A Hierarchical Approach for Dynamic Fault Trees Solution Through Semi-Markov Process

Dynamic fault tree (DFT) is a top-down deductive technique extended to model systems with complex failure behaviors and interactions. In two last decades, different methods have been applied to improve its capabilities, such as computational complexity reduction, modularization, intricate failure distribution, and reconfiguration. This paper uses semi-Markov process (SMP) theorem for DFT solution with the motivation of obviating the model state-explosion, considering nonexponential failure distribution through a hierarchical solution. In addition, in the proposed method, a universal SMP for static and dynamic gates is introduced, which can generalize dynamic behaviors like functional dependencies, sequences, priorities, and spares in a single model. The efficiency of the method regarding precision and competitiveness with commercial tools, repeated events consideration, computational complexity reduction, nonexponential failure distribution consideration, and repairable events in DFT is studied by a number of examples, and the results are then compared to those of the selected existing methods.


R(t)
Reliability of a system at any time t. μ Repair rate. μ i Repair rate of component i.

G(t)
Sojourn time matrix in SMP.

g(t)
Sojourn time matrix in SMP (in LST form).

S
States vector of CTMC. S i State ith in CTMC.

Q(t)
Expression: Unreliability of a system at any time t. Matrix: Transient matrix in SMP. q(s) Transient matrix in SMP (in LST form).

I. INTRODUCTION
F AULT-TOLERANT systems, such as toxic and hazardous chemical processes, traffic control, railways and aviation systems, and medical and surgery equipment, need to be designed with high reliability. Reliability is the probability of a system completing its expected function without any failure during its mission time [1]. In other words, it guarantees human life, environmental health, and financial assurance. The accurate evaluation of reliability is one of the challenging engineering areas. Three main methods and theories are applied for reliability evaluation: first, state-space methods such as continuoustime Markov chain (CTMC), semi-Markov process (SMP), and Markov regenerative process (MRGP) [2], second, numerical methods like Monte Carlo and probabilistic expressions [3]- [5], and third, combinatorial methods, such as reliability block diagram (RBD) and static fault tree (FT) [6].
Static FT is a top-down graphical deductive technique that is powerful in the description of systems' failures and their interactions. In addition, static FT has an independent reliability solution. However, the weakness of the static FT is in its inability to model the dynamic behavior of systems, such as functional and sequence dependence, spare and backup systems, and priority and repair. Dynamic fault tree (DFT) is introduced to model dynamic and time-dependent behavior of systems through 0018-9529 © 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
the novel gates introduced. Similar to static FT, DFT is powerful in the graphical representation of the system's failure interactions. This paper has two main individual motivations: first, proposing a hierarchical approach that can approximately evaluate the reliability of DFTs based on SMP theorem and without state explosion, and second, introducing a universal five-state SMP in which different static and dynamic gates can be defined at once. In addition, thanks to the SMP theory dealing with nonexponential failure distributions and complex basic events [7]- [9] can be considered as a secondary objective of the paper. This paper presents a solution for the problems of DFTs' problems, and introduces a novel SMP-based hierarchical method to solve DFTs with: first, fewer states and state-transition explosions, second, nonexponential failure distribution, and third, analytical results. Furthermore, a novel universal SMP model is introduced to different model types of static and dynamic gates, such as AND, OR, SEQ, FDEP, PAND, SPARE, and load sharing (LSH). In this model, the probability of switch functioning is considered to make a difference between CSP and SEQ, HSP, and AND. Generally, the proposed approach is an approximate solution that can solve the DFT hierarchically limited regarding the existing dependencies, repeated events, or repairs. However, after separating dependent modules, in the proposed method, the output of SEQ, OR, and POR gates with any complexity in their inputs will be precise. In addition, in the AND and PAND gates when a complex event or a subtree is connected to the first input and a simple event connected to the second input, the output will be precise. Otherwise, the output will be approximate for other gates, and for other situations of AND and PAND gates, the output will be approximate. An SMP gives both numerical and analytical solutions. The proposed method uses the Laplace Stieltjes transform (LST) to create analytical results that enable the user to compute other system parameters, such as sensitivity, MTTF, etc.
The organization of this paper is as follows. In Section II, a brief literature on the CMTC-based solutions of DFTs is studied. Section III describes the SMP analytical solutions by an example of dynamic gates and presents a universal semi-Markov model of static and dynamic gates for the first time. Section IV presents the proposed method of this paper based on SMP theorem and general equations. Section V provides a number of examples and compares the results with other research works. Section VI discusses the capability and limitation of the proposed method briefly. Section VII concludes this paper.

