Reliability Analysis of an Anti-lock Braking System
using Stochastic Petri Nets
Kshamta Jerath
kjerath@eecs.wsu.edu
Frederick T. Sheldon
sheldon@eecs.wsu.edu
School of Electrical Engineering and Computer Science
Washington State University, Pullman, WA 99164, USA
Abstract
The “Reliability Analysis of an Anti-lock Braking System using Stochastic Petri Nets” is
a work in progress and an extension to the work presented in the paper “Specification,
Safety and Reliability Analysis Using Stochastic Petri Net Models”[9]. The current work
attempts to model the Anti-lock braking sub-system of a vehicle system using Stochastic
Petri Nets. The reliability analysis is undertaken with particular focus on coincident
failures of components. The model is specified in C-based Stochastic Petri Net language,
the input language for SPNP.
Introduction
A complex system (like a vehicle) is composed of numerous components and the probability
that the system survives (efficient or acceptable degraded operation) depends directly on each
of the constituent components. The reliability analysis of a vehicle system can provide an
understanding about the likelihood of failures occurring in the system and an increased insight
to manufacturers about inherent “weaknesses.” In [9], the authors present Stochastic Petri
Net (SPN) models of a vehicle dynamic driving regulation (DDR) system. Subsystem
representations of the Anti-lock Braking system (ABS), the Electronic Steering Assistance
(ESA), the traction control (TC) and a combined model are developed and analyzed for critical
failures.
In this study, we focus on the Anti-lock braking system and develop a stochastic Petri
net model to model coincident failures of certain components, under fully operational as well
as degraded operation conditions. The assumption that failures occur independently (in a
statistical sense) in hardware components is a widely used and often successful model for
predicting the reliability of hardware devices. However, components generally interact with
each other during operation, and a faulty component can affect the probability of failure of
other components. Such failures are not “coincident” in the sense that they occur
simultaneously, but in the fact that failure of one increases the probability of the failure of
another. It is this aspect of the system that we have undertaken to model in this study.
The model developed includes the failure modes and effects associated with the failure
rates of critical components. The program representing the model is written in CSPL (C-based
Stochastic Petri net Language) and the stochastic analysis is carried out using SPNP
(Stochastic Petri Net Package). SPNP is a versatile modeling tool which allows the
specification of SPN reward models, the computation of steady state, transient, cumulative,
time-averaged and “up-to-absorption” measures and sensitivities of these measures [2].
Anti-lock Braking System
The Anti-lock braking system prevents wheel lockup during an emergency stop by
modulating the brake pressure. It permits the driver to maintain steering control and stop the
vehicle in the shortest possible distance under most conditions. The ABS consists of the
following major components [6, 7]:
• Wheel Speed Sensors: These measure wheel-speed and transmit information to an
electronic control unit.
• Electronic Control Unit (Controller): This receives information from the sensors,
determines when a wheel is about to lock up and controls the hydraulic control unit.
• Hydraulic Control Unit (Hydraulic Pump): This controls the pressure in the brake
lines of the vehicle.
• Valves: Valves are present in the brake line of each brake and are controlled by the
hydraulic control unit to regulate the pressure in the brake lines.
Under braking, the electronic control unit (ECU) “reads” signals from electronic
sensors monitoring wheel rotation. If a wheel’s rate of rotation suddenly decreases, the ECU
orders the hydraulic control unit (HCU) to reduce the line pressure to that wheel’s brake.
Once the wheel resumes normal operation, the controls restore pressure to its brake.
Depending on the system, this cycle of “pumping” can occur at up to 15 times per second.
Anti-lock braking systems use different schemes depending on the type of brake in
use: Four channel, four sensors ABS; three channel, three sensors ABS; two channel, two
sensors ABS. In this study we focus on the four channel four sensor ABS [1].
Assumptions
In the model developed, we assume a four channel, four sensor ABS. The model can be easily
modified to represent other ABS schemes. It is assumed that on an average a passenger
vehicle travels for 200,000 miles at a speed of 50 mph in its lifetime. Hence, the analysis is
carried out for 50K hours, the average life span of a passenger vehicle being 40K hours. The
components of the ABS are assumed to operate independent of each other, wherever
coincident failures are not explicitly modeled.
