It is impossible to achieve absolute safety for systems that use energy. All measures for the safe operation of technological systems must consider the possibility of dangerous, undesirable situations and focus on the relevant risk [ 1 ]. Analyzing the reliability of technological equipment has recently become increasingly important. The concept of manufactured risk management emerged when, given the growing number of potentially dangerous facilities and the associated increase in accidents and catastrophes, the question arose as to which strategy to choose to ensure the safety of manufacturing facilities. The tasks of systems reliability evaluation in engineering practice are faced by specialists who perform design and engineering work, developers of plans for localization and elimination of

2022 Copyright for this paper by its authors. emergencies and accidents, developers of safety declarations for high-risk facilities. Risk should be understood as the expected frequency or probability of specific hazards class or the amount of possible damage (loss, damage) from an undesired event or some combination of these values. The application of the concept of risk, thus, allows to translate the danger into the category of measurable categories, where risk is a measure of danger and includes the following quantitative indicators: • probability of occurrence (frequency of occurrence) of the dangerous factor under consideration; • the amount of damage from the influence of a dangerous factor; • uncertainty of losses and probabilities.

The term “risk” is used to analyze the reliability of technological systems, determine the level of hazards and form a set of actions to reduce the risk of an adverse event [ 2 ]. Suppose the concept of “risk” is applied to the technosphere. In that case, it should describe the probability of an accident when using the mechanisms or machines of a technological system particular process. The manufactured risk analysis is used to assess the reliability of technological systems, which aims to determine the frequency of adverse events and calculate the probabilities of their occurrence. In general, the main tasks of risk assessment are related to: 1. Identification of hazards. 2. Analysis of the frequency or probability of adverse events.

3. Assessing the consequences of adverse events.

The generalized assessment of the reliability of technological systems should reflect the state of industrial safety, taking into account the risk indicators of all adverse events that may occur at the hazardous production facility, and based on the results: • integration of risk indicators of all adverse events (accident scenarios), taking into account their mutual influence; • analysis of uncertainty and accuracy of the obtained results; • analysis of operating conditions compliance with industrial safety requirements and acceptable risk criteria.

In modern accidents researching, causation and effect diagrams with a branching structure and called a “tree” (fault tree, event tree), each of which is a branched, finite and connected graph that does not have loops or cycles, have become widespread.

To solve the problems of a quantitative evaluation of reliability and safety of complex technological systems, logical-probabilistic methods, logical-graphic methods [ 3 ]: event trees, Fault Tree Analysis (FTA), topological methods have become the most widespread. The first analysis of the reliability of complex technological systems, implemented by FTA, was conducted in the ’60s [ 4 ]. Today, FTA is effectively used in the aerospace, nuclear energy, chemical and processing industries, pharmaceuticals, petrochemicals, and other high-risk industries [ 5-7 ].

Despite the extensive coverage in the scientific and technical literature, experts make some methodological and logical errors in practice, which leads to incorrect results of the technological systems reliability analysis [ 8 ]. The urgency of automating the process of technological systems reliability evaluation is associated with the ever-increasing structural complexity and dimensionality of modern technical systems and the need to increase the level of reliability and safety of such systems. Computer systems development and software applications with the function of automatic construction and calculation of the events occurrence probability allows to increase the speed of technological system model construction, simplify the Fault Tree (FT) design process, reduce errors in calculations, get a mechanism for modeling various system states occurrence of adverse events. Currently, there are a lot of commercial and non-commercial software and platforms that allow building the FT and performing analysis of the technological systems reliability in automated mode, such as [ 9 ]: OpenFTA, OpenAltaRica platform, ALD Fault Tree Analyzer, DFTCalc, CAFTA, RAM Commander FTA. In addition to opening and advertising software products, scientists Y. Hiraoka, M. Takahashi, A. Majdara, T. Wakabayashi [ 10,11 ] describe corporate software development to assess the reliability of specific technological systems. The main disadvantage of commercial software is paying for the purchased license. Free software has some limitations for building a FT, such as restrictions on the number of initiating events or logical operators, the inability to save or reuse the created FT, customization for a specific data domain.

The primary purpose of this work is to present the results of modeling, development, and practical application of non-profit computer system, which provides the ability to design a FT for quantitative and qualitative analysis of a wide range of technological systems reliability.

System analysis, including the formulation and decomposition of the problem’s solution, is used to formalize the process of technological system research, the reliability of which must be evaluated.