II. LITERATURE ON CTMC BASED RELIABILITY SOLUTIONS OF DFTS
The dynamic nature of DFT makes solving this kind of FT more difficult than static ones. Therefore, a number of research works are conducted on different solution methods for reliability evaluation of DFT. The main idea behind the solving DFT was using CMTC, but later, diagram-based methods, such as decision diagrams (BDD, SBDD, OBDD, and MDD) [10], algebraic methods [11]- [13], Petri net [14], Interactive Markov chains [15], and Monte Carlo simulation [16] are presented for reliability solution of DFTs, each one of which has its own advantages and disadvantages.
For the first time, Boyd [21] introduced the concept of dynamic gates and dynamic fault trees in 1991. This tree was being solved through CTMC. The reference also suggested a systematic way for conversion of DFT to its CTMC equivalent. Following this, Dugan [22] evaluated the behavior of systems with imperfect coverage in 1993. The conversion of DFT into its equivalent CTMC as well as automatic inserting of imperfect coverage into CTMC is also studied in [22]. Two benchmarks named fault tolerant parallel processors (FTPP) and mission avoidance systems (MAS) that used later by many researchers were also introduced in this paper. The reliability analysis of DFT in the presents of transient and permanent faults, failure dependencies, recovery of system, and reconfiguration of FTPP benchmark were studied in [22]. In 1995, Doyle [23] presented two algorithms for reliability analysis of fault tolerant systems with imperfect coverage. The first algorithm used CTMC and the second used BDD, it was shown that the BDD-based algorithm decreases significantly In 1999, Manian et al. [24] discussed the validity of methods introduced in previous research works and suggested a systematic way for improving the conversion procedure accuracy. This was the first reference that presented the CTMC model of PAND, FDEP, and SPARE gates, cascaded FDEP, and shared spares.
In 2001, Yin et al. [25] analyzed and categorized methods for describing uncertainty of the model regarding reliability bounds, confidence intervals, and probability distribution. Furthermore, using analytic method based on CTMC, uncertainty in AND gate, and an example for two parallel bus are analyzed by considering imperfect coverage and repair. Monte Carlo simulation method is used besides analytical method for considering uncertainty in this paper and a comparison between these two methods are then presented. The final results achieved from this paper include the proximity of the answers with considering uncertainty in comparison with the answers without considering uncertainty to reality. In 2002, NASA prepared a report on FT and its usage in NASAs applications and also regarding DFT and converting it into CTMC. It made use of regarding imperfect coverage in DFT, etc. [26].
In 2007, Huang and Chang [27] presented a scheme for decomposing DFT into independent modules and solving them by the use of CTMC and BDD. Besides, it presented a software named dynamic fault tree analyzer (DyFA). Among the benefits of the presented method, we can refer to accuracy and less time consumption in DFTssolutions. The work in [28] is a thesis conducted on presenting a new method for evaluating performability and reliability of embedded and fault tolerant systems in airplanes and cars. It uses CTMC for modeling and considering dynamic behavior of the system in fault tree. Among the innovations of this research, one can refer to modeling components' failure by CTMC as basic event, besides regarding associated failure rates among components. Yuge and Yanagi [29] dealt with a method for computing the probability of top event in DFT with PAND gate and with repeated basic events. In this paper, it is assumed that the basic events occur independently with exponential distribution and the component whose failure corresponds to the occurrence of the basic event is nonrepairable. This proposed method obtains the occurrence probability of the output event in a PAND gate by CTMC. Then, the top event probability is given by a cut set approach and the inclusion-exclusion formula. An efficient procedure to obtain the probabilities corresponding to logical products in the inclusion-exclusion formula is presented. Moreover, it compares its achieved results with results obtained from Galileo and validates its method.
Ranjbar et al. [37] provided the subjects that were presented in [28] and evaluated reliability of reinforce circuit for power factor correction (PFC) using CTMC and fault tree. In 2012, Li et al. [38] proposed a fuzzy-based method for reliability evaluation with uncertainty in fuzzy dynamic fault tree (FDFT). It makes use of fuzzy CTMC for solving fuzzy dynamic fault tree. This paper is employed on a practical example of automatic hydraulic system cutting machine (CNC). An important point that should be noted in this paper is that in the given dynamic fault tree example, only FDEP gate exists and fuzzy evaluation of other gates are left vague. They also use their method in another paper for evaluating driver in array of solar cells [39]. A year later, Xiang et al. [40] statistically evaluated dynamic fault tree with PAND gate in which it proposed a method for converting PAND gate into AND gate along with considering some dependent conditional events. Moreover, in this paper, an AND gate called CAND gate that is assumed to be dependent upon conditional events is introduced. In this paper, CTMC for PAND and CAND gates are provided along with a description of their differences. Finally, this paper validates its method on FTPP's benchmark.
In 2014, Hao et al. [41] presented a chapter of his book as evaluating reliability using enhanced DFT in which it divided solving dynamic fault tree into two sections. It solves static section by using BDD and dynamic section by using CTMC. The other type of CMTC exists, which is called "input/output interactive CTMC (IMC)" and that is used for DFT solutions. Because of limitation in number of pages, this paper does not study I/O IMCs. (see [15], [42]- [48]).
In 2015, regarding the dynamic fault tree based reliability modeling and evaluation, more than 150 papers, standards and tools have been reviewed by Ruijters and Stoelinga [49]. This paper has studied different extensions, such as repairable and extended FTs. An adapted form of Shannon's decomposition theory merged with dynamic binary decision tree (DBDT) has been proposed by Ge and Yang [50] to solve DFT. The proposed method increased the computational efficiency. However, this PAND gate and the method were not generalized for other dynamic gates. In the same year, Brameret et al. [51] proposed a models called "AltaRica" to reduce the state explosion through combining the Dijkstra's algorithm and notion of distance factor. An approximate solution for DFT through truncating Markov chain states has been presented in 2016 by Yevkin [52].
An automated tool for the valuation of repairable DFT has been presented by Manno et al. [53]. This paper proposed a mapping from DFT entity to adaptive transition system entity, and a conception of failure gates for the evaluation of both reliability and availability has been illustrated. This paper used the SMP for reliability evaluation. However, their methodology of solving SMP and DFT is different from the methodology of this paper. The existing differences and categories in DFT variants have been studied by Junges et al. [54]. The research emphasized that those reviewed differences may affect the reliability evaluation and analysis. A hierarchical and approximate solution for availability analysis in DFTs based on equivalent two-state Markov models has been proposed by Ramezani et al. [55]. Their approach was only tailored exponential failure distribution based events. Chiacchio et al. [56] focused on priority AND gate and analyzed the region of coherence in this gate. The outcome of the study was to determine the coherence bound of PAND gate and improve the efficiency of the dynamic dependability evaluation process.
The method was appropriate for both repairable and nonrepairable systems. In 2017, the research work of Ge and Yang [50] has been extended and published in [57]. The research has covered spare and sequence gates through De Morgan theorem, and for negating a generalized cut sequences, they have improved explicit formula. Piriou et al. [58] have provided a framework to do qualitative and quantitative analysis of the DFT through generalized Boolean logic driven Markov processes (GBDMP). In 2018, a new state-space generation approach for solving the DFTs has been presented by Volk et al. [59]. The introduced approach has the capability of model reduction through model checking theories.
In spite of intensive research works conducted so far, there is no reported similar research work on the hierarchical semi-Markov based DFT solution. This paper presents a novel hierarchical SMP-based DFT solution for the first time with the following motivations.
1) Providing a parametric solution that enables us to extract further parameters, such as MTTF and sensitivity. 2) Considering the nonexponential failure distributions in a hierarchical manner. 3) Reducing the computational complexity and especially state explosion in the models. 4) Considering repair events in DFT. Moreover, a universal SMP model for static and dynamic gates is introduced, which can generalize dynamic behaviors like functional dependencies, sequences, priorities, and spares in a single model.

