratories,USA;Jan1,1980;4p;InEnglish;AnnualReliability andMaintainability
Symposium, January 22-24,1980,SanFrancisco,CA;SeealsoA80-40301 16-38;Copyright;
Avail:IssuingActivity
It is shownthatatransformation ofvariables canbeusedtoachieve qualitative
commoncause analysis.
Transformation
equations thatrelatecauseevents
totheprimary eventsofafaulttreearedescribed,
andthesubstitutions
thatchange
theminimal
cutsetequation forthetopeventofthefaulttreefromafunction ofprimaryevents
toafunction
ofcause events
areexplained.
Examples arepresented whichshowthatdifferentkindsofcommon causeanalysis
areaccomplished
bysimple modifications
of
thetransformation equations.
AIAA
Boolean Functions; Failure
Analysis;
FaultTrees; Reliability
Analysis;
Transformations
(Mathematics)
19800064632
Repairable
m_llfiphase
systems
- Markovand fa_llt-tree approaches ii_r rdiability evahlation
Clarotti, C. A., Comitato Nazionale per l'Energia Nucleare, Italy; Contini, S., Sigen S.p.A., Italy; Somma, R., Selenia S.p.A., Italy;
Jan 1, 1980; 14p; In English; Synthesis and analysis methods for safety and reliability studies, July 3-14, 1978, Urbino, Italy;
Sponsored by In: Synthesis and analysis methods for safety and reliability studies; Proceedings of the Advanced Study Institute;
See also A80-48801 21-38; Copyright; Avail: Issuing Activity
In order to evaluate the fault-tree technique and the Markov approach to phased mission systems, both approaches are applied
to a specified mission. It is shown that while the fault-tree technique leads to an approximate solution to phased mission problems,
the Markov approach gives an exact analytical solution. The limitations and advantages of each of these approaches are discussed.
AIAA
Fail-Safe Systems; Fault Trees; Markov Processes; Reliability Analysis; Space Missions; Spacecraft Reliability

19810002898 Science Applications, Inc., Advanced Power Systems Div., Palo Alto, CA, USA
Extension and _,alidat_on of fauR_tree analysis for rdiability preSdcti(m
Land, R., Science Applications, Inc., USA; Rayes, L., Science Applications, Inc., USA; Bums, E. T., Science Applications, Inc.,
USA; Sep 1, 1980; 121p; In English
Report No.(s): EPRI-AP-1510; Avail: CASk A06, Hardcopy; A02, Microfiche
The reliability projection for a type of fossil fueled power plant which makes use of a combustion turbine and heat recovery
steam generator in parallel operation with a package boiler is presented. The fault tree methodology was used to estimate both
the mean plant reliability plus a confidence interval for the calculated reliability prediction. The input component failure rates,
including the error bounds were updated from an integrated data base obtained from the best available data. The estimated

24
reliability results using a model representative of the initial two years of plant operation were compared with the reliability from
plant operating experience data for a similar period, and these are presented. The estimated reliability for continuous plant
operation for 500 hours is in good agreement with the plant operating experience. It is concluded that the fault tree methodology
can be applied directly to both the qualitative and quantitative prediction of power plant reliability.
DOE
Electric Power Plants; Fault Trees; Prediction Analysis Techniques; Reliability Analysis

19810008957 Massachusetts Inst. of Tech., Energy Lab., Cambridge, MA, USA

Qmflitative and qmmtitative re_i_bifity analysis of s_i_.ty systems
Karimi, R., Massachusetts Inst. of Tech., USA; Rasmussin, N., Massachusetts Inst. of Tech., USA; Wolf, L., Massachusetts Inst.
of Tech., USA; May 1, 1980; 288p; In English; Sponsored in part by Boston Edison Co., Mass.
Report No.(s): PB81-118325; MIT-EL-80-015; Avail: CASI; A13, Hardcopy; A03, Microfiche
A code was developed for the comprehensive analysis of a fault tree. The code designated UNRAC (UNReliability Analysis
Code) calculates the following characteristics of an input fault tree: (1) minimal cut sets; (2) top event unavailability as point
estimate and/or in time dependent form; (3) quantitative importance of each component involved; and (4) error bound on the top
event unavailability. Overall it is demonstrated that UNRAC is an efficient, easy to use code and has the advantage of being able
to do a complete fault tree analysis with this single code. Applications of fault tree analysis to safety studies of nuclear reactors
are considered.
NTIS
Component Reliability; Computer Programs; Fault Tolerance; Fault Trees; Reliability Analysis

1981001 i920 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA
Integrat_g re_iaMJRy a_alysis and design
Rasmuson, D. M., Edgerton, Germeshausen and (;tier, Inc., USA; Oct 1, 1980; 68p; In English
Contract(s)/Grant(s): DE-AC07-76ID-01570
Report No.(s): ALO-131; EGG-IS-5187; Avail: CASI; A04, Hardcopy; A01, Microfiche
The Interactive Reliability Analysis Project is described and the advantages of using computer-aided design systems (CADS)
in reliability analysis are enumerated. Common cause failure problems require presentations of systems, analysis of fault trees,
and evaluation of solutions to these. Results have to be communicated between the reliability analyst and the system designer.
Using a computer-aided design system saves time and money in the analysis of design. Computer-aided design systems lend
themselves to cable routing, valve and switch lists, pipe routing, and other component studies.
DOE
Computer Aided Design; Fault Trees; Reliability Analysis; Reliability Engineering; System Failures

198100_4944 Battelle Columbus Labs., OH, USA

Comparative analysis of teelmiques for evaluatieg _he effectiveness of aircraft computing systems
Hitt, E. E, Battelle Columbus Labs., USA; Bridgman, M. S., Battelle Columbus Labs., USA; Robinson, A. C., Battelle Columbus
Labs., USA; Apr 1, 1981; 156p; In English
Contract(s)/Grant(s): NAS 1-15760
Report No.(s): NASA-CR-159358; Avail: CASI; A08, Hardcopy; A02, Microfiche
Performability analysis is a technique developed for evaluating the effectiveness of fault-tolerant computing systems in
multiphase missions. Performability was evaluated for its accuracy, practical usefulness, and relative cost. The evaluation was
performed by applying performability and the fault tree method to a set of sample problems ranging from simple to moderately
complex. The problems involved as many as five outcomes, two to five mission phases, permanent faults, and some functional
dependencies. Transient faults and software errors were not considered. A different analyst was responsible for each technique.
Significantly more time and effort were required to learn performability analysis than the fault tree method. Performability is
inherently as accurate as fault tree analysis. For the sample problems, fault trees were more practical and less time consuming to
apply, while performability required less ingenuity and was more checkable. Performability offers some advantages for evaluating
very complex problems.
S.E
Fault Tolerance; Fault Trees; Reliability Analysis

25
19920007581
LosAlamos Scientific
Lab.,NM,USA
Fa_l_re
modeanalysis
usingstatevariables
derivedfromfauRtreesw_thapp]icafio_
Bartholomew,
R.J.,LosAlamosScientific
Lab.,USA;Jan1,1981;1lp; InEnglish;
ANS/ENSTopical
Meeting
on Probabilistic
Risk Assessment, 20-24 Sep. 1981, Port Chester, NY, USA
Contract(s)/Grant(s): W-7405-ENG-36
Report No.(s): DE81-030239; LA-UR-81-2595; CONF-810905-3; Avail: CASI; A03, Hardcopy; A01, Microfiche
Fault Tree Analysis (FTA) is used extensively to assess both the qualitative and quantitative reliability of engineered nuclear
power systems employing many subsystems and components. FTA is very useful, but the method is limited by its inability to
account for failure mode rate of change interdependencies (coupling) of statistically independent failure modes. The state variable
approach (using FTA derived failure modes as states) overcomes these difficulties and is applied to the determination of the
lifetime distribution function for a heat pipe thermoelectric nuclear power subsystem. Analyses are made using both Monte Carlo
and deterministic methods and compared with a Markov model of the same subsystem.
DOE
Failure Modes; Fault Trees; Independent Variables; Nuclear Electric Power Generation

19820016495 Beijing Inst. of Control Engineering, China

A new approach for fau_t°tree analysis
Jion Sheng, L., Beijing Inst. of Control Engineering, China; ESA 2nd ESA Prod. Assurance Syrup.; Jan 1, 1982, pp. p 57-62;
In English; See also N82-24362 15-31; Avail: CASI; A02, Hardcopy; A01, Microfiche
The disjoint manipulation rules (DMR) of Boolean algebra used to write the disjoint failure function directly from a fault tree
(FT) are discussed. Programs which enumerate minimal cut sets, prime implicit sets, and transform the system failure function
to disjoint form are simplified to a unique program. The coherent and noncoherent systems can be handled consistently. The FT
decomposition and reduction techniques are combined. Each module is replaced by a pseudo basic event from the FT, and
replicated modules are discarded. The effective size of the FT is the number of events remaining after the modules are replaced,
and the amount of computation decreases exponentially.
CASI
Failure Analysis; Fault Trees; Set Theory

19_2003 _852
Fault diagnos{s by mathematical programmi_g
Watanabe, T.; Yasunobu, C.; Okuma, M., Hitachi, Ltd., Japan; IEEE Transactions on Reliability; Oct 1, 1981; R-30, pp. Oct. 198;
In English; p. 345-352; Copyright; Avail: Issuing Activity
This paper presents the problem of fault diagnosis for logically represented continuous systems that can be formulated
through nonlinear mathematical programming. This problem is transformed to an integer-programming problem and solved.
Possible modifications and extensions of the problem are given. Although failure tables must be prepared in ordinary fault
diagnosis, they are not necessary with this mathematical programming approach, by modifying constraints in the mathematical
programming problem, difficulties such as multiple faults, correlated faults, modifications of test conditions and cycles in the
system, which are encountered in the ordinary failure table approach, are made tractable.
AIAA
Boolean Algebra; Digital Systems; Failure Analysis; Fault Trees; Mathematical Programming; Maximum Likelihood Estimates;
Reliability Analysis

19S20056837
A_,a_ysis of re_iabiJi{-y block diagrams by Boolea_ teelmiques
Bennetts, R. G., Cirrus Computers, Ltd., UK; IEEE Transactions on Reliability; Jun 1, 1982; R-31, pp. June 198; In English; p.
159-166; Copyright; Avail: Issuing Activity
A general purpose method for producing reliability expressions from reliability block diagrams based on an analysis of a
pathset expression derived from the reliability block diagram is described. The resulting expression is tested for disjoitness and
procedures are defined for making the terms disjoint if the test is failed. Unassigned variables are reintroduced into the terms in
a manner which is consistent with an overall Boolean function and still guarantees disjointness. Relationships between Boolean
and probabalistic algebras are explored and notation is defined, and the solution is found in terms of the test and modify algorithm

26
without
usingatruthtable.Themethod
is concluded
tobeapplicable
tofanlt-tree
analysis
andgeneral
problems
ofreliability
assessment,
usingonlyahandcalculator.
AIAA
BlockDiagrams;BooleanAlgebra;
FaultTrees;
Probability
Theory;
Reliability
Analysis

19830011947 Katholieke Univ.teLeuven, Belgium

Interactive
reliabilityana]ys_s by usieg SALP aetl Computer-Aided Fa_t-Tree Synthesis (CAFTS)
Poucet, A., Katholieke Univ. te Leuven, USA; Demeester, R, Katholieke Univ. te Leuven, USA; Amendola, A., Joint Research
Centre of the EEC; Caretta, A., Joint Research Centre of the EEC; ESA Reliability and Maintainability; Sep 1, 1982, pp. p
285-289; In English; See also N83-20178 10-38; Avail: CASI; A01, Hardcopy; A06, Microfiche
The SALP-CAFTS software package permits to interactively construct, modify and analyze fault trees and can be used
together with libraries containing component reliability models and reliability data. Extensive use of interactive graphics and
modem techniques such as selection menus and full screen data entry panels results in an excellent interface between the analyst
and the computer, by this interactive approach, the analyst is relieved from routine work, so that his/her attention is better focused
on critical points of the analysis. Moreover, one has the possibility to perform sensitivity studies and system design optimization
in a very fast and effective way.
M.G.
Computer Programs; Computer Techniques; Fault Trees; Reliability Analysis

19830020199 British Aerospace Dynamics Group, Reliability Technology Dept., Stevenage, UK

Comp_ter program_ _r design safety_ reliability maintai_aM|ity a_a|ysis
Oconnor, R D. T., British Aerospace Dynamics Group, UK; Defence Quality Assurance Board Sere. on Quality Assurance in
Design and Develop.; Jan 1, 1982, pp. p 15-28; In English; See also N83-28468 17-38; Avail: CASI; A03, Hardcopy; A01,
Microfiche
Reliability prediction using parts count techniques, and nonconstant failure rates (Weibull life plot shape parameter, Beta +
1) are considered. For electronic systems, MIL-HBK-217C (Notice 1 May 1980) is used to provide the failure rate models and
data base, since it includes stress analysis failure rate models. Failure mode, effect and criticality analysis program in conjunction
with MIL-HBK-1629 is discussed. Fault tree analysis and block diagram analysis are treated. Maintainability prediction, based
on MIL-HBK-472, is reviewed.
CASI
Computer Aided Design; Computer Systems Programs; Maintainability; Prediction Analysis Techniques; Reliability Analysis;
Systems Analysis

19830031438
Reliability assessme**t and tech,_iques
Sampath, R., Defence Research and Development Laboratory, India; Aeronautical Society of India; May 1, 1981, pp. vol. 33; In
English; Feb.-May 1981, p. 27-33; Avail: Issuing Activity
Reliability prediction is an important step at the design stage of certain vital equipment whose development is expensive and
time consuming. It pays itself by cutting off the time cycle and also building up reliability in the design. A number of techniques
are available for reliability prediction: Those using Parts Count Method, Parts Stress Analysis and Fault Tree Analysis are
discussed in this paper. The methodology, the strengths and weaknesses of each method are pointed out. Action required to make
these methods realistic and of practical significance to industries is also indicated.
AIAA
Component Reliability; Electronic Equipment; Mathematical Models; Prediction Analysis Techniques; Reliability Engineering;
Structural Reliability

19830039296
ESCAF - A new and et_eap system [k_rcompIex re|iabi|_ty analysis and computation
Laviron, A.; Manaranche, J. C., Commissariat a l'Energie Atomique, Centre d'Etudes de Valduc, Is-sur-Tille, France; Camino,
A., Commissariat a l'Energie Atomique, France; IEEE Transactions on Reliability; Oct 1, 1982; R-31, pp. Oct. 198; In English;
p. 339-349; Copyright; Avail: Issuing Activity
A new apparatus, the electronic simulator to compare and analyze failures (ESCAF), is introduced as a means to analyze the
reliability of systems with up to 416 components. ESCAF operates by simulating a system using the electronic gates of ICs
mounted on specially configured cards. The component state is input and the failed or nonfailed state of the system is output after

27
afault-tree
analysis.
A faultcombinationgeneratorsimulated thefailureofallsystemcomponentsortheoccurrenceofallbasic
events,employingincreasingordersofsimulationuntilthemostcomplex orderofevents isaccounted
for.Inputoftheindividual
eventprobabilities,
component failureprobabilities,
orcomponent unavailabilities
yieldscomputationof theoverallsystem
failureprobability
orunavailability.
A serialtransmissionlinkisprovidedforinterconnectwithamini-ormicrocomputer.Use
ofthedeviceforspacecraftornuclear powerplantsafety analyses isindicated.
AIAA
ElectronicEquipment;FailureAnalysis;FaultTrees;ReliabilityAnalysis;Reliability
Engineering;
Systems Simulation

19830066397
I_tervalreliabi]ityfori_itiatingaede_abli_g events
Dunglinson, C.,E.I.DuPontdeNemours andCo.,USA;Lambert, H.;IEEETransactions onReliability;Jun1,1983; ISSN
0018-9529; R-32,pp.June198;InEnglish; p.150-163; Copyright; Avail:IssuingActivity
Thispaperdescribes generationandevaluation oflogicmodels suchasfaulttreesforinterval
reliability.
Interval
reliability
assessestheabilityofasystem tooperate overaspecific timeinterval
withoutfailure.
Theanalysis requiresthatthesequence of
eventsleadingtosystem failurebeidentified.
Twotypesofevents aredescribed:(1)initiating
events (cause disturbances
of
perturbations
in system variables)
thatcause system failureand(2)enabling events(permitinitiatingevents tocause system
failure).
Control-system failuresaretreated.
Theengineering andmathematical concepts aredescribedintermsofasimplified
example ofapressure-tank system.Laterthese same concepts areusedinanactualindustrialapplicationinwhichanexisting
chlorinevaporizersystem wasmodified toimprove safetywithoutcompromising system availability.
Computer codesthatare
capableofperforming thecalculations,andpitfallsin computing accident
frequencyinfaulttreeanalysis,arediscussed.
AIAA
Computer AidedDesign; FaultTrees; PressureVessel Design;Reliability
Analysis;System Failures;Systems Analysis

19830069 _4_BritishLibraryLending
Div.,Boston Spa,UK
C_mseque_ee/ea_se diagrams
Farris,L.;Mazzocchi,A.;Sep9,1982;15p;Transl.intoENGLISHfromChim.Ind.(Milan),v.61,no.3,Mar.1979;InEnglish
Report No.(s):BLL-RISLEY-TR-4172-(9091.9F); Copyright;
Avail:BritishLibraryLending
Div.,Boston
Spa,Engl.,Unavail.
Microfiche
Noabstract.
Causes; FailureAnalysis;
FaultTrees;
Reliability
Analysis

1983007_982Australian
AtomicEnergy
Commission,LucasHeights,Australia
FaMttreeanalysis:Mettmdandsymb_ls
Nov1,1980;24p;Transl.
intoENGLISHfromGerman Standard
DIN-25424,Jun.1977;
InGerman
Report
No.(s):DE81-700889;
AAEC-LIB/TRANS-733; Avail:CASI;A03,Hardcopy;
Avail:CASIHCA03/;A01,Microfiche;
USSalesOnly
Noabstract.
ComputerPrograms;
DataProcessing;
FailureAnalysis;
FaultTrees;
Mathematical Models;
Reliability
Engineering

19830075603 ScienceApplications,
Inc.,PaloAlto,CA,USA
Verification
offaulttreeana|ysiso
Vehicle2: "I_elmiea_ description,s
Rothbart, G., Science Applications, Inc., USA; Fullwood, R., Science Applications, Inc., USA; Basin, S., Science Applications,
Inc., USA; Newt, J., Science Applications, Inc., USA; Escalera, J., Science Applications, Inc., USA; May 1, 1981; 167p; In
English; Sponsored by EPRI
Contract(s)/Grant(s): EPRI PROJ. 1223
Report No.(s): DE81-903495; EPRI-NP-1570-VOL-2; Avail: CASI; A08, Hardcopy, Microfiche
No abstract.
Circuit Boards; Fault Trees; Printed Circuits; Reliability Analysis

28
119830677066
Science
Applications,
Inc.,Palo Alto, CA, USA
Verification o_°_'a_t tree analys_. Volume 1: Experiments and results
Rothbart, G., Science Applications, Inc., USA; Fullwood, R., Science Applications, Inc., USA; Basin, S., Science Applications,
Inc., USA; Newt, J., Science Applications, Inc., USA; Escalera, J., Science Applications, Inc., USA; May 1, 1981; 147p; In
English
Contract(s)/Grant(s): EPRI PROJ. 1233
Report No.(s): DE81-903324; EPRI-NP- 1570-VOL- 1; Avail: CASI; A07, Hardcopy, Microfiche
No abstract
Complex Systems; Component Reliability; Maintenance; Reactor Safety; Systems Simulation

19840013823 Los Alamos Scientific Lab., NM, USA

Stats variable method of fault tree analysis
Bartholomew, R. J., Los Alamos Scientific Lab., USA; Knudsen, H. K., New Mexico Univ., USA; Whan, G. A., New Mexico
Univ.; Jan 1, 1984; 28p; In English; Symp. on Space Nucl. Power Systems, 10-12 Jan. 1984, Albuquerque, NM, USA
Contract(s)/Grant(s): W-7405-ENG-36
Report No.(s): DE84-006007; LA-UR-84-53; CONF-840113-5; Avail: CASI; A03, Hardcopy; A01, Microfiche
The current technique of Fault Tree Analysis (FTA) generally employs computer codes that calculate the minimal cut sets
of the Boolean function, where each cut set comprises basic initiator events (roots) whose intersection implies the occurrence of
a TOP (system failure) event. Because the number of calculations is very large for typical fault trees, the importance of any given
cut set is assessed by qualitative algorithms that includes the number of basic events in the cut set, and quantitative importance
algorithms that involve probabilistic upper and lower bound estimates, and the sets are culled before quantitative probability
calculations are made. The question addressed in this paper is: can a tractable mathematical model be found that performs
quantitative calculations without the need of upper or lower bound simplications and include within its structure the capability
of handling common cause/common mode statistical dependence, failure mode coupling interdependence, and sequential failure
time dependence.
DOE
Algorithms; Coding; Computer Programs; Fault Trees; Statistical Analysis

1984(_063709
Fau_t tree analysis_ taking into account causes (_f comic, on mode failure_
Stecher, K., Siemens AG, Germany; Siemens Forschungs- und Entwicklungsberichte; Jan 1, 1984; ISSN 0370-9736; 13, 4, 19;
8p; In English; Copyright; Avail: Issuing Activity
In evaluating fault trees using Boolean algebra and system function, subsystems can only be separated out if there are no
failures of multiple-system components attributable to a common cause; i.e., so-called common-mode failures. For systems with
distributed common modes, the effort required for this evaluation increases exponentially with the number of design components.
This problem has been solved by means of a method in which the reliability data for the simple components are inserted on the
lowest possible level of evaluation, whereas the data for the common modes are substituted at the top of the fault tree. The method
described provides the basis for a computer program.
AIAA
Complex Systems; Failure Analysis; Failure Modes; Fault Trees; Reliability Analysis

19840_68960 Kernforschungszentrum G.m.b.H., Projekt Nukleare Sicherheit., Karlsmhe, Germany

_Failure d_agnos_s a_d fault tree analysis
Weber, G., Kernforschungszentrum G.m.b.H., Germany; Jul 1, 1982; 114p; In English
Report No.(s): DE82-750171; KFK-3384; Avail: CASI; A06, Hardcopy; Avail: CASI HC A06/; A02, Microfiche; US Sales Only
No abstract.
Boolean Algebra; Boolean Functions; Failure Analysis; Fault Trees; Reactor Safety

119859027903
From fault-tree to fauit-identi_eafion
Kiss, L., Magyar Tudomanyos Akademia, Hungary; IEEE Transactions on Reliability; Dec 1, 1983; ISSN 0018-9529; R-32, pp.
422-425; In English; Copyright; Avail: Issuing Activity

29
 Apractical
wayisgivenofidentifying
actual
faults,
byusingafaulttree'scomplete
system
ofminimalcutsets.
Forinstance,
forafaulttreewhere20cutsets
areconsidered
with30possible
primalevents, anyofthemcanbefoundinatmostthreesteps
bytheproposed FID-algorithm.
MAA
Boolean Algebra; Fault Trees; Parameter Identification; Reliability Analysis

19850056_5
Classification of Characteristics - Rich sotwee of test requ]ren_ents
Pope, M.; Dirnbach, P. H., Rockwell International Corp., USA; Jan 1, 1984; 6p; In English; 8th; Aerospace Testing Seminar,
March 21-23, 1984, Los Angeles, CA; Sponsored by Insititute of Environmental Sciences and Aerospace Corp.; See also
A85-38251 17-14; Avail: Issuing Activity
Test requirements are found in connection with three different situations. Thus, a contract may contain test requirements, or
interpretations of test requirements. Another situation requiring the conduction of tests is related to design or development
processes, while a third situation is produced by the need to conduct failure assessment studies. An analytical technique called
'Classification of Characteristics' provides the means for a detailed and highly graphic assessment of possible failure modes. This
technique applies to design characteristics which affect personnel safety or mission reliability. The basic steps for implementing
Classification of Characteristics include an identification of the component or system failure modes and their causes by a fault
tree analysis, and a classification of the failure modes as critical or major. Attention is also given to the identification of all design
characteristics related to possible failure modes, the coordination of the required action with certain organizations, and aspects
of documentation.
AIAA
Classifications; Failure Analysis; Failure Modes; Production Planning; User Requirements

119_50064527
Fatflt tree analysis, methods_ a_d applications - A review
Lee, W. S.; Grosh, D. L.; Tillman, F. A., Kansas State University, USA; Lie, C. H., Seoul National University, USA; IEEE
Transactions on Reliability; Aug 1, 1985; ISSN 0018-9529; R-34, pp. 194-203; In English; Research supported by the Korea
Science and Engineering Foundation
Contract(s)/Grant(s): N00014-76-C-0842; NSF INT-82-15755; Copyright; Avail: Issuing Activity
This paper reviews and classifies fault-tree analysis methods developed since 1960 for system safety and reliability. Fault-tree
analysis is a useful analytic tool for the reliability and safety of complex systems. The literature on fault-tree analysis is, for the
most part, scattered through conference proceedings and company reports. The literature has been classified according to system
definition, fanlt-tree construction, qualitative evaluation, quantitative evaluation, and available computer codes for fanlt-tree
analysis.
AIAA
Fault Trees; Reliability Analysis

19850064529
A reliability-program case-h_story o_ design review
Kitagawa, K., Tokyo Science University, Japan; IEEE Transactions on Reliability; Aug l, 1985; ISSN 0018-9529; R-34, pp.
212-215; In English; Copyright; Avail: Issuing Activity
This paper summarizes the investigative results of actual design reviews as an important part of reliability program, and
describes several reliability engineering efforts to achieve an effective design review. Design data packages (design
documentation) which indicate the basic design program and design process are important in design reviews. When attention is
concentrated on a data package, the ability of the reviewers is heightened and the results of the review are enhanced. When the
design review is concerned with product reliability, then the availability and quality of: (1) a data package with established
reliability level objectives and predictions, (2) a Failure Mode Effect Analysis and a Fault Tree Analysis, and (3) other data
packages on product reliability and related technology or engineering, all greatly influence the results of the review. The potential
weak points in a design can be revealed by over-stress tests and the results of such tests are very useful in the reliability design
review. The improved design which can withstand the adequate overstress tests appreciably lessened customer complaints about
reliability.
MAA
Design Analysis; Reliability Engineering

3O
1985006738l
MechanicalR&M mode/i_l_ andsimulation methods
Bazovsky,
I.,Sr.,IBA,Inc.,USA;Benz,G.E.;Jan1,1984;6p;InEnglish; Annual Reliability
andMaintainability
Symposium,
January24-26,1984,SanFrancisco, CA;Sponsored byIEEE,AIAA,ASME;SeealsoA85-49526 24-38;Copyright;
Avail:
Issuing
Activity
Theoryis developed forthereliabilityof mechanical
components asa functionof theirageandforthereliabilityof
mechanical
systems. It isshownthatrenewal theorycanbeusedinpractical applicationstoavoidtheburden of keeping
age
records
oneverypart.Twoclasses of maintenance policiesareinvestigated;
onereplaces onlyfailedcomponents,theother
replaces
components preventivelyandatfailure.It is shownthata logictreeapproach tosimulationprovidesfora mixof
techniques
whichcantreatsuchproblems asreduction inmaintenance
floatforexpensiveweapons, andreduction
inpartsdisposal
formachines processinghazardousmaterials.
AIAA
ComponentReliability; FaultTrees;
Maintenance; MechanicalEngineering; Reliability
Analysis;SystemsSimulation

19850070711 Nuclear
Regulatory
Commission, Div.ofSystems
andReliability
Research.,
Washington,
DC,USA
Faulttreehandbook
Haasl,D.F.,Nuclear
Regulatory
Commission, USA;Roberts,N. H.,Nuclear
Regulatory
Commission,
USA;Vesely,W.E.,
NuclearRegulatory
Commission,
USA;Goldberg, F.E,NuclearRegulatory
Commission,
USA;Jan1,1981;
215p;InEnglish
ReportNo.(s):NUREG-0492;
Avail:CASI;A10,Hardcopy,Unavail.Microfiche
Noabstract.
FaultTrees;
Nuclear
Power
Plants;
Reliability
Analysis;
Systems
Analysis

19860036268
Digraphmatrixarlalysis
Sacks,
I. J.,Analytic Information Processing, Inc., USA; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34,
pp. 437-446; In English; Research supported by the U.S. Nuclear Regulatory Commission and Analytic Information Processing,
Inc; Copyright; Avail: Issuing Activity
This paper describes a systematic procedure for constructing a Boolean reliability model from plant schematics, and a
technique for determining all sets of single and double component failures which will cause system failure. This technique, called
digraph matrix analysis, uses a fault graph instead of the more traditional fault tree. Digraph matrix analysis was recently applied
to the system interaction analysis of a very large safety system (over ten thousand components) and is being used to determine
security system vulnerabilities.
AIAA
Boolean Algebra; Fault Trees; Graph Theory; Matrices (Mathematics); Reliability Analysis; System Failures

19860036270
Fault-tree analysis using a binary decision tree
Schneeweiss, W. G., Fernuniversitaet, Germany; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34, pp.
453-457; In English; Copyright; Avail: Issuing Activity
A new algorithm for the production of a short disjoint-products form of a fault-tree output function is presented and discussed.
This algorithm consists of a sequential binary decision process to find first big, then smaller sets of elementary system-failure
states which correspond to disjoint-product terms. The identification of bad and good system states can be eased by a simple
ternary (3-state) decision for which an auxiliary procedure is presented. The main advantages of this algorithm appear to be its
efficiency, simplicity, and usefulness as an alternative (in the sense of multiversion programming for software fault tolerance) for
the Shannon decomposition algorithm.
AIAA
Boolean Functions; Decision Theory; Fault Trees; Reliability Analysis; System Failures; System Identification

