## Abstract

In systems which involve sequential control, standby safety systems, and safety shut down procedures, the sequence of actions is important in describing normal operation. Event sequence is also important in describing failure s in such systems in many cases. Several examples can be given.

Cause-consequence analysis techniques are especially useful for studying such systems, firstly because they offer a systematic way of building a mathematical model of the failure process; and secondly, because "sequence" is treated natural

by the method. A third advantage is that many different consequences (TOP events) can be treated together, using the same analysis.

Cause-consequence analysis can be formalised, to provide a (semi) automatic method of failure mode and effects analysis. The "plant" is represented by a block diagram, with arcs representing causational links, and the blocks being described by arithmetic or logical transfer functions. A "condition" is a predicate which restricts the possible states of a system (usually by restricting the range of values of a single system variable). An "event description" is a pair of conditions,

one of which is true before the event time, the other true after the event time. Event sequences can be traced through the block diagram of the system, using techniques developed for autopatic theorem proving to deduce the next event at each block.

Cause-consequence analysis techniques are especially useful for studying such systems, firstly because they offer a systematic way of building a mathematical model of the failure process; and secondly, because "sequence" is treated natural

by the method. A third advantage is that many different consequences (TOP events) can be treated together, using the same analysis.

Cause-consequence analysis can be formalised, to provide a (semi) automatic method of failure mode and effects analysis. The "plant" is represented by a block diagram, with arcs representing causational links, and the blocks being described by arithmetic or logical transfer functions. A "condition" is a predicate which restricts the possible states of a system (usually by restricting the range of values of a single system variable). An "event description" is a pair of conditions,

one of which is true before the event time, the other true after the event time. Event sequences can be traced through the block diagram of the system, using techniques developed for autopatic theorem proving to deduce the next event at each block.

Original language | English |
---|

Place of Publication | Roskilde, Denmark |
---|---|

Publisher | Risø National Laboratory |

Number of pages | 35 |

ISBN (Print) | 87-550-0287-0 |

Publication status | Published - 1974 |

Series | Risø-M |
---|---|

Number | 1740 |

ISSN | 0418-6435 |

## Keywords

- Risø-M-1740