III. SMP ANALYTICAL SOLUTION
In this section, analytical solution of an SMP is addressed and then the reliability of PAND gate is calculated by this theorem.

A. Solution of SMP by the Use of LST
An SMP can be modeled by different notations [60], This paper uses tuple (trio) (p, P, F(t)), where: p is a vector of initial distribution, P is matrix of conditional transition probabilities, and F(t) describes matrix of distribution functions of sojourn times in state ith, when jth state is next.
Solution of Error! Reference source not found. can be found by applying LST in (2) [65]. This is a set of abovementioned Voltera equations, which is a Markov renewal equation [62]. Note that for nonexponential failure distributions, such as Weibull and Gamma, some approximation is needed as (see [2], [60], [62]) The above equation in the matrix form can be rewritten as follows:p Hence, it can be rewritten as the following through simple algebraic replacement: where the inverse of 1 −q(s) can be replaced by the summation of powers ofq(s). The resulted equation that is useful for a singular kernel matrix will be as Having solved the above equation by taking the inverse LST ofp(s), the unconditional state probabilities in time domain are determined as follows: Finally, the reliability of system can be achieved by summing of the transient probability of operational states.

B. Reliability Evaluation of pand Gate Through SMP
The Markov model of PAND gate has previously been presented in the literature. Fig. 2 illustrates the semi-Markov model of PAND gate with any failure distribution function. It can be solved by SMP theorem. In this model, F A (t) is cumulative distribution function (CDF) of the first input of PAND gate and F B (t) is CDF of the second input of PAND gate, respectively. States are numbered from 1 to 5 from top to bottom and left to right. This model can be solved by SMP theorem described in the previous section.
The kernel matrix of Fig. 2 can be written in the following form and distribution matrix of the sojourn time in each state is in the form of (8) The dimension of both kernel matrix and sojourn distribution matrix should be n × n, where n is the number of states where the ⊕ operation is defined by the following. In other words this is a probabilistic OR algebraic operation In matrix (7), Q 1,2 is the system failure probability up to time t, if B is occurred at first. It can be written as the following. Subscript 1,2 stands for "from state one to state two" For exponential failure behavior case of A and B the above equation can be written as where λ A and λ B are the constant failure rates of events or inputs A and B, respectively. Similarly, Q 1,3 is the system failure probability up to time t, in a case when A occurs sooner. It means the related occurrence time of event A is less than related occurrence time of event B. It can be written as For exponential failure distribution function of both inputs, the above equation can be written as follows. Similarly, λ A and λ B are the constant failure rates of events or inputs A and B, respectively Q 2,4 is the failure probability of input or event A before or at time t and Q 3,5 is the failure probability of input or event B before or at time t. Q 2,4 and Q 3,5 are defined by (14) and (15), respectively Note that 2, 4 denotes "from state two to state 4" and 3, 5 denotes "from state three to state five" as In exponential form, (14) and (15) can be written as (16) and (17), respectively It should be noted that both failure rates are constant The LST of kernel matrix is written as (18) in its general form. As can be seen, in this matrix, there are four nonzero transitions In general form, the LST of G matrix is written as follows. In exponential form, it is written as (20). Note that "diag" creates diagonal matrix from each input vector It is assumed that the failure rates are constant in the following equation: Similarly, the LST of kernel matrix for exponential failures is By the use of (4) or (5), the unconditional probability vector of Fig. 2 is computed as (22) Finally, reliability of PAND gate can be obtained from the probability of fail state (state 5 in Fig. 1) using (23). We named this  equation as "general equation of PAND gate", Note that, this paper defines a general equation for each dynamic gate of a given DFT obtained by SMP. Having implemented the general equation of all gates, a library is constructed (Fig. 3). This library can be used to create the reliability equation of any given gate with any CDF. For example, the reliability of a PAND gate with exponential CDF can be extracted from this library. If Gate Type is selected "PAND" and CDF Type is chosen "Exponential", the outcome will be as (27). This library can be used by DFT users to find the reliability of given DFT as explained in Section IV. This library can be used as a library for DFT users for reliability evaluation proposes [67] The final reliability expression shows the consistency of the results with the existing one in the literature as Fig. 3 shows the universal representation of a dynamic or static gate with inputs A and S. Its SMP model with any CDF will be as Fig. 4.