198601)36271
Uncertainty analysis tff fault-tree <mtp_ts
Rushdi, A. M., King Abdulaziz University, Saudi Arabia; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34,
pp. 458-462; In English; Copyright; Avail: Issuing Activity
The multiaffine nature of the top-event probability as a function of component unavailability is recognized. This leads, under
the assumption of statistically independent failures, to the derivation of an exact formula relating the variance of the system

31
unavailability
tothevariances
ofthecomponent
unavailability.
Concise expressions for other central moments of the system
unavailability are obtained. The variance formula partitions contributions due to the input variables and their interactions, and
can be used to rank these variables by an importance that is related to well known measures of statistical importance. The variance
formula is extended to handle linearly correlated input variables through the inclusion of certain joint central moment terms.
MAA
Availability; Fault Trees; Partitions (Mathematics); Probability Theory; Reliability Analysis; Variance (Statistics)

19860045366
Fa_lt_re ana_ys_s - Present concepts and future perspectives
Raghuram, A. C., National Aeronautical Laboratory, India; Shamala, A. R., Indian Space Research Organization, Satellite Centre,
India; Jan 1, 1986; 15p; In English; See also A86-29951; Copyright; Avail: Issuing Activity
Aspects of failure analysis methodology are discussed, taking into account questions which arise with many failure problems,
the common causes and defects in failure, the graphical technique provided by the 'fault tree', the quantitative evaluation of the
fault tree, and the applications of fault tree analysis. Attention is given to the tools and techniques used in failure analysis, a fault
tree for a boiler tube failure, the role of fracture mechanics, storage and retrieval of failure data, a failure experience matrix,
reliability and failure analysis, and the economics of quality performance. It is concluded that failure analysis and fracture
mechanics when used in combination judiciously will help reduce incidence of failures and improve reliability of engineering
structures in an economical way.
AIAA
Failure Analysis; Fracture Mechanics; Structural Failure; Technology Assessment

19870027551
Fau|t tree mmlys_s - Two ease Nstor_es
Strauss, B. M., Teledyne Engineering Services, USA; Damin, D. G., E. I. du Pont de Nemours and Co., USA; Materials Evaluation;
Aug 1, 1986; I S SN 0025-5327; 44, pp. 1132 - 113; In English; Copyright; Avail: Is suing Activity
The technique of fault tree analysis and its relation to a nondestructive testing (NDT) inspection plan is introduced. The use
of fault tree diagrams in conjunction with NDT encourages the use of predictive analysis rather than after-the-fact failure analysis,
resulting in obvious cost benefits. Two case histories are cited.
MAA
Case Histories; Fault Trees; Nondestructive Tests; Numerical Analysis

19880005868 Naval Postgraduate School, Monterey, CA, USA

Fau|t tree reliability analysis of the Nava_ Postgraduate School mi_fi-satel|ite (ORLON)
Keeble, Trenton G., Naval Postgraduate School, USA; Sep 1, 1987; 82p; In English
Report No.(s): AD-A186283; Avail: CASI; A05, Hardcopy; A01, Microfiche
Fault tree analysis, which has proved to be a useful analytical tool for the reliability and safety analysis of complex systems,
is applied to the Naval Postgraduate School Mini-Satellite (ORION). A general background to reliability analysis, fault tree
analysis, and fault tree construction is given. Impact of a phased mission is included in the analysis. A fault tree for ORION is
constructed and used to identify minimal cut sets and minimal path sets. The cuts sets and path sets are, in turn, used to calculate
an estimate of ORION's reliability to perform a three year mission. The reliability model was constructed in a Lotus 1-2-3
spreadsheet to enable the designers to do what-if analysis.
CASI
Computer Aided Design; Fault Trees; Reliability Analysis; Safety; Satellite Design

198800 i5598 Brookhaven National Lab., Upton, NY, USA

Applieat_(ms of fault tree analys_s to the desig_ pr(_eess
Youngblood, R. W., Brookhaven National Lab., USA; Jan 1, 1988; 10p; In English
Contract(s)/Grant(s): DE-AC02-76CH-00016
Report No.(s): DE88-007048; BNL-40839; CONF-880112-1; Avail: CASI; A02, Hardcopy; A01, Microfiche
Fault tree analysis of a system can provide a complete characterization of system failure modes, i.e., what combinations of
component failures can give rise to system failure. This can be applied to the design process at several levels: confirmatory
analysis, in which a fault tree development is used to verify design adequacy, importance analysis, in which fault tree analysis
is used to highlight system vulnerabilities, and design optimization, in which fault tree analysis is used to pick the least expensive

32
configuration
fromacollection
ofpossibilities
satisfying
agivenconstraint.
Experience
shows thatthecomplexity
ofrealsystems
warrants
thesystematic
andstructured
development offaulttreesforsystems
whosefailurecanhavesevereconsequences.
DOE
DesignAnalysis;
FailureModes;
FaultTrees;Optimization;SystemFailures

19_g0(}26195
Re_iabi_ity analysis for a real rmn:cot_ererlt system
Zhang, Qin; Met, Qizhi, Qinghua University, USA; IEEE Transactions on Reliability; Oct 1, 1987; ISSN 0018-9529; R-36, pp.
436-439; In English; Copyright; Avail: Issuing Activity
This paper shows a real noncoherent system, calculates its unavailability, failure frequency, some measures for the element
importance, and the optimum sequence for diagnosis and repair. The unique characteristic of its noncoherence is discussed.
AIAA
Fault Trees; Maintenance; Mtbf; Reliability Analysis

19880056132
Automated _hult tree m_ab'sis via AI/ES
Kuzawinski, Karla M.; Smurthwaite, Richard, Xerox Corp., USA; Jan 1, 1988; 5p; In English; Annual Reliability and
Maintainability Symposium, Jan. 26-28, 1988, Los Angeles, CA, USA; See also A88-43326; Copyright; Avail: Issuing Activity
A description is given of FTA, an interactive fault tree analysis tool that integrates the creation of fault trees with the
propagation of failure rates. This tool allows the engineer to create, modify and manipulate fault trees easily, and requires little
instruction on how to use the software. The fault trees generated are directly used in the propagation of failure rates without having
to exit from the design environment. FTA software runs on a Xerox 1100 series workstation and is written in INTERSLIP-D. The
workstation has a large bit-mapped screen, and users interact with the workstation by input through a keyboard or selection by
a mouse.
AIAA
Automatic Test Equipment; Expert Systems; Fault Trees; Maintainability; Reliability Analysis

198900591 i9 Texas Univ., Austin, TX, USA

Reliability database developme_t i_r use with a_ object-oriented faMt tree evaluatio_ program
Heger, A. Sharif, Texas Univ., USA; Harringtton, Robert J., Texas Univ., USA; Koen, Billy V., Texas, University, USA;
Patterson Hine, E Ann, NASA Ames Research Center, USA; Jan 1, 1989; 5p; In English; Annual Reliability and Maintainability
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38
Contract(s)/Grant(s): NSF DMC-86-15432; Copyright; Avail: Issuing Activity
A description is given of the development of a fanlt-tree analysis method using object-oriented programming. In addition,
the authors discuss the programs that have been developed or are under development to connect a fanlt-tree analysis routine to
a reliability database, to assess the performance of the routines, a relational database simulating one of the nuclear power industry
databases has been constructed. For a realistic assessment of the results of this project, the use of one of existing nuclear power
reliability databases is planned.
AIAA
Data Bases; Fault Trees; Nuclear Power Plants; Object Programs; Object-Oriented Programming; Reliability Analysis

19900006971 Sandia National Labs., Exploratory Batteries Div., Albuquerque, NM, USA
FaMt tree _nalys_s: A too_ for battery s_ffety _nd rel_abNty steadies
Levy, Samuel C., Sandia National Labs., USA; Jan 1, 1989; 7p; In English; 5th; Annual Battery Conference on Applications and
Advances, 16-18 Jan. 1990, Long Beach, CA, USA
Contract(s)/Grant(s): DE-AC04-76DP-00789
Report No.(s): DE90-002582; SAND-89-2312C; CONF-900138-2; Avail: CASI; A02, Hardcopy; A01, Microfiche
Fault tree analysis was used by engineers as a means of defining system failure. It provides a method of system examination
which increases the level of understanding of the system and is helpful in logically determining the underlying causes of potential
failures. A fault tree is composed of a number of symbols, describing different types of events, which are operated on by logic
gates. Construction of a battery fault tree is discussed in terms of two types of event and two logic gates. An example is given of
how fault tree analysis was used to determine the cause of a safety incident. A string of lithium cells on test for several years

33
suddenly ventedviolently.
Faulttreeanalysis
quicklypointedouttheunderlying
faultsleadingtothisevent,andameans
of
preventionwassuggested.
DOE
ElectricBatteries;
FaultTrees;
LogicCircuits;
Reliability;
Systems Analysis
1990003_446
A model for system reliabili_, _,ith common-cause t_ilures
Page, Lavon B.; Perry, Jo Ellen, North Carolina State University, USA; IEEE Transactions on Reliability; Oct 1, 1989; ISSN
0018-9529; 38, pp. 406-410; In English; Copyright; Avail: Issuing Activity
A model for the analysis of systems subject to common-canse failures is proposed. The system consists of a finite number
of components that are subject to: (1) statistically independent failures, and (2) external failure causes (they need not be mutually
statistically independent) for groups of components. Applications to fault-tree analysis and network reliability problems are
discussed.
AIAA
Component Reliability; Failure Modes; Fault Trees; Reliability Engineering; Systems Engineering

19910007082 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA
Living PRAs (Probabilistie Risk Analysis)made easier with IRRAS (h_tegrated Reliability and Risk Analysis System)
Russell, K. D., Idaho National Engineering Lab., USA; Sattison, M. B., Idaho National Engineering Lab., USA; Rasmuson, D.
M., Nuclear Regulatory Commission, USA; Jan 1, 1989; 33p; In English; 10th; International Conference on Structural Mechanics
in Reactor Technology (SMIRT), 14-18 Aug. 1989, Anaheim, CA, USA
Contract(s)/Grant(s): DE-AC07-76ID-01570
Report No.(s): DE90-010938; EGG-M-89329; CONF-890855-60; Avail: CASI; A03, Hardcopy; A01, Microfiche
The Integrated Reliability and Risk Analysis System (IRRAS) is an integrated PRA software tool that gives the user the
ability to create and analyze fault trees and accident sequences using an IBM-compatible microcomputer. This program provides
functions that range from graphical fault tree and event tree construction to cut set generation and quantification. IRRAS contains
all the capabilities and functions required to create, modify, reduce, and analyze event tree and fault tree models used in the analysis
of complex systems and processes. IRRAS uses advanced graphic and analytical techniques to achieve the greatest possible
realization of the potential of the microcomputer. When the needs of the user exceed this potential, IRRAS can call upon the power
of the mainframe computer. The role of the Idaho National Engineering Laboratory of the IRRAS program is that of software
developer and interface to the user community. Version 1.0 of the IRRAS program was released in February 1987 to prove the
concept of performing this kind of analysis on microcomputers. This version contained many of the basic features needed for fault
tree analysis and was received very well by the PRA community. Since the release of Version 1.0, many user comments and
enhancements have been incorporated into the program providing a much more powerful and user-friendly system. This version
is designated IRRAS 2.0. Version 3.0 will contain all of the features required for efficient event tree and fault tree construction
and analysis.
DOE
Architecture (Computers); Computer Graphics; Fault Trees; Reactor Safety; Reliability Analysis; Risk

19910025515
Quautit_cation _ff risk of extreme and eatastropMc events
Haimes, Yacov Y.; Li, Duan, Virginia, University, USA; Sep 1, 1990; 4p; In English
Report No.(s): AIAA PAPER 90-3772; Copyright; Avail: Issuing Activity
Recent research results from fault-tree risk analysis of extreme events within a multiobjective framework are reported. In
particular, the incorporation of the partitioned multiobjective risk method with fault-tree analysis is discussed. The use of a
software package that is being developed for this purpose is presented, and its utility and advantages over existing fault-tree
software packages are discussed.
AIAA
Computer Programs; Fault Trees; Risk; Systems Engineering

19910046438
Reliability analysis of redundant aircraft systems wi_h possible latent thilures
Sharma, Tilak C.; Zilberman, Benyamin, Boeing Co., USA; Jan 1, 1990; 6p; In English; See also A91-31032; Copyright; Avail:
Issuing Activity

34
 Amethodology hasbeendeveloped tocalculate
unreliability
ofredundantairplane
systems containinglatentfailures
with
differinginspectionintervals.
Theusualassumption thatallcomponentsareunfalledatthestartofaflightisnotvalidforthe
airplanesystems investigated.
Theanalysismethodconsistsofrepresenting
aredundantsystem eitherasafaulttreeorareliability
blockdiagram. Thebottom-up approachisrecommended forthefault-tree
representation
whereonestarts fromthelowest AND
gateandcalculates failureprobability.
Thenumberobtained forthetopfanlt-tree
gatewouldrepresent thesystem failure
probabilityinwhichthesystem logicandlatency
havebeenappropriatelyconsidered.
Alternatively,
forasystem representedby
areliabilityblockdiagram, thetop-down approach
isrecommended.
AIAA
AircraftParts;FaultTrees;MarkovProcesses; QualityControl; RedundantComponents; Reliability
Analysis

:1991004645g
Fa_Rtreea_la_ysis = Using spreadsheet
Liu, Ming C., Wichita State University, USA; Jan 1, 1990; 4p; In English; See also A91-31032; Copyright; Avail: Issuing Activity
Design considerations are given for fanlt-tree analysis (FTA) using spreadsheet software. The objective is to demonstrate,
by means of examples, how microcomputer spreadsheet software can be usedas an alternative to the mainframe commercial FTA
package for designing the fault tree and performing tedious computations. Experiences in using this approach for FTA are
described, and the sensitivity analysis of fault-tree research is addressed.
AIAA
Applications Programs (Computers); Fault Trees; Microcomputers; Reliability Engineering; System Failures

19920050552
How to use event seq_e_,ee a_alysis too_s for support_g concurrent engineering
Jackson, Tyrone, Aerospace Corp., USA; Feb 1, 1992; llp; In English
Report No.(s): AIAA PAPER 92-0973; Copyright; Avail: Issuing Activity
The benefits of employing the event sequence analysis method as a better means of integrating reliability analysis with the
design process are presented. An example analysis illustrates that the results provided by the methodology are the same as those
found utilizing reliability block diagram analysis, failure modes and effects analysis, and fault tree analysis. The purpose is to
demonstrate that the technique helps to broaden the prospective of reliability analysis by providing features which have
multidiscipline application.
AIAA
Concurrent Engineering; Design Analysis; Production Engineering; Reliability Analysis; Sequential Analysis

19920059448
A tech_ique {_r proper design, a_,d impact a_a]ysis of _Event Sequeaci_g _ for safety and availability
Agarwala, Ajay S., Boeing Co., Helicopters Div., Philadelphia, USA; Jan 1, 1991; 5p; In English; Annual Reliability and
Maintainability Symposium, Jan. 29-31,1991, Orlando, FL, USA; See also A92-42051; Copyright; Avail: Issuing Activity
This paper discusses 'Event Sequencing', that is, the requirement for certain events to occur in a particular order to achieve
a desirable effect or to avoid an undesirable effect. Such requirements are often motivated by Functionality and Safety
considerations. A simple structured technique is formed from a combination of Goal Tree Analysis and broad Fault Tree analysis
to analyze 'Event Sequencing' in each operational mode. In addition, this technique provides an effective tool for managing and
communicating the design requirements in a concurrent engineering environment involving complex designs with interactive
functions.
AIAA
Availability; Design Analysis; Safety Devices; Sequencing; Systems Engineering

199200736 _6 NASA Ames Research Center, Moffett Field, CA, USA

Automatic translation of digraph to _lt-tree modds
Iverson, David L., NASA Ames Research Center, USA; Jan 1, 1992; 9p; In English; Annual Reliability and Maintainability
Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also A92-56201; Avail: Issuing Activity
The author presents a technique for converting digraph models, including those models containing cycles, to a fault-tree
format. A computer program which automatically performs this translation using an object-oriented representation of the models
has been developed. The fanlt-trees resulting from translations can be used for fault-tree analysis and diagnosis. Programs to
calculate fanlt-tree and digraph cut sets and perform diagnosis with fanlt-tree models have also been developed. The digraph to
fault-tree translation system has been successfully tested on several digraphs of varying size and complexity. Details of some

35
representative
translation
problems
arepresented.
Mostof the computation performed by the program is dedicated to finding
minimal cut sets for digraph nodes in order to break cycles in the digraph. Fanlt-trees produced by the translator have been
successfully used with NASA's Fanlt-Tree Diagnosis System (FTDS) to produce automated diagnostic systems.
AIAA
Fault Trees; Mathematical Models; Object-Oriented Programming

119920073617 NASA Ames Research Center, Moffett Field, CA, USA

Modular tech_que_ for dy_lamie fau_t:tree ana|ys_s
Patterson Hine, E A., NASA Ames Research Center, USA; Dugan, Joanne B., Duke University, USA; Jan 1, 1992; 7p; In English;
Annual Reliability and Maintainability Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also
A92-56201
Contract(s)/Grant(s): NAC2-478; Copyright; Avail: Issuing Activity
It is noted that current approaches used to assess the dependability of complex systems such as Space Station Freedom and
the Air Traffic Control System are incapable of handling the size and complexity of these highly integrated designs. A novel
technique for modeling such systems which is built upon current techniques in Markov theory and combinatorial analysis is
described. It enables the development of a hierarchical representation of system behavior which is more flexible than either
technique alone. A solution strategy which is based on an object-oriented approach to model representation and evaluation is
discussed. The technique is virtually transparent to the user since the fault tree models can be built graphically and the objects
defined automatically. The tree modularization procedure allows the two model types, Markov and combinatoric, to coexist and
does not require that the entire fault tree be translated to a Markov chain for evaluation. This effectively reduces the size of the
Markov chain required and enables solutions with less truncation, making analysis of longer mission times possible. Using the
fanlt-tolerant parallel processor as an example, a model is built and solved for a specific mission scenario and the solution approach
is illustrated in detail.
AIAA
Computer Systems Design; Fault Tolerance; Fault Trees; Object-Oriented Programming; Parallel Processing (Computers);
Reliability Engineering

19920073618
Appr(_ximate fault-tree a,mlys_s without cut sets
Schneeweiss, Winfrid G., Fernuniversitaet, Germany; Jan 1, 1992; 6p; In English; Annual Reliability and Maintainability
Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also A92-56201; Copyright; Avail: Issuing Activity
It is shown that a rather efficient approximate fault tree analysis is possible on the basis of the Shannon decomposition. The
main advantages are: (1) no preprocessing is necessary to determine all the mincuts; (2) the maximum error can be prespecified;
and (3) noncoherent systems and systems with dependent component states can be treated. The main disadvantage is the fact that
the cutting off of certain subtrees of the decomposition tree (for upper bound results) may need some trial and error test
calculations.
AIAA
Boolean Algebra; Fault Trees; Reliability Analysis

99700_ 6788 California Univ., Engineering Systems Research Center, Berkeley, CA USA
Fa_lure _'1o(le_s Der_ve(l Through the I_difference Principle (UCB=ENG-8293) Final Report, 1 Oct. 1992 - 31 ,Ma_: 1_96
Barlow, Richard E., California Univ., USA; Mar. 1996; 7p; In English
Contract(s)/Grant(s): F49620-93-1-0011; AF Proj. 2304
Report No.(s): AD-A315265; AFOSR-TR-96-0489; No Copyright; Avail: CASI; A02, Hardcopy; A01, Microfiche
This draft of a new book entitled ENGINEERING RELIABILITY concerns failure data analysis, the economics of
maintenance policies and system reliability. The purpose of this book is to develop the use of probability in engineering reliability
and maintenance problems. We use probability models in the (1) analysis of failure data; (2) decision relative to planned
maintenance; and (3) prediction relative to preliminary design. Engineering applications are emphasized and are used to motivate
the methodology presented. Part 1 is devoted to the analysis of failure data, particularly lifetime data and failure counts. We begin
by using a new approach to probability applications. The approach starts with finite populations and derives conditional
probability models based on engineering and economic considerations. Infinite population conditional probability models most
often used are approximations to these finite population models. The derived conditional probability models are then the basis
for likelihood functions useful for the analysis of failure data. Part 2 is devoted to the economics of maintenance decisions. We
begin with the economics of replacement decisions. Emphasis is on the time value of money and discounting. Then we consider

36
inspectionpolicies
relative
tooperating
systems andproduction sampling. Part3isdevoted tosystem reliability. Webeginwith
efficientalgorithms
forcomputing
networkreliability.
Networks or block diagrams are abstract system representations useful for
both reliability prediction and maintenance considerations. Availability and maintainability formulas are derived and used in
applications. Fault tree analysis as presented is one of the most useful tools in identifying system failure modes and effects.
DTIC
Failure Analysis; Failure Modes; Performance Prediction; Probability Theory; Reliability Engineering; System Failures

:19980002720 NERAC, Inc., Tolland, CT USA

Re|iabRity: Mathematical Teehrtiques. (Latest dtations {Yore the NTIS Bibliographic Database)
Jan. 1997; In English; Page count unavailable. Supersedes PB96-864442
Report No.(s): PB97-855290; Copyright Waived; Avail: Issuing Activity (Natl Technical Information Service (NTIS)),
Microfiche
The bibliography contains citations concerning mathematical, statistical, and logic techniques used to develop reliability
prediction theories and systems. Topics include fault tree analysis, life testing, failure analysis, probability theory, maximum
likelihood estimation, and Bayesian analysis. Computer modeling, simulation, and related programming are discussed. (Contains
50-250 citations and includes a subject term index and title list.)
NTIS
Bibliographies; Reliability Analysis; Performance Prediction; Statistical Analysis; Prediction Analysis Techniques;
Mathematical Logic

19980016089 NERAC, Inc., Tolland, CT USA

Reliability: Mathematical Teeh_iques_ (Latest CRati(ms fYom the NTIS Bibliographic Database)
Mar. 1996; In English; Page count unavailable.
Report No.(s): PB96-864442; Copyright Waived; Avail: Issuing Activity (Natl Technical Information Service (NTIS)),
Microfiche
The bibliography contains citations concerning mathematical, statistical, and logic techniques used to develop reliability
prediction theories and systems. Topics include fault tree analysis, life testing, failure analysis, probability theory, maximum
likelihood estimation, and Bayesian analysis. Computer modeling, simulation, and related programming are discussed.
NTIS
Bibliographies; Reliability; Failure Analysis; Fault Trees; Mathematical Logic; Performance Prediction

1998{)032455
Reliability (_f composite structures with mulfi-desig_ criteria
Shiao, Michael C., NYMA, Inc., USA; Chamis, Christos C., NASA Lewis Research Center, USA; 1994, pp. 606-615; In English
Report No.(s): AIAA Paper 94-1382; Copyright; Avail: Aeroplus Dispatch
The system (combined) reliability of a composite structure for multidesign criteria is computationally simulated. System
reliability calculation is achieved by probabilistic fault tree analysis with adaptive important sampling (AIS) simulation method.
Two types of AIS simulations are performed. One is based on approximated failure (limit state) functions. Another one is based
on finite element analysis. Three performance criteria are used for demonstration: structural frequency range, safety margin for
stress, and displacement constraint. A probabilistic fault tree analysis using AIS methods for system reliability calculation
considering failure function dependency is demonstrated. It is found that, for this specific example, the system reliabilities
calculated using both AIS approaches agree well to each other. However, the computational time for AIS with approximated
failure functions is ten times less than that for AIS with finite element analysis.
Author (AIAA)
Reliability Analysis; Composite Structures; Structural Design Criteria

19980087666
IEEE Annual Reliability and Maintainability Symposium_ Philadelphia, PA_ jam 13-16, 199% Proceedings
1997; In English; ISBN 0-7803-3783-2; Copyright; Avail: AIAA Dispatch
The present conference discusses reliability and maintainability (R&M)-related topics in the fields of concurrent engineering,
quality assurance, aerospace industry maintenance and aircraft performance, fault-tree modeling, fault-tree analysis automation,
reliability of commercial components, life cycle reliability assessment, software reliability, and commercial off-the-shelf
equipment for military systems. Also discussed are R&M simulation processes in network and large-systems design, Weibull and
Monte Carlo simulations in computer-aided engineering, stress testing for circuit surface mounts, fault tolerance techniques for

37
safety-critical
applications,system reliabilitymodeling viaMarkovchains andsearch algorithms,
quality-oriented
design
using
theShewhart X-bar chart and neural networks, and system maintenance considerations.
AIAA
Conferences; Reliability Analysis; Maintainability; Concurrent Engineering

199g0120613
Co_t_luous state rd_zbi/_ty a_lz_ysis
Yang, Kal, Wayne State Univ., USA; Xue, Jianan, Wayne State Univ., USA; 1996, pp. 251-257; In English
Contract(s)/Grant(s): NSF DMI-95-00126; Copyright; Avail: Aeroplus Dispatch
We extend binary state reliability analysis to continuous state reliability analysis. This extension enables us to analyze both
catastrophic failure and performance degradation simultaneously. The modeling of degradation is based on independent
increment random process or normal random process. Regression analysis is used to estimate degradation parameters. State tree
method is introduced to conduct system reliability analysis for both degradation and catastrophic failure. ANOVA and DOE
techniques are used to assess the criticality of product parameters or components to performance degradation.
Author (AIAA)
Reliability Analysis; Regression Analysis; Fault Trees; Failure Modes

199g0160655
1994 Annual Re]JabRRy and Maintainability Symposium; Proceedil_gs_ Anaheim, CA_ Jan° 24_27_ 1994
1994; In English
Report No.(s): ISSN 0149-144X; ISBN 0-7803-1786-6; Copyright; Avail: Aeroplus Dispatch
The present volume on reliability and maintainability (R&M) discusses built-in-test and testability; safety and quality
systems, environment and life testing; and Fault-Tree analysis tools and applications. Attention is given to effective
reliability-growth models and applications; test and evaluation; system-reliability modeling; and risk-assessment and tradeoff
techniques for space systems. Other topics addressed include concurrent-engineering enabling technologies; R&M requirements;
failure modes and effects analysis; and application of fuzzy logic to reliability and maintainability.
AIAA
Conferences; Reliability Analysis; Quality Control; Aerospace Industry

19980160711
1994 Ammal Reliability and Maintainability Symposium, qhtoria] Notes_ Anaheim_ CA_ Jan. 24-27_ 11994
1994; In English; Copyright; Avail: Aeroplus Dispatch
Various papers on reliability and maintainability are presented. Individual topics addressed include: subroutines for product
assurance; failure mode, effects, and criticality analysis; what Markov modeling can do for you; basic reliability; management,
models, and standards for reliability growth; basic maintainability; practical reliability engineering and management; current
practices in reliability-based probabilistic risk assessment; overview of concurrent engineering; understanding part failure
mechanisms. Also discussed are: software reliability concepts; basic fault-tree analysis; design for reliability; probabilistic models
and statistical methods in reliability; concepts of the statistical design of experiments; using the Taguchi method for improved
reliability; reliability modeling using practical iterative techniques; fault-tolerant computing; experimental analysis of computer
system dependability.
AIAA
Conferences; Maintainability; Reliability Engineering

199g0_70799
Reliability analysis for integrated navigation systems
Wang, Zengxi, Nanjing Univ. of Aeronautics and Astronautics, China; Nanjing University of Aeronautics and Astronautics,
Journal; Apr. 1995; ISSN 1005-2615; Volume 27, no. 2, pp. 206-214; In Chinese; Copyright; Avail: Aeroplus Dispatch
This paper analyses the reliability of GPS/INS/RA integrated navigation systems via the Fault Tree Analysis (FTA) method.
We establish the fault trees with the fault of integrated navigation systems as the top event and the fault of the altitude tunnel as
the top event separately, which provides an intuitive and effective approach to the analysis of the reliability of integrated
navigation systems. On the basis of the resultant fault trees, the mathematical model of the system reliability is derived.
Furthermore, every state of integrated sensors in the maintainable integrated navigation systems is analyzed using Markov process

38
theory,andthestatetranslation
diagram
ispresented.
Finally,thecorresponding
mathematicalmodels
oftheavailability
A and
MTBFareyielded, whicharevaluable
inthequantitative
evaluationofthesystem
reliability.
Author(AIAA)
InertialNavigation;
Reliability
Engineering;
FaultTrees
19989175168
1995AnmialRe]iabNly and Maintuinabiiity Symposium, Tutorial Notes_ WasMngton_ DC_ Jan. 16:19, 1995
1995; In English; Copyright; Avail: Aeroplus Dispatch
Tutorial papers are presented on Failure Mode, Effects, and Criticality Analysis (FMECA); an introduction to Markov
modeling; basic reliability; management, models, and standards for reliability growth; practical maintainability; practical
reliability engineering and management; reliability prediction for the next generation; an overview of concurrent engineering;
reliability program planning in a commercial environment; software reliability and quality; and basic fault-tree analysis. Papers
are also presented on an overview of human reliability, probabilistic models and statistical methods in reliability, an introduction
to benchmarking, the application of accelerated testing techniques in design and production, concepts of statistical design of
experiments, the use of the Taguchi method for improved reliability, reliability modeling using practical iterative techniques,
fault-tolerant computing, the experimental analysis of computer system dependability, and understanding part failure
mechanisms.
AIAA
Conferences; Reliability; Maintainability