In order to allow a Markov chain analysis, the time to failure of all components is
assumed to have an exponential distribution. This signifies that the distribution of the
remaining life of a component does not depend on how long the component has been
operating. The component does not “age” or it forgets how long it has been operating, and its
eventual breakdown is the result of some suddenly appearing failure, not of gradual
deterioration [10]. While this might be true for electronic components, the failure of other
mechanical parts like valves might occur due to gradual deterioration. However, we assume an
exponential distribution to keep the model simple.
Every component operates in three scenarios: normal operation, degraded operation or
loss of stability. The system is assumed to fail (failure situations resulting in absorbing states)
when either more than five components are functioning in a degraded state; or more than three
components are causing loss of stability; or there is a loss of vehicle. A component operating
in a degraded condition causes its failure rate to increase by one order of magnitude, while a
component causing loss of stability causes the failure rate to increase by two orders of
magnitude. The correlation between failure rates of two “related” components (to model
coincident failures) is consistent with the above scheme.
Since the model is an abstraction of a real world problem, predictions based on the
model must be validated against actual measurements collected from the real phenomena. A
poor validation may suggest modifications to the original model [10].
The ABS Model
start
A Petri Net (PN) is a bipartite directed
graph whose nodes are divided into
braking
two disjoint sets called places and
central
axle
transitions. Directed arcs in the graph
connect places to transitions (called
central_op
axle_op
input arcs) and transitions to places
(called output arcs). A marked Petri net
is obtained by associating tokens with
mbrakecyl controller tubing piping axleCentral FRWheel RLWheel RRWheel
FLWheel
places. In a graphical representation of
a PN, places are represented by circles,
transitions are represented by bars and
the tokes are represented by dots in the
places. The firing of a transition is an
degraded_operation loss_of_stability loss_of_vehicle
atomic action in which one or more
Figure 1: The ABS model
tokens are removed from the input
place of the transition and one or more tokens are added to each of the output place of the
transition. By requiring exponentially distributed firing times, we obtain stochastic Petri nets
(SPN). Stochastic Reward nets are SPNs augmented with the ability to specify output
measures as reward-based functions, for the evaluation of reliability for complex systems [3].
In our SRN model, the ABS is represented as a combination of all the important
components it consists of, as shown in Figure 1. It represents the operation of the ABS under
normal, degraded and lost stability conditions. Loss of vehicle, extreme degraded operation
and extreme loss of stability signify critical failures and determine the halting condition for the
model. The model is instantiated with a single
token in the start place. When the central_op
controller
and the axle_op transitions fire, a token is
deposited in each place that represents a
controllerFail
controllerOp
component of the ABS. The operation of each
component is now independent of every other
failedController
component. The model of a component of the
ABS is shown in Figure 2.
controllerDegradedOp controllerLOSOp controllerLOVOp
The component depicted here is the
controller. Every component either functions
“normally” as shown by the controllerOp
controllerDegraded controllerLOS
transition or “fails” as shown by the
controllerFail transition. A failed component
degraded_operation loss_of_stability
loss_of_vehicle
may either cause degraded operation, loss of
stability or loss of vehicle. The probability of
Figure 2: SPN model of an ABS component
any one of these three transitions occurring is
different for each component. When the failure causes either degraded operation or loss of
stability, the component continues to operate, though the failure rate increases by one and
two orders of magnitude respectively.
Coincident failures are modeled in a similar manner. The function that calculates the
failure rate of the transition
controllerFail is shown in double controllerRate()
{
Figure 3. It is assumed that double controller_rate = 0.0000006;
malfunctioning
tubing
(mark("controllerLOS") > 0) return controller_rate * 100;
affects the operation of the ifif ((mark("controllerDegraded")
> 0) || (mark("tubingDegraded") > 0))
controller. Hence, while
return controller_rate * 10;
calculating the failure rate return controller_rate;
of the controller, the }
Figure 3: Variable rate to model coincident failures
normal rate is increased by
one order of magnitude if
the tubing has failed causing degraded operation (indicated by a token in the tubingDegraded
place). While modeling other coincident failures like loss of controller itself affecting the
failure rates of the hydraulic pump, if the failure of the controller causes loss of stability, the
failure rate of the hydraulic pump increases by two orders of magnitude.
