Fault Trees and Reliability Block Diagrams
advertisement
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
E NGINEERING R ELIABILITY
FAULT T REES AND R ELIABILITY B LOCK D IAGRAMS
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
Harry G. Kwatny
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
Department of Mechanical Engineering & Mechanics
Drexel University
O UTLINE
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
R ELIABILITY B LOCK D IAGRAMS
RBD Definition
RBDs and Fault Trees
System Structure
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
Q UALITATIVE A NALYSIS
Structure Functions
Paths and Cutsets
Q UANTITATIVE A NALYSIS
Reliability
Redundancy
R ELIABILITY B LOCK D IAGRAMS
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
A reliability block diagram (RBD) provides a success
oriented view of the system.
I RBD’s provide a framework for understanding redundancy.
I RBDs facilitate the computation of system reliability from
component reliabilities.
I RBDs and fault trees provide essentially the same
information.
I
I
Below is the RBD for the backup power supply.
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
Off-site
R ELIABILITY
power
R EDUNDANCY
a
b
Transfer
Diesel-
switch
generator
R ELIABILITY B LOCK D IAGRAMS – D EFINITION
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
A reliability block diagram (RBD) is defined as follows:
I
A reliability block diagram is a graph whose edges are
the system components.
I
There are a pair of nodes called terminal nodes – (a)
and (b) in the backup power supply diagram.
I
If there is a path between the terminal nodes which
contains only edges with functional components, the
entire system is functional. Otherwise it is not
functional.
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
S ERIAL & PARALLEL C ONFIGURATIONS
E NGINEERING
R ELIABILITY
a
R ELIABILITY
B LOCK
D IAGRAMS
A1
A2
b
Serial
RBD D EFINITION
A1
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
a
Q UALITATIVE
A NALYSIS
b
A2
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Parallel
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
I
I
In the serial configuration, failure of either component,
A1 or A2 causes system failure.
In the parallel configuration, both components must fail
in order for the system to fail – redundancy
E XAMPLE : F IRE P UMP S YSTEM
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
I
The reliability block diagram for the fire pump system is
shown below.
I
The redundancy of the pumps is clearly evident.
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
Fire
Pump 1
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
a
Engine
Valve
Fire
Pump2
b
R ELIABILITY B LOCK D IAGRAMS & FAULT
T REES – 1
E NGINEERING
R ELIABILITY
TOP
TOP
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
A1 occurs
A2 occurs
A1 occurs
A2 occurs
A1
A2
A1
A2
S TRUCTURE
F UNCTIONS
A1
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
a
A1
A2
Serial
b a
b
A2
Parallel
Notice that the fault tree takes a failure perspective, whereas
the reliability block diagram takes a success perspective.
R ELIABILITY B LOCK D IAGRAMS & FAULT
T REES – 2
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
TOP
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
A2
a
A1
b
A1
G1
A3
R ELIABILITY
R EDUNDANCY
A2
A simple serial parallel composition.
A3
S ERIES S TRUCTURE
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
a
1
2
n
b
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
A system composed of n subsystems is called a series
structure if the failure of any one component causes failure
of the complete system.
PARALLEL S TRUCTURE
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
1
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
a
2
b
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
n
R ELIABILITY
R EDUNDANCY
A system composed of n subsystems is called a parallel
structure if it operates if any one or more of its components
operates.
k- OUT- OF -n S TRUCTURES
E NGINEERING
R ELIABILITY
two-out-of-three structure
R ELIABILITY
B LOCK
D IAGRAMS
1
2
2
3
1
3
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
a
Q UALITATIVE
A NALYSIS
b
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
I
I
A system that is functioning if and only if at least k of its
n components is functioning is called a k-out-of-n
structure.
A 1-out-of-n structure is a parallel structure.