19990O443O4
Fat_t Tree Analysis for igniting the sequential circuit and emergency trot-off circuit of a lam_ch vehicle control system
Yang, Shunagjin, Beijing Aerospace Automatic Control Inst., China; Liu, Zhiqing, Beijing Aerospace Automatic Control Inst.,
China; Aerospace Control; Jun. 1998; ISSN 1006-3242; Volume 16,, no. 62, pp. 46-53; In Chinese; Copyright; Avail: AIAA
Dispatch
By using Fault Tree Analysis (FTA) technology, we have analyzed the igniting sequential circuit and the emergency cut-off
circuit of a launch vehicle control system. Some problems are found through FTA, even though some reliability design methods
have been applied to the circuit design, for example, 2/3 vote. For these, improvement methods and suggestions are proposed.
Author (AIAA)
Fault Trees; Ignition; Sequential Control; Launch Vehicles

1999O056O22
1999 Anmm! Reliability and MaintainaWlity Symposi_im, Washington, DC, Jam 18-21, 1999_ Tutorial Notes
1999; In English
Report No.(s): ISSN 0897-5000; Copyright; Avail: AIAA Dispatch
Various papers on reliability and maintainability are presented. Some individual topics addressed are: failure modes, effects,
and criticality analysis; product reliability through stress testing; fanlt-tree analysis of computer-based systems; intelligent use
of regression analysis; practical reliability engineering and management; risk assessment in human reliability analysis; case
studies of uncertainty analysis in reliability and risk assessment; using reliability tools in the new product development process;
basic reliability; reliability prediction; reliability programming planning in a commercial environment; and understanding
electronic-part failure mechanisms. Also considered are: product, process, and accelerated stress testing in benchmarking;
simulation modeling for reliability analysis; software fault tolerance; understanding Weibull analysis; statistical analysis of
reliability, maintainability, and supportability data; software engineering of critical software tools; introduction to software
reliability engineering; and reliability-centered maintenance.
AIAA
Conferences; Reliability Analysis; Maintainability; Reliability Engineering

19999O56O38
Anm_al Reiiabi]ily and Maintuinabiiity Symposium, Washington, DC_ Jan. 18-21_ 1999_ Proceedil_gs
1999; In English
Report No.(s): ISBN 0-7803-5143-6; ISBN 0-7803-5143-6@ISSN 0149-1; Copyright; Avail: AIAA Dispatch
The present volume on reliability and maintainability discusses reliability for space applications; failure modes, effects, and
criticality analysis; reliability prediction; accelerated testing and stress screening; maintenance optimization; and fanlt-tree
analysis. Attention is given to methods in reliability analysis; risk assessment; software reliability; modeling for design

39
improvement; testanddemonstration;
andriskmanagement. Specific topicsaddressed
include
rocket-enginecontrol-system
reliability-enhancementanalysis;
equivalence
relationswithinthefailuremodes andeffectsanalysis;anelectronic-module
environmental-stress-screening
data-evaluation
technique;
theeffectoffailure-distribution
specification
errorsonmaintenance
costs;
adesign imageforautomaticsynthesis
offaulttrees;
reliabilityanalysis
ofsystemswhichoperateindutycycles;
andBayes
analysisforsystem-reliability
inferences.
AIAA
Conferences; Reliability
Analysis;
Maintenance;
FailureAnalysis

19990069924
HernandezEngineering,Inc.,Huntsville, ALUSA
BeautyandTheBeast:Use and Abuse o_°the Fau_t Tree as a Tool
Long, R. Allen, Hemandez Engineering, Inc., USA; 1999; 10p; In English; Systems Safety, 16-21 Aug. 1999, Orlando, FL, USA
Contract(s)/Grant(s): NAS8-40364; No Copyright; Avail: Issuing Activity, Hardcopy
Fault Tree Analysis (FFA) has become a popular too[ for use in the Space Industry for the System Safety Engineer. The fault
tree is used for everything from tracking hazard reports to investigating accidents, as well as presentations to management. Yet,
experience in the space industry has shown the fault tree is used most often for purposes other than its original intent, namely for
evaluating inappropriate behavior in complex systems This paper describes proper application and common misapplications of
the fault tree as a too[ when evaluating inappropriate behavior in complex systems. The paper addresses common misconceptions
and pitfalls about FrA such as tracking only failures, and the belief that Failure Modes and Effects Analysis (FMEA) can be used
in lieu of the fault tree.
Author
Failure Analysis; Trees (Mathematics); Complex Systems

_999g09086_
Sensitivity analysis and design ef observer-based fault diagnes[s systems
Ding, S. X., FH Lausitz, Germany; Jeinsch, T.; Ding, E. L.; Systems Science; 1998; ISSN 0137-1223; Volume 24, no. 1, pp. 51-71;
In English; Copyright; Avail: Issuing Activity
Problems related to observer-based FDI for uncertain dynamic systems are studied. The core of this study is a sensitivity
analysis used for the performance evaluation and an optimization of observer-based FDI systems. Some new results in design and
analysis of observer-based FDI systems are presented.
Author (EI)
Warning Systems; Sensitivity; Diagnosis

39
STRUCTURAL MECHANICS

Includes structural element design, analysis and testing; dynamic responses of structures; weight analysis; fatigue and other
structural properties; and mechanical and thermal stresses in structure. For applications see 05 Aircraft Design, Testing and
Performance and 18 Spacecraft Design, Testing and Performance.

9980:_27608
Desigl_ of a framed building t_sing a probabiiistie _hult tree ana]ys_s method
Chela, F. C., Tennessee State Univ., Nashville, USA; Onwubiko, C., Tennessee State Univ., Nashville; Onyebueke, L. C.,
Tennessee State Univ., Nashville; 1996, pp. 2504-2510; In English
Contract(s)/Grant(s): NAG3-1479
Report No.(s): AIAA Paper 96-1608; Copyright; Avail: Aeroplus Dispatch
This paper shows the application of the probabilistic fault tree analysis (PFTA) method to the design of a framed structure.
The PFTA includes the development of a fault tree to represent the system, construction of an approximation function for bottom
events, computation of sensitivity factors of design variables, and the calculation of the system reliability. The effect of uncertainty
in the design parameters is quantified by changing the standard deviation of some of the design parameters and recomputing the
probability of failure. The computer code employed for the analyses is NESSUS (Numerical Evaluation of Stochastic Structure
Under Stress). A design example is presented. The importance of considering geometry among the random variables in structural
design is quantified.
Author (AIAA)
Frames; Structural Design; Probability Theory; Fault Trees; Structural Analysis

4O
1998O192754
A n assessment method _i)r Made vibration reliability
Ou, Yangde, Beijing Univ. of Aeronautics and Astronautics, China; Kong, Ruilian, Beijing Univ. of Aeronautics and Astronautics,
China; Song, Zhaohong, Beijing Univ. of Aeronautics and Astronautics, China; Journal of Aerospace Power; Apr. 1998; ISSN
1000-8055; Volume 13, no. 2, pp. 161-164; In Chinese; Copyright; Avail: Aeroplus Dispatch
A method is presented to assess the vibration reliability for blade design. The method, which is based on the Campbell diagram
and the PVFA (Probability Fault Tree Analysis) concept, is used to improve conventional assessment methods and to develop an
effective method for resonance identification and assessment of the characteristics of a blade resonance system that consists of
multiple resonant interception on the Campbell diagram at or near the operating speed. This PFTA analysis is useful for improving
the vibration characteristics of this blade and in eliminating blade failure from vibration fatigue.
Author (AIAA)
Structural Vibration; Turbine Blades; Fault Trees; Resonant Vibration; Aircraft Engines; Reliability Analysis

19990075078
Sttldy o_l modular _)tllt tree a_lalysis teetmiq_e with cut sets matrix method
Chen, Jinshui, Tianjin Univ., China; Zhang, Li; Cat, Huiming; Zhang, Chengpu; Chinese Journal of Mechanical Engineering
(English Edition); Jun, 1998; ISSN 1000-9345; Volume 11, no. 2, pp. 81-88; In English; Copyright; Avail: Issuing Activity
A new fault tree analysis (FTA) computation method is put forth by using modularization technique in FTA with cut sets
matrix, and can reduce NP (Nondeterministic polynomial) difficulty effectively. This software can run in IBM-PC and DOS 3.0
and up. The method provides theoretical basis and computation tool for application of FTA technique in the common engineering
system.
Author (EI)
Matrix Theory; Computation; Polynomials; Computer Programs

44
ENERGYPRODUCTION AND CONVERSION

Includes specific energy conversion systems, e.g., fuel cells; and solar, geothermal, windpower, and waterwave conversion systems;
energy storage; and traditional power generators. For technologies related to nuclear energy production see 73 Nuclear Physics. For
related information see also 07 Aircraft Propulsion and Power, 20 Spacecraft Propulsion and Power, and 28 Propellants and Fuels.

19810011109 Aeronautical Research Inst. of Sweden, Structures Dept., Stockholm., USA

St_dy (ff Wi_d E_ergy Convershm Systems (WECS) _n a farm area a_d WECS safety |im_t re(tuireme_ts, Minutes from
expert meeting II[i;A_research and de'_'eiopment WECS_ annex o_e_ st_btask A1
Eggwertz, S., Aeronautical Research Inst. of Sweden, USA; Jun 1, 1980; l14p; In English; In Dutch; IEA WECS Sub-Task A1
Meeting, 25 Feb. 1980, Stockholm, Sweden
Contract(s)/Grant(s): SWEDBESD-5060-601
Report No.(s): FFA-TN-HU-2218; Avail: CASI; A06, Hardcopy; A02, Microfiche
The proceedings include the description of two 2500 kW windmill prototypes, safety studies performed in several countries,
and a contribution concerning fault tree analysis and load case recommendations. The introduction of safe zone, the crack
detection system, and operation during icing conditions are discussed.
CASI
Conferences; Energy Policy; Safety Factors; Windmills (Windpowered Machines); Windpower Utilization

19819040027
A_,aiJability mode_ng methodology applied to solar power systems
Unione, A.; Bums, E.; Husseiny, A., Science Applications, Inc., USA; Solar Energy; Jan 1, 1981; 26, 1, 19, pp. 1981; In English;
p. 55-; Copyright; Avail: Issuing Activity
Availability is discussed as a measure for estimating the expected performance for solar- and wind-powered generation
systems and for identifying causes of performance loss. Applicable analysis techniques, ranging from simple system models to
probabilistic fault tree analysis, are reviewed. A methodology incorporating typical availability models is developed for

41
estimating reliable plant capacity. Examples illustrating the impact of design and configurational differences on the expected
capacity of a solar-thermal power plant with a fossil-fired backup unit are given.
AIAA
Electric Power Plants; Fault Trees; Mathematical Models; Solar Energy Conversion

1989000_929 Sandia National Labs., Exploratory Batteries Div., Albuquerque, NM, USA
l_e_abi_ity analysis (ff lithium ceils
Levy, Samuel C., Sandia National Labs., USA; Bro, Per, Southwest Electrochemical Co., USA; Jan 1, 1988; 16p; In English; 4th;
International Meeting on Lithium Batteries, 23 May 1988, Vancouver, British Columbia, Canada
Contract(s)/Grant(s): DE-AC04-76DP-00789
Report No.(s): DE88-009258; SAND-87-2129C; CONF-880598-2; Avail: CASI; A03, Hardcopy; A01, Microfiche
Fault tree analysis has been used for many years in safety and reliability analyses of nuclear reactors and other large systems.
This technique can also be useful in the design of high reliability lithium cells/batteries and in improving the reliability of existing
designs. The basic building blocks of a fault tree are discussed and an example, using the lithium-sulfur cell, is given.
DOE
Electrochemical Cells; Fault Trees; Reliability Analysis

199290_3534 Gates Aerospace Batteries, Galnesville, FL, USA

_F_u_t tree analysis: NiH2 aerosp_ce cel_s for LEO mission
Klein, Glenn C., Gates Aerospace Batteries, USA; Rash, Donald E., Jr., Reliability Analysis Center, USA; NASA. Marshall Space
Flight Center, The 1991 NASA Aerospace Battery Workshop; Feb l, 1992, pp. p 779-807; In English; See also N92-22740 13-44;
Avail: CASI; A03, Hardcopy; A10, Microfiche
The Fault Tree Analysis (FTA) is one of several reliability analyses or assessments applied to battery cells to be utilized in
typical Electric Power Subsystems for spacecraft in low Earth orbit missions. FTA is generally the process of reviewing and
analytically examining a system or equipment in such a way as to emphasize the lower level fault occurrences which directly or
indirectly contribute to the major fault or top level event. This qualitative FTA addresses the potential of occurrence for five
specific top level events: hydrogen leakage through either discrete leakage paths or through pressure vessel rupture; and four
distinct modes of performance degradation - high charge voltage, suppressed discharge voltage, loss of capacity, and high
pressure.
CASI
Degradation; Electric Discharges; Fault Trees; Nickel Hydrogen Batteries; Reliability Analysis; Spacecraft Orbits; Spacecraft
Power Supplies

54
MAN/SYSTEM TECHNOLOGY AND LIFE SUPPORT

Includes human factors engineering; bionics, man-machine, life support, space suits and protective clothing. For related information
see also 16 Space Transportation and 52 Aerospace Medicine..

19750023679 Army Materiel Command, Intern Training Center., Texarkana, TX, USA
System satiety evaluat_en ef life support systems _r chemical a_(l bielogiea_ protective suits Fb_alReport
Belmonte, R. B., Army Materiel Command, USA; Apr 1, 1975; 84p; In English
Report No.(s): AD-A009312; USAMC-ITC-02-08-75-401; Avail: CASI; A05, Hardcopy; A01, Microfiche
The paper presents a system safety analysis of two air supply sub-systems which are to be used with a chemical and biological
protective suit system. The backpack assembly sub-system has been developed and tested already, whereas the remote air supply
apparatus has not yet been developed. The system safety analysis of each air supply sub-system includes mission analysis,
preliminary hazard analysis, failure mode and effect analysis, flow analysis and fault tree analysis. A reliability model and block
diagram of each sub-system is also included. The results of these analyses indicate that with proper maintenance and trained
personnel the safety provided by these sub-systems should be acceptable.
DTIC
Breathing Apparatus; Life Support Systems; Protective Clothing

42
11996002 _752 Edgerton, Germeshansen and Grier, Inc., System Safety Development Center., Idaho Falls, ID, USA
Impact of the human on system safbty ana_ys_
Nermey, R. J., Edgerton, Germeshausen and Grief, Inc., USA; Horman, R. L., Edgerton, Germeshausen and Grief, Inc., USA; Sep
1, 1985; 34p; In English
Contract(s)/Grant(s): DE-AC07-76ID-01570
Report No.(s): DE86-008182; SSDC-32; Avail: CASI; A03, Hardcopy; A01, Microfiche
The impact of the human and human reliability on the results of probabilistic risk assessment studies is discussed in terms
of some of the standard models used in risk quantification. Three levels of analysis are considered: (1) identification of areas where
the human affects the operational risks; (2) rough scaling and quantification of the effect of the human on operational outcome;
and (3) complete quantification of the risks including consideration of human reliability.
DOE
Error Analysis; Fault Trees; Human Performance; Probability Theory; Reliability Analysis; Risk; Safety

59
MATHEMATICAL AND COMPUTER SCIENCES (GENERAL)

Includes general topics and overviews related to mathematics and computer science. For specific topics in these areas see
categories 60 through 67.

;9770066869
Nadol_al Comp_ter Conferel_ce_ I)allas_ '-£ex, 3une 13-16, 1977_ Proceedings
Korfhage, R. R., Southern Methodist University, USA; Jan 1, 1977; 1039p; In English; National Computer Conference, June
13-16, 1977, Dallas, TX; Sponsored by AFIPS; Copyright; Avail: Issuing Activity
Computer data base administration, the selection of computer architectures, communication networks using
packet-switching, and applications of computing techniques to such topics as clinical research, graphics, information services and
transportation networks are discussed. Subjects of the papers include fault tree analysis of computer systems, a technique for
automatic acquisition of three-dimensional data, the evaluation of computer architectures through test programs, microprocessor
architectures, the impact of microprocessors on health care, computer hardware design, a comprehensive computer base of
information on petroleum resources, modular multimicroprocessors, software acquisition, the design and implementation of an
information base for use in decision-making, and a multimicroprocessor approach to high-speed low-cost continuous-system
simulations.
AIAA
Architecture (Computers); Computer Networks; Computer Systems Design; Computer Techniques; Conferences; Data Bases

60
COMPUTER OPERATIONS AND HARDWARE

Includes hardware for computer graphics, firmware and data processing. For components see 33 Electronics and Electrical
Engineering. For computer vision see 63 Cybernetics, Artificial Intelligence and Robotics.

9720006565 Jet Propulsion Lab., California Inst. of Tech., Pasadena, CA, USA
Program _isth_g for fauJt tree ana_ys_s of 3PL teeh_eal report 32-1542
Chelson, E O., Jet Propulsion Lab., California Inst. of Tech., USA; Dec 1, 1971; 35p; In English
Contract(s)/Grant(s): NAS7-100
Report No.(s): NASA-CR-125064; JPL-TM-33-512; Avail: CASI; A03, Hardcopy; A01, Microfiche
The computer program listing for the MAIN program and those subroutines unique to the fault tree analysis are described.
Some subroutines are used for analyzing the reliability block diagram. The program is written in FORTRAN 5 and is running on
a UNIVAC 1108.
CASI
Computer Programs; FORTRAN; Light Emitting Diodes; Trees (Mathematics); Univac 1108 Computer

19720007535 Douglas United Nuclear, Inc., Richland, WA, USA

Fau_t tree si_m.lafio_ e_mputer program
Crosetti, P. A., Douglas United Nuclear, Inc., USA; Jun 1, 1971; 28p; In English

43
Contract(s)/Grant(s):
AT(45-1)-1857
ReportNo.(s):DUN-7697; Avail:CASI;A03,Hardcopy; A01,Microfiche
Faulttreeanalysisprovides
adeductivefunctionaldevelopment ofaspecific
finalundesired eventthroughlogicstatements
oftheconditions whichcouldcause theevent.Theusefulness of faulttreeanalysisis greatlyenhanced throughquantitative
analysis
orprobabilityevaluationofthefaulttreestoprovideamoreobjective basisforevaluating andimproving thesystems
andtoimprove theprecisionofperformancemeasurements andtrade-off studies.
Sinceaprimaryuseforthefaulttreemethod
is todetermine themoresignificantcontributionstotheprobability of causingtheundesired event,a feasible
approachto
probabilistic
evaluation
ofthetrees
istoconcentratetheeffortonthedominant paths.Thiscanbeaccomplished usingMonteCarlo
simulation,thesimulationbeingperformed onacomputer usinganeventlogicsimulation program. Thecomputer program
discussed
wasprepared andusedforquantitative
evaluationoffaulttreemodels asatoolforevaluating thefunctional
performance
ofnuclearreactor protective
systemsintermsofsystem reliabilityandavailability.
CASI
Computerized Simulation;Electrical
Faults;
MonteCarloMethod; ReactorSafety

19720(}4(}3S2
A m_)me_t meth(_dfor tt_ecalctdati_m
_)fa co_fide_ce
imevva/:fl__r
the_'aR_re
probab_|ityo:_
_a system.
Murchland, J.D.; Weber, G. G.,Karlsruhe, Universitaet,
Germany; Jan1,1972;13p;In English;AnnualReliabilityand
Maintainability
Symposium, January
25-27,1972,SanFrancisco, CA;SeealsoA72-23972 10-15;Copyright;
Avail:Issuing
Activity
Thesystem consideredconsists
ofanumber ofcomponents,whicharebasically interconnected.
Themethoddeveloped is
anextension of ananalyticevaluationapproachregardingthefailureprobability.
Theanalyticapproachplaces
arestriction
on
thedegree ofcomplexity ofthefault-trees
whichcanbehandled. Aspects offanlt-tree
analysis
arediscussed,
givingattention
toexplicitBooleanpolynomials andprobabilitypolynomials.
Nonrepairable andrepairable
components areconsidered.
AIAA
Complex Systems;Confidence Limits;FailureAnalysis;
ProbabilityTheory;Reliability
Analysis;Trees
(Mathematics)

1.9840054984
FauR:
tolerance
in binary tree architectures
Raghavendra, C. S., Southern California, University, USA; Avizienis, A.; Ercegovac, M. D., California, University, USA; IEEE
Transactions on Computers; Jun 1, 1984; ISSN 0018-9340; C-33, pp. 568-572; In English
Contract(s)/Grant(s): N00014-79-C-0866; Copyright; Avail: Issuing Activity
Binary tree network architectures are applicable in the design of hierarchical computing systems and in specialized
high-performance computers. In this correspondence, the reliability and fault tolerance issues in binary tree architecture with
spares are considered. Two different fault-tolerance mechanisms are described and studied, namely: (1) scheme with spares; and
(2) scheme with performance degradation. Reliability analysis and estimation of the fanlt-tolerant binary tree structures are
performed using the interactive ARIES 82 program. The discussion is restricted to the topological level, and certain extensions
of the schemes are also discussed.
AIAA
Architecture (Computers); Circuit Reliability; Computer Systems Design; Fault Tolerance; Fault Trees; Reliability Analysis

19850{}42075
Evaluating response time in a f_mlt), distrib_ted comp_ting system
Garcia Molina, H.; Kent, J., Princeton University, USA; IEEE Transactions on Computers; Feb 1, 1985; ISSN 0018-9340; C-34,
pp. 101-109; In English
Contract(s)/Grant(s): NSF ECS-80-19393; Copyright; Avail: Issuing Activity
This paper presents an evaluation technique which is useful for studying both the performance and the reliability of a
distributed computing system. The distributed system is evaluated from the point of view of a user who submits a request for
service. The proposed technique computes the average time to successful completion of this request, taking into account the
system failures or repairs which may occur before the request is completed. Given a model of the system and its failures, the
performance-reliability measures are computed in an automatic numerical fashion. The technique is computationally intensive,
so it is limited to relatively small systems. However, it can produce results for many interesting cases without an inordinate amount
of computation.
AIAA
Computer Systems Performance; Distributed Processing; Fault Trees; Reliability Analysis; Response Time (Computers)

44
 61
COMPUTER PROGRAMMING AND SOFTWARE

Includes software engineering, computer programs, routines, algorithms, and specific applications, e.g., CAD/CAM. For computer
software applied to specific applications, see also the associated category.

19750060156
Fatdt tree graphics
Bass, L.; Wynholds, H. W.; Porterfield, W. R., Lockheed Missiles and Space Co., Inc., USA; Jan 1, 1975; 6p; In English; Annual
Reliability and Maintainability Symposium, January 28-30, 1975, Washington, DC; See also A75-44202 22-38; Copyright; Avail:
Issuing Activity
Described is an operational system that enables the user, through an intelligent graphics terminal, to construct, modify,
analyze, and store fault trees. With this system, complex engineering designs can be analyzed. This paper discusses the system
and its capabilities. Included is a brief discussion of fault tree analysis, which represents an aspect of reliability and safety
modeling.
AIAA
Complex Systems; Computer Graphics; Failure Analysis; Reliability Engineering

19760914845 Atlantic Richfield Hanford Co., Richland, WA, USA

ALLCUTS: A thst_ comprehensive fauR tree analysis code
Vanslyke, W. J., Atlantic Richfield Hanford Co., USA; Griffing, D. E., Atlantic Richfield Hanford Co., USA; Jul 1, 1975; 133p;
In English
Contract(s)/Grant(s): E(45-1)-2130
Report No.(s): ARH-ST-112; Avail: CASk A07, Hardcopy; A02, Microfiche
A description, user instructions, and a source program listing are presented for ALLCUTS, a FORTRAN computer code for
fault tree analysis. The code was specifically designed to be easy to use as well as fast, versatile, and powerful. It may easily be
modified by a moderately skilled programer to fit the variable needs of the user and the capabilities of his computer. A code,
BRANCH, for determining input data gate and bottom event interrelationships is also presented.
CASI
Coding; FORTRAN; Trees (Mathematics)

]_97g00:_7856 Battelle Pacific Northwest Labs., Richland, WA, USA

RAFT: A eomp_ter program _r fa_dt tree r_sk cancellations
Seybold, G. D., Battelle Pacific Northwest Labs., USA; Nov 1, 1977; 67p; In English
Contract(s)/Grant(s): EY-76-C-06-1830
Report No.(s): BNWL-2146; A01, Unavall. Hardcopy
RAFT calculated release quantities and a risk measure based on the product of probability and release quantity for cut sets
of fault trees modeling the accidental release of radioactive material from a nuclear fuel cycle facility. Cut sets and their
probabilities were supplied as input to RAFT from an external fault tree analysis code. Using the total inventory available of
radioactive material, along with release fractions for each event in a cut set, the release terms were calculated for each cut set. Each
release term was multiplied by the cut set probability to yield the cut set risk measure. RAFF orders the dominant cut sets on the
risk measure.
ERA
Computer Programs; Radioactive Materials; Risk; Trees (Mathematics)

19790606649 Battelle Pacific Northwest Labs., Richland, WA, USA

MFAUU_': A computer program :_=_ranalyzing fault trees
Palto, P. J., Battelle Pacific Northwest Labs., USA; Purcell, W. L., Battelle Pacific Northwest Labs., USA; Nov 1, 1977; 58p; In
English; Sponsored by DOE
Report No.(s): BNWL-2145; Avail: CASI; A04, Hardcopy; A01, Microfiche
A description and user instructions are presented for MFAULT, a FORTRAN computer program for fault tree analysis. The
cut sets of a fault tree, calculates their probabilities, and screens the cut sets on the basis of specified cut-offs on probability and/or
cut set length are identified by MFAULT. MFAULT is based on an efficient upward-working algorithm for cut set identification.
The probability calculations are based on the assumption of small probabilities and constant hazard rates (i.e., exponential failure
distributions). Cut sets consisting of repairable components (basic events) only, non-repairable components only, or mixtures of

45
bothtypescanbeevaluated.
Components
canbeon-lineor standby.
Unavailability
contributions
frompre-existing
failures,
failures
ondemand,
andtesting
andmaintenance
down-time canbehandled.
DOE
Computer Programs;
FORTRAN; Numerical
Analysis;
Trees (Mathematics)
9800l)379l)2
A si_ple event-defnition notation and associated computer programs
Arnborg, S., Forsvarets Forskningsanstalt, Sweden; IEEE Transactions on Reliability; Dec 1, 1979; R-28, pp. Dec. 197; In
English; p. 382-385; Copyright; Avail: Issuing Activity
A notation for defining events to a computer program is described. It has been used in weapon-effect simulation models. It
is simple and can be efficiently processed by computer. Computer codes using the notation have been developed with small effort.
AIAA
Computer Programs; Digital Simulation; Fault Trees; Reliability Analysis; System Effectiveness; Weapon Systems

:19g00056 If0
A n _mprovement in cut and path set determination
Malasky, S. W.; Tregarthen, P. J., AiResearch Manufacturing Company of California, USA; Jan 1, 1980; 7p; In English; Annual
Reliability and Maintainability Symposium, January 22-24, 1980, San Francisco, CA; See also A80-40301 16-38; Copyright;
Avail: Issuing Activity
An algorithm has been developed which makes cut (or path) set determination less dependent on core size and is faster than
conventional computer algorithms used for fault trees in the fields of safety and reliability. The algorithms operate by (1)
determining cut (or path) sets at the second level of each of the branches leading into the top gate, (2) converting the base 10
numbers representing the elements in each cut set into binary strings so that the location of each bit so determined corresponds
to a specific base 10 number, and (3) utilizing a series of Boolean instruments written in assembly language to select minimal cut
sets leading to the top of the tree from those determined at the second level.
AIAA
Algorithms; Computer Programs; Fault Trees; Performance Prediction; Reliability Analysis; System Effectiveness

][9830035436
Using fi_ult trees to find design errors in real time software
Leveson, N. G.; Stolzy, J. L., California, University, USA; Burton, B. A., California, University, USA; Jan 1, 1983; 8p; In English;
2 lst; American Institute of Aeronautics and Astronautics, Aerospace Sciences Meeting, Jan. 10-13, 1983, Reno, NV
Report No.(s): AIAA PAPER 83-0325; Copyright; Avail: Issuing Activity
The application of the technique of software fault tree analysis (SFTA) to the identification of potentially life-threatening
run-time software failure modes or scenarios is examined. The use of software fault tree symbols, derived from the corresponding
hardware symbols, in the lowest level of fault-tree analysis, the code level, is demonstrated for codes written in ADA. In particular,
the backward progress of the interactive analysis, where the user is aided by an automated tool, is illustrated through the high level
programming language constructs of the if-then-else statement, the loop statement, assignment statements, procedure calls and
case statements. Attention is then given to an SFTA tool currently under development, which will be capable of automatic program
construct recognition and fault tree presentation in different program levels. SFTA is concluded to provide a good technique for
the safety analysis of software in the short term, and aid in the development of software safety metrics and safe programming
techniques in the long term.
AIAA
Computer Program Integrity; Fault Trees; Program Verification (Computers); Real Time Operation

_9830()35438
Applying existing safety design teehr6qt_e_ to so_tware s',_ety
Thomas, J. C.; Leveson, N. G., California, University, USA; Jan 1, 1983; 9p; In English; 21st; American Institute of Aeronautics
and Astronautics, Aerospace Sciences Meeting, Jan. 10-13, 1983, Reno, NV
Report No.(s): AIAA PAPER 83-0327; Copyright; Avail: Issuing Activity
Existing software and hardware safety techniques are reviewed to develop techniques for software safety, which is one aspect
of system safety. Hazard elimination is considered in terms of deletion or correction of critical errors through fault tree analysis,
validation techniques, and automatic testing. Detection of the error at a low enough level can be implemented with monitors to
decide whether or not a specific condition exists, if a system is ready for operation or is operating correctly, if the input is

