Next Article in Journal
Some Similarity Measures for Interval-Valued Picture Fuzzy Sets and Their Applications in Decision Making
Next Article in Special Issue
Importance Analysis of Components of a Multi-Operational-State Power System Using Fault Tree Models
Previous Article in Journal
Identification of Insider Trading Using Extreme Gradient Boosting and Multi-Objective Optimization
Previous Article in Special Issue
Modelling and Resolution of Dynamic Reliability Problems by the Coupling of Simulink and the Stochastic Hybrid Fault Tree Object Oriented (SHyFTOO) Library
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 10
Issue 12
10.3390/info10120368
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Decision Diagram Algorithms to Extract Minimal Cutsets of Finite Degradation Models

Information 2019, 10(12), 368; https://doi.org/10.3390/info10120368
by Antoine Rauzy * and Liu Yang
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Information 2019, 10(12), 368; https://doi.org/10.3390/info10120368
Submission received: 19 August 2019 / Revised: 18 November 2019 / Accepted: 20 November 2019 / Published: 25 November 2019
(This article belongs to the Special Issue Fault Trees and Attack Trees: Extensions, Solution Methods, and Applications)

Round 1

Reviewer 1 Report

This article is complicated to understand for the majority of reades who are not accustomed to the formal reasoning related to some fields of researchs like automata theory, Petri nets theory, operational semantics, denotational and others as well as the category theory and the domain of verification and model checking. But, I would like to thank the authors of this paper for introducing formal theoretical approachs to the theory of the reliability of multi-components systems whose component agree to the notion of multistate behavior.

However, the article is very interesting, but the question has to be asked: is-it possible to reduce the content of the article to be more simple far from the formal mathematical rigor? This will surely will interested more readers. Also, is-it possible to produre some more algorithms for determining the minimal cut set of multisate systems.

I ask to the autors to proceed minitiously to read their papers and more precisely the mathematical formulas (equations ...). I invite them to begin to correct :

line 140    n little or equal v induce |O|u  little or equal |O|v.

line 218 : C.state = w  to replace C.sate = W

line 235 : it will be more significant to replace the letter d in p(d) = 1 by  another letter because the letter d has been used previousely (for example in page 219, the authors used S.state = d.

Thank you for having produced this very good paper. 

 

Author Response

--- This article is complicated to understand for the majority of reades who are not accustomed to the formal reasoning related to some fields of researchs like automata theory, Petri nets theory, operational semantics, denotational and others as well as the category theory and the domain of verification and model checking. But, I would like to thank the authors of this paper for introducing formal theoretical approachs to the theory of the reliability of multi-components systems whose component agree to the notion of multistate behavior.

However, the article is very interesting, but the question has to be asked: is-it possible to reduce the content of the article to be more simple far from the formal mathematical rigor? This will surely will interested more readers. Also, is-it possible to produre some more algorithms for determining the minimal cut set of multisate systems.

Thanks for this comment. Our article does not introduce mathematical concepts for their intrinsic elegance, even less to “show off”, but because they are necessary to design modeling formalisms, assessment algorithms and to prove their mathematical correctness. With that respect, this article aims at being a reference. We fully agree with the reviewer that it may be “hard to swallow” for some readers. But this is the price to pay if we want to design efficiency probabilistic risk assessment methods. We want to make things in order: first, publish reference articles in high quality scientific journals, and then more applicative and pedagogical presentations, most probably as communications in conferences.

--- I ask to the autors to proceed minitiously to read their papers and more precisely the mathematical formulas (equations ...). I invite them to begin to correct :

We apologize for the (too many) typos we made in the first version of the article.

--- line 140    n little or equal v induce |O|u  little or equal |O|v.

Corrected.

--- line 218 : C.state = w  to replace C.sate = W

Corrected.

--- line 235 : it will be more significant to replace the letter d in p(d) = 1 by  another letter because the letter d has been used previousely (for example in page 219, the authors used S.state = d.

True. Corrected.