FTA is used to evaluate the system’s reliability, which is one of the main methods of quantifying the probabilistic component of risk – the frequency of accidents. When constructing a FT, it is necessary to define the conditions for the appearance of the top event; decompose complex prerequisites; identify co-operating factors; exclude feedback between elements specify the reasons for their occurrence; check the validity of all accepted assumptions and initial data. Using the traceback algorithm allows calculating the probability of events occurrence included in the FT, starting from the bottom level of the tree. The significance of the events leading to the main undesirable event is assessed using the Fussell-Vesely algorithm.

During the computer system design and implementation, the principles of system analysis, function-oriented method of data domain analysis, data normalization rules, principles of relational database design are used. The user interface development was carried out, taking into account the interface’s usability.

The methods, principles, and algorithms used in the course of the work make it possible to state that the study results are reasonable and reproducible. 2.1.

5. Graphical representation of the failure tree and calculation of intermediate events and top one probabilities.

The main reasons for errors when building a FT are: • errors of system analysis when describing the composition of the technological system and the set of process events to be analyzed; • incorrect use of logical symbols; • incorrect use of statistics on the initiating events probabilities.

The following steps of working with the graphic model data of FT are aimed to conduct a qualitative and quantitative analysis of system reliability.

The FT elements can be divided into three groups: primary failures or initiating, or basic events (conditions in which the technical system usually operates); secondary failures (deviations from process regulations); control failures (equipment does not receive control signals for any reason). A FT includes one top event connected by logical conditions with those intermediate and initial prerequisites, the occurrence of some of which can lead to a specific incident.

The graphical display of the FT uses standardized graphic notations, which makes it possible to clearly define events, logical elements, and types of transmission [ 4,11 ]. Event symbols allow setting such events as: “Top Event”, “Intermediate Event”, “Initiating Basic Event”, undeveloped event, external event. The initiating events do not develop further, and the intermediate events are at the output of the elements. The logical gates symbols describe the relationship between input and output events and correspond to classical Boolean logic. Transmission elements are used to connect the inputs and outputs of the corresponding FT, such as the FT of the subsystem in its system. Table 1 shows the basic graphic notations used to build the FT.

The most commonly used logical elements are AND and OR, but some trees may also use logical operators such as XOR or NAND. For any event to be further analyzed, first look at all possible events that are inputs of operation OR, then that are inputs of operation AND. This scheme is applied to the basic event and all other events whose analysis makes sense to continue.

FT can be used for qualitative and quantitative analysis of system reliability. At the qualitative level, it is used to identify possible causes and ways of failure (final event); at the quantitative level – to calculate the probability of a final event based on data on the probabilities of causal events.

Qualitative analysis requires an understanding of the system and the reasons for the failure and a technical understanding of how the system may fail. When conducting the analysis, it is advisable to draw up detailed schemes. It is necessary to set basic events BE={BE1,…BEn} and a set of intermediate events IE={IE1,…IEn}, each of which occurs when a single initiating event or set of initiating events. Boolean algebra is used to describe the relationships between intermediate and initiating events. A complex tree has different sets of initiating events, in which an event is reached at the top; they are called emergency combinations (sections). The minimal cut set is the minor set of initiating events in which an event occurs at the top. The complete set of minimum emergency combinations of a tree represents all variants of combinations of events at which there can be an accident. The minimum trajectory is the smallest group of events in which an accident occurs. Qualitative analysis of the tree is carried out using the selected minimum emergency combinations and trajectories; it compares different routes and initial events to the final and identifies critical (most dangerous) pathways leading to the accident.

Quantitative analysis of the FT calculates the probability of an accident during a given time on all possible routes. The calculation of the probabilities of the intermediate and main events, which are part of the constructed FT, is based on the input statistics of the frequency of occurrence of the initiating events. The following data are used to determine the frequency of occurrence of initiating where  – the intensity of the failure event in the technological system, t – the operating time of the technological system, which determines the intensity of the failure event in the technological system. statistical data on accidents and reliability of the technological system, the specifics of the hazardous production facility; expert assessments by taking into account the opinion of experts in this field; analysis of accidents in order to determine the required probability.

The probability of occurrence of events is associated with the intensity of the event by exponential In the case of⁡ < 0,1 equation (1) turns into: FT quantitative analysis can be carried out in various ways: = 1 − exp⁡(− ),

  . events: law [ 13 ]: • • • • • •

prerequisites. using structural functions (calculated probability polynomials); step-by-step reduction of the FT using trace-back algorithm; quantitative assessment of the top event probability using minimal combinations of initial Using structural functions. In this case the problem is to simplify the relations according to the rules of event algebra in order to obtain calculated probability polynomials. The prediction of the probability of a top event is carried out in the following sequence [ 3 ]:

The analytical model of the process is decompressed into separate blocks;

In selected blocks, those subsets of events that are interconnected by conditions AND, OR and have known probabilities are distinguished;

For the selected units the probability calculation at the event vertices is performed; The structural function is simplified by replacing each subset of the property with one (1) (2) (3) member having an equivalent probability;

The probability of the occurrence of the FT top event is calculated in a similar way.