46
appropriate,
if outputisoccurring,
if thelimitisbeingmet,andif themeasuredfactorisabnormal.
Thesestepsareamenable
to
softwareconfiguring. Warningsfromthemonitors canleadtolockouts,lockins,andinterlocks
toisolatehazards
orprevent
incompatibleactionsfromhappening. Fail-safedesign
isdiscussed,together
withfailureminimization
andAdafeatureswhich
enhancereliability.
AIAA
Computer Program Integrity;
ErrorCorrecting Devices;Fall-SafeSystems;
FaultTrees; ProgramVerification
(Computers);
Safety
Management

_98400037
l0 Rome
Air Development Center, Griffiss AFB, NY, USA
The evoh_tkm and practical appiicath>ns of faikwe modes and effects a_yses
Dussault, H. B., Rome Air Development Center, USA; Mar 1, 1983; l14p; In English
Contract(s)/Grant(s): AF PROJ. 2338
Report No.(s): AD-A131358; RADC-TR-83-72; Avail: CASI; A06, Hardcopy; A02, Microfiche
Failure effects analysis allows a product to be studied early in its design and development stages where undesirable failure
effects can be identified and readily corrected. This report is intended to give the reader a broad, general background in techniques
available for failure effects analysis and their usefulness. Sixteen separate techniques, ranging from tabular failure modes and
effects analysis and fault tree analysis to lesser known and more recently introduced techniques such as hardware/software
interface analysis, are discussed. The current status and prospects for the future failure effects analysis are also discussed in the
report.
DTIC
Failure; Failure Analysis; Failure Modes

9_40027570
Ana]yzklg software safety
Leveson, N. G.; Harvey, R R., California, University, USA; IEEE Transactions on Software Engineering; Sep 1, 1983; ISSN
0098-5589; SE-9, pp. 569-579; In English; Research supported by the Hughes Aircraft Co., University of California, and System
Development Corp; Copyright; Avail: Issuing Activity
The application of software controls to critical real time systems in which the consequences of software failure may endanger
human life and property prompts the present consideration of software safety, with attention to the novel technique of 'software
fault tree analysis'. This technique has been employed on a program controlling the flight and telemetry of a University of
California spacecraft. A critical failure scenario has been identified by these means which had not been suspected despite rigorous
prior testing of the program. Portions of this analysis are presented as examples of the results obtainable.
AIAA
Computer Program Integrity; Computer Programs; Electronic Control; Fail-Safe Systems; Fault Trees; Real Time Operation;
Reliability Analysis

19856027911
Sa_k_ty a_alys_s of Aria program_ using fa_flt tree_
Leveson, N. G.; Stolzy, J. L., California, University, USA; IEEE Transactions on Reliability; Dec 1, 1983; ISSN 0018-9529; R-32,
pp. 479-484; In English; Research supported by the University of California and Hughes Aircraft Co; Copyright; Avail: Issuing
Activity
The technique of software fanlt-tree analysis (SFTA) is described using Ada as an example of a real-time programming
language. It is shown that the system approach inherent in SFTA helps determine the safety requirements of the software. Thus,
the preliminary system hazard analysis can be used to determine potential system hazards, and then the hazards can be traced back
to any potential software connection. Particular attention is given to the problems of concurrence and real-time constraints which
are common in these types of applications.
AIAA
Ada (Programming Language); Computer Information Security; Fault Trees; Reliability Analysis; Software Engineering

9_50072474 Japan Atomic Energy Research Inst., Tokyo, Japan

_J@rs' ma_a_ _r the Fq\A:,| (Fatdt "Free An_ys_-JAE_D code system
Ishigami, T., Japan Atomic Energy Research Inst., Japan; Watanabe, N., Japan Atomic Energy Research Inst., Japan; Hikawa, M.,
Japan Atomic Energy Research Inst., Japan; Kaneki, H., Japan Atomic Energy Research Inst., Japan; Horii, H., Japan Atomic
Energy Research Inst., Japan; Sasaki, S., Japan Atomic Energy Research Inst., Japan; Nov l, 1983; 164p; In Japanese

47
ReportNo.(s):DE85-701120;
JAERI-M-83-169;
Avail:CASI;A08,Hardcopy;
Avail:CASIHCA08/;A02,Microfiche;
US
Sales
Only
Noabstract.
ComputerProgramming;
DataProcessing;
FaultTrees;
Information
Systems;
Reactor
Safety

19860011696
LosAlamos
National
Lab.,NM,USA
A state space method of faMt tree analysis with app/ieati_ms °Ibpical
Bartholomew, R. J., Los Alamos National Lab., USA; Dec 1, 1984; 198p; In English
Contract(s)/Grant(s): W-7405-ENG-36
Report No.(s): LA-10298-T; Avail: CASI; A09, Hardcopy; A03, Microfiche
Generic fault trees comprising two, three, and four statistically independent initiators in addition to common cause and
common mode initiators were developed with their Markov and Adjoint models. Failure Mode State Variable (FMSV) models
that represent the probabilities of failure occurrence in 0, t of events depicted by generic fault trees were developed using modem
control theory concepts. The FMSV models are contained within the Adjoint Modes. Several practical fault trees of nuclear reactor
components and subsystems were modeled by the FMSV method. FMSV method is a symbiosis of fault tree analysis and Markov
modeling, therefore is complete and exhaustible as a probability model.
B.G.
Component Reliability; Control Theory; Failure Modes; Fault Trees; Markov Processes

19860037645
An expert _ystem fi)r fa_lt tree co_str_efi_m
Garribba, S.; Guagnini, E., Milano, Politecnico, Italy; Mussio, P., Milano, Universita, Italy; Jan 1, 1985; 7p; In English; See also
A86-22376; Copyright; Avail: Issuing Activity
The architecture of an expert system for the interactive data-driven construction of fault trees is presented. Parts of the system
are now under realization and testing. The system intends to offer a flexible and easy-to-operate tool to the analyst in reliability
assessment of complex engineered installations. The expert system is organized according to a number of knowledge-based
modules that contain metarules, allow to establish rules, and to collect and interpret data. The construction process bases upon
a representation of the elementary components given a term of multiple-valued logical (MVL) trees and results into an MVL-tree.
This tree can be analyzed directly or when requested it can be reduced to a number of binary fault trees.
AIAA
Expert Systems; Fault Trees; Reliability Analysis

19870011332 NASA Langley Research Center, Hampton, VA, USA

The fault-tree e(_mpiler
Martensen, Anna L., PRC Kentron, Inc., USA; Butler, Ricky W., NASA Langley Research Center, USA; Jan 1, 1987; 40p; In
English
Contract(s)/Grant(s): RTOP 505-66-21-01
Report No.(s): NASA-TM-89098; NAS 1.15:89098; Avail: CASI; A03, Hardcopy; A01, Microfiche
The Fault Tree Compiler Program is a new reliability tool used to predict the top event probability for a fault tree. Five
different gate types are allowed in the fault tree: AND, OR, EXCLUSIVE OR, INVERT, and M OF N gates. The high level input
language is easy to understand and use when describing the system tree. In addition, the use of the hierarchical fault tree capability
can simplify the tree description and decrease program execution time. The current solution technique provides an answer precise
(within the limits of double precision floating point arithmetic) to the five digits in the answer. The user may vary one failure rate
or failure probability over a range of values and plot the results for sensitivity analyses. The solution technique is implemented
in FORTRAN; the remaining program code is implemented in Pascal. The program is written to mn on a Digital Corporation VAX
with the VMS operation system.
CASI
Compilers; Fault Tolerance; Fault Trees; Problem Solving; Reliability Analysis; Software Engineering

19890059085
So_ware reliability growth process - A N_e cycle approach
Raheja, Dev G., Technology Management, Inc., USA; Jan 1, 1989; 4p; In English; Annual Reliability and Maintainability
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38; Copyright; Avail: Issuing Activity

48
 Theauthorpresents alife-cycle
cost-reductiontechnique
toachieve rapidgrowthrateinsoftwarereliability
growth.
Hepoints
outthedeficiencies
in thecurrent practices in hardwarereliabilitygrowthprocess andhowtoovercome suchweaknesses in
softwareengineering.
It issuggestedthatfixingerrorsinsoftwareintroducesanegativegrowthbecause theprogrammermaynot
knowwhichpathsareaffected bythechange. Thebestwaytoaccelerate thesoftwarereliabilityandmaintenancegrowthis to
identifyengineering
changes intheearlydesign phases.
TheATAFprogram tendstominimize risksandlowerlife-cycle
costs
significantly.
AIAA
Computer ProgramIntegrity; FaultTrees; LifeCycleCosts; ReliabilityAnalysis;
Software Development Tools

19900056010
Faldt-tolerant
programs
andtheir rel_abiI_ty
Belli, Fevzi, Paderboru, Universitaet-Gesamthochschule, USA; Jedrzejowicz, Piotr, Wyzsza Szkola Morska, Poland; IEEE
Transactions on Reliability; Jun 1, 1990; ISSN 0018-9529; 39, pp. 184-192; In English; Copyright; Avail: Issuing Activity
The authors review and extend available techniques for achieving fanlt-tolerant programs. The representation of the
techniques is uniform and is illustrated by simple examples. For each technique a fault tree has been developed to derive failure
probability from the probabilities of the basic fault events. This allows the subsequent analysis of program-failure causes and the
reliability modeling of computer programs. Numerical examples are given to support the comparison of the reviewed techniques.
The models can be used to evaluate numerical values of program reliability in a relatively simple way. The models deal with
program reliability for a single run, which seems more practical and straightforward than dealing with distributions as for
hardware systems. Evaluations obtained by using models correspond to those used in the literature; however, the authors'
procedures are computationally simpler.
AIAA
Fault Tolerance; Fault Trees; Reliability Analysis

19910013431 Naval Postgraduate School, Monterey, CA, USA

Satiety amllys_s of heterogeneous-m_1_tiprocessor contro_ _ystem s_}ftware
Gill, Janet A., Naval Postgraduate School, USA; Dec 1, 1990; 63p; In English
Report No.(s): AD-A231859; Avail: CASI; A04, Hardcopy; A01, Microfiche
Fault trees and Petri nets are two widely accepted graphical tools used in the safety analysis of software. Because some
software is life and property critical, thorough analysis techniques are essential. Independently Petri nets and fault trees serve
limited evaluation purposes. This thesis presents a technique that converts and links Petri nets to fault trees and fault trees to Petri
nets. It enjoys the combinational benefits of both analysis tools. Software Fault Tree Analysis and timed Petri nets facilitate
software safety analysis in heterogeneous multiprocessor control systems. Analysis use a Petri net to graphically organize the
selected software. A fault tree supports a hazardous condition with subsequent leaf node paths that lead to the hazard. Through
the combination of Petri nets and fault trees, an analyst can determine a software fault if he can reach an undesired Petri net state,
comparable with the fault tree root fault, from an initial marking. All transitions leading to the undesired state from the initial
marking must be enabled and the states must be marked that represent the leaf nodes of the fault tree path. It is not the intention
of this thesis to suggest that an analyst be replaced by an automated tool. There must be analyst interaction focusing the analyst's
insight and experience on the hazards of a system. This method is proposed only as a tool for evaluation during the overall safety
analysis.
DTIC
Computer Programs; Fault Trees; Graphic Arts; Multiprocessing (Computers); Performance Tests; Petri Nets

19920008841 NASA Langley Research Center, Hampton, VA, USA

Gnlph_ca! work_tathm cap_lb_fity for refi_lbi_ty modeling
Bavuso, Salvatore J., NASA Langley Research Center, USA; Koppen, Sandra V., Lockheed Engineering and Sciences Co., USA;
Haley, Pamela J., NASA Langley Research Center, USA; Feb 1, 1992; 14p; In English
Contract(s)/Grant(s): RTOP 505-66-21
Report No.(s): NASA-TM-4317; L-16887; NAS 1.15:4317; Avail: CASI; A03, Hardcopy; A01, Microfiche
In addition to computational capabilities, software tools for estimating the reliability of fanlt-tolerant digital computer
systems must also provide a means of interfacing with the user. Described here is the new graphical interface capability of the
hybrid automated reliability predictor (HARP), a software package that implements advanced reliability modeling techniques.
The graphics oriented (GO) module provides the user with a graphical language for modeling system failure modes through the
selection of various fanlt-tree gates, including sequence-dependency gates, or by a Markov chain, by using this graphical input

49
language, afaulttreebecomesaconvenientnotation
fordescribing
asystem.Inaccountingforanysequencedependencies,
HARP
converts thefault-tree
notation
toacomplex stochastic
process
thatisreducedtoaMarkov chain,
whichit canthensolve
forsystem
reliability.
Thegraphics capability
isavailable
foruseonanIBM-compatible PC,aSun,andaVAXworkstation. TheGOmodule
iswrittenintheCprogramming language
anduses thegraphical
kernalsystem (GKS)standardforgraphicsimplementation.
The
PC,VAX,andSunversions oftheHARPGOmodule arecurrentlyinbeta-testing
stages.
CASI
Computer Graphics; Computer SystemsPerformance; Computer Techniques;DigitalComputers; FailureModes;Fault
Tolerance; FaultTrees;Human-Computer Interface;MarkovChains;Reliability;ReliabilityAnalysis;System Failures;
Workstations

19920059449
So_ware safetya_alys_sinhe_-eregeneo_sm_ltiproeesser controlsystems
Shimeail,TimothyJ.;Mcgraw, RichardJ.,Jr.;Gill,Janet
A.,U.S.NavalPostgraduate School,
USA;Jan1,1991; 5p;InEnglish;
AnnualReliability
andMaintainabilitySymposium, Jan.29-31,1991,
Orlando,
FL,USA;SeealsoA92-42051; Copyright;
Avail:
Issuing
Activity
Manymodern digitalcontrolsystems
usemultiprocessor architectures.
Thispaperdiscussestheanalysisofthesafety
ofthe
softwareinthesecontrolsystemarchitectures,
presentinganintegration
oftwotechniques,software
faulttreeanalysis
andtimed
Petrinetanalysis.
Thisintegrationisdemonstrated usingananalysis
ofamilitaryflightcontrol
system.
AIAA
ControlSystems Design; Design
Analysis; Multiprocessing(Computers);Safety;
SoftwareEngineering

119920066525
NASALangley ResearchCenter, Hampton, VA,USA
Closed-ibrm
seh_t_on
ofdecomposable stochastic models
Sjogren, Jon A., U.S. Army, Avionics Research and Development Activity; NASA, Langley Research Center, USA; Computers
and Mathematics with Applications; Jan 1, 1992; ISSN 0097-4943; 23, 12, 1; 25p; In English; Copyright; Avail: Issuing Activity
Equations to compute failure probabilities of the total (combined) model without a complete solution of the combined model
are presented. A closed-form analytical approach to presentation of probabilities is used on the bases of the Symbolic Hierarchical
Automated Reliability and Performance Evaiuator tool. The techniques under consideration make it possible to compute the
probability function for a much wider class of systems at a reduced computational cost.
AIAA
Fault Tolerance; Fault Trees; Markov Processes; Reliability Analysis; Stochastic Processes

199300_9789 Japan Atomic Energy Research Inst., Tokyo, Japan

Users manual for fa_dt tree analysis code: CUTTD
Watanabe, Norio, Japan Atomic Energy Research Inst., USA; Kiyota, Mikio, Japan Atomic Energy Research Inst., USA; Jun 1,
1992; 57p; In English
Report No.(s): DE93-753272; JAERI-M-92-089; Avail: CASI; A04, Hardcopy; A01, Microfiche
The CUT-TD code was developed to find minimal cut sets for a given fault tree and to calculate the occurrence probability
of its top event. This code uses an improved top-down algorithm which can enhance the efficiency in deriving minimal cut sets.
The features in processing techniques incorporated into CUT-TD are as follows: (1) consecutive OR gates or consecutive AND
gates can be coalesced into a single gate, as a result, this processing directly produces cut sets for the redefined single gate with
each gate not being developed; (2) the independent subtrees are automatically identified and their respective cut sets are separately
found to enhance the efficiency in processing; (3) the minimal cut sets can be obtained for the top event of a fault tree by combining
their respective minimal cut sets for several gates of the fault tree; (4) the user can reduce the computing time for finding minimal
cut sets and control the size and significance of cut sets by inputting a minimum probability cut off and/or a maximum order cut
off; (5) the user can select events that need not to be further developed in the process of obtaining minimal cut sets (this option
can reduce the number of minimal cut sets, save the computing time and assists the user in reviewing the result); (6) computing
time is monitored by the CUT-TD code so that it can prevent the running job from abnormally ending due to excessive CPU time
and produce an intermediate result. The CUT-TD code has the ability to restart the calculation with use of the intermediate result.
A users' manual for the CUT-TD code. is provided.
DOE
Data Processing; Fault Trees; User Manuals (Computer Programs)

50
19940012974 NASALangley Research Center, Hampton, VA,USA
Tutorial:Advanced faulttreeapplieat_ms risingHARP
Dugan, JoanneBechta, DukeUniv.,USA;Bavuso, SalvatoreJ.,NASALangley Research Center,
USA;Boyd,MarkA.,Duke
Univ.,USA;Nov1,1993;30p;InEnglish
Contract(s)/Grant(s):
RTOP505-66-21
ReportNo.(s):NASA-TM-102747; NAS1.15:102747; Avail:CASI;A03,Hardcopy; A01,Microfiche
Reliabilityanalysisoffaulttolerantcomputer systems forcriticalapplications
is complicated
by several
factors.
These
modelingdifficulties
arediscussed anddynamic faulttreemodelingtechniques
forhandlingthemaredescribedanddemonstrated.
Severaladvanced faulttolerantcomputer systems aredescribed,andfaulttreemodels fortheiranalysis
arepresented.
HARP
(HybridAutomated ReliabilityPredictor)
is asoftware packagedevelopedatDukeUniversity andNASALangley Research
Centerthatiscapable ofsolvingthefaulttreemodels presented.
Author(revised)
FaultTolerance;FaultTrees;Reliability
Analysis

19940014909
Loughborough
Univ.of Technology, Dept. of Mathematical Sciences., UK
Opfima_ safety system design using faMt tree anNysis
Andrews, J. D., Loughborough Univ. of Technology, UK; Jun 1, 1993; 32p; In English
Report No.(s): MATHS-REPT-A- 187; Avail: CASI; A03, Hardcopy; A01, Microfiche
A design optimization scheme for systems which require a high likelihood of functioning on demand is described. The final
design specification is achieved by solving a sequence of optimization problems. Each of these problems is defined by assuming
some form of the objective function and specifying a subregion of the design space over which this function will be representative
of the system unavailability. An example of a high pressure protection system was used to demonstrate the technique. Design
parameters for this system include redundancy levels, the number of elements required for a voting system to function, component
selection options and maintenance inspection intervals. Both implicit and explicit contraint forms were used. The implicit
constraints require a full system analysis to determine whether the current design is feasible or not. All system assessments were
carried out using fault tree analysis.
ESA
Computer Program Integrity; Design Analysis; Fault Trees; Optimization; Systems Analysis

19940020083 Naval Postgraduate School, Monterey, CA, USA

An a_tomated too_ to facilitate code translation for software fault: tree m_ys_s
Ordonio, Robert R., Naval Postgraduate School, USA; Sep 1, 1993; 211p; In English
Report No.(s): AD-A273205; Avail: CASI; A10, Hardcopy; A03, Microfiche
A safe system is defined as a system that prevents unsafe states from producing safety failures, where an unsafe state is defined
as a state that may lead to safety failure unless some specific action is taken to avert it. The problem addressed is how to find places
in Ada programs where faults are likely to occur during program execution. The approach is to build an automated translation
tool that translates Ada programs into a software fault tree. The tool works as follows: (1) The Ada parser and lexical analyzer
calls the Automated Code Translation Tool (ACTT) upon recognition of an Ada statement; (2) The ACTT produces a template
representing the statement; (3) The templates are linked together as a software fault tree. The result is a program that takes Ada
source code as input and produces a software fault tree as output.
DTIC
Ada (Programming Language); Fault Trees; Safety; Systems Engineering; Translating

19950013626 Naval Postgraduate School, Monterey, CA, USA

Software fa_t tree analysis of eo_em're_t Aria processes
Reid, William Samual, Jr., Naval Postgraduate School, USA; Sep 1, 1994; 94p; In English
Report No.(s): AD-A284979; Avail: CASI; A05, Hardcopy; A01, Microfiche
The Automated Code Translation Tool (ACTT) was developed at Naval Postgraduate School to partially automate the
translation of Ada programs into software fault trees. The tool works as follows: the Ada parser and lexical analyzer calls the
ACTT upon recognition of an Ada statement; the ACTT produces a template representing the statement; the templates are linked
together. The tool was lacking in that it only looked at a subset of Ada structures. The problem that this thesis addresses is the
implementation of the missing language structures, specifically, concurrency and exception handling, to allow the ACTT to handle

51
alloftheAdastructures.
TheresultisatoolthattakestheAdasource
codeandprovidestheanalystwithasequence
oftemplates,
andsummary information
toassist
inincorporatinghazardinformation
forgeneratingafaulttree.
DTIC
Ada(Programming Language);
AutomaticControl; ComputerPrograms;
FaultTrees;
Machine Translation;
Program
Verification
(Computers);
SoftwareEngineering

19950019625 FinnishCentre forRadiation andNuclear Safety,Helsinki,

Finland
Reliabilityana_ysi_ (ff_(fftware based safetyfunctim_s
Pulkkinen, U.,Technical Research Centre ofFinland, Finland;May1,1993; 65p;InEnglish
Report No.(s):DE95-606516; STUK-YTO-TR-53; Avail:CASEA04,Hardcopy; A01,Microfiche
Themethods applicable inthereliabilityanalysisofsoftware basedsafety functions
aredescribedinthereport. Although
thesafetyfunctions alsoinclude othercomponents, themainemphasis inthereportisonthereliabilityanalysisofsoftware.
The
checklisttypequalitative reliabilityanalysis
methods, suchasfailuremodeandeffects analysis
(FMEA),aredescribed, aswell
asthesoftware faulttreeanalysis. Thesafety analysisbased onthePetrinetsisdiscussed.Themostessentialconcepts andmodels
ofquantitative software reliabilityanalysisaredescribed. Themostcommon softwaremetricsandtheircombined usewith
softwarereliabilitymodels arediscussed. Theapplication ofsoftwarereliabilitymodelsinPSAisevaluated; it isobserved
that
therecent software reliabilitymodels donotproduce theestimatesneeded inPSAdirectly. Asaresultfromthestudysome
recommendations andconclusions aredrawn. Theneedofformalmethods intheanalysisanddevelopment ofsoftware based
systems,theapplicability ofqualitativereliabilityengineering
methods inconnection toPSAandtheneedtomakemoreprecise
therequirements forsoftware based systemsandtheiranalyses intheregulatory guidesshouldbementioned.
DOE
Checkout; Computer Programs; FailureAnalysis; FailureModes; FaultTrees; PetriNets;Qualitative
Analysis; Quantitative
Analysis;ReliabilityAnalysis; Reliability
Engineering; Software Reliability

19960000_7 NavalPostgraduate School,

Monterey, CA,USA
F_ultisolatort_mlf(_rsoftware fmflttreeanalysis
Mason, RussellW.,NavalPostgraduate School,
USA;Mar1,1995; 77p;InEnglish
Report No.(s):AD-A294399; Avail:CASI;A05,Hardcopy; A01,Microfiche
Software faulttreeanalysis(SETA) isatechnique usedtoanalyze softwareforfaultsthatcouldleadtohazardous conditions
insystems whichcontain software components.
Anecessary element ofaSETAprocess istheconstructionofsoftware faulttrees
based uponthesyntactical structure ofthesoftwarebeinganalyzed. Thespecific problemaddressed bythisthesis
ishowcanthe
process ofgenerating softwarefaulttrees baseduponthetranslation ofAdasource codefilesbeautomated. Theapproach taken
toaddress thisproblem wastodevelop anautomated toolthatmanipulatesfilescreatedbytheAutomated CodeTranslation Tool
(ACTT)developed earlierattheNavalPostgraduate School.
TheACTTisanautomated toolthattranslates
Adasource codefiles
intostatement templatetreestructuresthatcanbeusedtoconstruct software faulttrees.
Thisthesis presents
theFaultIsolatorTool
(FIT),anautomated processforlocating andisolating thosepartsofastatement templatetreestructure
generatedbytheACTT
toolthatarerelated tostatements inAdaprograms thattheanalystselectsforevaluation. TheFITtoolthengenerates software
faulttreesinaformcompatible withtheFaultTreeEditor(FTE),aninteractive graphicaleditordevelopedforthedisplay, editing,
andevaluation ofsoftware faulttrees.
DTIC
Ada(Programming Language); FaultTrees; Machine Translation;Program Verification(Computers); ReliabilityAnalysis;
Software Development Tools;Software Reliability

19970005320
Virginia
Univ.,School
ofEngineering
andAppliedScience,
Charlottesville,
VAUSA
Devdopment of a Softu, are Safe_y Process m_d a Case Study of Its Use AnnuJ R_Tort, 1 Aug. I995 _ 31 JuL 1996
Knight, J. C., Virginia Univ., USA; Nov. 1996; 14p; In English
Contract(s)/Grant(s): NAG1-1123
Report No.(s): NASA-CR-202656; NAS 1.26:202656; UVA/528344/CS97/106; No Copyright; Avail: CASI; A03, Hardcopy;
A01, Microfiche
Research in the year covered by this reporting period has been primarily directed toward: continued development of mock-ups
of computer screens for operator of a digital reactor control system; development of a reactor simulation to permit testing of
various elements of the control system; formal specification of user interfaces; fault-tree analysis including software; evaluation

52
of formal verification techniques; and continued development of a software documentation system. Technical results relating to
this grant and the remainder of the principal investigator's research program are contained in various reports and papers.
Derived from text
Program Verification (Computers); Safety Factors; Fault Trees; Control Systems Design; Human-Computer Interface; Nuclear
Reactors; Digital Techniques

199gOOO2851 Newcastle-upon-Tyne Univ., Dept. of Computing Science, Newcastle, UK

FaMt Injeetk_n Testiug of Software lmplemeuted Fau_t To|eral_ee Mechanisms of D_str_buted Systems, series
Tao, S., Newcastle-upon-Tyne Univ., UK; Feb. 1997; 185p; In English
Report No.(s): PB97-181861; TRS-580; Copyright Waived; Avail: CASI; A09, Hardcopy; A02, Microfiche
The thesis investigates the issues of testing software-implemented fault tolerance mechanisms of distributed systems through
fault injection. A fault injection method has been developed. The method requires that the target software system can be structured
as a collection of objects interacting via messages. This enables easy insertion of fault injection objects into the target system to
emulate incorrect behavior of fault processors by manipulating messages. This approach allows one to inject specific classes of
faults while not requiring any significant changes to the target system. The method differs from previous work in that is exploits
an object oriented approach of software implementation to support the injection of specific classes of faults at the system level.
The thesis describes how various mechanisms (for example, clock synchronization protocol, and atomic broadcast protocol) were
tested. The testing revealed flaws in implementation that had not been discovered before, thereby demonstrating the usefulness
of the method. Application of the approach to other distributed systems is also described in the thesis.
NTIS
Fault Tolerance; Computer Programs; Software Development Tools; Injection; Object-Oriented Programming; Computer
Systems Performance

199g0009647 Virginia Univ., School of Engineering and Applied Science, Charlottesville, VA USA
l)eve|opmeut of a Software Safety Process anti a Case Study of Its Use Annual Report, I A _g. 1996 - 31 duL 1997
Knight, J. C., Virginia Univ., USA; Oct. 1997; 13p; In English
Contract(s)/Grant(s): NAG1-1123
Report No.(s): NASA/CR-97-206152; NAS 1.26:206152; UVA/528344/CS98/107; No Copyright; Avail: CASI; A03, Hardcopy;
A01, Microfiche
Research in the year covered by this reporting period has been primarily directed toward the following areas: (1) Formal
specification of user interfaces; (2) Fanlt-tree analysis including software; (3) Evaluation of formal specification notations; (4)
Evaluation of formal verification techniques; (5) Expanded analysis of the shell architecture concept; (6) Development of
techniques to address the problem of information survivability; and (7) Development of a sophisticated tool for the manipulation
of formal specifications written in Z. This report summarizes activities under the grant. The technical results relating to this grant
and the remainder of the principal investigator's research program are contained in various reports and papers. The remainder of
this report is organized as follows. In the next section, an overview of the project is given. This is followed by a summary of
accomplishments during the reporting period and details of students funded. Seminars presented describing work under this grant
are listed in the following section, and the final section lists publications resulting from this grant.
Author
Computer Programming; Safety; Specifications; Evaluation; Technologies

19980111470
A review of research a_d methods for prod_e1_g high-cow, sequence software
Collins, E., Sandia National Labs., USA; Dalton, L., Sandia National Labs., USA; Peercy, D., Sandia National Labs., USA;
Pollock, G., Sandia National Labs., USA; Sicking, C., Sandia National Labs., USA; 1995, pp. 199-245; In English
Contract(s)/Grant(s): DE-AC04-94AL-85000; Copyright; Avail: Aeroplus Dispatch
The development of software for use in high-consequence systems mandates rigorous processes, methods, and techniques
to improve the safety characteristics of those systems. This paper provides a brief overview of current research and practices in
high-consequence software, including applied design methods. Some of the practices that are discussed include: fault tree
analysis, failure mode effects analysis, petri nets, both hardware and software interlocks, n-version programming, Independent
Vulnerability Analyses, and watchdogs. Techniques that offer improvement in the dependability of software in high-consequence
systems applications are identified and discussed. Limitations of these techniques are also explored. Research in formal methods,

