Unavailability Analysis for <i>k</i>-out-of-<i>n</i>:G Systems with Multiple Failure Modes Based on Micro-Markov Models

Tang, Shengjin; Guo, Xiaosong; Sun, Xiaoyan; Xue, Haijian; Zhou, Zhaofa

doi:https://doi.org/10.1155/2014/740936

Mathematical Problems in Engineering

On this page

Abstract Introduction References Copyright Related Articles

Research Article | Open Access

Volume 2014 | Article ID 740936 | https://doi.org/10.1155/2014/740936

Unavailability Analysis for k-out-of-n:G Systems with Multiple Failure Modes Based on Micro-Markov Models

Shengjin Tang,¹Xiaosong Guo,¹Xiaoyan Sun,²Haijian Xue,¹and Zhaofa Zhou¹

Academic Editor: Carsten Proppe

Received02 Jan 2014

Revised16 Mar 2014

Accepted19 Mar 2014

Published24 Apr 2014

Abstract

Markov models are commonly used for unavailability analysis of redundant systems. However, due to the exploding states of Markov models for redundant systems, the states need to be merged to simplify the computation, which is called micro-Markov models. However, how to derive the failure rates and repair rates of the newly developed micro-Markov models has not been studied thoroughly. Therefore, this paper proposes detailed explanations and rules to derive the static unavailability by the micro-Markov models for the k-out-of-n:G systems with multiple failure modes. Firstly, two properties about applying the Markov models to the repairable system with independent multiple failure modes are presented. Based on these two properties, two rules are proposed for implementing the micro-Markov models. The micro-Markov models provide the exact same results for the repairable k-out-of-n:G system with multiple independent failure modes and repair mechanisms and approximate results for systems with multiple hybrid failure modes. A case study of safety integrity verification for safety instrumented systems is provided to illustrate the application of the proposed method. The conceptual comparison and numerical examples demonstrate the reasonability and usefulness of the proposed micro-Markov models.

1. Introduction

A k-out-of-n:G system (hereinafter referred to as koon system) is a redundant system where at least out of components (or channels) must be functional for the redundant system to be successful [1–3]. Due to the fault-tolerant ability of the koon system, it has been widely used in process industry, oil and gas industry, nuclear industry, and so forth. Reliability analysis for koon systems is a classic issue in reliability engineering. For the koon system with a single failure mode, it is easy to derive the system reliability whether the system could be repaired immediately or not [4]. However, many systems have multiple failure modes [5–8], which increases the complexity of the reliability analysis. A typical system with multiple failure modes is the safety instrumented system (SIS), which has been widely used in the process industry as an important protection layer to prevent hazardous events or mitigate their consequences [3, 9–11]. Due to the self-diagnostic function of the SIS, the dangerous failure of the SIS can be divided into dangerous detected (DD) failure and dangerous undetected (DU) failure. The DD failure, which is detected by the self-diagnostic function, can be repaired immediately. However, the DU failure can only be detected and repaired in the proof test. As the static unavailability is an important value in the reliability analysis for safety systems [9–25], this paper focuses on the static unavailability evaluation for koon systems with multiple failure modes.

There are many modeling techniques for unavailability analysis of koon systems with multiple failure modes, for example, simplified equations [9–15], reliability block diagram (RBD) [16], fault tree analysis (FTA) [17, 18], and Markov analysis (MA) methods [19–21]. Rouvroye and Van den Bliek [22] compared these techniques and obtained the following conclusion: FTA and RBD are intuitive and easy to model; however, a new model has to be established for evaluating a new parameter by FTA and RBD. MA covers most aspects that affect reliability and can describe the dynamic transitions among different system states. Therefore, the MA method has been widely used in the unavailability analysis of complex systems [19–25]. However, the states of Markov models increase explosively as the system becomes more complex, and it is fallible and time-consuming to create Markov models manually. Knegtering and Brombacher [19] proposed micro-Markov models for quantitative safety assessment for SISs, where the RBD of the system is first developed and redefined, and then the micro-Markov models are established from the redefined RBD. However, how to derive the failure rates and repair rates of the newly developed micro-Markov models has not been presented in detail. Guo and Yang [21] presented an automatic Markov modeling method to reduce the burden of computation, where the states that have identical transition rates to common states are merged. However, the states with nonidentical transition rates have not been merged.