--- Thank you for having produced this very good paper.

Thanks again for your nice comments.

 

Reviewer 2 Report

Good introduction to exploring the subject At the beginning, the Authors only mentions the importance of risk, in the following, reliability and safety. These three elements reliability, risk and safety are very important together. The content of the article should not be separated. Line 139 it shouldn’t be three condition Line 163 165 explanation of mapping before using Line 316 this theorem is probably the most important – I would say that probably the most known Line 451 452 It is well known that the size of binary decision diagrams, and therefore the efficiency of the whole method, depends heavily on the chosen variable ordering - so we are coming back to the beginning.

Author Response

--- Good introduction to exploring the subject At the beginning, the Authors only mentions the importance of risk, in the following, reliability and safety. These three elements reliability, risk and safety are very important together. The content of the article should not be separated

Thanks for the comment. We fully agree with this point and modified the text accordingly.

--- Line 139 it shouldn’t be three condition

The three conditions we give are necessary (and sufficient) for a mapping to preserve the structure and to be surjective. Namely, the first and second conditions ensure that the structure is preserved, while the third one is the classical definition of a surjective mapping.

--- Line 163 165 explanation of mapping before using

Variable valuations are mappings from variables to their domains. Formulas are interpreted as mapping from variable valuations to the codomain of their outmost operator. The two notions are therefore different.

This generalizes what happens in the Boolean case: variable valuations are functions that assign values (true or false) to variables. Formulas are interpreted as Boolean functions, i.e. as functions from variable valuations into {true, false}. The difference is here that variables can take more than two values and that formulas can also output more than two values.

--- Line 316 this theorem is probably the most important – I would say that probably the most known.

I disagree on this point: I don’t know any article or book that establishes this theorem. Of course, it formalizes in some sense the intuition that minimal cutsets represent minimal scenarios of failure, which is straightforward. However, the theorem goes way beyond this intuition. To establish it, you need to introduce the notion of degradation order (i.e. partial order over the states), i.e. eventually the whole algebraic framework of finite degradation structures.

--- Line 451 452 It is well known that the size of binary decision diagrams, and therefore the efficiency of the whole method, depends heavily on the chosen variable ordering - so we are coming back to the beginning.

Extracting minimal cutsets (and calculating probabilistic risk indicators), whether in the Boolean models or in finite degradation models is a provably computationally hard problem. This complexity has been demonstrated mathematically (by a number of authors, which I will not cite here, but the reviewer can refer to my 2006 and 2018 articles) and does not depend on the algorithm that is used to do so. In other words, all algorithms to extract minimal cutsets are eventually heuristics: the most efficient ones make it possible to push the limits of what we can do in practice, without removing the complexity of the problem at stake.

The use of the binary decision diagram technology was a breakthrough in the design of fault tree assessment tools. BDD algorithms are extremely efficient on industrial models, at least up to a certain size of models. Acknowledging that this practical efficiency requires the design of “good” variable ordering heuristics does not mean that the technology has flaws. It simply acknowledges that it relies on heuristics, as all technologies to assess probabilistic risk/safety assessment models.

 

Reviewer 3 Report

1.
English and punctuation need minor improvements.
The proposed changes are annotated in the attached pdf file.
In particular, it seems that the preposition "in" is always missing before "Figure", "Fig.", "Table", "Tab.", "Section", and "Appendix".
I believe that this is due to an erroneous search-and-replace operation performed throughout the paper.

2.
In figure 1, several Hasse diagrams are shown.
I suggest the addition of a brief sentence in the main text or in the caption of figure 1, saying that the Hasse diagram represents a finite partially ordered set.

3.
Let us consider for instance the WDF structure: by reading figure 1 in a top-down way (as we usually examine figures), the order of the nodes may be interpreted in this way: f < d < w.
However, the correct order of degradation is w < d < f, as explained in section 2.1.
So I suggest the addition of a brief sentence in the main text or in the caption of figure 1, saying that the degradation order has to be interpreted in a bottom-up way in figure 1.