53
thecleanroom
process,
andreliabilitymodels
arereviewed.
Inaddition,
currentworkbyseveral leading
researchersaswellas
approaches
beingusedbyleading
practitioners
areexamined.
Author(AIAA)
Software
DevelopmentTools;Safety Factors;
FaultTrees;
FailureModes; Integrated
Circuits;
CircuitReliability

19980120597
AnextensionofGoal-Questhn_-Metr_cparadigm f_rsoftwarere_aM_ty
Stoddard,
RobertW.,TexasInstruments,
Inc.,Dallas,USA;1996, pp.156-162; InEnglish; Copyright; Avail:Aeroplus Dispatch
Thedrivingneedinsoftware
reliabilityistomature
the'physics
of failure' and design aspects related to software reliability.
This type of focus would then enhance one's ability to effect reliable software in a predictable form. A major challenge is that
software reliability, in essence, requires one to measure compliance to customer/user requirements. Customer/user requirements
can range over a wide spectrum of software product attributes that relate directly or indirectly to software performance. The
Goal-Question-Metric paradigm is a popular and effective approach to measurement identification. However, in practice,
additional challenges in using this approach have been encountered. Some of these challenges, though, seem to be alleviated with
use of a reliability technique called success/fanlt tree analysis. Experience has shown that the Goal-Question-Metric paradigm
is conducive to the building of G-Q-M trees which may be analyzed using reliability success/fanlt tree logic.
Author (AIAA)
Software Reliability; Quality Control

1199_0_56606
Automated software :[_dt=tree ana_ys_s of PASCAL programs
Friedman, Michael A., Hughes Aircraft Co., USA; 1993, pp. 458-461; In English; Copyright; Avail: Aeroplus Dispatch
A tool is described that largely automates the process of constructing a software fault-tree of a PASCAL program. Software
fault-tree analysis is based on a series of templates that each map programming language constructs to a subtree. The tool reads
in a PASCAL program and a software-caused hazard (postcondition), and fills it in template subtrees that correspond to the
program's constructs. These subtrees are arranged into a tree of AND and OR gates in which the top event is the postcondition.
Author (AIAA)
Fault Trees; Computer Programs; Pascal (Programming Language)

199g0205670 Newcastle-upon-Tyne Univ., Dept. of Computing Science, Newcastle, UK

()bject_Ba._ed Approach to ModeHi_g and A_m_ys_ of Fa_Iure Properfie._
Cepin, M., Newcastle-upon-Tyne Univ., UK; deLemos, R., Newcastle-upon-Tyne Univ., UK; Mavko, B., Newcastle-upon-Tyne
Univ., UK; Riddle, S., Newcastle-upon-Tyne Univ., UK; Saeed, A., Newcastle-upon-Tyne Univ., UK; Aug. 1997; 22p; In English
Report No.(s): PB98-147887; TRS-598; Copyright Waived; Avail: CASI; A03, Hardcopy; A01, Microfiche
As a basis for the required qualitative evidence, we propose an object-based approach that allows modeling of both the
application and software domains. From the object class model of a system and a formal specification of the failure properties
of its components, we generate a graph of failure propagation over object classes, which is then used to generate a graph in terms
of object instances in order to conduct fault tree analysis.
NTIS
Software Engineering; Failure; Applications Programs (Computers); Fault Trees; Object-Oriented Programming; Safety

:199_02:_2262
A _ h_tegrated approach to achie_ing h_gh _oftware reliability
Lyu, Michael R., Chinese Univ. of Hong Kong, Shatin, Hong Kong; 1998, pp. 123-136; In English; Copyright; Avail: Aeroplus
Dispatch
We address the development, testing, and evaluation schemes for software reliability, and the integration of these schemes
into a unified and consistent paradigm. Specifically, techniques and tools for the three software reliability engineering phases are
described. The three phases are modeling and analysis, design and implementation, and testing and measurement. In the modeling
and analysis phase we describe Markov modeling and fault-tree analysis techniques. We present system-level reliability models
based on these techniques, and provide modeling examples for reliability analysis and study. We describe how reliability block
diagrams can be constructed for a real-world system for reliability prediction, and how critical components can be identified. We

54
alsoapplyfaulttreemodels tofaulttolerant
systemarchitectures,
andformulate theresulting
reliabilityquantity.
Finally,we
describe
twosoftware tools,SHARPE andUltraSAN,
whichareavailable
forreliabilitymodeling
andanalysis purposes.
Author(AIAA)
SoftwareReliability;
Systems Integration;
Software
Development
Tools;MarkovProcesses; FaultTrees; FailureAnalysis

19990054676Raytheon
SystemsCo.,Fullerton,
CAUSA
l)eferm_r_ng
So:_°tware
(Safely)
Leve_stbrSa_°efy-Cr_fical
Systems
Tamanaha, Doris Y., Raytheon Systems Co., USA; Yin, Meng Lal, Raytheon Systems Co., USA; Proceedings of the
Twenty-Third Annual Software Engineering Workshop; June 1999; 43p; In English; See also 19990054657; Original contains
color illustrations; No Copyright; Avail: CASI; A03, Hardcopy; A04, Microfiche
For safety-critical software-intensive systems, software (safety) levels are determined so that the appropriate development
process is applied. This paper discusses issues of applying the results of fault tree analysis to software (safety) levels
determination. In particular, the inconsistency problem, i.e., inconsistent software (safety) levels is addressed and an approach
is presented.
Author
Computer Systems Programs; Fault Trees; Software Engineering; Software Reliability; Reliability Analysis; Consistency

19990056035
Software e_gineering o_°eritk:al so_'tware fools
Sullivan, Kevin J., Virginia, Univ., Charlottesville, USA; 1999; In English; Copyright; Avail: AIAA Dispatch
This tutorial surveys important concepts in modern software engineering, with a focus on software architecture, formal
description, object-orientation, and component-based design. Special attention is given to the Galileo fault tree analysis tool.
AIAA
Software Engineering; Object-Oriented Programming; Software Development Tools; Computer Aided Design; Fault Trees

19990056048
A design langt_age _k_rautomatic synthesis o:__:_°aulffrees
Vemuri, Kiran K., Hewlett-Packard Co., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Sullivan, Kevin J., Virginia,
Univ., Charlottesville; 1999, pp. 91-96; In English
Contract(s)/Grant(s): NSF CCR-95-02029; NSF CCR-95-06779; NSF MIP-95-28258; Copyright; Avail: AIAA Dispatch
The separation of digital system design and reliability analysis incurs unnecessary costs, delays, and quality penalties. This
paper introduces a graphical design language called RIDL (Reliability Information embedded Design Language) for modeling
digital systems. In RIDL, redundancy and failure information is embedded within block diagram schematics, without significantly
altering the physical block diagram models typically used by design engineers. A system schematic in RIDL has all of the
information needed for reliability analysis without a need for additional textual descriptions. A dynamic fault tree model can be
automatically synthesized from a RIDL system model. Designers can use the synthesized fault trees to obtain rough reliability
analyses at an early conceptual design stage, to evaluate the potential of this approach, we have applied it to several example
systems.
Author (AIAA)
Reliability Analysis; Fault Trees; Programming Languages; Digital Systems; Computer Graphics; Failure Analysis

19990056049
Bridging the gap between systems a_d dy_amie t_ult tree models
Manian, Ragavan, FORE Systems, Inc., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Sullivan, Kevin J., Virginia,
Univ., Charlottesville; Coppit, David W., Virginia, Univ., Charlottesville; 1999, pp. 105-111; In English
Contract(s)/Grant(s): NSF CCR-95-02029; NSF CCR-95-06779; NSF MIP-95-28258; Copyright; Avail: AIAA Dispatch
Fault tolerant systems are composed of subsystems that interact with each other, often in complex ways. Analyzing the
reliability of these systems calls for sophisticated modeling techniques. One such technique is dynamic fault tree analysis. Because
the semantics of dynamic fault trees are themselves complex, there is a question of whether such models are faithful
representations of the modeled systems, and whether the underlying analysis techniques are correct. Previous definitions of the
modeling constructs employed in dynamic fault trees were not precise or consistent enough, leading to ambiguities in their
interpretation. We present our efforts at making the dynamic fault tree modeling and evaluation process precise. Our aim was to
improve our confidence in the validity of dynamic fault tree models of system failure behavior, by rigorously specifying fault trees

55
andtheirconstituent
gatesandbasicevents,
wewereabletoreason
moreeffectively
aboutthecorrectness
of fault trees, the
underlying analytical Markov models, and the numerical solution to these analytical models.
Author (AIAA)
Reliability Analysis; Fault Trees; Dynamic Models; Fault Tolerance; System Failures; Markov Processes

:19990(_66_ _5
U.qe of pr_e impl_cants _n dependability analy.q_s _f sol, ware controlled systems
Yan, Michael, ASCA, Inc., USA; Apostolakis, George; Guarro, Sergio; Reliability Engineering & System Safety; Oct, 1998;
ISSN 0951-8320; Volume 62, no. 1-2, pp. 23-32; In English; Copyright; Avail: Issuing Activity
The behavior of software controlled systems is usually non-binary and dynamic. It is, thus, convenient to employ multi-valued
logic to model these systems. Multi-valued logic functions can be used to represent the functional and temporal relationships
between the software and hardware components. The resulting multi-valued logic model can be analyzed deductively, i.e. by
tracking causality in reverse from undesirable 'top' events to identify faults that may be present in the system. The result of this
deductive analysis is a set of prime implicants for a user-defined system top event. The prime implicants represent all the
combinations of basic component conditions and software input conditions that may result in the top event; they are the extension
to multi-valued logic of the concept of minimal cut sets that is used routinely in the analysis of binary fault trees. This paper
discusses why prime implicants are needed in the dependability analysis of software controlled systems, how they are generated,
and how they are used to identify faults in a software controlled system.
Author (EI)
Computer Programs; Computers; Mathematical Models; Failure Analysis

19990100484
I_creme_ta! retr_eva! mechanisra _r ca_e*based e_ecfro_c fa_t diag_l_s_s
Cunningham, P., Trinity Coll. Dublin, Ireland; Smyth, B.; Bonzano, A.; Knowledge-Based Systems; Nov 12, 1998; ISSN
0950-7051; Volume 11, no. 3-4, pp. 239-248; In English; Copyright; Avail: Issuing Activity
One problem with using CBR for diagnosis is that a full case description may not be available at the beginning of the diagnosis.
The standard CBR methodology requires a detailed case description in order to perform case retrieval and this is often not practical
in diagnosis. We describe two fault diagnosis tasks where many features may make up a case description but only a few features
are required in an individual diagnosis. We evaluate an incremental CBR mechanism that can initiate case retrieval with a skeletal
case description and will elicit extra discriminating information during the diagnostic process.
Author (EI)
Computer Techniques; Software Engineering; Electronic Equipment; Problem Solving

199901 (}7733
ArdfiteeturaI mc}del for sof_:ware reliability quantification: Sources of data
Smidts, C., Univ. of Maryland, USA; Sova, D.; Reliability Engineering & System Safety; May, 1999; ISSN 0951-8320; Volume
64, no. 2, pp. 279-290; In English; Copyright; Avail: Issuing Activity
An architecturally based software reliability model called FASRE is introduced. The model is based on an architecture
derived from the requirements which captures both functional and nonfunctional requirements and on a generic classification of
functions, attributes and failure modes. The model focuses on evaluation of failure mode probabilities and uses a Bayesian
quantification framework. Failure mode probabilities of functions and attributes are propagated to the system level using fault
trees. It can incorporate any type of prior information such as results of developers' testing, historical information on a specific
functionality and its attributes, and, is ideally suited for reusable software.
EI
Computer Programs; Evaluation; Reliability; Computerized Simulation

56
 62
COMPUTER SYSTEMS

Includes computer networks and distributed processing systems. For information systems see 82 Documentation and Information
Science. For computer systems applied to specific applications, see the associated category.

19820058732
A aromatic generation of syraboHe re_iabNty functions by processor-memor).=switch struet_res
Kini, V., Southern California, University, USA; Siewiorek, D. P., Carnegie-Mellon University, USA; IEEE Transactions on
Computers; Aug 1, 1982; C-31, pp. Aug. 198; In English; p. 752-771
Contract(s)/Grant(s): N0014-77-C-0103; NSF GJ-32758X; NR PROJECT 048-645; Copyright; Avail: Issuing Activity
A methodology is proposed for automating the computation of symbolic reliability functions for arbitrary interconnection
structures at the Processor-Memory-Switch (PMS) level, with emphasis on the automation of the task of case analysis and problem
partitioning in the hard failure reliability computation of PMS structures. A program, the Avanced Interactive Symbolic Evaluator
of Reliability (ADVISER) was constructed as a research vehicle that accepts as its inputs the interconnection graph of the PMS
structure and a succinct statement of the operational requirements of the structure in the form of a regular expression. ADVISER
considers such communication structures in the PMS system as buses and crosspoint switches, in addition to the explicitly stated
requirement of determining the effect of the interconnection structure on system reliability. The program's output is a symbolic
reliability equation for the system.
AIAA
Circuit Reliability; Computer Aided Design; Computer Systems Design; Fail-Safe Systems; Fault Trees; Reliability Analysis

1.98900 i5444 NASA Langley Research Center, Hampton, VA, USA

The 1,'a_t "l_'ee Compiler (VI"C): Program and mathematics
Butler, Ricky W., NASA Langley Research Center, USA; Martensen, Anna L., PRC Kentron, Inc., Hampton, USA; Jul 1, 1989;
40p; In English
Contract(s)/Grant(s): RTOP 505-66-21-01
Report No.(s): NASA-TP-2915; L-16529; NAS 1.60:2915; Avail: CASI; A03, Hardcopy; A01, Microfiche
The Fault Tree Compiler Program is a new reliability tool used to predict the top-event probability for a fault tree. Five
different gate types are allowed in the fault tree: AND, OR, EXCLUSIVE OR, INVERT, AND m OF n gates. The high-level input
language is easy to understand and use when describing the system tree. In addition, the use of the hierarchical fault tree capability
can simplify the tree description and decrease program execution time. The current solution technique provides an answer
precisely (within the limits of double precision floating point arithmetic) within a user specified number of digits accuracy. The
user may vary one failure rate or failure probability over a range of values and plot the results for sensitivity analyses. The solution
technique is implemented in FORTRAN; the remaining program code is implemented in Pascal. The program is written to run
on a Digital Equipment Corporation (DEC) VAX computer with the VMS operation system.
CASI
Computer Programs; Computer Techniques; Fault Tolerance; Fault Trees; Probability Theory; Reliability Analysis

119920059468 Jet Propulsion Lab., California Inst. of Tech., Pasadena, CA, USA
Fmflt tree medels for fa_lt telera_t hypercube multiproeessors
Boyd, Mark A., Duke University, USA; Tuazon, Jezus O., JPL, USA; Jan 1, 1991; 5p; In English; Annual Reliability and
Maintainability Symposium, Jan. 29-31,1991, Orlando, FL, USA; See also A92-42051; Copyright; Avail: Issuing Activity
Three candidate fault tolerant hypercube architectures are modeled, their reliability analyses are compared, and the resulting
implications of these methods of incorporating fault tolerance into hypercube multiprocessors are discussed. In the course of
performing the reliability analyses, the use of HARP and fault trees in modeling sequence dependent system behaviors is
demonstrated.
MAA
Computer Systems Design; Fault Tolerance; Fault Trees; Hypercube Multiprocessors; Reliability Analysis

199700 lg571 Sandia National Labs., Albuquerque, NM USA

Probabi/istie _ogic mo(ieling of _letwork reliability :_r hybrid network arehiteet_re_
Wyss, G. D., Sandia National Labs., USA; Schriner, H. K., Sandia National Labs., USA; Gaylor, T. R., Sandia National Labs.,
USA; 1996; 10p; In English; Local Computer Networking, 13-16 Oct. 1996, Minneapolis, MN, USA
Contract(s)/Grant(s): DE-AC04-94AL-85000

57
Report No.(s): SAND-96-2048C; CONF-9610171-1; DE96-014080; No Copyright; Avail: Issuing Activity (Department of
Energy (DOE)), Microfiche
Sandia National Laboratories has found that the reliability and failure modes of current-generation network technologies can
be effectively modeled using fault tree-based Probabilistic Logic Modeling (PLM) techniques. We have developed fault tree models
that include various hierarchical networking technologies and classes of components interconnected in a wide variety of typical and
a typical configurations. In this paper we discuss the types of results that can be obtained from PLMs and why these results are of
great practical value to network designers and analysts. After providing some mathematical background, we describe the
'plug-and-play' fault tree analysis methodology that we have developed for modeling connectivity and the provision of network
services in several current- generation network architectures. Finally, we demonstrate the flexibility of the method by modeling the
reliability of a hybrid example network that contains several interconnected ethernet, FDDI, and token ring segments.
DOE
Computer Networks; Architecture (Computers); Fault Trees; Mathematical Models

19980155979
Fault trees and h_pe_'eet coverage - A eombhmtor_al approach
Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B., Duke Univ., USA; 1993, pp. 214-219; In English
Contract(s)/Grant(s): NCA2-617; Copyright; Avail: Aeroplus Dispatch
We present a new technique for combining a coverage model with a fault tree. For a class of systems, this technique is simpler
and faster than those currently being used. Given a fault tree model of the system structure, the minimum cutsets are generated
using standard techniques. This set of cutsets represents the effects of covered faults and can be used to determine if the system
contains sufficient redundancy to achieve the desired reliability. This set of minimum cutsets is augmented by a set of cutsets that
represent uncovered faults. This set of additional cutsets is disjoint from the original cutsets, but they are not independent since
covered and uncovered faults are mutually exclusive. We solve the resulting set of cutsets by combining standard multi-state and
sum-of-disjoint products solution techniques.
Author (AIAA)
Fault Trees; Combinatorial Analysis; Reliability Analysis

19980175133
C(_mbinatorialq_odels a_d coverage - A bi_mD _decish_n diagram (BDD) approach
Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Boyd, Mark, NASA Ames Research
Center, USA; 1995, pp. 82-89; In English
Contract(s)/Grant(s): NCA2-825; NGT-51313; Copyright; Avail: Aeroplus Dispatch
This paper presents the DREDD (Dependability and Risk Analysis using Decision Diagrams) algorithm which incorporates
coverage modeling into a binary decision diagram (BDD) solution of a combinatorial model. The DREDD algorithm takes
advantage of the efficiency of the BDD solution approach and the increased accuracy afforded by coverage modeling. BDDs have
been used to find exact solutions for extremely large systems, including those with as many as l0 to the 20 prime implicants
(Coudert and Madre, 1992). Including coverage in this process will increase the validity of the results, since a more complete
model allows for more realistic analysis. The reliability of life critical systems, which previously could only be approximated,
may now be analyzed more accurately.
Author (AIAA)
Fault Tolerance; Combinatorial Analysis; Decision Theory; Risk; Reliability Analysis; Fault Trees

19990O56O24
Fault-tree analysis of eompt_ter-based systems
Dugan, Joanne B., Virginia, Univ., Charlottesville, USA; 1999; In English; Copyright; Avail: AIAA Dispatch
This tutorial discusses several new and exciting approaches to fault tree analysis of computer-based systems. After a brief
introduction to fault trees, we present an example analysis of a simple control system and then discuss the use of fault trees as a
design aid for software systems. The largest part of tutorial deals with methods for adapting the fault tree techniques to the analysis
of computer-based systems. These methods include the incorporation of coverage models in the fault tree and the use of special
gates for sequence dependencies. Several examples of fault tree models for computer systems are presented. These new techniques
have allowed the fault tree model, long appreciated for its concise and unambiguous representational form, to be applicable to
the analysis of complex fanlt-tolerant systems.
Author (AIAA)
Computer Techniques; Fault Trees; Reliability Analysis; Software Development Tools; Complex Systems

58
:19990(}56052
System reliabilityana|ysis
ofanembedded hardware/soi_ware system usingfaMttrees
Kanfman, LoriM.,Virginia,
Univ.,Charlottesville,
USA;Dugan, Joanne B.,Virginia,
Univ.,Charlottesville;
Manian,
Ragavan,
FORESystems, Inc.,USA;Vemuri,KiranK.,Hewlett-Packard Co.,USA;1999, pp.135-141;
InEnglish;
Copyright;
Avail:AIAA
Dispatch
Theuseoffaulttreesallowsfortheunifiedmodeling ofembedded hardware/software
systems.
Faulttreescanalsoproduce
asensitivity analysis
toprovide
insightastowhichhardware andsoftware componentsarepotentially
themostproblematic for
agivensystem. Fromthisanalysis,theeffectsthatthevarious hardware andsoftwarecomponentshaveontheoverallsystem
reliabilitycanbequantified.
Usinganexample system,it isdemonstrated thatthevarious
software
components containedwithin
asystem haveasignificant
impactontheoverallsystem reliability.
Hence,softwareandhardwaremustbeintegrated in the
reliabilityanalysisof embeddedsystems to properlyrepresent system behavior andto properly
predicttheoverallsystem
reliability.
Author(AIAA)
FaultTrees; SoftwareDevelopmentTools;Hardware; Reliability Analysis; Embedded ComputerSystems
19990056056
Refiabi_ity
analys_sofcomplexhardware-s()f_ware
systems
Vemuri,KiranK.,Hewlett-Packard
Co.,USA;Dugan,JoanneB.,Virginia,
Univ.,Charlottesville;
1999, pp.178-182; InEnglish;
Copyright;
Avail:AIAADispatch
Wedemonstrate howfaulttreeanalysis
couldbeusedtoperform reliabilityanalysis
of hardware-software systems. The
functional
dependenceofthehardwarecomponents
ontheinterfacing
software
components isappropriately modeled usingfault
trees.
TheMassachusetts
Institute
ofTechnology
CenterforSpace ResearchAdvanced X-ray Astrophysics Facility Imaging
Charge Couple Device Imaging Spectrometer (ACIS) system is used to illustrate the fault tree analysis method in reliability
analysis of complex hardware-software systems. The ACIS science instrument system is a spaceborne system to acquire and
process X-ray images over the sky, and sends them to Earth. It has hardware and software components with interfaces between
them, making it a very good example of a complex hardware-software system. This approach could be used in analyzing other
complex systems being designed today and in identifying the critical components to make the system safe and more reliable.
Author (AIAA)
Reliability Analysis; Software Reliability; Hardware; Fault Trees; X Ray Imagery

20000006854
The techrdque of tree diagnosis for a test system
Zhang, Wen_Qi, CASC, 4th Academy, Xian, China; Journal of Solid Rocket Technology; Jun. 1999; ISSN 1006-2793; Volume
22, no. 2, pp. 72-74; In Chinese; Copyright; Avail: Aeroplus Dispatch
The basic principle, model construction, and application of a fault tree analysis model for a test system are presented. As the
fault database of the diagnosis system is improved, the model will play an important role in accurately and rapidly diagnosing
the fault location of the test system for a solid rocket motor.
Author (AIAA)
Fault Trees; Solid Propellant Rocket Engines

63
CYBERNETICS, ARTIFICIAL INTELLIGENCE AND ROBOTICS

Includes feedback and control theo_ information theo_ machine learning, and expert systems. For related information see also 54
Man/System Technology and Life Support.

19850015029 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA
C(mtrihutio_ of i_str_m_entatio_ a_d control software t(_ system re/lability
Fryer, M. O., Edgerton, Germeshausen and Grier, Inc., USA; Jan 1, 1984; 7p; In English; Symp. on New Technol. in Nucl. Power
Plant Instrumentation and Control, 28 Nov. 1984, Washington, DC, USA
Contract(s)/Grant(s): DE-AC07-76ID-01570
Report No.(s): DE85-004693; EGG-M-25484; CONF-841122-3; Avail: CASI; A02, Hardcopy; A01, Microfiche
A new method of reliability assessment of combined software/hardware systems is presented. The method is based on a
procedure called fault tree analysis which determines how component failures can contribute to system failure. Fault tree analysis

59
is a welldeveloped
methodforreliabilityassessment of hardwaresystems andproduces
quantitative
estimatesof failure
probability
based
oncomponentfailurerates.It isshownhowsoftware controllogiccanbemapped
intoafaulttreethatdepicts
bothsoftwareandhardware
contributions
tosystem failure.
DOE
Computer SystemsPrograms;
FailureAnalysis; FaultTrees;Reliability;
System Failures

_19870029405
A n arehitectt_re tk_r eonsiderafi(nl of m u_liple fau|ts
Maletz, M. C., Inference Corp., USA; Jan 1, 1985; 8p; In English; See also A87-16676; Copyright; Avail: Issuing Activity
A context graphs architecture is presented for fault diagnostic systems which reason from symptoms and tests to suspected
faults. The rooted, directed, acyclic graphs (DAG) feature directional arcs which indicate parent-child relationships for tracking
fact inheritance across the graphs. Root contexts have no parents, while all other contexts have one or more parents. The
architecture permits use of heuristic search strategies through the space of possible faults. A 'merge' context is described which
involves finding unique solutions for a particular context (fanl0 by tracking a distinct set of ancestors. Implementation of such
an architecture is illustrated with a diagnostic system for Shuttle simulation hardware.
AIAA
Architecture (Computers); Expert Systems; Fault Trees; Flight Simulators; Graph Theory; Reliability Analysis; Space Shuttle
Orbiters

19890005389 McDonnell Aircraft Co., Saint Louis, MO, USA

Avi(nfics fault tree analysis a_d avfifieia_ inteHi_e_ce for future aircraft mai_tenance
Harris, Michael E., McDonnell Aircraft Co., USA; Snodgrass, Thomas D., McDonnell Aircraft Co., USA; Colorado Univ.,
Proceedings of the Air Force Workshop on Artificial Intelligence Applications for Integrated Diagnostics; Jnl 1, 1987, pp. p
363-374; In English; See also N89-14740 06-63; Avail: CASI; A03, Hardcopy; A04, Microfiche
The F/A-18 aircraft has demonstrated that reduced Life Cycle Costs and improved operational readiness can be designed-in
without retreating from performance requirements when emphasis is properly balanced between Reliability, Maintainability and
Design. The Avionics Fault Tree Analyzer (AFTA) is a suitcase size flight line tester capable of extending the F/A-18 fighter's
built-in-test (BIT) fault isolation capabilities beyond the Weapon Replaceable Assembly (WRA), to the Shop Replaceable
Assembly (SRA) Level. The AFTA was developed as an interim support tool for the Navy prior to attainment of total organic
support capability, and as an alternate method of support to reduce Life Cycle Cost for F/A-18 foreign military sales. With the
transformation of the AFTA concept from ground support equipment to avionics, a quantitative improvement in Life Cycle Costs
will be obtained through the application of Artificial Intelligence (AI) techniques. AI is expected to see applications to practical
problems in many disciplines; and one of which is the implementation of the military fault diagnostic system. Using AI techniques,
a smart BIT is being developed which will reduce false alarms, identify intermittent failures, and improve fault isolation to the
lowest possible element. Increasing density of computer memory, modularly designed avionic functions and the use of very large
scale and high speed integrated devices will allow future aircraft to fly with the AFTA function. Ramifications such as eliminating
the need for intermediate avionic repair facilities, increased aircraft operational readiness, decrease in aircraft recurring cost, and
a reduction in spares investment are discussed. This paper will summarize the AFTA concept, Life Cycle Cost advantages, and
the implementation of Artificial Intelligence in future avionic designs relative to improved reliability and maintainability.
CASI
Artificial Intelligence; Automatic Test Equipment; Avionics; Fault Trees; Maintenance; Onboard Equipment

_996003_597 Naval Postgraduate School, Monterey, CA USA

Software Fa_flt _l'ree Analysis of an A_tomated Control System Device Written in Aria
Winter, Mathias W., Naval Postgraduate School, USA; Sep. 1995; l12p; In English
Report No.(s): AD-A303377; No Copyright; Avail: CASI; A06, Hardcopy; A02, Microfiche
Software Fault Tree Analysis (SFTA) is a technique used to analyze software for faults that could lead to hazardous conditions
in systems which contain software components. Previous thesis works have developed three Ada-based, semi-automated software
analysis tools, the Automated Code Translation Tool (ACm) an Ada statement template generator, the Fault Tree Editor (Fm) a
graphical fault tree editor, and the Fault Isolator (FL) an automated software fault tree isolator. These previous works did not apply
their tools on a real system. Therefore, the question addressed by this thesis is 'Do these tools actually work on a real-world
software control system?' This thesis developed and implemented a sample Software System Analysis Methodology (SSAM)
using these semi- automated software tools. The research applied this methodology to a real-world distributed control system
written in Ada. The Missile Engagement Simulation Arena's (MESA) control software was developed by the Naval Air Warfare

6O
Center, Weapons Division, China Lake, CA. The SSAM was used to show that the analysis of the Sphere-HWCI control module's
74,000 lines of code could be thoroughly analyzed in less than 100 man-hours. This practical, 740 lines-of-code per hour rate was
a direct result of the incorporation of the semi-antomated tools into the process.
DTIC
Computer Programs; Computerized Simulation; Distributed Parameter Systems; Machine Translation; Systems Analysis; Active
Control; Ada (Programming Language)