C. Novel Universal Semi-Markov Model of DFT Gates
The universal model of Fig. 4 is a five states SMP with states AS, A, S, F, and Op. The state AS denotes that both input of the gate are working correctly. The state S or A denotes that only one of the inputs of the gate works correctly. The state F shows the failing of the system and the state Op shows correct functioning of the system in spite of the failure of its both inputs (This case occurs where one of the inputs has a supportive or protective mechanism to the other). Note that we have assumed that A is the first input of the gate and S is the second. It is obvious that the use of this universal model (Fig. 4) speeds-up the modeling and solution of dynamic gates.
This paper claims that the introduced universal model has the potential to describe some of the conventional static and dynamic gates by means of four probabilistic parameters α, β, γ, C d , and state transitions CDFs. The parameter α, called "dormancy factor" in this paper, eliminates the lower states of the model (states A and Op). The parameter β, called "Non-PAND factor" in this paper determines whether the investigated gate is PANDtype; where β = 0 the gate is PAND-type, where β = 1 gate is semi-PAND-type [67]. The parameter γ, called "NonSequence factor", in this paper determines whether investigated gate is sequence-type gate; whenγ = 0 the gate is sequential-type and when γ = 1 the gate can be sequential-type. The parameter C d indicates the probability of switching mechanism of the SPARE type gates (CSP, WSP, and HSP).
In Fig. 4, is the CDF of a triggered failure that affects failing of both A and S (will be explained in this paper later). In fact, the triggering event of this type is taken as a fatal shock [68]. F α (t) has been used in the model for indicating the CDF of the second input's dormancy, which is a time-dependent variable (named α in this paper) and has a direct impact on F α (t). For this reason, α has not been directly used in the model of Fig. 4.

D. Explanation of the Novel Model Structure
The model starts from state AS in which gate inputs A and S are working correctly. By first, failing of A with failure distribution F 1 (t) the system transits to state S, if the switching mechanism performs perfectly or second, goes to state F if either the switching mechanism acts imperfectly or third, the trigger event (if exists) affects A with the CDF F T (t). Similarly, the system goes from state S to state F with failure distribution F 2 (t) ⊕ F T (t). The system goes from state AS to A if the second input S is either underworking condition and subjected to fail with failure distribution F 2 (t) or partly underworking with F α (t). The performance of sequence gate can clarify this issue. The parameter γ represents the existence of occurrence sequence for gate inputs, such that γ = 0: sequence exists and γ = 1: no sequence exists. The parameter β represents the existence of priority for gate inputs, such that β = 1: no priority exists and β = 0: priority exists.

E. Examples of Universal Usage
In this section, we show how to extract the model of a given gate from the universal gate model. 1) Static or Gate: This gate has: 1) no switching mechanism, thus C d = 1; 2) no sequence for the failure of its inputs, thus γ = 1; 3) no dormancy for its second input thus, α = 0 and F α (t) exists; 4) no priority for the failure of its inputs, thus β = 1; 5) no dependency on external trigger for the failure of its inputs, thus F T (t) = 0. Therefore, the universal model of Fig. 4 is simplified as Fig. 5 for OR gate.
It is obvious that the reliability of this gate is P OR (t) = P AS (t), where P AS (t) is the probability of state AS at the time interval t.
2) Dynamic seq Gate: This dynamic gate has: 1) no switching mechanism thus C d = 1; 2) no sequence for the failure of its inputs thus γ = 0; 3) no dormancy for its second input thus α = 0 and F α (t) = 0; 4) no priority for the failure of its inputs thus β = 1; 5) dependency on external trigger for the failure of its inputs thus F T (t) exists. Therefore, the universal model of Fig. 4 is simplified as Fig. 6 for SEQ gate.