Only a few coincident failures have been represented in the model. However,
coincident failures between other components can be easily modeled by suitably modifying
the failure rate function of the component in question. The model is easily extensible to
include other components deemed relevant to the ABS.
Results
Reliability of ABS
1.05
The Stochastic Petri
Net Package (SPNP)
1
allows the specification
of SRN models, the
0.95
computation of steady
state,
transient,
0.9
cumulative,
timeaveraged,
“up-to0.85
absorption” measures
and sensitivities of
0.8
these
measures.
Steady-state analysis
0.75
of SRNs is often
adequate to study the
Time (in hrs)
performance
of
a
system,
but
timeFigure 4: Reliability analysis results
dependent behavior is
sometimes of greater interest: instantaneous availability, interval availability, reliability,
response time distribution, and computational availability. The reliability of the system at
time t is computed as the expected instantaneous reward rate at time t [3].
Transient analysis of the ABS model developed was carried out and the reliability was
measured between 0 and 50K hours (representing average lifetime of a passenger vehicle). The
Without coincident failures
With coincident failures
MTTF (w/o) = 785277.599178 hrs.
MTTF (with)= 785245.883488 hrs.
expected values of reliability at various time instances was determined and plotted as a
function of time. The measure was predicted at 169 points along the range. The interval
between the points did not remain constant along the entire time range; instead the time range
was divided into four segments. Each of these segments has a different time interval.
In Figure 4, the Y-axis gives the measure of interest - the reliability; while the time
range (0 to 50K hours) is shown along the X-axis. The shape of the curve is not a property of
the system but of how the data was collected from the Petri net model.
Conclusion and Future Work
In this study, we have shown how to model coincident failures in the Anti-lock Braking
system of a passenger vehicle using Stochastic Reward Nets. In order to specify the system,
we had to make some system assumptions. The stochastic Petri net modeled a few coincident
failures possible in a four channel four sensor ABS. The model, however, is easily extensible
to model other schemes of ABS. Other coincident failures between components can be easily
modeled by suitably modifying the failure rate function of the component in question. In
order to specify the system and carry out the reliability analysis, we used SPNP.
The goal of future work is two-fold. First, specify and analyze the model developed
using UltraSAN, a software tool for model-based performance, dependability and
performability evaluation of computer, communication and other systems [8]. We would like
to compare the results for the reliability analysis of the model from both SPNP and UltraSAN
tools. Second, extend the model to include other systems that operate in conjunction with the
ABS sharing some components e.g. Acceleration Slip Regulation (ASR) and Electronic Steer
Assist (ESA).
References
[1] Bosch, R. Automotive Handbook, Bentley Pubs.
[2] Ciardo, G.; Muppala, J.; Trivedi, K. “SPNP: Stochastic Petri Net Package.” Proc.
1st Int. Workshop on Modeling, Analysis and Simulation of Computer and
Telecommunication Systems (MASCOTS'93).
[3] Ciardo, G.; Muppala, J.; Trivedi, K. “Stochastic Reward Nets for Reliability
Prediction.” Communications in Reliability, Maintainability and Serviceability 1(2):
9-20.
[4] Ciardo, G.; Muppala, J.; Trivedi, K. “SPNP User Manual Version 6.”
[5] Dugan, J. B.; Ciardo, G. “Stochastic Petri Net Analysis of a Replicated File System.”
IEEE Transactions on Software Engineering 15(4): 394-401.
[6] Kolsky, M. ABS: Understanding Anti-Lock Brakes.
http://www.abrn.com/archives/0797tech.htm
[7] Nice, K. How Anti-Lock Brakes Work.
http://www.howstuffworks.com/anti-lock-brake.htm
[8] Sanders W. UltraSAN User’s Manual version 3.0.
http://www.crhc.uiuc.edu/PERFORM/Papers/USAN_papers/manual_v3.0_all.pdf
[9] Sheldon, F. T.; Greiner, S.; Benzinger, M. “Specification, Safety and Reliability
Analysis Using Stochastic Petri Net Models.” ACM International Workshop on
Software Specification and Design.
[10] Trivedi, K. Probability and Statistics with Reliability, Queuing and Computer Science
Applications, Prentice-Hall.