Using trace-back algorithm. If the probabilities of all initiating events are known, the trace-back algorithm to calculate the probabilities of intermediate events and the main undesirable event can be used. The probability of intermediate events depends on the relationship between the events that lead to them. The trace-back algorithm calculates the probability of events that are part of the generated FT by levels, starting from the lowest. N failure tree prerequisites combined by logical condition AND are replaced by one event with equivalent probability of occurrence ∩ [ 14 ]: ∩ = 1 ∙ 2⁡ ∙∙∙ = ∏ .

=1 realizing at least one initial event:

M of the FT initial prerequisites, connected by a logical gate OR, are also replaced by one event, and its equivalent probability ∪ is calculated using a formula that estimates the probability of =1 ∪ = 1 − (1 − 1)(1 − 2⁡)∙∙∙ (1 − )= 1 − ∏(1 − ), where Pi – the probability of i-th event occurrence.

Also, the probability of a basic event can be determined based on the minimum cut sets as [ 5 ]: =1 ( )= 1 − ∏(1 − ( )).

=1 where Ci(i=1,..,Nc) – is the minimum cut set combination at which a top event occurs.

Using minimal combinations of initial prerequisites. This method consists of constructing another tree equivalent to the analyzed FT and including all minimal combinations of one type [ 15 ]. The new diagram is also a FT and has only one logical condition: AND if only minimum cut set combinations are used, and OR – when only minimum throughput combinations are used. To calculate the probability Q of incidents, the following expressions are used: min

(Х ) where a ,b – the amount of minimum cut set and minimum throughput combination of the FT, mi, nk, the number of initial prerequisites in each of its i-th throughput and k-th cut set minimum combinations of initial events prerequisites.

Importance indicators are used to determine the contribution of each event or their combination to the occurrence of a system failure. The assessment of the importance of an event is based on the logic of its association with other FT events. It is advisable to use the Fussell-Vesely algorithm to assess the importance of the occurrence of a particular event on the occurrence of the main adverse event. Fussell-Vesely Importance is defined as [ 16 ]: where Pmin cut (Xi) – is the probability of the i-th minimum cut sets leading to the basic event, Q is the probability of the main undesirable event.

The analysis of software used to build a FT of complex technological systems made it possible to form functional and non-functional requirements for system software, main of which are: 1. Client-server data processing, with the ability to save data in a database.

2. Implementation of mechanisms for forming a description of the technological process or system in the form of events set with the probabilities of their occurrence.

3. Implementation of probabilistic modeling software mechanisms with automatic calculation of events occurrence probabilities in the system and creation of probability function polynomial. 4. Graphical construction of the FT.

5. Qualitative and quantitative analysis realizing on FT data. 3.1.

The computer system is designed as a desktop application in C # as Windows Form Application, does not require an Internet connection, interacts with the user through a standardized interface. The primary functional purpose is the automated design of FT to conduct qualitative and quantitative analysis of the reliability of technological systems.

The system architecture is multi-layered, consisting of a data representation layer, a business logic layer, and a data layer. The scheme of the architecture of the developed computer system is presented in the Figure 1.

The data layer of the system was designed based on the approach described in [ 17 ], which implements the division of the data layer into three components: normative, operation, and resulting information. Normative information of the system is conditionally unchanged data, repeatedly used in data entry and the resulting samples formation. Operation information entered by the user is the primary source of data describing changes in the state of the data domain. Obtaining the resulting information is the purpose of the system; it is formed based on the results of queries to the database. The data storage in this system is a relational database, which stores descriptions of technological systems, sets of graphic notations, and types of relationships between events to build a FT, sets of accidents, and the intensity of their occurrence over time.

The business logic layer is designed as a set of software modules: 1. Module for data and descriptions of the technological system input. 2. Module of the FT graphic model construction. 3. Module for calculating and analyzing the data obtained.

Data processing mechanisms were implemented through stored procedures and representations of the database level and software application.

The data representation layer is a user interface developed on the base of the Window – Image – Menu – Pointer (WIMP) graphics standard as a set of screen forms. All graphic forms meet the requirements of unification and standardization and implement the same algorithms to build a dialogue between the user and the software application. 3.2.

The developed computer system is user-dependent, i.e., the reliability of input data describing basic and intermediate events sets, the establishment of the main undesirable event, the choice of the logical relationships types of between events, the correctness of initiating events intensity or probability input is the responsibility of system users. The system validates the input data.