F. Discussion on Universal Model
In the literature, in spite of considerable attempts there is no universal semi-Markov model for dynamic and static gates. This paper introduced, for the first time, a universal semi-Markov model for static and dynamic gates in which by assigning model parameters the model of any given gate can be obtained. Table I indicates this issue. It shows that by selecting α = 0, β = 1, γ = 1, and C d = 1 the universal gate model is converted to OR gate model. Other possibilities for selecting model parameters to extract the model of different known gates are shown in this table. In the introduced model (Fig. 4) F 1 (t) = F 4 (t) and F 2 (t) = F 3 (t) except for LSH gate.
In this table, it is assumed that the switching mechanism is perfect except SPARE gates (CSP, S, and HSP). In addition, β factor is used to describe PAND gate. For PAND gate both α and β are zero. The LSH gate has been defined to reshape and solve DFT with shared SPARE gates. In LSH gate transition CDFs F 1 (t), F 2 (t), F 3 (t), and F 4 (t) can be chosen independently. i.e., F 1 (t) may take Weibull form, whereas F 2 (t) can be exponential form (see appendix). Reliability of OR gate is obtained by probability of state AS (denoted here P S1 ) and the reliability of other gates is achieved by 1 − P S4 in which P S4 is the probability of state F of the model. In Table I, "X" is used to represent cases in which a parameter has no impact on the model.
Note that this table does not consider FDEP gate because we have inserted directly the "functional dependency" property of FDEP gate into the universal model. In other words, we claim that it is not necessary to build a separated Markov model for FDEP gate, instead we have considered the functional property of this gate directly into the model. See Fig. 7, how we considered F T (t) CDF in the state transitions of universal model. This idea is depicted in Fig. 8. Fig. 8(a) is replaced by Fig. 8(b). The symbol A|T denotes the event A·(A+T) = A+AT.
To clarify this issue, we show how in Fig. 9 Markov model of PAND gate with ordinary inputs and Markov model of a PAND gate with triggered inputs (via a FDEP gate) both extracted from universal model. The idea of universal gate is also extendable for probabilistic dependency (PDEP) gate.

G. General Reliability Equation of Dynamic Gates
It is now obvious that by the use of Table I and universal Markov model (Fig. 4), we can build the Markov model of any   gate. For example, for SEQ gate, according to Table I: the Markov model will be as Fig. 10 extracted from Fig. 4.
The general reliability equation of this model, by the use of SMP theorem explained in Section III is obtained as follows: The second term of this equation is indeed the CDF of gate output. Similarly, general equation of SPARE gates for reliability evaluation is achieved by where q i,j can be achieved by LST of Error! Reference source not found. The general reliability equation of other gates can be easily obtained in a similar way, explained above.

IV. HIERARCHICAL SMP-BASED DFT SOLUTION
DFTs were introduced, for the first time, by Boyd [21] in which the whole DFT converted into a Markov model, and consequently, model explosion is resulted in. The problem was that the solution of this model was difficult and time-consuming. Later, a number of techniques based on Bayesian Networks, Petri Nets, Algebraic, and etc., are presented for solving DFTs. In this paper we present a hierarchical solving method for DFTs, based on SMP theorem.

A. Basic Idea
First, the given DFT divided into a number of layers (n). The lowest layer includes basic events and their associated gates. The outputs of the lowest layer form the inputs of first layer. The first layer contains a number of gates, the outputs of these gates form the input of second layer, …, and the outputs of (n -1)th layer give the inputs of (n)th layer (Top layer). Starting from first layer, the gates of each layer are solved based on the method explained in previous sections to find their output CDF. The CDFs are used as F (t) of inputs of the next layer. This procedure continuous until the CDF of Top event is obtained. It is now obvious that R(t) = 1 − output CDF. The procedure is depicted in Fig. 11.
The following issue most be considered in the implementation of this procedure for decreasing the volume of computations.
1) Dynamic gates are separated from static gate. This is because solving static gates does not need SMP theorem. They can be easily solved by the use of conventional probability theorem.
2) The solution of first layer gates can be easily carried out if their inputs have exponential CDF because gates with inputs with exponential CDF are solved with Markov theorem rather than SMP theorem. This consideration decreases the volume of computations. Based on these issues the flow chart of SMP-based DFTs reliability solution will be as Fig. 12.