19970034829 Society of Instrument and Control Engineers, Tokyo, Japan

Investigational report on the trend of control technology Se(_O,o giju_'u doko chosa hokokusho
Jun. 1996; 188p; In Japanese
Report No.(s): ETDE/JP-MF-97750119; DE97-750119; No Copyright; Avail: Issuing Activity (Natl Technical Information
Service (NTIS)), Microfiche
For the purpose of corresponding to changes of the industrial structure and making full use of the control technology, the paper
investigated the state of the application. High-grade automation in the manufacturing industry has reached the spread of use at
big companies for these 10 years. The hierarchical structure of business/process/DCS has been completed, and the optimal control
and the advanced control have been realized. The development and spread to the much wider field is anticipated. The soft structure
system is needed for equipment improvement in view of the life cycle of equipment and toward the elimination of bottlenecking.
For the design of the control system, commercial tools began to be much used, and it is expected in future to accumulate and recycle
the knowledge/knowhow for effective design work. Further, strict simulation models based material balance and heat balance
have also been on the rise, and the advance in technology is expected. Because of the total productivity of the production
equipment, the control technology is anticipated not only for the pursuit of controllability but for the use as supporting technology
in the operation/driving/failure diagnosis for working out, carrying out and evaluating the optimum operation plan.
DOE
Control Systems Design; Controllability; Automation; Control Theory; Forecasting; Information Systems; Optimal Control;
Productivity; Commerce; Production Management; Fault Trees

19980O6OO39
Safety and reliabilty assessment techniques in robotics
Dhillon, B. S., Univ. of Ottawa, Canada; Fashandi, A. R. M.; Robotica; Nov-Dec, 1997; ISSN 0263-5747; Volume 15, pt 6, pp.
701-708; In English; Copyright; Avail: Issuing Activity
A robot has to be safe and reliable. An unreliable robot may become the cause of unsafe conditions, high maintenance costs,
inconvenience, etc. Over the years, in general safety and reliability areas various assessment methods have been developed, e.g.
failure mode and effects analysis, fault tree analysis, and Markovian analysis. In view of these, this paper presents an overview
of the most suitable robot safety and reliability assessment techniques.
Author (EI)
Robotics; Accident Prevention; Reliability; Failure Analysis; Markov Processes

19989078682
Robot relablty using fuzzy fault trees and Markov models
Leuschen, Martin L., Rice Univ., USA; Walker, Ian D., Rice Univ., USA; Cavallaro, Joseph R., Rice Univ., USA; 1996, pp. 73-91;
In English; Copyright; Avail: AIAA Dispatch
Robot reliability has become an increasingly important issue in the last few years, in part due to the increased application of
robots in hazardous and unstructured environments. However, much of this work leads to complex and nonintuitive analysis,
which results in many techniques being impractical due to computational complexity or lack of appropriately complex models
for the manipulator. We consider the application of notions and techniques from fuzzy logic, fault trees, and Markov modeling
to robot fault tolerance. Fuzzy logic lends itself to quantitative reliability calculations in robotics. The crisp failure rates which
are usually used are not actually known, while fuzzy logic, due to its ability to work with the actual approximate (fuzzy) failure
rates available during the design process, avoids making too many unwarranted assumptions. Fault trees are a standard reliability
tool that can easily assimilate fuzzy logic. Markov modeling allows evaluation of multiple failure modes simultaneously, and is
thus an appropriate method of modeling failures in redundant robotic systems. However, no method of applying fuzzy logic to
Markov models was known to the authors. This opens up the possibility of new techniques for reliability using Markov modeling
and fuzzy logic techniques, which are developed here.
Author (AIAA)
Fault Trees; Markov Processes; Robots; Fuzzy Systems; Reliability Analysis

61
:1998O120609
TheuseoffauIttreesfor thedesignofr__}bots
forhazardol_s
envirol_ments
Walker,
IanD.,RiceUniv.,USA;Cavallaro, JosephR.,RiceUniv.,USA;1996,
pp.229-235; In English
Contract(s)/Grant(s): NSF IRI-95-26363; NSF DDM-92-02639; DE-AC04-94AL-85000; NAG9-740; Copyright; Avail:
Aeroplus Dispatch
This paper addresses the application of fault trees to the analysis of robot manipulator reliability and fault tolerance. Although
a common and useful tool in other applications, fault trees have only recently been applied to robots. In addition, most of the fault
tree analyses in robotics have focused on qualitative, rather than quantitative, analysis. Robotic manipulators present some special
problems, due to the complex and strongly coupled nature of their subsystems, and also their wild response to subsystem failures.
Additionally, there is a lack of reliability data for robots and their subsystems. There has traditionally been little emphasis on fault
tolerance in the design of industrial robots, and data regarding operational robot failures are relatively scarce. However, at this
time there is a new and critical need for safe and reliable robots for remote Environmental Restoration and Waste Management
applications. This paper discusses aspects of the reliability problem in robotics, concentrating on the quantitative aspects of fault
tree analysis for the design of robot manipulators.
Author (AIAA)
Fault Trees; Robots; Manipulators; Fault Tolerance; Robotics; Waste Disposal

19980_60720
Basic fatgt-tree a_ab_s_s
Koren, James, Science Applications International Corp., USA; Childs, Christopher, Science Applications International Corp.,
USA; 1994; In English; Copyright; Avail: Aeroplus Dispatch
Although based on some simple concepts, the application of fault trees to practical problems is fraught with pitfalls. This
tutorial describes the basic techniques of synthesis and analysis and provides practical information so that their use can be
cost-effective. There are nine important fault-tree construction issues. Basic-Event Naming Convention Component Boundaries
Modularization Support-System Interface Common-Cause Events System Schematic Direction of Analysis Circular Logic
System Notebooks. There are three general cautions. Set the goal of your analysis early and keep it in sight at all times. Each
decision made concerning the fault-tree analysis must be made with this final goal in mind. Expand the fault tree only where it
is needed. If a support system does not appreciably contribute to system failure, leaving it as an undeveloped event is acceptable.
A fault tree that is harder to understand and comprehend than the system it represents is of little use to anyone.
Author (AIAA)
Fault Trees; Failure Analysis; Safety Management

19990085312
()n the re_afiens between inteNgent backtracking a_d faih_re-dr_ven explanation-based _earnh_g in c_m_traint _atisfacfion
and p/a_nhN
Kambhampati, Subbarao, Arizona State Univ., USA; Artificial Intelligence; Oct, 1998; ISSN 0004-3702; Volume 105, no. 1-2,
pp. 161-208; In English; Copyright; Avail: Issuing Activity
The ideas of intelligent backtracking fiB) and explanation-based learning (EBL) have developed independently in the
constraint satisfaction, planning, machine learning and problem solving communities. The variety of approaches developed for
IB and EBL in the various communities have hitherto been incomparable. In this paper, I formalize and unify these ideas under
the task-independent framework of refinement search, which can model the search strategies used in both planning and constraint
satisfaction problems (CSPs). I show that both IB and EBL depend upon the common theory of explanation analysis - which
involves explaining search failures, and regressing them to higher levels of the search tree. My comprehensive analysis shows
that most of the differences between the CSP and planning approaches to EBL and IB revolve around different solutions to: (a)
how the failure explanations are computed; (b) how they are contextualized (contextualization involves deciding whether or not
to keep the flaw description and the description of the violated problem constraints); and (c) how the storage of explanations is
managed. The differences themselves can be understood in terms of the differences between planning and CSP problems as
instantiations of refinement search. This unified understanding is expected to support a greater cross-fertilization of ideas among
CSP, planning and EBL communities.
Author (H)
Artificial Intelligence; Machine Learning; Computation

62
 64
NUMERICAL ANALYSIS

Includes iteration, differential and difference equations, and numerical approximation.

19700636997 Douglas United Nuclear, Inc., Richland, WA, USA

Commercial application _fffault tree ana|ys_s
Bruce, R. A., Douglas United Nuclear, Inc., USA; Crosetti, P. A., Douglas United Nuclear, Inc., USA; Apr 7, 1970; 41p; In
English; 9TH; RELIABILITY AND MAINTAINABILITY CONF., DETROIT
Contract(s)/Grant(s): AT/45-1/- 1857
Report No.(s): DUN-SA-139; CONF-700702-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
Fault tree analysis for reliability evaluation of commercial products
CASI
Products; Quality Control; Reliability Analysis; Trees (Mathematics)

119780020925 Sandia National Labs., Albuquerque, NM, USA

Commo_eause analysis u_ing sets
Worrell, R. B., Sandia National Labs., USA; Stack, D. W., Sandia National Labs., USA; Dec 1, 1977; 15p; In English
Contract(s)/Grant(s): EY-76-C-04-0789
Report No.(s): SAND-77-1832; Avail: CASI; A03, Hardcopy; A01, Microfiche
Common-cause analysis was developed for studying the behavior of a system that is affected by special conditions and
secondary causes. Common-cause analysis is related to fault tree analysis. Common-cause candidates are minimal cut sets whose
primary events are closely linked by a special condition or are susceptible to the same secondary cause. It is shown that
common-cause candidates can be identified using the Set Equation Transformation System (SETS). A Boolean equation is used
to establish the special conditions and secondary cause susceptibilities for each primary event in the fault tree. A transformation
of variables (substituting equals for equals), executed on a minimal cut set equation, results in replacing each primary event by
the right side of its special condition/secondary cause equation and leads to the identification of the common-cause candidates.
ERA
Boolean Algebra; Set Theory; Trees (Mathematics)

19790005623 Argonne National Lab., IL, USA

Introducti(m to fault tree synthesis usir_g Lapp-Powers methodology
Lynch, E. R, Argonne National Lab., USA; Jan 1, 1978; 26p; In English; 1978 Syrup. on Instrumentation and Control for Fossil
Demonstration, 19-21 Jun. 1978, Newport Beach, CA, USA
Report No.(s): ANL/EES-CP-3; CONF-780656-1; Avail: CASI; A03, Hardcopy; A01, Microfiche
Fault tree analysis is a method of determining the possibility and/or probability that a specific designated failure will occur.
A complete logic diagram is constructed that identifies the immediate precursor events leading to the failure, the precursors of
these events, and so on until pyramid structure of tree is generated. A probability is assigned to each event in the tree, and the overall
probability of the designated failure is calculated. The reader is shown how logic diagrams may be used in fault tree work, through
the techniques developed by Lapp and Powers. Only simple systems are considered. Systems involving combinational logic only
are discussed and, a sequential logic system in which one or more events cannot occur until one or more previous events are
completed is examined.
DOE
Complex Systems; Failure Analysis; Logic Design; Probability Theory; Trees (Mathematics)

19g00055379
Reliability analysis of a_ extreme u|travio_et spectrometer tier space research
Chakrabarti, S., California, University, USA; Space Science Instrumentation; Jun 1, 1980; 5, pp. June 198; In English; p. 137-150
Contract(s)/Grant(s): DAAG29-77-C-0031; Copyright; Avail: Issuing Activity
The method of fault tree analysis designed to assess the reliability of complex systems is applied to an extreme ultraviolet
spectrometer for satellite-borne observations. A fault tree is a logic diagram describing critical occurrences which have relevance
to the failure of a system. A critical occurrence is represented by an event (e.g., a component state), and a combination of several
events is represented by a gate (e.g., AND, OR). The tree consists of primary events, secondary events, and logic gates. A major

63
goal of fault tree analysis is to calculate the probability of occurrence of the top event. A one-year lifetime has been predicted for
the spectrometer on the basis of the analysis.
MAA
Complex Systems; Reliability Analysis; Satellite Observation; Satellite-Borne Instruments; Systems Analysis; Ultraviolet
Spectrometers

19830015988 Design Sciences, Inc., Sewickley, PA, USA

Fault tree analysis report
Powers, G. J., Design Sciences, Inc., USA; Lapp, S. A., Design Sciences, Inc., USA; Jun 1, 1982; 156p; In English
Contract(s)/Grant(s): DE-AC02-80CH- 10047
Report No.(s): DE82-020754; DOE/CH-10047/4; Avail: CASI; A08, Hardcopy; A02, Microfiche
Safety and reliability fault trees for the coal gasification process development unit (PDU) were constructed. Detailed fault
trees with probability and failure rate calculations were generated for the events: fatality due to explosion, fire, toxic release or
asphyxiation at the PDU coal gasification process; and loss of availability of the PDU. The trees were synthesized and subjected
to multiple reviews. The steps involved in hazard identification and evaluation, fault tree generation, probability assessment, and
design alteration are presented. The fault trees, cut sets, failure rate data and unavailability calculations are included.
DOE
Coal Gasification; Fault Trees; Pilot Plants

19930070167 Japan Atomic Energy Research Inst., Div. of Reactor Engineering., Ibaraki, Japan
Study on the _eope of fau_t tree method app|icabi/ity
Ito, T., Japan Atomic Energy Research Inst., Japan; Mar 1, 1980; 29p; In Japanese
Report No.(s): JAERI-M-8754; Avail: CASI; A03, Hardcopy; Avail: CASI HC A03/; A01, Microfiche; US Sales Only
No abstract.
Fault Trees; Nuclear Reactors; Reactor Safety; Reliability Analysis

] 998O046696
Improved e_]ciency in qualitative fault tree aualysi_
Sinnamon, R. M., Loughborough Univ. of Technology, UK; Andrews, J. D.; Quality and Reliability Engineering International;
September-October, 1997; ISSN 0748-8017; Volume 13, no. 5, pp. 293-298; In English; Copyright; Avail: Issuing Activity
The fault tree diagram itself is an excellent way of deriving the failure logic for a system and representing it in a form is ideal
for communication to managers, designers, operators, etc. Since the method was first conceived, algorithms to derive the minimal
cut sets have worked directly with the fault tree diagram using either bottom-up or top-down approaches. These conventional
techniques have several disadvantages when it comes to analyzing the fault tree. For complex systems an analysis may produce
hundreds of thousands of minimal cut sets, the determination of which can be a very time-consuming process. Also, for large fault
trees it may not be possible to evaluate all minimal cut sets, so methods to identify those event combinations which provide the
most significant contributions to the system failure are evoked. Such methods include probabilistic or order culling to reduce the
problem to a practical size, but they can also create considerable inaccuracies when it comes to evaluating top event probability
parameters. This paper describes how the binary decision diagram method can be employed to evaluate the minimal cut sets of
a fault tree efficiently and without the need to use approximations such as order culling.
Author (EI)
Fault Trees; Qualitative Analysis; Quantitative Analysis; Failure Analysis; Decision Theory; Reliability; Boolean Functions;
Binary Codes

:19980046697
lmproved accuracy i_l quantRative fault tree analysis
Sinnamon, R. M., Loughborough Univ. of Technology, UK; Andrews, J. D.; Quality and Reliability Engineering International;
September-October, 1997; ISSN 0748-8017; Volume 13, no. 5, pp. 285-292; In English; Copyright; Avail: Issuing Activity
The fault tree diagram defines the causes of the system failure mode or 'top event' in terms of the component failures and
human errors, represented by basic events, by providing information which enables the basic event probability to be calculated,
the fault tree can then be quantified to yield reliability parameters for the system. Fault tree quantification enables the probability
of the top event to be calculated and in addition its failure rate and expected number of occurrences. Importance measures which
signify the contribution each basic event makes to system failure can also be determined. Owing to the large number of failure
combinations (minimal cut sets) which generally result from a fault tree study, it is not possible using conventional techniques

64
tocalculate
these
parameters
exactlyandapproximations
arerequired.Theapproximations usually
relyonthebasiceventshaving
asmalllikelihood
of occurrence.
Whenthiscondition is notmet,it canresultin largeinaccuracies.
Theseproblems canbe
overcome byemployingthebinarydecision
diagram(BDD)approach. Thismethod converts
thefaulttreediagramintoaformat
whichencodes Shannon's
decompositionandallowstheexactfailureprobabilitytobedeterminedinaveryefficientcalculation
procedure.
Thispaperdescribes
howtheBDDmethod canbeemployed in faulttreequantification.
Author(EI)
FaultTrees;Quantitative
Analysis;
FailureAnalysis;
DecisionTheory; Reliability;Boolean
Functions;BinaryCodes

19990004494
Newapproaches to evaluafi_g fault trees
Sinnamon, R. M., Loughborough Univ. of Technology, UK; Andrews, J. D.; Reliability Engineering & System Safety; Nov, 1997;
ISSN 0951-8320; Volume 58, no. 2, pp. 89-96; In English; 1995 ESREL Conference, Jun., 1995, Bounemouth, UK; Copyright;
Avail: Issuing Activity
Fault Tree Analysis is now a widely accepted technique to assess the probability and frequency of system failure in many
industries. For complex systems an analysis may produce hundreds of thousands of combinations of events which can cause
system failure (minimal cut sets). The determination of these cut sets can be a very time consuming process even on modern high
speed digital computers. Computerised methods, such as bottom-up or top-down approaches, to conduct this analysis are now so
well developed that further refinement is unlikely to result in vast reductions in computer time. It is felt that substantial
improvement in computer utilisation will only result from a completely new approach. This paper describes the use of a Binary
Decision Diagram for Fault Tree Analysis and some ways in which it can be efficiently implemented on a computer. In particular,
attention is given to the production of a minimum form of the Binary Decision Diagram by considering the ordering that has to
be given to the basic events of the fault tree.
Author (EI)
Fault Trees; Failure Analysis; Probability Theory; Digital Computers; Decision Theory; Binary Data; Sequencing

:19990074565
Fa_hwe _k_ndamenta]s
Mostia, William L.; Control (Chicago, Ill); Oct, 1998; ISSN 1049-5541; Volume 11, no. 10; 4p; In English; Copyright; Avail:
Issuing Activity
This article is the third in a series of three that discuss failures of measurement, automation, and process control equipment
and systems (herein referred to as instruments). In August, Part I covered types of failures and failure phases in the instrument
lifecycle. In September, Part H explained random, systematic, and common cause failures.
Author (EI)
Errors; Process Control (Industry); Random Processes

65
STATISTICS AND PROBABILITY

Includes data sampling and smoothing; Monte Carlo method, time series and analysis; and stochastic processes.

9680072678 University of Southern California, Aerospace Safety Div., Los Angeles, CA, USA
Observations relative to fa_t tree analysis
Miller, C. O., University of Southern California, USA; Oct 1, 1965; llp; In English; Avail: CASI; A03, Hardcopy, Unavail.
Microfiche
No abstract.
Accident Prevention; Safety Factors; System Failures; Systems Analysis

19690072936 Boeing Co., Airplane Group., Seattle, WA, USA

Introduction to fault tree am_lys_.s
Feutz, R. J., Boeing Co., USA; Tracy, J. E, Boeing Co., USA; Sep 1, 1965; 32p; In English
Report No.(s): D6-16182; Avail: CASI; A03, Hardcopy, Unavail. Microfiche
No abstract.
Aircraft Industry; Error Analysis; Trees (Mathematics); Utilization

65
:19790031380
Fa_dt tree analysis with probabi|Ry eva_uation
Proctor, C. L.; Kothari, A. M., Western Michigan University, USA; Proctor, C. L., H, Purdue University, USA; Jan 1, 1978; 6p;
In English; Annual Reliability and Maintainability Symposium, January 17-19, 1978, Los Angeles, CA; See also A79-15351
04-38; Copyright; Avail: Issuing Activity
This paper presents the fault tree analysis with probability evaluation by use of Boolean logic. It provides an all inclusive,
versatile mathematical tree for analyzing gate and/or gate operations. The construction criteria and the probability evaluation
methods of fault flees are briefly discussed. The reliability equations of the basic logic units of the tree are presented. The
probability evaluation by use of Boolean logic has been discussed for generating the minimal cut sets of a fault tree containing
repetitions of basic events and is illustrated by means of a sample fault flee. The MTBF (mean time between failure) evaluation
with use of the reliability approach are illustrated by means of simple example. The paper treats the simple series structure and
the parallel structure. For each, the probability of success and probability of failure are derived.
AIAA
Boolean Functions; Logical Elements; Probability Theory; Reliability Analysis; Set Theory

9800037900
Inverting and minimizi_lg Bo(_lean thnctions_ e_i_ima/paths a_d minimal cuts - Nonc(_herent system ana|ysis
Locks, M. O., Oklahoma State University, USA; IEEE Transactions on Reliability; Dec l, 1979; R-28, pp. Dec. 197; In English;
p. 373-375; Copyright; Avail: Issuing Activity
No abstract.
Boolean Functions; Computer Aided Design; Fault Trees; Reliability Analysis; Systems Analysis

9800064633
Uncertai_ty propagation in fault:tree ana|ysis
Colombo, A. G., Commission of the European Communities, Joint Research Centre, Italy; Jan l, 1980; 9p; In English; Synthesis
and analysis methods for safety and reliability studies, July 3-14, 1978, Urbino, Italy; Sponsored by In: Synthesis and analysis
methods for safety and reliability studies; Proceedings of the Advanced Study Institute; See also A80-48801 21-38; Copyright;
Avail: Issuing Activity
Various methods for investigating the propagation of uncertainty from the lower level (primary event) to the higher level of
a complex system in a fault-tree analysis are discussed with reference to a sample 750 failure mode fault-tree. It is shown that the
problem of uncertainty analysis requires further research, particularly in the nuclear field where the error factor of failure
parameter distribution is large. A numerical code which systematically combines random variables is found to be an efficient tool
in this task, at least for numerical calculations.
AIAA
Complex Systems; Fault Trees; Probability Theory; Reliability Analysis; Stochastic Processes

19860037_I28
C(_niidence intervals for top event unavailability - A proble_ of Bayesian statistics
Clarotti, C. A., Comitato Nazionale per la Ricerca e per lo Sviluppo dell'Energia Nucleare e delle Energie Alternative, Italy;
Contini, S., SYRECO, Italy; Jan l, 1984; 4p; In English; See also A86-21851; Avail: Issuing Activity
The problem of propagating uncertainties through a fault tree is framed into a Bayesian statistics context and in that view
pre-existing approaches are analyzed and criticized. The question is examined of the relationship between uncertainty propagation
and the probabilistics cut-off.
AIAA
Availability; Bayes Theorem; Confidence Limits; Fault Trees; Reliability Analysis

198800141_7 Technische Hogeschool, Delft, Netherlands

Fa_|t t_'ee analysis and synthesis
Bossche, Adrianus, Technische Hogeschool, Netherlands; Jan 1, 1987; 176p; In English; Avail: CASI; A09, Hardcopy; A02,
Microfiche
The Top-Event's Frequency Algorithm for evaluating the top-event's failure frequency of fault trees containing mutually
exclusive failure modes of multi-state components is derived. The System Interstate Frequency Algorithm to evaluate the state
probabilities and interstate frequencies of a (sub)system from which the (sub)system's transition rates can be found easily is
introduced. This latter algorithm allows a recursive calculation of system state frequencies and transition rates, i.e., the probability

66
and frequency data of subsystem performance are calculated prior to the evaluation of the probability and frequency data of the
system using the same algorithm for all steps. Component models that show all fault propagation through the components and
fault initiation by the components in both directions (upstream and downstream) are outlined. It is shown how to create system
models that interconnect system components and environmental variables. A fault tree construction algorithm to generate fault
trees from the given system and component models is presented. A real-time fault location algorithm to extract all faults and fault
combinations that are most consistent with the set of measured variables, even when sensor circuits provide faulty information,
is shown.
ESA
Failure Analysis; Fault Trees; Systems Analysis

9920051717 NASA Lewis Research Center, Cleveland, OH, USA

Structural system re_abil_ty ea_e_lati(m using a probab_listie fau_t tree a_alys_s mett_od
Torng, T. Y., NASA Lewis Research Center, USA; Wu, Y. T., NASA Lewis Research Center, USA; Millwater, H. R., Southwest
Research Institute, USA; Jan 1, 1992; llp; In English; 33rd; AIAA/ASME/ASCE/AHS/ASC Structures, Structural Dynamics and
Materials Conference, Apr. 13-15, 1992, Dallas, TX, USA; See also A92-34332
Contract(s)/Grant(s): NAS3-24389
Report No.(s): AIAA PAPER 92-2410; Copyright; Avail: Issuing Activity
The development of a new probabilistic fault tree analysis (PFTA) method for calculating structural system reliability is
summarized. The proposed PFTA procedure includes: developing a fault tree to represent the complex structural system,
constructing an approximation function for each bottom event, determining a dominant sampling sequence for all bottom events,
and calculating the system reliability using an adaptive importance sampling method. PFFA is suitable for complicated structural
problems that require computer-intensive computer calculations. A computer program has been developed to implement the
PFTA.
AIAA
Fault Trees; Probability Density Functions; Reliability Analysis; Structural Failure; Structural Stability

_19950{_42913
MetaPr_me: A_ interactive _ult-tree analyzer
Coudert, Olivier, DEC Paris Research Lab, USA; Madre, Jean Christophe; IEEE Transactions on Reliability; March 1994; ISSN
0018-9529; 43, 1, pp. 121-127; In English; Copyright; Avail: Issuing Activity
The performances of almost all available fanlt-tree analysis tools are limited by the performance of their prime-implicant
computation procedure. All these procedures manipulate the prime implicants of the fault-trees in extension, so that the analysis
costs are directly related to the number of prime implicants to be generated, which in practice makes these tools difficult to apply
on fanlt-trees with more than 20 000 prime implicants. This paper introduces an analysis method of coherent as well as
noncoherent fault-trees that overcomes this limitation because its computational cost is related to neither the number of basic
events, nor the number of gates, nor the number of prime implicants of these trees. We present the concepts underlying the
prototype tool MetaPrime, and the experimental results obtained with this tool on real fault-trees. These results show that these
concepts provide complete analysis in seconds on fanlt-trees that no previously available technique could ever even partially
analyze, for instance noncoherent fanlt-trees with more than 10(exp 20) prime implicants. These concepts can also be used to
analyze event-trees because such trees denote Boolean functions on which these concepts can be applied. Prime implicant
computation is also critical in many other domains, in particular in expert-system applications such as reasoning maintenance and
multiple fault diagnosis. The application of the concepts underlying MetaPrime to the resolution of these problems is under study.
Author (EI)
Boolean Functions; Computation; Costs; Domains; Error Analysis; Fault Trees; Maintenance; Prototypes

1998006034_
Hierarchical analysis of fault trees w_th dependene]es, usi**g dec_}mpos]fio_
Anand, Anju, Boeing Co., USA; Somani, Arun K., Iowa State Univ., Ames; 1998, pp. 69-75; In English; Copyright; Avail:
Aeroplus Dispatch
We demonstrate a decomposition scheme where independent subtrees of a fault tree are detected and solved hierarchically;
a subtree is replaced by a single event in the parent tree whose probability of occurrence represents the probability of the

67
occurrence
ofthesubtree.
Thedecompositionandhierarchical
solution
canbemoreuseful
incase
offaulttreeswithdependences.
Instead
ofsolving
thewholesystemasaMarkov model,onlytheappropriate
subsystem
needs
tobeanalyzedasaMarkovmodel.
Author(AIAA)
FaultTrees;
MarkovChains; Reliability
Analysis;
Probability
Theory

199g0229485
Research Inst.ofNational
Defence,Avd.foerVapen ochSkydd, Tumba,Sweden
Assessme_lt
o{'Effectand¥'u|_erabi/ity_erderingav Verkan och Sarbarhe¢
Wijk, G., Research Inst. of National Defence, Sweden; Mar. 1998; 50p; In Swedish
Report No.(s): PB98-171002; FOA-R-97-00594-310-SE; No Copyright; Avail: Issuing Activity (Natl Technical Information
Service (NTIS)), Microfiche
The Computer programs APAS, LMP3 and VERKSAM/VERANA are described in principle. The report is the
documentation of a course held at the Swedish Defense Academy in spring 1997.
NTIS
Vulnerability; Computer Programs; Damage Assessment; Computerized Simulation

9990067887
Constrained mathematics evaluation _n pro_)ab_I_st_c R_gie an_ys_s
Arlin Cooper, J., Sandia Natl. Lab., USA; Reliability Engineering & System Safety; Jun, 1998; ISSN 0951-8320; Volume 60, no.
3, pp. 199-203; In English; Copyright; Avail: Issuing Activity
A challenging problem in mathematically processing uncertain operands is that constraints inherent in the problem definition
can require computations that are difficult to implement. Examples of possible constraints are that the sum of the probabilities
of partitioned possible outcomes must be one, and repeated appearances of the same variable must all have the identical value.
The latter, called the 'repeated variable problem', will be addressed in this paper in order to show how interval-based probabilistic
evaluation of Boolean logic expressions, such as those describing the outcomes of fault trees and event trees, can be facilitated
in a way that can be readily implemented in software. We will illustrate techniques that can be used to transform complex
constrained problems into trivial problems in most tree logic expressions, and into tractable problems in most other cases.
Author (El)
Boolean Algebra; Reliability

199901 O8384
Fault tree deveh_ped by as object-based method impr_ves re_Dfireme_ts spedficafios for safety-related systems
Cepin, Marko, Jozef Stefan Inst., Slovenia; Mavko, Borut; Reliability Engineering & System Safety; Feb, 1999; ISSN 0951-8320;
Volume 63, no. 2, pp. 111-125; In English; Copyright; Avail: Issuing Activity
Fault tree analysis is frequently used to improve system reliability and safety, to be suitable for analysis of software in
computerised safety-related systems, it has to be modified accordingly. This paper presents a new application: the fault trees
developed by an object-based method. The object-based method integrates structural and behavioral models of a system. The
developed fault tree includes information on structure and the failure behaviors of classes of the system. Away from traditional
use of the fault tree, which for traditional systems emphasises qualitative and quantitative results, the result of the new application
emphasises the process of fault tree development and its qualitative results. Such fault tree application reduces the probability of
failures in the requirements specification phase within the software life cycle, which increases the reliability of its product;
however, it does not confirm this in a quantitative manner.
Author (El)
Accident Prevention; Standards; Reliability; Computer Programs

1.9990109070
Dcsig_ of reliable systems usi_g static & dynamic {_t_lt trees
Ren, Yansong, Univ. of Virginia, USA; Dugan, Joanne Bechta; IEEE Transactions on Reliability; Sep, 1998; ISSN 0018-9529;
Volume 47, no. 3 pt 1, pp. 234-244; In English; Copyright; Avail: Issuing Activity
A genetic algorithm (GA) is embedded into a fault tree method to determine the heuristic optimal design configuration of
a reliable system. For optimization, a fault tree which can represent the failure causes of potential designs is used. Several
techniques to accelerate the optimization process are implemented which appreciably reduce the calculation time.
EI
Reliability; Genetic Algorithms; Heuristic Methods; Optimization

68
 66
SYSTEMS ANALYSIS AND OPERATIONS RESEARCH

Includes mathematical modeling of systems; network analysis; mathematical programming, decision theory, and game theory.