During the data domain analysis, two roles of computer system users were identified: the operator and the administrator. The available functions are determined, and the schemes of interaction and support of work with the system are formed considering each user’s rights to access information. The system operator is a user-analyst who has sufficient knowledge of the technological system, the reliability analysis of which will be carried out. Table 2 lists the main functions and available operations for the system operator.

A system administrator is a user who has access rights to the information stored in a database. In addition to the actions described in Table 2, the administrator has the functions of database management and administration: backup, recovery, data archiving, determination of server connection characteristics, etc.

The functions and actions of users are distributed between screen forms to simplify the dialogue of users with the system, the general scheme of transition between which corresponds to the following logical sequence: 1. Entering data on the technological system, determining the main adverse event. 2. Form a list of initiating events with data entry on the intensity of their occurrence over time and entering data of intermediate events that may affect the technological system reliability and contribute to emergencies. 3. Forming relations between events. 4. Request for automatic construction of the FT and obtaining its graphical model. 5. Request for qualitative and quantitative analysis of the generated FT data.

In addition to the mainline of dialogue with the computer system to implement all the actions described in Table 2, child modal forms are used. The results of confirmed data transactions are displayed in a single relational database. 3.3.

Data and system logic are shared between the database, user interface, and business rule algorithms for implementing information operations with data. According to the proposed system architecture (Figure 1), the normative and operation data are subject to storage in the data storage, implemented in a relational database. The normative information of the system includes: • set of graphic notations; • list of developed projects; • description of technological systems and a set of events.

The input information of the system, which has the properties of dynamism and is entered by operators, is the relationship between events, the intensity of events, the timing of the system, for which it is necessary to calculate the probabilities. The resulting information is a graphical representation of the FT, the formed probability polynomial, the set of calculated probabilities of the base, intermediate and main event, the set of minimum emergency combinations and trajectories. The resulting information is generated by the system automatically according to the input parameters of the calculation.

Database modeling was performed based on the data domain object model with the application of data normalization rules. The specification of the main objects characteristics stored in the database is presented in Table 3.

Inserting data on the “event” entity, the user is given the opportunity to choose which numerical characteristic will be included in the list of initiating events properties of a particular system: the intensity of occurrence or probability. If the user enters the intensity, the system automatically calculates the probabilities of occurrence for the initiating events for (1) – (2). The obtained probability values are then used to calculate the probabilities of intermediate events and top event probabilities using (3) – (5).

The adequacy of the implemented design solutions was carried out by checking the manually constructed FTs for different technological systems and the results obtained in the developed system. The data of technological systems were used as a test set: 1. Conveyor system bulk cargo overload in assessing the main undesirable event, “Destruction of the conveyor belt”, data on the intensity of the initiating events, and the results of calculating the probabilities described in the works of A. A. Tverigin. 2. Computer System in estimating the top adverse event “Computer is not functioning” based on A. Saxena and T. Manglani. 3. Filling system in an automotive production line in assessing the main adverse event “Failure in the fluid filling system” based on data from H. Soltanali, M. Khojastehpour, J. T. Farinha, J. E. Pais [ 5 ].

Testing the developed software on actual data showed the adequacy of the applied methods, correctness of calculations, and indicators of system reliability. The result of test checks was the conclusion that the implemented design solutions are universal and can be used to calculate the reliability of other technological systems.

After substantiating the adequacy of the implemented software solutions, the developed computer system was used to assess the reliability of the brown smoke suppression system during the release of steel from the blast furnace in the research work “System analysis and computer modeling of technological processes and information technologies” conducted by the team of the Department of Software Systems at Dniprovsky State Technical University. Input data on the technological chain, equipment composition, the intensity of accidents are taken from actual industrial data of technological process logs.

The top event for the analysis and construction of the FT is the emission of brown smoke during the release of steel from the blast furnace.

This event is undesirable because, during the interaction of steel with oxygen, iron oxidizes and partially evaporates, turning into dust, the particles of which rise into the air and form orange (brown) smoke. Emissions of brown smoke reduce the volume of fused steel by 0.0025-0.0075%, significantly pollute the environment, and threaten employees.

The technological system is supplemented by various devices controlled through an automated control system to minimize the formation of brown smoke – the type of automated workplace shown in Figure 2.

The input parameters for building a FT in a given data domain are technological processes set, technological events, and technological equipment, presented in a hierarchical dependence of system states and transitions between them.

The array of input data describing the baseline events was set with the values of the intensity of occurrence and the period t = 1 year. The set of initiating events BE={BE1,…BE11}, their description and intensity are given in Table 4.

The set of intermediate events IE={IE1,…IE8}, the occurrence of which contributes to the development of the emergency situation consists of 8 events described in Table 5.