V. EXAMPLES
In this section, six examples are given to indicate the capabilities of the proposed method. The first example makes a comparison between the results of the proposed method and those obtained from the Windchill quality solution (WQS) software. The challenge point in this example is precision of the result in comparison with commercial tools. The second example studies the ability of this method applied in a DFT with repeated events. So, the challenge point of this example is about dealing with repeated events. In the third example, we will apply the proposed method on cardiac assist system (HCAS) and compare the maximum number of states and transitions in three selected Markov-based DFTs solution approach. The robustness to state and transition explosion will be the challenge point of this example. The fourth example solves a selected DFT with event with an exponential and nonexponential CDF, and then compares the results taken from the proposed method, and algebraic technique. Dealing with nonexponential CDF can be a challenge in reliability evaluation that is considered in example four. As the repair consideration can be a challenging issue in DFT, the fifth example discusses on the possibility of using proposed method for repairable DFTs. The final example deals with a case study of aircraft fuel distribution system (AFDS).

A. Example 1. DFT With a pand Gate and Static Gates
From the DFT in Fig. 14, it can be seen that this DFT consists of a PAND gate, two static gates, and 10 basic events. Solving this DTF by the use of Markov theorem requires solving a CTMC with 160 states [3], [34]. In contrast, the proposed method can solve this DFT through SMP theorem with only 5 states, it can even provide the parametric expression for reliability. Metrics, such as sensitivity and MTBF, can easily be evaluated through parametric results of the proposed method.
The failure rates of the above DFTs events have been listed in Table II. In this table, failure rates are "failure per hour".
According to the result obtained in [34], the amount of unreliability of the system in 1000h of the mission time is 0.363. The value obtained from our proposed method (0.363024069761471) is completely coinciding with this result.

B. Example 2. DFT With Repeated Basic Event
This example examines the capability of the proposed method to model a DFT with repeated events. To do this, the DFT of the work in [3], [29] is shown in Fig. 14 [29] AND THE PROPOSED METHOD OF THIS PAPER of nine basic events in which the event E2 is repeated. The failure rate of all basic events is set 0.01 failure/h. Solving the above DFT in the time interval 0-300 h has been provided through three methods in [29], using Galileo software, Monte Carlo simulation, and a Yuge's method. Of these methods, Galileo is a more exact solution because its underlying approximation in the solution process of DFT is less than the others. This is why work in [29] takes the outcomes of Galileo as a reference. We solve the mentioned DFT through our proposed method, and the results are given along the results from the considered reference. The accuracy and precision of our method are then analyzed. Table III indicates the results. As seen the results    of our method is closer to those of Galileo's results than other two methods (Yuge's method and Monte Carlo simulation). Fig. 15 shows the results graphically. Table IV indicates the results in terms of norm function. In this table, Q S stands for the unreliability results obtained from Monte Carlo simulation. Q G is the unreliability results obtained from Galileo and Q P denotes the unreliability results obtained from our proposed method. Q P − Q G shows the difference Suggested Approach Galileo Reference [29] Monte Carlo Fig. 15. Unreliability of the DFT in Example 3 and comparing the results of the proposed method of this paper with results from reference. between the unreliability of our proposed method and Galileo software. Table IV shows the superiority of our method to the others.

C. Example 3. DFT of HCAS
Hypothetical HCAS is a benchmark in validating different methods applied to DFT reliability solution that has also been discussed in various references. The DFT of HCAS as shown in Fig. 16. including CPU module, motors module, and pumps module. This DFT consists of a shared CSP in the pump section. In another word to obtain a more exact output for this module of the DFT by means of our proposed method, this module must be reshaped. The new DFT after reshaping the pump module will be as Fig. 18 (see Appendix A. for related explanation). The new DFT uses an LSH gate that has been defined in Section III of this paper.
The failure rates of basic events for this DFT have been assigned in Table V. Boudali and Dugan [69] solved this DFT based on Bayesian networks for 100 000 mission time, and the system unreliability obtained 0.36501.
The unreliability of this system computed from our proposed method is 0.363500847376541, which is more precise and in agreement with other research works' results. Another significant point in solving this model using the proposed method is decreasing the size of the corresponding Markov model of this   [69] DFT to clarify this, consider Table VI. This table presents [15], [69] As shown in Fig. 17, the DFT has eight gates, and based on the proposed algorithm in each iteration only one gate will be solved through SMP and the CDF of the result will be stored to be used as an input for the next level gates. It means in each iteration the maximum number of states will never be higher than five based on the provided universal gate. Similarly, the maximum number of state transitions will never be higher than five as well. In other words, in HCAS DFT, there are two PANDs, one LSH, one AND, one WSP, one FDEP, and three OR, which means the maximum number of states will be used for evaluation of PAND gate [as shown in Fig. 9(a)]. In addition, the maximum number of state transition will be used for evaluation WSP with FDEP on its inputs (similar to Fig. 7).
The computational complexity of the semi-Markov reward processes has been studied by Ciardo et al. [70] and if we consider the reward zero for operational states and reward one for failed state(s), the computational complexity of SMPs can be can be five and the maximum number of state can be also five. Therefore, because of bounded value in both number of states and number of transitions, the computational complexity of the proposed method is only depends on the number of iterations and can be simplified in O(k). On the other hand, the computational complexity of CTMC can be described as O(n 2 ) [70] where n is the total number states. It is clear that the proposed approach has less computational complexity as it was expected than a traditional CTMC based approach.