4.
The paper has been submitted to a special issue about Fault Trees (and Attack Trees).
However no Fault Trees (FT) appear in the paper.
I agree with the Authors when they say that Finite Degradation Models (FDM) generalize FT and other typical combinatorial models in reliability analysis, but I would try to connect FT with FDM in an explicit way.
For example, the caption of table 2 says "Fault-tree like finite degradation model for the system pictured Fig. 3", but figure 3 shows a Reliability Block Diagram (RBD).
I suggest the replacement of the RBD with the corresponding FT (or the presentation of the FT together with the RDB).
In section 6, I would show the FT of the case study, and then I would introduce the FDM model; in this way, the advantages of FDM with respect to FT, would become more evident.
For instance, the FT would be limited to a specific failure mode characterized by binary states (working/failed), while the FDM can represent the several failure modes of the system characterized by several states of degradation.
Actually the Authors say:
"one would design a dedicated fault tree to describe safe-failures of the system, another one for dangerous-detected-failures and a third one for dangerous-undetected-failures".

5.
With respect to sections 2, 3, 4, 5, providing a formal and detailed description of the methodology, section 6 concisely evaluates the case study.
In my opinion, section 6 can be extended by providing more details about the case study evaluation.
Besides a FT model, section 6 could present a graphical representation of a portion of the FDM model, possibly indicating which degradation structures in figure 1 have been applied (the use of W3F is declared in section 7).
Only the probabilities of system failure are presented (table 7).
This part could be enriched by providing the probabilities of the relevant minimal cut sets, possibly indicating the threshold used to select them among all the possible cut sets.
A portion of the decision diagram would complete the case study evaluation.
In this way, the complete methodology would be explicitly applied, and the reader would have a more precise idea of the practical advantages.

 

Comments for author File: Comments.pdf

Author Response

Point 1. We made all corrections suggested by the reviewer (plus some additional ones).

Points 2 & 3. We added a sentence to explain how to read Hasse diagrams. Note that Hasse diagrams are always interpreted in a bottom-up way, see e.g. Wikipedia.

Point 4.To answer this remark, we split the last section in two. We created a section that describes the case study and we put this section right after the introduction. We use the case study to illustrate concepts throughout the article. The last section (before the conclusion) now contains only experimental results. In the new section 2, we give the (classical) fault tree representing the failures of the HIPPS and discuss why it is too coarse.

Point 5. The finite degradation model for the HIPPS is entirely given in the appendix. The equations this model encodes are given Table 5.

We added, in the last section, the probabilities of the MCS for each observer calculated at t=4380 and t=8760.

This said, the value of this article does stand not the treatment of the case study, but in the elegance (and the efficiency) of mathematical and algorithmic developments. This article would be worth to publish even in absence of any example. Displaying a portion of decision diagrams for the case study would not bring any added value.

 

 

Round 2

Reviewer 3 Report

1.

English needs few minor corrections:

line 102: hamper ---> hampers

line 103: there ---> their

line 118: should obey ---> should they obey

line 123: an general ---> a general

line 124: a concrete answer the --> a concrete answer to the

line 434: & al. ---> et al.

line 671: pilars ---> pillars

line 784: classes ---> Classes

line 784: to described ---> to describe

 

 

2.

The preposition "in" is still missing for every reference to a table or figure, throughout the paper.

line 192: defined Table 2 ---> defined in Table 2

line 645: described Table 5 ---> described in Table 5

line 646: described Table 3 ---> described in Table 3

line 774: given Fig. A2 implements ---> given in Fig. A2, implements

line 779: given Fig. A3 implements ---> given in Fig. A3, implements

... ... ...

 

3.

At the begin of section 7, I suggest the addition of references to the parts where the case study is introduced.

line 634: TA4 ---> TA4 (Section 2)

line 636: TA4 ---> TA4 (Figure 2)

 

Author Response

Thanks again for your corrections.

We made them all.

Back to TopTop