19750024786 California Univ., Operations Research Center., Berkeley, CA, USA

Comp_terized fault tree ana|ysis: TREEL a_d MICSUP
Pande, R K., California Univ., USA; Spector, M. E., California Univ., USA; Chatterjee, R, California Univ., USA; Apr 1, 1975;
57p; In English
Contract(s)/Grant(s): N00014-69-A-0200-1070; NR PROJ. 042-238
Report No.(s): AD-A010146; ORC-75-3; Avail: CASI; A04, Hardcopy; A01, Microfiche
Fault tree analysis has proven to be extremely useful in studying large scale systems in both industry and research. Due to
the size and complexity of most trees, it has been necessary to develop computer programs for efficient analysis. Vessely and
Narum developed a computer package called PREP and KITT in 1970. In 1974, Fussell, Henry and Marshall produced a program
called MOCUS. The computer programs presented in this paper perform functions similar to the PREP and MOCUS codes, though
the methodology and efficiency are greatly advanced. In addition, this paper provides a basic understanding of the terminology
and concepts of fault trees, discusses planned objectives, and gives some insight into a topic called Tree Trimming. All concepts
and explanations are illustrated by example.
DTIC
Computer Programs; Systems Analysis; Trees (Mathematics)

19770033878
Fau|t tree graphics - App|katie_ to system safety
Wynholds, H. W.; Porterfield, W. R.; Bass, L., Lockheed Missiles and Space Co., Inc., USA; Jan 1, 1976; 14p; In English; 2nd;
International System Safety Conference, July 21-25, 1975, San Diego, CA; See also A77-16726 05-31; Avail: Issuing Activity
Fault tree analysis is an engineering modeling and evaluation technique. Its primary use has been in the areas of system safety
and reliability, although its application is conceptually much broader. Fault Tree Graphics is an operational system that enables
the user, through an interactive graphics terminal, to construct, modify, analyze and store fault trees. Included is a discussion of
how this technique can be applied to System Safety.
AIAA
Computer Graphics; Design Analysis; Failure Analysis; Reliability Analysis; Safety Management; Trees (Mathematics)

19820029589
Per_brma_ee evaluatien ef systems that include fault diagnesties
Walker, B. K., Case Western Reserve University, USA; Jan 1, 1981; 5p; In English; In: Joint Automatic Control Conference, June
17-19, 1981, Charlottesville, VA; See also A82-13076 03-63; Copyright; Avail: Issuing Activity
The development of numerous methods for automatically diagnosing faults in complex systems leads naturally to the design
problem of choosing the best method and the best design parameters for a particular system. This paper addresses the problem
of efficiently evaluating the performance of systems which include automatic fault diagnostics. The analytical methods discussed
rely on the construction of generalized Markovian models for the evolution of the status of the system. Emphasis is placed on
evaluating the standard reliability measure of the system, but other performance measures that can be generated are also suggested.
AIAA
Complex Systems; Failure Analysis; Fault Trees; Markov Processes; Performance Prediction; Reliability Analysis; System
Failures

:19830041492
A n a_alyfie method :_r m_eertai_ty analysis of _onlh_ear oatpat :_eg(ms_ with applications to fault=tree analysis
Cox, D. C., Battelle Columbus Laboratories, USA; IEEE Transactions on Reliability; Dec 1, 1982; R-31, pp. Dec. 198; In English;
p. 465-468
Contract(s)/Grant(s): NRC-04-76-293-08; Copyright; Avail: Issuing Activity
An analytic method is developed for the uncertainty analysis of the output of a complex model. The inputs of the model are
assumed to be s-independent random variables and the model output is given as an analytic though possibly nonlinear function
of the inputs. A method is formulated for partitioning the variance of the output among contributing causes. The most important
contributors to the output uncertainty are identified by such a partitioning and therefore it provides an effective way of reducing
that uncertainty. An example of the use of this method is given by applying it to the uncertainty analysis of fault trees. In addition,

69
it is suggested that this method could be applied to large computer codes where output cannot be represented as an analytic function
of output, although considerable computation would likely be required in such cases for the evaluation of the conditional
s-expectations.
AIAA
Complex Systems; Fault Trees; Nonlinear Systems; Probability Theory

1985()050429
B_olean difference techniques for time-seque_ce and common-cause amflys_s of fault:trees
Moret, B. M. E., New Mexico, University, USA; Thomason, M. G., Tennessee, University, USA; IEEE Transactions on
Reliability; Dec 1, 1984; ISSN 0018-9529; R-33, pp. 399-405; In English
Contract(s)/Grant(s): N0014-78-C-0311; Copyright; Avail: Issuing Activity
Fault trees are a major model for the analysis of system reliability. In particular, Boolean difference methods applied to fault
trees provide a widely used measure of subsystem criticality. This paper generalizes the fault-tree model to time-varying systems
and uses time-dependent Boolean differences to analyze such systems. In particular, suitable partial Boolean differences provide
maximal and minimal solution sets for sensitization conditions. A method of common-cause failure analysis based on partial
time-dependent Boolean differences allows the study of failures due to repeated occurrences, at different times, of the same
phenomenon. Such methods generalize to systems with repair, and under certain assumptions of independence, steady-state
distributions can be used for the analysis of system faults. These methods are generally useful in reliability and sensitivity analysis.
AIAA
Boolean Algebra; Differences; Failure Analysis; Fault Trees; Reliability Analysis

19900019826 Draper (Charles Stark) Lab., Inc., Cambridge, MA, USA

Model authoring system i_r fai! safe analysis
Sikora, Scott E., Draper (Charles Stark) Lab., Inc., USA; Aug 1, 1990; 65p; In English
Contract(s)/Grant(s): NAS2-12451; RTOP 505-68-27
Report No.(s): NASA-CR-4317; H-1620; NAS 1.26:4317; Avail: CASI; A04, Hardcopy; A01, Microfiche
The Model Authoring System is a prototype software application for generating fault tree analyses and failure mode and
effects analyses for circuit designs. Utilizing established artificial intelligence and expert system techniques, the circuits are
modeled as a frame-based knowledge base in an expert system shell, which allows the use of object oriented programming and
an inference engine. The behavior of the circuit is then captured through IF-THEN rules, which then are searched to generate either
a graphical fault tree analysis or failure modes and effects analysis. Sophisticated authoring techniques allow the circuit to be easily
modeled, permit its behavior to be quickly defined, and provide abstraction features to deal with complexity.
CASI
Artificial Intelligence; Computer Programs; Expert Systems; Fall-Safe Systems; Failure Modes; Flight Control; Knowledge
Bases (Artificial Intelligence); Object-Oriented Programming

19980120605
Fault tree analysis and bi**ary decision diagrams
Sinnamon, Roslyn M., Loughborough Univ. of Technology, UK; Andrews, John D., Loughborough Univ. of Technology, UK;
1996, pp. 215-222; In English; Copyright; Avail: Aeroplus Dispatch
The paper describes the use of a binary decision diagram for fault tree analysis and ways in which it can be efficiently
implemented on a computer. Results to date show a substantial improvement in computational effort for large complex fault trees
analyzed by this method in comparison with the traditional approach. The binary decision diagram method has the additional
advantage that approximations are not required and that exact calculations for the top event parameters can be performed.
Author (AIAA)
Fault Trees; Reliability; Industrial Plants; Decision Theory

:19980120607
Faei]itatiug fa_t tree preparation and review by applying complementary erect logic
Burkett, Michael A., Allison Engine Co., USA; 1996, pp. 223-228; In English; Copyright; Avail: Aeroplus Dispatch
This paper describes a simple analysis and documentation procedure which can help ensure the completeness and accuracy
of fault tree analysis and thus help assure the safety of the corresponding product or system. With this procedure, each layer of
the fault tree which feeds into an OR gate is structured to comprise a complete theoretical set. This is done, generally, by first
including the most significant or most obvious failure contributor, and then using complementary event logic to define a second

70
failurecontributor
whichincludesallpossibilities
except
theonealready
covered.Faulttrees
prepared
inthiswayareinherently
complete andmoreamenable forreview.
Author(MAA)
FaultTrees;
LogicalElements;SoftwareDevelopment Tools;Gates
(Circuits)

19980229866
R_(tm_daney killers
Yellman, TedW.,Boeing Commercial Airplane Group,USA;1998, pp.33-43; InEnglish
Report No.(s):SAEPaper 981204; Copyright; Avail:Aeroplus
Dispatch
Thispaperclarifiestheconcepts of unrelated,related(bothcascading/consequential
andcommon-external-canse),
independent, anddependent, failurepairs,andtheirconnections
andtheirdifferences.
It showshowthepossibility
ofoccurrence
ofarelated failurepairin areal-lifesystem results
inadependentfailurepairinananalysis,
andwhyandhowmuchsystem safety
canbedegraded asaresult. Methods arepresented tohelpassess
thedegree ofsafetydegradation
whichthepossibility
ofrelated
failurepairscanintroduce intoasystem, sothattheirimpactscanbereduced oreveneliminated.
Theevent-sequence
analysis
method isusedtoillustrate theprinciples discussed.Thepaperfinishes upwithsomeobservationsandcautions aboutusing
fault-treeanalysistoassess thesafety ofsystems inwhichrelated failurepairscanoccur.
Author(MAA)
Safety;Redundancy; System Failures;
FaultTrees; SystemsAnalysis

199g0236501ArmyResearch Lab.,Human Research

andEngineering Directorate,
Aberdeen
ProvingGround,
MDUSA
Fa_|t_lYee
A_a/y_is
o|° Bradley Li_ebacker FinM Reporg, ,[,_n+ : Sep, 1996
Jul. 1998; 47p; In English
Report No.(s): AD-A352536; ARL-TR-1716; No Copyright; Avail: CASI; A03, Hardcopy; A01, Microfiche
This report presents a version of the degraded states (DS) methodology, concentrating on the logic used within fault trees.
This methodology was the basis for the system analysis conducted on the Bradley Linebacker. This methodology and analysis
were documented within the System Analysis Report (SAP,) of J. F. Meyers, B. G. Ruth, and R. W. Kunkel entitled,
"Survivability/Lethality Analysis Report for the Bradley Linebacker," from the U.S. Army Research Laboratory, Aberdeen
Proving Ground, MD in October 1996, in support of the U.S. Army Operational Evaluation Command (OEC) in the preparation
of the System Evaluation Report (SER). The Bradley Linebacker is an enhancement to the Bradley Fighting Vehicle (M2A2) with
the ability to select targets, automatically track targets, and launch Stinger missiles. This is the first integrated system performed
on any system where synergy of different battlefield threats was considered.
DTIC
Guidance (Motion); Missiles; Automatic Test Equipment; Combat; Rocket Vehicles; Trees (Mathematics); Fault Trees

199900648_2
Implicit method for i_corporati_,g common-cause fa]Jures in system a_a|ysis
Vanrio, Jussi K., Lappeenranta Univ. of Technology, Finland; IEEE Transactions on Reliability; Jun, 1998; ISSN 0018-9529;
Volume 47, no. 2, pp. 173-180; In English; Copyright; Avail: Issuing Activity
A general procedure incorporates common-cause (CC) failures into system analysis by an implicit method; ie, after first
solving the system probability equation without CC failures. Components of subsets are assumed to be equally vulnerable to CC
of any particular multiplicity. The method allows for age-dependent hazard rates, repairable & non-repairable components,
systems with multiple CC groups, and systems where not all components are statistically-identical or subject to CC failures. Key
equations are given both for reliability block-diagrams and fanlt-trees (success and failure models), considering the system
reliability, availability, and failure intensity functions. Initial failures and certain human errors are included, mainly for
standby-system applications. The implicit method can dramatically simplify the Boolean manipulation and quantification of fault
trees. Possible limitations & extensions are discussed.
Author (EI)
Systems Analysis; Probability Theory; Computation; Statistical Analysis

71
 72
ATOMIC AND MOLECULAR PHYSICS

Includes atomic and molecular structure, electron properties, and atomic and molecular spectra. For elementary particle physics see
73 Nuclear Physics.

:19690026587 Douglas United Nuclear, Inc., Richland, WA, USA

Computer program for fau|t tree ana|ys_s
Crosetti, P. A., Douglas United Nuclear, Inc., USA; Apt 1, 1969; 29p; In English
Report No.(s): DUN-5508; Avail: CASI; A03, Hardcopy; A01, Microfiche
Computer program for fault tree analysis on critical reactor systems
CASI
Computer Programs; Critical Mass; Failure Analysis; Reactor Safety

19990101080
FuzzyFTA: A fuzzy _ult tree system for uncertainty analysis
Guimarees, Antonio C. F., Nuclear Energy Natl. Commission, Brazil; Ebecken, Nelson F. F.; Annals of Nuclear Energy; Apr,
1999; ISSN 0306-4549; Volume 26, no. 6, pp. 523-532; In English; Copyright; Avail: Issuing Activity
This paper describes a new approach and new computational system, FuzzyFTA, for reliability analysis using fault tree and
fuzzy logic. Some measures are defined to determine critical components and the uncertainty contribution of each one to the
system. The FuzzyFFA system includes algorithms to consider the minimal cut set approach for the top event calculation. After
that, these algorithms are used to determine importance measures. The computer code application is the Auxiliary Feedwater
System (AFWS) analysis, a recent study made for Angra-I, Brazilian NPP.
Author (EI)
Fuzzy Sets; Reliability; Algorithms

73
NUCLEAR PHYSICS

Includes nuclear particles; and reactor theory. For space radiation see 93 Space Radiation. For atomic and molecular physics see 72
Atomic and Molecular Physics. For elementary particle physics see 77 Physics of Elementary Particles and Fields. For nuclear
astrophysics see 90 Astrophysics.

:19780017927 Addis Translations International, Portola Valley, CA, USA

Evaluafio_ of the safety of stor_ag radioactive wastes i_ geo/ogiea| fi_rmat_ons: A pre|irah_ary application of _he Nal_ tree
analysis te salt formations
Bertozzi, G., Addis Translations International, USA; Dalessandro, M., Addis Translations International, USA; Girardi, E, Addis
Translations International, USA; Vanossi, M., Addis Translations International, USA; Oct 24, 1977; 23p; Transl. into ENGLISH
from French Report; In English; Workshop on Risk Analysis and Geol. Modelling, 23 May 1977, Ispra, Italy
Report No.(s): BNWL-TR-272; CONF-770565-2; Avail: CASI; A03, Hardcopy; A01, Microfiche
Two imaginary formations were selected: salt bed and salt dome. Hypotheses on their stratigraphic, hydrologic, and geomorpho-
logic conditions were made. Fault tree analysis was used on the various groups of phenomena which could cause the geological
barrier to fail. The types of failures and their probabilities were evaluated on the basis of four time periods (103, 104, 105, 106 years).
ERA
Failure Analysis; Geochemistry; Landforms; Radioactive Wastes; Safety Factors; Sodium Chlorides; Structural Properties
(Geology); Waste Disposal

19990010531
Fault:tree analys_s of criticality in a pulsed column of a typical reproeessh_g facility
Nomura, Yasushi, Japan Atomic Energy Research Inst., Japan; Naito, Yoshitaka; Nuclear Technology; Jan, 1998; ISSN
0029-5450; Volume 121, no. 1, pp. 3-13; In English; Copyright; Avail: Issuing Activity
Scenario identification, preparation of reliability data, and fault-tree construction were conducted for a criticality in a pulsed
column of a typical model of a reprocessing facility to find a weak link in the system. The plant system data, the basic reliability
data with the fault-tree analysis code FTL, were supplied from NUKEM GmbH, Germany. In this exercise, a low nitric acid
concentration in the scrub flow to the pulsed column is initiated by failures of the reagent preparation system of the primary separation

72
cycle, triggering plutonium accumulation, eventually exceeding the safety limit of the scrub column, and thus a criticality accident
occurs. The occurrence frequency was evaluated to be 2.2 x 10(sup -5)/yr for this most conservative case of the accident scenario.
The main contributor was investigated by the fanlt-tree branch analysis and identified to be human error relating to the sampling
measurement for fresh nitric acid scrub feed. Because 2.2 x 10(sup -5)/yr is quite a high value in comparison with the generally
accepted 10(sup -6)/yr, Monte Carlo uncertainty analysis assuming an error factor of 5 for each of the reliability data was conducted
to predict a 90% confidence range of 1.9 x 10(sup -6)/yr to 8.25 x 10(sup -5)/yr. In addition, there might be unforeseen equipment
failures related to the same criticality scenario. The additional analysis and discussion lead to the recommendation to adopt shape
and dimension control in the design stage for the whole range of plutonium concentrations from a criticality safety point of view.
Author (EI)
Fault Trees; Nuclear Fission; Nuclear Reactors; Nuclear Fuel Reprocessing; Failure Analysis; Accidents

199901O0587
Appl_catien of f_mlt detecfim_ _md idenfificafm_ (FDI) techniques in power reg_lafing systems of nude_r reactors
Roy, K., Bhabha Atomic Research Cent., India; Banavar, R. N.; Thangasamy, S.; IEEE Transactions on Nuclear Science; Dec,
1998; ISSN 0018-9499; Volume 45, no. 6 pt 3, pp. 3184-3201; In English; Copyright; Avail: Issuing Activity
Application of failure detection and identification (FDI) algorithms have essentially been limited to identification of a global
fault in the system, and no further attempts have been made to locate subcomponent faults for root cause analysis. This paper
presents Kalman filter-based methods for FDI in power regulating systems of nuclear reactors. The attempt here is to explain how
the behavior of the states, residues, and covariances can be interpreted to identify subcomponent faults. An alternative to the
Kalman filter - the risk-sensitive filter - is also introduced. Comparison of its performance with the Kalman filter-based FDI
algorithms is studied. All simulation studies have been carried out on postulated faults in the power regulating system of heavy
water moderated, low pressure vertical tank-type research reactors.
Author (EI)
Algorithms; Kalman Filters; Assessments; Risk; Safety; Valves

81
ADMINISTRATION AND MANAGEMENT

Includes management planning and research.

19790030391
Prob_eras i_l centraeting for system safety
Rackley, L. E.; Lemon, G. H., General Dynamics Corp., USA; Jan 1, 1977; 4p; In English; 15th; SAFE Association, Annual
Symposium, December 5-8, 1977, Las Vegas, NV; See also A79-14401 03-03; Copyright; Avail: Issuing Activity
Fault tree analysis is the method used for system hazard analysis, for assessing the safety level of the development aircraft
and for predicting the safety level of the production aircraft at maturity. Source data for the fault tree logic diagrams are
accumulated with the Subsystem Hazard Analysis (SSHA) program. Hazard analysis data are purchased from subcontractors. The
Preliminary Hazard Analysis (PHA) identifies hazards in equipment and the Operating Hazard Analysis (OHA) identifies hazards
in software and written instructions. One of the problems encountered in contracting for system safety is related to the failure of
some subcontractors to properly identify 'command' failures. Another problem is connected with the failure to identify all part
failure modes.
AIAA
Aircraft Safety; Contract Management; Flight Hazards; Safety Management

89
ASTRONOMY

Includes observations of celestial bodies, astronomical instruments and techniques; radio, gamma-ray, x-ray, ultraviolet, and infrared
astronomy, and astrometry.

19920008654 NASA, Washington, DC, USA

Hubble Space Telescope: SRM/QA observatR_ns and _essons _earned
Rodney, George A., NASA, USA; Jan 1, 1990; 27p; In English
Report No.(s): NASA-TM-105505; NAS 1.15:105505; Avail: CASE A03, Hardcopy; A01, Microfiche
The Hubble Space Telescope (HST) Optical Systems Board of Investigation was established on July 2, 1990 to review,

73
analyze, and evaluate the facts and circumstances regarding the manufacture, development, and testing of the HST Optical
Telescope Assembly (OTA). Specifically, the board was tasked to ascertain what caused the spherical aberration and how it
escaped notice until on-orbit operation. The error that caused the on-orbit spherical aberration in the primary mirror was traced
to the assembly process of the Reflective Null Corrector, one of the three Null Correctors developed as special test equipment
(STE) to measure and test the primary mirror. Therefore, the safety, reliability, maintainability, and quality assurance (SRM&QA)
investigation covers the events and the overall product assurance environment during the manufacturing phase of the primary
mirror and Null Correctors (from 1978 through 1981). The SRM&QA issues that were identified during the HST investigation
are summarized. The crucial product assurance requirements (including nonconformance processing) for the HST are examined.
The history of Quality Assurance (QA) practices at Perkin-Elmer (P-E) for the period under investigation are reviewed. The
importance of the information management function is discussed relative to data retention/control issues. Metrology and other
critical technical issues also are discussed. The SRM&QA lessons learned from the investigation are presented along with specific
recommendations. Appendix A provides the MSFC SRM&QA report. Appendix B provides supplemental reference materials.
Appendix C presents the findings of the independent optical consultants, Optical Research Associates (ORA). Appendix D
provides further details of the fault-tree analysis portion of the investigation process.
CASI
Aberration; Error Analysis; Hubble Space Telescope; Manufacturing; Mirrors; Quality Control

99
GENERAL

Includes aeronautical, astronautical, and space science related histories, biographies, and pertinent reports too broad for
categorization; histories or broad overviews of NASA programs such as Apollo, Gemini, and Mercury spacecraft, Earth Resources
Technology Satellite (ERTS), and Skylab; NASA appropriations hearings.

19710052620
Status <ff{ailm'e/hazard/mofle anti effect analysis, fauR tree ana_ysis_ and prefliethm_ apporthmment a_d assessment
Grose, V. L.; Jan 1, 1971; 9p; In English; 10TH; RELIABILITY AND MAINTAINABILITY CONFERENCE, JUN. 27-30, 1971,
ANAHEIM, CA; CONFERENCE SPONSORED BY THE AMERICAN SOCIETY OF MECHANICAL ENGINEERS, THE
SOCIETY OF AUTOMOTIVE ENGINEERS, AND THE AMERICAN INST. OF AERONAUTICS AND ASTRONAUTICS.;
Copyright; Avail: Issuing Activity
Fault tree, failure mode and effect analysis, prediction apportionment and assessment, discussing system effectiveness
AIAA
Failure Analysis; Failure Modes; Performance Prediction; System Effectiveness; Trees (Mathematics)

19720065841 Texas A&M Univ., Dept. of Industrial Engineering., College Station, TX, USA
A computer algorithm fer fault-tree amflysis Fb_ag
Cannon, J. A., Texas A&M Univ., USA; Dec 1, 1970; 72p; In English
Report No.(s): AD-738977; Avail: CASI; A04, Hardcopy, Microfiche
No abstract.
Algorithms; Error Analysis; Trees (Mathematics)

1974007615g Picatinny Arsenal, Dover, NJ, USA

FauR tree m_alysis
Larsen, W. F., Picatinny Arsenal, USA; Jan 1, 1974; 73p; In English
Report No.(s): AD-774843; PA-TR-4556; Avail: CASI; A04, Hardcopy, Microfiche
No abstract.
Boolean Algebra; Failure Analysis; Ordnance; Probability Theory; Systems Analysis

19770068969 California Univ., Berkeley. Lawrence Berkeley Lab, CA, USA

FaMt tree amflysis progr_ms available o_ the 7600/6600 eomp_ters
Mcgibbon, A., California Univ., USA; Feb 7, 1973; 40p; In English; Sponsored by ERDA
Report No.(s): TID-26994; Avail: CASI; A03, Hardcopy, Microfiche
No abstract.
CDC 6600 Computer; CDC 7600 Computer; Trees (Mathematics)

74
 Subject Terms Index

A BOOLEAN FUNCTIONS,, 24, 29, 31, COMPUTERIZED SIMULATION,, 19,

64, 65, 66, 67 44, 56, 61, 68
ABERRATION,, 74 BREATHING APPARATUS,, 42 COMPUTERS,, 56
ACCIDENT PREVENTION,, 4, 12, 61, CONCURRENT ENGINEERING,, 35,
65, 68 38
C
ACCIDENTS,, 18, 73 CONFERENCES,, 11, 12, 19, 23, 38, 39,
ACTIVE CONTROL,, 61 CARBON FIBER REINFORCED PLAS- 40, 41, 43
ADA (PROGRAMMING LANGUAGE), TICS,, 13 CONFIDENCE LIMITS,, 23, 44, 66
,47, 51, 52, 61 CASE HISTORIES,, 32 CONSISTENCY,, 55
AERONAUTICS,, 3 CAUSES,, 28 CONTRACT MANAGEMENT,, 73
AEROSPACE INDUSTRY,, 38 CDC 6600 COMPUTER,, 74 CONTROL SYSTEMS DESIGN,, 5, 50,
AEROSPACE SAFETY,, 14 CDC 7600 COMPUTER,, 74 53, 61
AGING (MATERIALS),, 1 CHECKOUT,, 52 CONTROL THEORY,, 48, 61
AIR TRANSPORTATION,, 2 CHEMICAL REACTIONS,, 22 CONTROLLABILITY,, 61
AIRCRAFT ACCIDENTS,, 4 CIRCUIT BOARDS,, 28 CONTROLLED ATMOSPHERES,, 12,
14
AIRCRAFT BRAKES,, 4 CIRCUIT DIAGRAMS,, 19
AIRCRAFT DESIGN,, 2, 4 CORROSION PREVENTION,, 1
CIRCUIT RELIABILITY,, 22, 44, 54, 57
AIRCRAFT ENGINES,, 9, 41 COSTS,, 67
CIRCUITS,, 22
AIRCRAFT INDUSTRY,, 65 CRITICAL MASS,, 72
CLASSIFICATIONS,, 30
AIRCRAFT MAINTENANCE,, 1, 3 CRYOGENICS,, 6
COAL GASIFICATION,, 64
AIRCRAFT MODELS,, 4 CODING,, 29, 45
AIRCRAFT PARTS,, 35 D
COMBAT,, 71
AIRCRAFT RELIABILITY,, 4, 23 COMBINATORIAL ANALYSIS,, 58 DAMAGE ASSESSMENT,, 68
AIRCRAFT SAFETY,, 2, 3, 73 COMMERCE,, 61 DATA BASES,, 33, 43
AIRCRAFT STRUCTURES,, 4 COMPILERS,, 48 DATA PROCESSING,, 28, 48, 50
ALGORITHMS,, 17, 18, 24, 29, 46, 72, DATA PROCESSING EQUIPMENT,, 15
COMPLEX SYSTEMS,, 20, 29, 40, 44,
73, 74
45, 58, 63, 64, 66, 69, 70 DATA TRANSFER (COMPUTERS),, 15
APPLICATIONS PROGRAMS
COMPONENT RELIABILITY,, 18, 21, DATA TRANSMISSION,, 17
(COMPUTERS),, 35, 54
25, 27, 29, 31, 34, 48 DECISION THEORY,, 31, 58, 64, 65, 70
ARCHITECTURE (COMPUTERS),, 34,
COMPOSITE STRUCTURES,, 37 DEGRADATION,, 42
43, 44, 58, 60
COMPUTATION,, 41, 62, 67, 71 DEPLOYMENT,, 8
ARMED FORCES (UNITED STATES),,
21 COMPUTER AIDED DESIGN,, 25, 27, DESIGN ANALYSIS,, 10, 23, 30, 33, 35,
28, 32, 55, 57, 66 50, 51, 69
ARTIFICIAL INTELLIGENCE,, 1, 16,
60, 62, 70 COMPUTER GRAPHICS,, 34, 45, 50, DIAGNOSIS,, 40
55, 69
ASSESSMENTS,, 12, 73 DIFFERENCES,, 70
COMPUTER INFORMATION
AUTOMATIC CONTROL,, 52 DIGITAL COMPUTERS,, 50, 65
SECURITY,, 47
AUTOMATIC TEST EQUIPMENT,, 33, DIGITAL SIMULATION,, 46
COMPUTER NETWORKS,, 15, 43, 58
60, 71 DIGITAL SYSTEMS,, 5, 26, 55
COMPUTER PROGRAM INTEGRITY,,
AUTOMATION,, 14, 61 DIGITAL TECHNIQUES,, 9, 53
46, 47, 49, 51
AVAILABILITY,, 24, 32, 35, 66 DISPOSAL,, 14
COMPUTER PROGRAMMING,, 48, 53
AVIONICS,, 1, 21, 60 DISTRIBUTED PARAMETER
COMPUTER PROGRAMS,, 22, 23, 24,
SYSTEMS,, 61
25, 27, 28, 29, 34, 41, 43, 45, 46, 47,
B 49, 52, 53, 54, 56, 57, 61, 68, 69, 70, DISTRIBUTED PROCESSING,, 44
72 DISTRIBUTION FUNCTIONS,, 17
BALANCING,, 18
COMPUTER SYSTEMS DESIGN,, 36, DOMAINS,, 67
BAYES THEOREM,, 66
43, 44, 57 DYNAMIC MODELS,, 5, 56
BIBLIOGRAPHIES,, 37 COMPUTER SYSTEMS
BINARY CODES,, 64, 65 PERFORMANCE,, 44, 50, 53 E
BINARY DATA,, 65 COMPUTER SYSTEMS PROGRAMS,,
BLOCK DIAGRAMS,, 27 27, 55, 60 ELECTRIC BATTERIES,, 10, 16, 34