Another issue about the micro-Markov models is to transform the nonrepairable failure into the repairable failure. If the failure modes are all nonrepairable, the system reliability can be addressed by the classical probability analysis methods, for example, RBD method [15]. Otherwise, if the failure modes are all repairable, Markov models could be used. However, many systems include repairable and nonrepairable failure modes simultaneously, which is called hybrid failure modes in this paper. Take the SIS for example; the DU failure can be regarded as the nonrepairable failure mode which is only repaired in the proof test, while the DD failure is repairable. For the hybrid failure modes, using the MA method directly could result in heavy computation to derive the analytical formulas of reliability since the system is trapped in the absorbing state of the nonrepairable failure.

There are two main ways to solve this problem. The first way is regarding the repairable failure as a failure with static failure probability, and thus the system reliability can be analyzed by the FTA method [17]. However, it is complex to build the fault trees for highly redundant systems. The second way is transforming the nonrepairable failure as the repairable failure, which is called the approached MA method in [23, 24]. The approached MA method has already been applied to the low redundant system, for example, 1oo1 system, 1oo2 system, and 2oo3 system [20, 23–26], and the accuracy is satisfied. However, whether the approached MA method could be applied to the highly redundant system and how to derive the approached Markov models for a general koon system have not been presented in detail.

From the above review of the related researches, it can be observed that there are two main issues remaining to be solved. The first is how to merge the states for the koon systems with multiple failure modes, which is central to the micro-Markov models. The second is how to transform the nonrepairable failure as the repairable failure for the general koon system. In response to these two issues, a property about applying the Markov models to the repairable system with a single failure mode is first presented. Based on this property, we present a rule for transforming the nonrepairable failure to a repairable failure for the general koon system. This is the first contribution of this paper. Secondly, the states of the koon system with multiple failure modes are merged, and thus the koon system with multiple failure modes can be transformed to that with a single failure mode. A property regarding this transformation is proposed. This is the second contribution of this paper since the states can be merged reasonably. Then, two rules are proposed for implementing the micro-Markov models based on these two properties. Additionally, we present a case study about the safety integrity verification of the SIS and obtain the simplified equations. Finally, a conceptual comparison and a numerical example are presented to illustrate the application and usefulness of the proposed method.

The remainder of this paper is organized as follows. Section 2 introduces the associated acronyms, notations, and assumptions. Section 3 presents two properties about applying the Markov models to the repairable system and proposes the mechanism regarding how to merge the states for a general koon system. In Section 4, we apply the results obtained in Section 3 to a case study about the safety integrity verification for the SIS and provide a numerical example to illustrate the application and usefulness of the proposed method. Section 5 concludes the paper with a discussion.

2. Acronyms, Notations, and Assumptions

2.1. Acronyms

CCF: common cause failure DD: dangerous detected failure DU: dangerous undetected failure FTA: fault tree analysis koon: k-out-of-n:G system MA: Markov analysis RBD: reliability block diagram SIL: safety integrity level SIS: safety instrumented system.

2.2. Notations

: number of combinations of size “k” from a set with “n” components : number of permutations of size “k” from a set with “n” components : dangerous diagnostic coverage coefficient : failure probability function, MDT: mean down time MRT: mean repair time MTTR: mean time to restoration : the steady state probability of state j : probability of dangerous failure on demand PFD_avg: average probability of dangerous failure on demand : the mean time when the system failure due to the undetected failures occurs over the interval [0, ] : the duration of time after system failure due to the undetected failures : proof test interval : dangerous failure rate : dangerous detected failure rate : dangerous undetected failure rate : repair rate for dangerous detected failure : the repair rate for a koon system from state j to state : the repair rate for a koon system from state j to state with considering the CCF : beta factor for DU failures : beta factor for DD failures.

2.3. Assumptions

(i)All the components in a koon system are identical and independent.(ii)The failure modes in one component are identical with those in other components (i.e., with the same failure rates and repair rates).(iii)The failure modes in one component are independent of each other and independent of the failure modes in other components.(iv)The unrepairable failure mode can only be detected in a proof test (), and if detected it is repaired in the time of MRT (mean repair time).(v)The repairable failure mode can be detected and repaired immediately. If the repairable failure of a component is being repairing, the component is not functioning.