D EFINITIONS - Q UALITATIVE A NALYSIS
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
I
I
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
A system with n components is called a system of order
n.
xi denotes the state of component or subsystem i,
1 the component is functioning
xi =
, i = 1, . . . , n
0 the component is failed
I
x denotes the state of the entire system,
1 the system is functioning
x=
0 the system is failed
I
The structure function is a function φ (x1 , . . . , xn )
associated with a given system, such that
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
x = φ (x1 , . . . , xn )
S TRUCTURE F UNCTIONS
E NGINEERING
R ELIABILITY
I
R ELIABILITY
B LOCK
D IAGRAMS
serial structure
φ (x1 , . . . , xn ) = x1 · x2 · · · · · xn
RBD D EFINITION
RBD S AND FAULT
T REES
I
parallel structure
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
φ (x1 , . . . , xn )
= 1 − (1 − x1 ) (1 − x2 ) · · · (1 − xn )
n
Q
(1 − xi )
=1−
φ (x1 , . . . , xn )
=
S TRUCTURE
F UNCTIONS
i=1
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
max
i∈{1,...,n}
xi
R ELIABILITY
R EDUNDANCY
I
k-out-of-n structure
φ (x1 , . . . , xn ) =
1
0
Pn
xi ≥ k
Pi=1
n
i=1 xi < k
C OHERENT S TRUCTURES
E NGINEERING
R ELIABILITY
I
R ELIABILITY
B LOCK
D IAGRAMS
A component is irrelevant if it has no effect on the functioning
of the system, i.e., the ith component is irrelevant if
φ (x1 , . . . xi−1 , 0, xi+1 , . . . , xn ) = φ (x1 , . . . xi−1 , 1, xi+1 , . . . , xn )
RBD D EFINITION
RBD S AND FAULT
T REES
for all x1 , . . . xi−1 , xi+1 , . . . , xn
S YSTEM S TRUCTURE
Otherwise it is called relevant.
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
I
Assumption: the system will not run worse if a failed
component is replaced by a functional component
⇒ φ (x1 , . . . , xn ) is a nondecreasing function of each of the
variables x1 , . . . , xn .
I
A system is coherent if all of its components are relevant and
its structure function is nondecreasing.
I
By focusing on coherent structures we rule out certain
pathologies.
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
PATHS AND C UTSETS
E NGINEERING
R ELIABILITY
I The set of components of a system of order n is
R ELIABILITY
B LOCK
D IAGRAMS
I A path set, P, is a subset of C which by functioning ensures that the
C = {1, 2, . . . , n}
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
system is functioning. A path set is minimal if it cannot be reduced
without losing its status as a path set.
I A cut set, K, is a subset of C which by failing causes the system to
fail. A cut set is minimal if it cannot be reduced without losing its
status as a cut set.
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
1
2
R ELIABILITY
R EDUNDANCY
a
5
3
4
b
D EFINITIONS - Q UANTITATIVE A NALYSIS
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
I
A system with n components is called a system of order
n.
I
Ai denotes the event that the component or subsystem
i, i = 1, . . . , n is functioning at time t.
I
A denotes the event that the entire system is
functioning at time t.
I
P (Ai ) = Ri (t) is the reliability of the ith subsystem.
I
P (A) = R (t) is the reliability of the entire system.
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
S ERIES S TRUCTURE
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
I
I
RBD D EFINITION
I
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
A = A1 ∩ A2 ∩ · · · ∩ An ⇔ Ac = Ac1 ∪ Ac2 ∪ · · · ∪ Acn
A ⊂ Ai , i = 1, . . . , n ⇒ R (t) ≤ Ri (t)
I
A serial system reliability is no greater than the
reliability of any subsystem!
I
Suppose that the failure events Ai are mutually
independent, then
Yn
Yn
R (t) = P (A) = P (∩ni=1 Ai ) =
P (Ai ) =
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
Note:
i=1
i=1
Ri (t)
PARALLEL S TRUCTURE
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
I
I
I
S YSTEM S TRUCTURE
I
Q UALITATIVE
A NALYSIS
I
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
A = A1 ∪ A2 ∪ · · · ∪ An
If the subsystem failure events are independent:
I
Ac = Ac1 ∩ Ac2 ∩ · · · ∩ Acn
P (Ac ) = P (Ac1 ) P (Ac2 ) · · Q
· P (Acn )
Qn
n
c
P (A) = 1−P (A ) = 1− i=1 P (Aci ) = 1− i=1 [1 − P (Ai )]
Consequently, for independent events:
Yn
R (t) = 1 −
(1 − Ri (t))
i=1
k- OUT- OF -n S TRUCTURES
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
I Consider identical components,
I The probability failure of failure over a specified time period for a
single component is p, so the component reliability is r = 1 − p,
I Let M denote the number of components that fail in the specified
time period, then
P (M = m) =
S TRUCTURE
F UNCTIONS
R EDUNDANCY
pm (1 − p)n−m = Cmc (1 − r)m rn−m
|{z} | {z }
m
# ways to
get m/n failures
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
Cmn
|{z}
n−m
survivers
I The k/n system will survive if there are no more than n − k failures,
so
R=
Xn−k
m=0
Cmn (1 − r)m rn−m
D EFINITIONS
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
I
Redundancy is the duplication of critical components in
a system in order to improve reliability.