D. Example 4. DFT With pand Gate and Nonexponential Failure Distribution in Its Events
This example contains events with nonexponential CDF (Weibull CDF) to show the capability of the proposed method. The CDF of Weibull can be described by where σ is the shape and ω denotes the scale parameter of the Weibull CDF. First, consider the DFT of Fig. 13. The failure rate of basic events in this tree obeys exponential CDF with the values of Table II values except for J, K, and L. It is assumed that the failure distribution of J, K, and L obeys Weibull CDF and the value of σ is 0.1 and ω is 20. Fig. 18 shows the reliability  of this DFT. As seen from this figure, both methods (proposed method and Algebraic method) give exactly the same results.

E. Example 5. Repairable DFT
The first generation of DFT was unable to repair modeling. Codetta-Raiteri et al. [14], [71], [72] presented an extended DFT able to model repair actions and solved it by the use of generalized stochastic Petri net (GSPN) and dynamic Bayesian networks (DBN). This paper addresses the modeling of repair gate by a hypothetical example. It should be noted that in the current state we cannot guarantee that the proposed approach will work for any other repairable DFTs. In fact, this example is only a sign that there might be an opportunity to improve the proposed approach for repairable DFTs. The complete development of this modeling remains as future research work.
Through an example, we show that this modeling method is a good solution for finding the reliability of repairable DFT. Fig. 19 illustrates a repairable DFT with failure and repair rates of Table VII. Repairable DFT is shown in Fig. 19 illustrates that in the case of finding the output of AND gate, events A and B can be repaired. In this system, it is assumed that event C is nonrepairable.
The CTMC of this tree is illustrated in Fig. 20. It is assumed that the repair actions carry out immediately after failing the related events. This issue has been shown in the figure by dash transitions with repair rate μ. In order to avoid model complexity in this figure, some self-transitions are not depicted.
Recall that our hierarchical method solved the given DFT layer by layer in a bottom-top manner. For examples the DFT of Fig. 20 consists of two layers. First, the bottom layer (AND gate with repairable events; AND and repair gates) is solved. Its output  is delivered to the left-hand-side input of PAND gate (up to a layer of the DFT). The semi-Markov model of this gate with an input for which the impact of repair has been considered is shown in Fig. 21. The dashed transitions defer the semi-Markov model of the PAND gate with repairable events from a simple PAND gate (a PAND gate with nonrepairable events). The general equation of this gate is achieved through solving tits semi-Markov model by SMP theorem as follows. It should be noted that in this model G represents repair distribution function of the input's components that is equal to G = 1 − e −μt , if repair distribution is considered exponential as where the q i,j (s) is the LST form of Q i,j (t) explained in Section III. This procedure for solving DFT with repair gate (gates) can be applied for any other gates. This paper is still under research by us.
Regarding both two presented models (CTMC and semi-Markov models), the unreliability behavior of the supposed DFT will be as Fig. 22 for 700 h mission time. As seen from this figure, our method gives results very close to those achieved by the CTMC method. This verifies the correctness of our method.

F. Example 6. Aircraft Fuel Distribution System
As a case study, the aircraft fuel distribution system (AFDS) has been chosen from [73] and its DFT from [74]. Fig. 23 illustrates the schematic of AFDS and Fig. 24 shows the DFT of the system that has been derived by HIP-HOPS tool [74], [75]. This system has two engines, seven bi-directional fuel pumps, five fuel tanks, and eleven valves enables the control system to choose active paths for fuel distribution in different conditions. The system also has six flow meters for fuel flow rate measurement. To refill the thanks, there is a refueling point and there are two jettison points for releasing the fuel in some situations.
The AFDS has been divided into three parts for performing the compositional analysis including starboard feed (SF), central reservation (CR), and port feed (PF) as delineated in Fig. 23. As can be seen, two SF and PF have identical components and each one of them has some subsystems. For instance, the SF includes starboard inner subsystem (SIS), and starboard outer subsystem (SOS). Through further decomposition of those subsystems, we have some components. For example, the SIS contains starboard inner fuel level sensor (SIL), the valve (SIV), and tank (SIT). Distribution of the fuel throughout the system and storing the fuel in the thanks are two main functions of AFDS and each function can be divided into two phases of refueling and consumption for different situations, such as taxiing, take-off, cruising, approaching, and landing. The fuel will be injected into central reservation tank (CRT) in the refueling phase and then automatically distributed to starboard and port tanks. Moreover, the fuel will be consumed by both starboard and port engines in he consumption phase and certain level of fuel will be fed to engines. For more details regarding the ADFS please read [74]. In DFT of AFDS, It should be noted that "O-CompX" stands for omission of functionality of component X, "I-CompX" refers to the internal failure of component X and "Hi-CompX" includes erroneous high reading from component X.
The DFT of AFDS has 12 identical basic events (20 two basic events counting the repeated events). Table VIII provides the failure rates and also short descriptions for the basic events.
Reliability evaluation of AFDS through DFT has been addressed by Kabir et al. [74]. They have converted the DFT to Petri nets and Bayesian networks and consequently calculated the reliability of the system. A comparison between the proposed approach and two other existing addressed methods has been provided in Table IX. The obtained results are approximate but close to the existing results.
Regarding the reliability evaluation of DFTs, there are some other challenges, such as common cause failures (CCF), and reconfiguration that are not considered in this paper and can be studied as the future research.