3. Modeling koon Systems by the Micro-Markov Models

3.1. A Property of Modeling koon Systems with a Single Repairable Failure Mode

In this subsection, we use the Markov models to model the koon system with a single repairable failure mode and derive a property of the modeling process. The property is summarized in the following proposition. The proposition is based on the assumption that the failure of any component is independent of other components.

Proposition 1. For a koon system, letλ andμ be, respectively, the failure rate and repair rate of a single component and let be the repair rate from the state with failed components to the state with failed components as shown in Figure 1. (The repair rate from the state with failed components to the state with failed components is affected by the dependence of the repairs. If there are repair crews existing, then . If only one repair crew exists, then . To represent a general condition, we use to describe the failure rate.) Then the following holds.

(1)The mean down time (MDT) of a 1oon system () is . (2)For any koon system, , where represents the MDT of a 1ooj system.

Proof. For a 1oon system, the system fails only in state and the MDT of the 1oon structure is 1/. For a koon system as shown in Figure 1, it can be observed that when the process enters state with faults, the repair team will start repairing and will bring the system to state after a mean repair time of 1/. As the failure components are independent of the other working components, the mean repair time from state to state (1/) is equal to the MDT of a 1ooj system. This completes the proof.

The second result of Proposition 1 demonstrates the relationship between the repair rates and the MDTs of the 1-out-of-j systems. This relationship provides a reasonable way to transform the nonrepairable failure to the repairable failure or to combine the multiple failure modes to a single failure mode. Based on Proposition 1, we propose novel micro-Markov models in the following subsection.

3.2. Micro-Markov Models for koon Systems with Multiple Repairable Failure Modes

As mentioned above, multiple failure modes exist widely in redundant systems. Therefore, it is necessary to combine the multiple failure modes to reduce the burden of computation. In the following, we first propose micro-Markov models for koon systems with two repairable failure modes as illustrated in Proposition 2. The assumption of Proposition 2 is that the failure and repair of any component are independent of that of other components.

Proposition 2. For a koon system, each component has two failure modes with failure rates and , and the repair rates of the two components are and , respectively. The state unavailability of the koon system with two failure modes equals a transformed koon system with a single failure mode, whose failure rate and failure rate are and , respectively. Moreover, the transformed koon system has independent failure and repair rate.

Proof. As the derivation of Proposition 2 changes due to the size of the system, we only give detailed derivation for a duplicate system for an illustrative purpose. The derivation for other systems, for example, one component system and triplicate system, is similar. The Markov states transition diagram for a duplicate system is shown in Figure 2.
From Figure 2(a), we derive the transition matrix for the original duplicate system as follows:
Let represent the steady state probability of state for the original duplicate system; then, we have
By solving the above equations, we have
From Figure 2(b), let represent the steady state probability of state for the transformed duplicate system; the following result can be obtained after some manipulations:
Substituting and into (4) yields
This completes the proof.

(a)

(b)

Proposition 2 is based on the result of Proposition 1. To transform the multiple failure modes to a single failure mode, the MDT of any 1-out-of-j system is calculated by adding the individual MDTs of the two failure modes, that is, and , in direct proportion to each failure’s contribution to the failure probability of the system. Thus, we have

Similar procedure to derive the system MDT has also been presented in Chapter 9.3 in [27]. Let ; that is, ; the novel koon system with a single failure mode can be derived.

Proposition 2 demonstrates how to transform the koon system with two failure modes to that with a single failure mode. It can also be generalized to the koon system with multiple failure modes, which is summarized in Proposition 3.

Proposition 3. For a koon system, each component has failure modes with failure rates , and the repair rates of these failure modes are . The state unavailability of the koon system with multiple failure modes equals the transformed koon system with a single failure mode, whose failure rate and the inverse of the failure rate are and , respectively. Moreover, the transformed koon system has independent failure rates and repair rates.