BOOLEAN ALGEBRA,, 23, 26, 27, 29, COMPUTER TECHNIQUES,, 16, 20, ELECTRIC CURRENT,, 17
30, 31, 36, 63, 68, 70, 74 27, 43, 50, 56, 57, 58 ELECTRIC DISCHARGES,, 42

ST-1
ELECTRIC NETWORKS,, 17 FLAME PROPAGATION,, 13 KNOWLEDGE BASES (ARTIFICIAL
ELECTRIC POWER PLANTS,, 5, 25, FLAMMABILITY,, 12, 14 INTELLIGENCE),, 70
42 FLIGHT CONTROL,, 5, 70
ELECTRICAL FAULTS,, 17, 44 FLIGHT HAZARDS,, 73 L
ELECTROCHEMICAL CELLS,, 42 FLIGHT SAFETY,, 7, 9
LAMINATES,, 13
ELECTROCHEMISTRY,, 16 FLIGHT SIMULATORS,, 60
LANDFORMS,, 72
ELECTROMAGNETIC COMPATI- FLY BY WIRE CONTROL,, 3, 5
BILITY,, 16 LAUNCH VEHICLES,, 39
FORECASTING,, 61
ELECTROMAGNETIC INTERFER- LIFE CYCLE COSTS,, 49
FORTRAN,, 43, 45, 46
ENCE,, 16 LIFE SUPPORT SYSTEMS,, 42
FRACTURE MECHANICS,, 32 LIGHT EMITTING DIODES,, 43
ELECTROMAGNETIC NOISE,, 16
FRAMES,, 40
ELECTRONIC CONTROL,, 47 LIQUID OXYGEN,, 12
FUSES (ORDNANCE),, 9 LIQUID PROPELLANT ROCKET
ELECTRONIC EQUIPMENT,, 27, 28,
56 FUSION REACTORS,, 13 ENGINES,, 11
ELECTRONIC EQUIPMENT TESTS,, FUZZY SETS,, 72 LITHIUM,, 16
16 FUZZY SYSTEMS,, 10, 11, 61 LITHIUM SULFUR BATTERIES,, 16
EMBEDDED COMPUTER SYSTEMS,, LOGIC,, 8
59 G LOGIC CIRCUITS,, 34
ENERGY POLICY,, 41 LOGIC DESIGN,, 63
ENGINE CONTROL,, 9 GAS TURBINE ENGINES,, 6
LOGIC PROGRAMMING,, 11
ENGINE DESIGN,, 6, 10 GAS TURBINES,, 5
LOGICAL ELEMENTS,, 22, 66, 71
ENGINE FAILURE,, 6, 10, 11 GATES (CIRCUITS),, 22, 71
LONG DURATION SPACE FLIGHT,, 8
ERROR ANALYSIS,, 43, 65, 67, 74 GENETIC ALGORITHMS,, 68

ERROR CORRECTING DEVICES,, 47 GEOCHEMISTRY,, 72

M
ERRORS,, 65 GRAPH THEORY,, 31, 60

EVALUATION,, 53, 56 GRAPHIC ARTS,, 49 MACHINE LEARNING,, 62

EXPERT SYSTEMS,, 4, 33, 48, 60, 70 GUIDANCE (MOTION),, 71 MACHINE TRANSLATION,, 52, 61

EXPLOSIVES,, 11, 14 GUNS (ORDNANCE),, 11 MAINTAINABILITY,, 23, 27, 33, 38, 39

EXPONENTIAL FUNCTIONS,, 20 MAINTENANCE,, 29, 31, 33, 40, 60, 67

H MANIPULATORS,, 62

F MANUFACTURING,, 74
HARDWARE,, 59
MARINE PROPULSION,, 6
F18 AIRCRAFF,, 5 HAZARDS,, 14
MARINE TRANSPORTATION,, 2
FAIL_SAFE SYSTEMS,, 4, 24, 47, 57, HEURISTIC METHODS,, 68
MARKOV CHAINS,, 50, 68
70 HIGH PRESSURE OXYGEN,, 14
MARKOV PROCESSES,, 24, 35, 48, 50,
FAILURE,, 47, 54 HUBBLE SPACE TELESCOPE,, 7, 14, 55, 56, 61, 69
FAILURE ANALYSIS,, 2, 3, 4, 6, 8, 10, 74
MARS (PLANET),, 9
13, 16, 19, 22, 23, 24, 26, 28, 29, 30, HUMAN FACTORS ENGINEERING,,
MATERIALS SCIENCE,, 12
32, 37, 40, 44, 45, 47, 52, 55, 56, 60, 13
61, 62, 63, 64, 65, 67, 69, 70, 72, 73, MATHEMATICAL LOGIC,, 37
HUMAN PERFORMANCE,, 43
74 MATHEMATICAL MODELS,, 8, 27, 28,
HUMAN COMPUTER INTERFACE,, 36, 42, 56, 58
FAILURE MODES,, 2, 5, 8, 9, 10, 16,
16, 50, 53
21, 26, 29, 30, 33, 34, 37, 38, 47, 48, MATHEMATICAL PROGRAMMING,,
50, 52, 54, 70, 74 HYPERCUBE MULTIPROCESSORS,, 26
8, 57
FAULT DETECTION,, 18 MATRICES (MATHEMATICS),, 31
FAULT TOLERANCE,, 8, 18, 25, 36, 44, MATRIX THEORY,, 41
48, 49, 50, 51, 53, 56, 57, 58, 62 I MAXIMUM LIKELIHOOD ESTI-
FAULT TREES,, 1, 2, 3, 4, 5, 6, 8, 9, 10, MATES,, 26
IGNITION,, 13, 39
11, 13, 14, 15, 16, 18, 24, 25, 26, 27, MEASURING INSTRUMENTS,, 22
INDEPENDENT VARIABLES,, 26
28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
MECHANICAL ENGINEERING,, 31
38, 39, 40, 41, 42, 43, 44, 46, 47, 48, INDUSTRIAL PLANTS,, 70
MICROCOMPUTERS,, 35
49, 50, 51, 52, 53, 54, 55, 56, 57, 58, INERTIAL NAVIGATION,, 39
59, 60, 61, 62, 64, 65, 66, 67, 68, 69, MILITARY AIRCRAFF,, 1, 3
INFORMATION SYSTEMS,, 15, 48, 61
70, 71, 73 MILITARY TECHNOLOGY,, 1
INJECTION,, 53
FEEDBACK CONTROL,, 3 MIRRORS,, 74
INTEGRATED CIRCUITS,, 16, 54
FIGHTER AIRCRAFF,, 4 MISSILES,, 71
FIRE DAMAGE,, 13 MIXING,, 12
K
FIRE PREVENTION,, 4 MODULARITY,, 10
FIRES,, 13 KALMAN FILTERS,, 73 MONTE CARLO METHOD,, 24, 44

ST-2
MTBF,, 33 POLYNOMIALS,, 41 51, 52, 55, 56, 57, 58, 59, 60, 61, 63,
MULTIPROCESSING (COMPUTERS),, PREDICTION ANALYSIS TECH- 64, 66, 67, 68, 69, 70
49, 50 NIQUES,, 25, 27, 37 RELIABILITY ENGINEERING,, 16, 17,
MULTISENSOR FUSION,, 15 PRESSURE VESSEL DESIGN,, 28 19, 20, 21, 23, 25, 27, 28, 30, 34, 35,
36, 37, 38, 39, 45, 52
PRINTED CIRCUITS,, 28
REQUIREMENTS,, 16
N PROBABILITY DENSITY FUNC-
TIONS,, 67 RESONANT VIBRATION,, 41
NASA SPACE PROGRAMS,, 7 PROBABILITY DISTRIBUTION RESPONSE TIME (COMPUTERS),, 44
NETWORK ANALYSIS,, 16 FUNCTIONS,, 10 REUSABLE ROCKET ENGINES,, 7
NICKEL HYDROGEN BATTERIES,, PROBABILITY THEORY,, 4, 15, 17, 27, RISK,, 12, 14, 15, 34, 43, 45, 58, 73
42 32, 37, 40, 43, 44, 57, 63, 65, 66, 68,
ROBOTICS,, 61, 62
NONDESTRUCTIVE TESTS,, 32 70, 71, 74
ROBOTS,, 18, 61, 62
NONLINEAR SYSTEMS,, 70 PROBLEM SOLVING,, 48, 56
ROCKET ENGINE DESIGN,, 10, 11
NUCLEAR ELECTRIC POWER PROCESS CONTROL (INDUSTRY),,
ROCKET ENGINES,, 10, 11
GENERATION,, 26 14, 65
PRODUCTION ENGINEERING,, 35 ROCKET FIRING,, 7
NUCLEAR ENGINE FOR ROCKET
VEHICLES,, 9 PRODUCTION MANAGEMENT,, 61 ROCKET PROPELLANTS,, 11

NUCLEAR FISSION,, 73 PRODUCTION PLANNING,, 30 ROCKET VEHICLES,, 71

NUCLEAR FUEL REPROCESSING,, PRODUCTIVITY,, 61 RUN TIME (COMPUTERS),, 24

73 PRODUCTS,, 63
NUCLEAR POWER PLANTS,, 31, 33 PROGRAM VERIFICATION S
NUCLEAR POWER REACTORS,, 20 (COMPUTERS),, 46, 47, 52, 53
SAFETY,, 6, 14, 16, 32, 43, 50, 51, 53,
NUCLEAR PROPULSION,, 9 PROGRAMMING LANGUAGES,, 55
54, 71, 73
NUCLEAR REACTORS,, 53, 64, 73 PROJECT MANAGEMENT,, 13
SAFETY DEVICES,, 35
NUCLEAR RESEARCH,, 13 PROPELLANT COMBUSTION,, 11
SAFETY FACTORS,, 3, 19, 41, 53, 54,
NUCLEAR RESEARCH AND TEST PROPELLANT PROPERTIES,, 11 65, 72
REACTORS,, 6 PROPULSION SYSTEM CONFIGU-
SAFETY MANAGEMENT,, 13, 18, 47,
NUMERICAL ANALYSIS,, 32, 46 RATIONS,, 10 62, 69, 73
NUMERICAL CONTROL,, 9 PROTECTIVE CLOTHING,, 42
SATELLITE DESIGN,, 32
PROTOTYPES,, 67
SATELLITE OBSERVATION,, 64
O SATELLITE BORNE INSTRUMENTS,
Q ,64
OBJECT PROGRAMS,, 33
SEIZURES,, 18
OBJECT_ORIENTED PROGRAM- QUALITATIVE ANALYSIS,, 52, 64
SENSITIVITY,, 17, 40
MING,, 33, 36, 53, 54, 55, 70 QUALITY CONTROL,, 35, 38, 54, 63,
74 SEQUENCING,, 35, 65
ONBOARD EQUIPMENT,, 60
QUANTITATIVE ANALYSIS,, 52, 64, SEQUENTIAL ANALYSIS,, 35
OPERATIONS RESEARCH,, 23
65 SEQUENTIAL CONTROL,, 39
OPTIMAL CONTROL,, 61
SERVICE LIFE,, 4
OPTIMIZATION,, 33, 51, 68
R SET THEORY,, 26, 63, 66
ORBITAL SERVICING,, 7, 14
SHAFTS (MACHINE ELEMENTS),, 18
ORDNANCE,, 74 RADIOACTIVE MATERIALS,, 45
SKIDDING,, 4
OXYGEN SUPPLY EQUIPMENT,, 14 RADIOACTIVE WASTES,, 72
OXYGEN TENSION,, 12 SMALL SCIENTIFIC SATELLITES,,
RANDOM PROCESSES,, 65
10
RANDOM SAMPLING,, 24
SODIUM CHLORIDES,, 72
P REACTOR SAFETY,, 6, 13, 29, 34, 44,
SOFTWARE DEVELOPMENT TOOLS,
48, 64, 72
PARALLEL PROCESSING ,3, 49, 52, 53, 54, 55, 58, 59, 71
REAL TIME OPERATION,, 7, 46, 47
(COMPUTERS),, 36 SOFTWARE ENGINEERING,, 47, 48,
REDUNDANCY,, 71
PARAMETER IDENTIFICATION,, 6, 50, 52, 54, 55, 56
30 REDUNDANCY ENCODING,, 18
SOFTWARE RELIABILITY,, 52, 54, 55,
REDUNDANT COMPONENTS,, 35 59
PARTITIONS (MATHEMATICS),, 32
REGRESSION ANALYSIS,, 38 SOLAR ENERGY CONVERSION,, 42
PASCAL (PROGRAMMING
LANGUAGE),, 54 RELIABILITY,, 6, 10, 15, 19, 21, 23, 34, SOLID PROPELLANT ROCKET
37, 39, 50, 56, 60, 61, 64, 65, 68, 70, ENGINES,, 7, 11, 59
PERFORMANCE PREDICTION,, 5, 37, 72
46, 69, 74 SOLID PROPELLANTS,, 12
RELIABILITY ANALYSIS,, 4, 5, 8, 10,
PERFORMANCE TESTS,, 49 SPACE EXPLORATION,, 9
11, 20, 21, 22, 24, 25, 26, 27, 28, 29,
PETRI NETS,, 49, 52 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, SPACE MAINTENANCE,, 14
PILOT PLANTS,, 64 40, 41, 42, 43, 44, 46, 47, 48, 49, 50, SPACE MISSIONS,, 24

ST-3
SPACE SHUTTLE MISSIONS,, 7 TREES (MATHEMATICS),, 6, 13, 19,
SPACE SHUTTLE ORBITERS,, 60 20, 21, 22, 23, 40, 43, 44, 45, 46, 63,
65, 69, 71, 74
SPACE SHUTTLE PAYLOADS,, 8
TURBINE BLADES,, 41
SPACE SHUTTLES,, 7
SPACEBORNE EXPERIMENTS,, 8
SPACECRAFT ORBITS,, 42
U
SPACECRAFT POWER SUPPLIES,, ULTRAVIOLET SPECTROMETERS,,
10, 42 64
SPACECRAFT RELIABILITY,, 24 UNIVAC 1108 COMPUTER,, 43
SPECIFICATIONS,, 53 USER MANUALS (COMPUTER
SPINDLES,, 18 PROGRAMS),, 50
SPRAYERS,, 20 USER REQUIREMENTS,, 30
STANDARDS,, 68 UTILIZATION,, 65
STATISTICAL ANALYSIS,, 20, 23, 29,
37, 71 V
STATISTICAL DISTRIBUTIONS,, 17
VALVES,, 73
STOCHASTIC PROCESSES,, 50, 66
VARIANCE (STATISTICS),, 32
STRESS ANALYSIS,, 4
VULNERABILITY,, 68
STRUCTURAL ANALYSIS,, 16, 40
STRUCTURAL DESIGN,, 40
STRUCTURAL DESIGN CRITERIA,,
W
37
WARHEADS,, 9
STRUCTURAL FAILURE,, 1, 32, 67
WARNING SYSTEMS,, 40
STRUCTURAL PROPERTIES
WASTE DISPOSAL,, 62, 72
(GEOLOGY),, 72
WEAPON SYSTEMS,, 46
STRUCTURAL RELIABILITY,, 4, 27
WINDMILLS (WlNDPOWERED
STRUCTURAL STABILITY,, 67
MACHINES),, 41
STRUCTURAL VIBRATION,, 41
WlNDPOWER UTILIZATION,, 41
SYSTEM EFFECTIVENESS,, 46, 74
WORK CAPACITY,, 13
SYSTEM FAILURES,, 6, 8, 18, 19, 20,
WORKSTATIONS,, 50
21, 25, 28, 31, 33, 35, 37, 50, 56, 60,
65, 69, 71
SYSTEM IDENTIFICATION,, 31 X
SYSTEMS,, 6 X RAY IMAGERY,, 7, 59
SYSTEMS ANALYSIS,, 3, 5, 8, 14, 18,
19, 20, 21, 23, 27, 28, 31, 34, 51, 61,
64, 65, 66, 67, 69, 71, 74
SYSTEMS ENGINEERING,, 18, 34, 35,
51
SYSTEMS INTEGRATION,, 2, 11, 55
SYSTEMS SIMULATION,, 28, 29, 31

T
TECHNOLOGIES,, 53
TECHNOLOGY ASSESSMENT,, 32
TECHNOLOGY UTILIZATION,, 10
TENSILE TESTS,, 13
TEST FACILITIES,, 18
TESTS,, 21
TETHERED SATELLITES,, 8
TETHERING,, 8
TRANSFORMATIONS (MATH-
EMATICS),, 24
TRANSLATING,, 51
TRANSPORT AIRCRAFT,, 4
TRANSPORTATION,, 21

ST-4
 Personal Author Index

A C Evans, J. F. O., 8

Aber, E. F., 22 Cai, Huiming, 41

Agarwala, Ajay S., 35 Cannon, J. A., 74
F
Alldridge, David W., 8 Caretta, A., 27 Fang, Guoyao, 11
Alvares, N. J., 13 Carnino, A., 27 Farris, L., 28
Amendola, A., 27 Cavallaro, Joseph R., 18, 61, 62 Fashandi, A. R. M., 61
Anand, Anju, 67 Cepin, M., 54 Feutz, R. J., 65
Andrews, J. D., 51, 64, 65 Cepin, Marko, 68 Fischer, S. R., 18
Andrews, John D., 70 Chakrabarti, S., 63 Friedman, Michael A., 54
Apostolakis, George, 56 Chamis, Christos C., 37 Fryer, M. O., 59
Arlin Cooper, J., 68 Chatterjee, R, 19, 69 Fu, Changan, 4
Arnborg, S., 46 Chelson, R O., 17, 43 Fullwood, R., 28, 29
Avizienis, A., 44 Chen, F. C., 40 Fullwood, R. R., 3
Chen, Jinshui, 41 Fussell, J. B., 19, 20, 21, 22
Chiesa, S., 4
B
Childs, Christopher, 62 G
Bahr, N. J., 6, 14 Clarotti, C. A., 24, 66
Banavar, R. N., 73 Collins, E., 53 Gangadharan, A. C., 22

Barlow, R. E., 17, 19 Garcia Molina, H., 44

Colombo, A. G., 66
Barlow, Richard E., 36 Contini, S., 24, 66 Garribba, S., 48

Bartholomew, R. J., 26, 29, 48 Gaylor, T. R., 57

Coppit, David W., 55
Basin, S., 28, 29 Coudert, Olivier, 67 Gaylor, Timothy R., 15
Gianotti, R, 4
Bass, L., 45, 69 Cox, D. C., 69
Gilbert, K., 5
Bavuso, Salvatore J., 8, 49, 51 Crosetti, R A., 43, 63, 72
Gill, Janet A., 49, 50
Bazovsky, I., Sr., 31 Cunninghanl, R, 56
Girardi, F., 72
Belli, Fevzi, 49
Goldberg, F. F., 31
Belmonte, R. B., 42 D Griffing, D. E., 45
Bennetts, R. G., 26
Dalessandro, M., 72 Grose, V. L., 74
Benz, Frank J., 12
Dalton, L., 53 Grosh, D. L., 30
Benz, G. E., 31
Danlin, D. G., 32 Guagnini, E., 48
Bertozzi, G., 72
deLemos, R., 54 Guarro, Sergio, 56
Bonzano, A., 56
Demeester, R, 27 Guimarees, Antonio C. F., 72
Bossart, R. K., 15
Depalo, S. V., 6, 14
Bossche, Adrianus, 66
Bott, T. F., 18
Dhillon, B. S., 61 H
Ding, E. L., 40
Boyd, Mark, 58 Haasl, D. F., 31
Ding, S. X., 40
Boyd, Mark A., 8, 51, 57 Haimes, Yacov Y., 34
Dirnbach, R H., 30
Bridgman, M. S., 25 Haley, Pamela J., 49
Doyle, Stacy A., 5, 58
Brinson, H. F., 12 Hall, D. S., 3
Dugan, Joanne B., 5, 36, 55, 58, 59
Bro, Per, 42 Hall, R. E., 3
Dugan, Joanne Bechta, 51, 68
Broschk, K., 23 Hardy, Terry L., 9, 10, 11
Dunglinson, C., 28
Brown, M., 19 Harringtton, Robert J., 33
Dussanlt, H. B., 47
Bruce, R. A., 63 Harris, M. E., 1
Buden, David, 9 Harris, Michael E., 60
Buffardi, Riccardo, 2
E Harvey, R R., 47
Burkett, Michael A., 70 Ebecken, Nelson F. F., 72 Hasegawa, H. K., 13
Bums, E., 41 Eggwertz, S., 41 Hattori, Y., 23
Bums, E. T., 24 Ercegovac, M. D., 44 Heger, A. Sharif, 33
Burton, B. A., 46 Erdmann, R. C., 5 Henley, E. J., 20, 24
Butler, Ricky W., 48, 57 Escalera, J., 28, 29 Hikawa, M., 47

PA-1
Hitt, E. K, 25 Land, R., 24 Moret, B. M. E., 70
Hogshohn, A., 19 Lapp, S. A., 64 Mostia, William L., 65
Holt, E. L., 3 Larsen, W. F., 74 Murchland, J. D., 44
Horii, H., 47 Laviron, A., 27 Mussio, R, 48
Horman, R. L., 43 Lee, Dong ttee, 16
Hunt, J. E., 16 Lee, Kil Haeng, 16 N
Hurley, M. T., 15 Lee, W. S., 30
Naito, Yoshitaka, 72
Husseiny, A., 41 Lee, Y. S., 17
Nakashima, K., 23
Lemon, G. H., 13, 73
Neri, Lewis, 1
I Lessard, B. J., 15
Nertney, R. J., 43
Leuschen, Martin L., 61
Inoue, K., 20, 24 Newt, J., 28, 29
Leveson, N. G., 46, 47
Ishigami, T., 47 Nonmra, Yasushi, 72
Levy, Samuel C., 16, 33, 42
Ito, T., 64
Li, Duan, 34
Iverson, David L., 35
Li, Peiqiong, 5 O
Lie, C. H., 30 Oconnor, R D. T., 27
d Ling, W. C. T., 13 Okuma, M., 26
Liu, Ming C., 35 Onwubiko, C., 40
Jackson, Tyrone, 35
Jain, A. K., 12 Liu, Zhiqing, 39 Onyebueke, L. C., 40
Locks, M. O., 66 Ordonio, Robert R., 51
Jedrzejowicz, Piotr, 49
Long, R. Allen, 40 Ou, Yangde, 41
Jeinsch, T., 40
Long, W. T., 20
Jion_Sheng, L., 26
Louthan, M. R., Jr., 12
Jolly, Carolyn L., 2 P
Lynch, E. R, 63
Page, Lavon B., 34
Lyu, Michael R., 54
K Palto, R J., 45
Paludi, C. A., Jr., 15
Kambhampati, Subbarao, 62 M Pande, R K., 69
Kaneki, H., 47
Ma, Zhibo, 11 Pape, R., 13
Karimi, R., 25
Madre, Jean Christophe, 67 Park, Jong Tae, 16
Kaufman, Lori M., 59
Maggiore, R, 4 Patterson Hine, Ann, 5
Keeble, Trenton G., 32
Malasky, S. W., 46 Patterson Hine, F. A., 36
Keller, H., 23
Maletz, M. C., 60 Patterson Hine, F. Ann, 33
Kelly, J. E., 5
Manaranche, J. C., 27 Pawlak, Robert J., 15
Kent, J., 44
Manian, Ragavan, 55, 59 Peercy, D., 53
Kini, V., 57
Martensen, Anna L., 48, 57 Perry, Jo Ellen, 34
Kiss, L., 29
Martinez Guridi, G., 3 Pollock, G., 53
Kitagawa, K., 30
Mason, Russell W., 52 Pope, M., 30
Kiyota, Mikio, 50
Masters, J. E., 12 Porterfield, W. R., 45, 69
Klein, G. C., 10
Maurer, R. H., 16 Poucet, A., 27
Klein, Glenn C., 42
Mavko, B., 54 Powers, G. J., 64
Knight, J. C., 52, 53
Mavko, Borut, 68 Price, C. J., 16
Knudsen, H. K., 29
Mazzocchi, A., 28 Proctor, C. L., 66
Koen, Billy V., 33
Mc Laughlin, M. A., 6 Proctor, C. L., II, 66
Kong, Ruilian, 41
Mcgibbon, A., 74 Pugh, D. R., 16
Koppen, Sandra V., 49
Mcgraw, Richard J., Jr., 50 Pulkkinen, U., 52
Koren, James, 62
McKelvey, Michael H., 2 Purcell, W. L., 45
Korfllage, R. R., 43
Mei, Qizhi, 33 Purnendu, C., 17
Kothari, A. M., 66
Kuang, Wuyue, 11 Merkling, R. E., 4

Kumanloto, H., 24
Mihalkanin, R A., 21 Q
Miller, C. O., 65
Kuzawinski, Karla M., 33 Querzoli, Rodolfo, 2
Millwater, H. R., 67
Mniszewski, K., 13
L Moore, T. C., 2
R
Lambert, H., 18, 21, 28 Moore, Tim C., 6 Rackley, L. E., 73

PA-2
Raghavendra, C. S., 44 Smurthwaite, Richard, 33 W
Raghuram, A. C., 32 Smyth, B., 56
Walker, B. K., 69
Raheja, Dev G., 48 Snodgrass, T. D., 1
Walker, Ian D., 18, 61, 62
Rahl, R. G., 22 Snodgrass, Thomas D., 60
Wang, Yuanda, 4
Rajagopal, C., 12 Snooke, N., 16
Rankin, G. L., 21 Wang, Zengxi, 38
Somani, Arun K., 67
Rao, M. S. M., 22 Watanabe, N., 47
Somnla, R., 24
Rapp, Douglas C., 9, 10, 11 Watanabe, Norio, 50
Song, Zhaohong, 41
Rash, Donald E., Jr., 42 Watanabe, T., 26
Sova, D., 56
Rasnmson, D. M., 25, 34 Weber, G., 29
Spector, M. E., 69
Rasnmssin, N., 25 Spille, F., 9 Weber, G. G., 44

Rayes, L., 24 Stack, D. W., 24, 63 Wei, T., 17

Redgate, Marianne L., 2 Stecher, K., 29 Whan, G. A., 29

Reid, R. A., 20 Stefan, G., Jr., 9 Wijk, G., 68

Reid, William Sanmal, Jr., 51 Stoddard, Robert W., 54 Wilkinson, B., 2
Reifsnider, K. L., 12 Stoltzfus, Joel M., 12 Wilkinson, Brian, 6
Reimherr, G. W., 22, 23 Stolzy, J. L., 46, 47 Williamson, R. B., 13
Ren, Yansong, 68 Stradling, Jack S., 12 Willie, R. R., 22
Riddle, S., 54 Strauss, B. M., 32 Wilson, M. S., 16
Roberts, N. H., 31 Sullivan, Kevin J., 55 Winter, Mathias W., 60
Robinson, A. C., 25 Sun, Zhexi, 11 Wolf, L., 25
Rodney, George A., 73 Sundararajan, C., 22 Wong, M. W. T., 17
Rogerson, D. J., 7 Swider, E., 13 Woo, Wang Don, 16
Rothbart, G., 28, 29 Worrell, R. B., 24, 63
Roy, K., 73 Wu, Y. T.,67
Rushdi, A. M., 31
T
Wynholds, H. W., 45, 69
Russell, K. D., 34 Tamanaha, Doris Y., 55
Wyss, G. D., 57
Tan, Songlin, 11
Wyss, Gregory D., 15
Tanaka, K., 24
S
Tang, Zhidong, 11
Sacks, I. J., 31
Tao, S., 53 X
Saeed, A., 54
Thangasamy, S., 73 Xue, Jianan, 38
Sampath, R., 27 Thonlas, J. C., 46
Santay, Anthony J., 14 Ttlomason, M. G., 70
Sasaki, S., 47
Tilhnan, F. A., 30 Y
Sattison, M. B., 34
Toola, A., 14
Yang, Kai, 38
Schmidt, D. E, 10
Tomg, T. Y., 67 Yang, Shunagjin, 39
Schneeweiss, W. G., 31
Tracy, J. R, 65 Yang, Xiaojun, 5
Schneeweiss, Winfrid G., 36
Tregarthen, R J., 46 Yao, Yiping, 5
Schriner, H. K., 57
Trotta, Luigi, 2 Yasunobu, C., 26
Schriner, Heather K., 15
Tuazon, Jezus O., 57
Seybold, G. D., 45 Yau, Michael, 56

Shamala, A. R., 32 Yelhnan, Ted W., 71

Sharma, Tilak C., 34 U Yeow, Y. T., 12

Shiao, Michael C., 37 Unione, A., 41 Yin, Meng Lai, 55

Shimeall, Timothy J., 50 Youngblood, R. W., 32

Uy, O. Manuel, 16
Sicking, C., 53
Siewiorek, D. R, 57
V Z
Sikora, Scott E., 70
Singpurwalla, N. D., 19 Vanossi, M., 72 Zhang, Chengpu, 41
Sinnamon, R. M., 64, 65 Vanslyke, W. J., 45 Zhang, Li, 41
Sinnamon, Roslyn M., 70 Vaurio, Jussi K., 71 Zhang, Qin, 33
Sjogren, Jon A., 50 Venmri, Kiran K., 55, 59 Zhang, Wen Qi, 59
Slauson, W. E., 15 Vesely, W. E., 31 Zielinski, Paul A., 4
Smidts, C., 56 Visinsky, Monica, 18 Zilbemlan, Benyanfin, 34

PA-3