I
Redundancy is normally a parallel connection of
identical components – can be active or standby
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
1
S TRUCTURE
F UNCTIONS
1
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
a
b
a
b
R ELIABILITY
R EDUNDANCY
2
Active parallel
2
Standby parallel
R ELIABILITY OF ACTIVE AND S TANDBY
S YSTEMS
E NGINEERING
R ELIABILITY
I
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
I
RBD S AND FAULT
T REES
Consider a redundant (parallel) combination of two
identical components.
Let T1 , T2 , T denote the failure times of component 1,
component 2, and the system, respectively.
S YSTEM S TRUCTURE
I
Q UALITATIVE
A NALYSIS
I
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
I
the units are identical, so R1 (t) = R2 (t)
assume the failures of the two units are independent
events.
The system reliability of the active parallel structure is
Ra (t) = P (T1 > t ∪ T2 > t)
= P (T1 > t) + P (T2 > t) − P (T1 > t) P (T2 > t)
Ra (t) = R1 (t) + R2 (t) − R1 (t) R2 (t)
R ELIABILITY OF ACTIVE AND S TANDBY
S YSTEMS – 2
E NGINEERING
R ELIABILITY
I
R ELIABILITY
B LOCK
D IAGRAMS
I
RBD D EFINITION
RBD S AND FAULT
T REES
The standby system does not start operating until the
primary unit fails.
The system can survive until time t if the primary unit
survives until time t or the primary unit fails before time
t, but the second unit survives until time t:
S YSTEM S TRUCTURE
Rs (t) = P (T2 > t |T2 > T1 ) = P (T1 > t) + P (T1 < t ∩ T2 > t)
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
I
The two possibilities can be restated as T1 > t or T1
occurs at τ < t and T2 > t − τ . Notice that
P (τ < T1 < τ + dτ ) = f1 (τ ) dτ
P (τ < T1 < τ + dτ ∩ RT2 > t) = R2 (t − τ ) f1 (τ ) dτ
t
P (T1 < t ∩ T2 > t) = 0 R2 (t − τ ) f1 (τ ) dτ
Z
t
R2 (t − τ ) f1 (τ ) dτ
Rs (t) = R1 (t) +
0
E XAMPLE : C ONSTANT FAILURE R ATE
E NGINEERING
R ELIABILITY
I Components with constant failure rate λ have reliability
R (t) = e−λt
R ELIABILITY
B LOCK
D IAGRAMS
I An active parallel structure has reliability
RBD D EFINITION
Ra (t) = 2e−λt − e−2λt
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
I A standby parallel structure has reliability
Rs (t) = (1 + λt) e−λt
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
RHtL
1
Standby
parallel
0.8
R EDUNDANCY
0.6
Active
parallel
0.4
Single
component
0.2
0.5
1
1.5
2
2.5
3
λt
H IGH - AND L OW-L EVEL R EDUNDANCY
E NGINEERING
R ELIABILITY
1
2
R ELIABILITY
B LOCK
D IAGRAMS
High (SYSTEM)-level
RBD D EFINITION
Redundancy
3
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
1
Q UALITATIVE
A NALYSIS
2
3
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
1
2
3
1
2
3
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
Low (COMPONENT)-level
Redundancy
S TRUCTURE F UNCTIONS R EVISITED
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
I Consider a system with state vector x = {x1 , . . . , xn } and structure
function φ1 (x), and a second system with state vector
y = {y1 , . . . , ym } and structure function φ2 (y).