VI. CAPABILITIES AND LIMITATIONS OF THE PROPOSED METHOD
In this section, some of the capabilities and limitations (limitation in achieving an exact result) of the proposed method are discussed. A number of guidelines are suggested to overcome that limitation.

A. Capabilities of the Proposed Method
The proposed method offers the following capabilities. 1) This paper presents a universal semi-Markov model that can model any type of gates including static and dynamic. In addition, it embeds the functional dependencies behavior of gates' inputs into gate model. This simplifies the final model of DFT. 2) The proposed method solves DFTs hierarchically through SMP theorem. So, this method can reduce problem complexity in order to reduce state and transition explosion. Moreover, the presented general equations for gates help us to reduce SMP solution's trend.
3) The proposed method is able to consider nonexponential failure by means of SMP theorem. It is possible to consider hybrid failure distributions as the gate's input by the use of SMP theorem. 4) Basic events in this method can be defined by SMP or CTMC in which repair, imperfect coverage, and other issues can be considered. This idea already exists for static FT in the literature [7] and extended by us for DFTs.

B. Limitations of the Proposed Method
The proposed method has the following limitations. All will be resolved is our future works.
1) The results of this method are approximate for DFTs with repeated events make the results more approximate or less precise. It should be noted that the proximity of the method would not diminish its effectiveness since, in spite of the proximity, the results obtained through this method is much more precise than the results of some other published research works [29]. 2) In the proposed method, the output of SEQ, OR, and POR gates with any complexity in their inputs will be precise. In addition, in the AND and PAND gates when a complex event or a subtree is connected to the first input and a simple event connected to the second input, the output will be precise. Otherwise, the output will be approximate for other gates and other situations for AND and PAND gates the output will be approximate. 3) In some benchmarks in which the shared or sliding spares are used, the proposed method is not able to solve shared spare gates. It is suggested to replace shared spares and use the reshaping rules (see appendix). It should be noted that these gates are then modeled as a semi-Markov model and generalized for any kind of failures distribution function. 4) In this paper, it is assumed that the fault tree has only coherent events and there would be no guarantee for a fault tree with noncoherent events. 5) There are still some gates like pSAND and SAND that cannot be modeled through the universal gate. We hope to improve this universal gate to consider pSAND and many other gates as future research works. It would be also possible to define new gates, such as semi-PAND in the future. 6) The example of repairable DFT is just provided to show that there might be a possibility to improve the approach for repairable DFTs. However, at the moment, there is no guarantee for any other example of repairable DFT. In fact, this example is just an insight into potential future works.

VII. CONCLUSION
In this paper, a novel hierarchical approach to evaluating the reliability of DFTs based on SMP theorem was presented and the universal state space model has proposed for the static of dynamic gates (with inputs with exponential and nonexponential failure distribution function). The proposed method can compete with other approximate solutions for reliability evaluation of DFT. A number of examples have been given to show the capabilities and limitations of the proposed solution in: first, parametric solution that can be used for other related computations, such as MTTF and sensitivity, second, dealing with nonexponential failure distribution functions, third, dealing with repeated basic events, fourth, no state explosion fifth, considering repairable events (a limited example just to provide an insight for future research works), and sixth, a case study of AFDS. Moreover, the limitations and capabilities of the proposed method have been discussed clearly.
An SMP have limitations in modeling the concurrency among generally distributed events. Therefore, MRGPs and phasedapproximated (PH) approaches can be applied instead of an SMP in the proposed method to use in a wider range of problems [2].

APPENDIX
The proposed method of this paper can solve DFTs with the shared spare gate by some reshape rules. We assume three types of shared CSP and reshaping them by LSH gate. LSH gate has four inputs, and their input is described by F i (t), i = 1, . . . , 4. Fig. 25 shows how a given DFT with series shared CSP can be reshaped with LSH. Similar to the previous figure we can reshape the DFT of parallel shared CSP as Fig. 26. In addition, if we have priority in the parallel shared CSP system, then the DFT can be reshaped as Fig. 27.
Iran for his help that greatly improved the manuscript. They would like to show their gratitude to Prof. Y. Papadopoulos, Dr. S. Kabir, and Dr. Y. Gheraibia in the Dependable Intelligent Systems (DIS) Lab., University of Hull, for sharing their pearls of wisdom with the authors during the revision process of the paper, and would also like to thank three "anonymous" reviewers for their so-called insights.