I if these systems are connected in series then the whole system is
of order n + m, and its structure function is
φ (x, y) = φ1 (x) φ2 (y)
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
I if these systems are connected in parallel then the whole system is
of order n + m, and its structure function is
R ELIABILITY
R EDUNDANCY
φ (x, y) = max {φ1 (x) , φ2 (y)}
S YSTEM L EVEL VS C OMPONENT L EVEL
R EDUNDANCY
E NGINEERING
R ELIABILITY
I Suppose the two systems in the parallel structure are identical, i.e.,
we have a system level redundant configuration. In this case,
R ELIABILITY
B LOCK
D IAGRAMS
φS (x, y) = max {φ1 (x) , φ1 (y)} ≤ φ1 (x1 y1 , . . . , xn yn )
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
I Consider a component level redundant configuration of system one,
the structure function is
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
φC (x, y) = φ1 (max {x1 , y1 } , . . . , max {xn , yn })
But, for coherent systems,
Q UANTITATIVE
A NALYSIS
φ1 (max {x1 , y1 } , . . . , max {xn , yn }) ≥ φ1 (x1 y1 , . . . , xn yn )
R ELIABILITY
R EDUNDANCY
So,
φC (x, y) ≥ φS (x, y)
I Thus, in general, we get a better (more reliable?) system through
component redundancy rather than system redundancy.
S YSTEM L EVEL VS . C OMPONENT L EVEL
R EDUNDANCY – 2
E NGINEERING
R ELIABILITY
a
R ELIABILITY
B LOCK
D IAGRAMS
RBD D EFINITION
RBD S AND FAULT
T REES
S YSTEM S TRUCTURE
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
⎡ A1 ∩ B1
⎢
A ∩ B1
⎢ 2
⎢ A3 ∩ B1
⎢
⎢
⎢A ∩ B
1
⎣ K
A1
A2
A1 ∩ B2
A2 ∩ B2
A1 ∩ B3
A2 ∩ B3
A3 ∩ B2
A3 ∩ B3
AK ∩ B2
AK ∩ B3
AK
b
A1 ∩ BK
A2 ∩ BK
A3 ∩ BK
AK ∩ BK
⎤
⎥
⎥
⎥
⎥
⎥
⎥
⎦
PATHS AND C UTSETS
Q UANTITATIVE
A NALYSIS
R ELIABILITY
R EDUNDANCY
I Consider a system with K minimal cutsets, A1 , A2 , . . . , AK .
I For a system level redundant configuration, place an identical
system with cutsets labeled B1 , B2 , . . . , BK in parallel with the
original. The redundant system cutsets are all combinations Ai ∩ Bj ,
i, j = 1, . . . , K.
I A component level redundant system has cut sets Ai ∩ Bi ,
i = 1, . . . , K.
I Consequently, RC ≥ RS .
E XAMPLE : S YSTEM VS C OMPONENT
R EDUNDANCY
E NGINEERING
R ELIABILITY
{a1} , {a2 , a3 }
a2
a
R ELIABILITY
B LOCK
D IAGRAMS
a2
RBD S AND FAULT
T REES
a1
S YSTEM S TRUCTURE
a3
a
b
Q UANTITATIVE
A NALYSIS
{a1 , b1} , {a1 , b2 , b3 } ,
{b1 , a2 , a3 } , {a2 , a3 , b2 , b3 }
b2
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
b
a3
RBD D EFINITION
Q UALITATIVE
A NALYSIS
a1
b1
a2
b3
R ELIABILITY
a1
b2
b1
a3
R EDUNDANCY
a
{a1 , b1 } , {a2 , a3 , b2 , b3 }
b
b3
R EDUNDANCY L IMITATIONS
E NGINEERING
R ELIABILITY
R ELIABILITY
B LOCK
D IAGRAMS
I
RBD D EFINITION
RBD S AND FAULT
T REES
I
S YSTEM S TRUCTURE
I
Q UALITATIVE
A NALYSIS
S TRUCTURE
F UNCTIONS
PATHS AND C UTSETS
Common-mode failures are caused by dependencies
that cause redundant components to fail
simultaneously.
I
I
Q UANTITATIVE
A NALYSIS
Load sharing can cause reliability degradation in active
parallel systems.
I
R ELIABILITY
R EDUNDANCY
I
common power supply
shared environmental stresses
common maintenance issues
failure of one unit can cause increased stress on
remaining units, e.g., engines, pumps, etc.,
switching failures can occur in standby parallel systems