Proof. Mathematical induction is used to prove Proposition 3. From Proposition 2, it can be observed that the koon system with two failure modes is equivalent to the transformed system with a single failure mode. Assume that the koon system with failure modes is equivalent to the transformed system with a single failure mode with failure rate and repair rate, whose inverse is . Therefore, the koon system with failure modes can be transformed to the system with two failure modes. The failure rates of the two transformed modes are, respectively, and , and the repair rates are and . Based on Proposition 2, the two failure modes of the transformed system could continue to be combined, and thus the failure rate and repair rate of the final transformed system can be written as follows:
This completes the proof.

Compared with Proposition 1, Propositions 2 and 3, add an assumption that the repair rates are independent. In other words, Propositions 2 and 3 are correct on condition that there are repair crews for a koon system. Although Propositions 2 and 3 may not be strictly correct when the repair rates are not independent, it provides a reasonable way to combine the multiple modes together.

3.3. The Rules of the Micro-Markov Models

Overall, from the above analysis of applying the Markov models to koon systems with multiple failure modes, we obtain two rules of the micro-Markov modes.

Rule 1. For a koon system, the repair rate from the state with failed components to the state with failed components can be represented by the inverse of the MDT of the 1-out-of-j system.

Rule 2. For a koon system with failure modes, it can be transformed to a novel system with a single failure mode. The failure rate and repair rate of the transformed system fit the following criteria:

Note that Rule 1 is strictly correct for the repairable system and Rule 2 is strictly correct for the repairable system with multiple independent failure modes. However, whether these rules could derive satisfactory results for the system with nonrepairable failure modes or hybrid failure modes has not been demonstrated; we address this issue in the next section through a case study.

4. A Case Study

4.1. Safety Integrity Level Verification

Safety instrumented systems (SISs) are widely used in the process industry as an important protection layer to prevent hazardous events or mitigate their consequences. Safety integrity level (SIL) is proposed to measure how well a SIS performs its intended function by the safety standards: IEC 61508 and IEC 61511 [9, 10]. And SIL verification is to verify that whether the reliability of the SIS meets the required level. For the low demand mode of SIS operation, the SIL of a SIS is defined in terms of the average probability of failure on demand (PFD_avg), which could be represented by the static unavailability of the system. The relation between the SIL and the PFD_avg is shown in Table 1.

The PFD_avg evaluation is concerned with the voting logic of the redundant systems, failure rates, diagnostic coverage, proof test interval, common cause failure (CCF), and some other factors [3]. Since the SIL verification is provided as a case study to validate the results of the micro-Markov models, we mainly consider the dangerous failure and its repair time. The dangerous failure with failure rate means the failure to perform the protective function when required. Due to the self-diagnostic function of SIS, the dangerous failure can be divided into DU failure and DD failure with the failure rates of and , respectively. Consider

Additionally, diagnostic coverage of dangerous failure (DC_D), expressed as a percentage, is represented by the ratio of DD failure to the total dangerous failure.

As discussed previously, the repair mechanisms of the DU failure and DD failure are different; thus it is difficult to derive the analytical PFD_avg by using Markov models directly. Therefore, the simplification equations of PFD_avg have been presented, for example, the typical simplified equations by IEC 61508. However, since IEC 61508 does not give detailed explanations of calculations, which are difficult to understand for common safety engineers. Even in the IEC 61508 committee, the issues, how to calculate and which models should be used, are controversial [4].

In order to give detailed explanations to the simplified equations by IEC 61508, Zhang et al. [20] redefined the equivalent MDT of the undetected failure and derived the equivalent MDTs of 1oo1 and 1oo2 architectures. Then, the PFD value of a few typical architectures was calculated by the MA method. Guo and Yang [16] calculated the equivalent MDT by using the ratio of steady failure probability to the steady failure frequency and evaluated the PFD value for the most used architectures by the RBD method. However, these obtained results are different from the equations given by the IEC 61508 standard [9], which may confuse the safety engineers. Innal [23] explained the analytical formulas presented in the IEC 61508 by the approached Markov model. This paper attempts to solve this problem by the two rules of the micro-Markov models proposed in Section 2. The key issue of the micro-Markov models is to derive the repair rate of the states, which is handled in the next subsection.

4.2. Equivalent MDT

From Rule 1, it can be observed that the repair rate is determined by the MDT of the 1oon system. As the DD failure is repairable, we first calculate the MDT of the DU failure, which is called equivalent MDT time for the SISs. It is assumed that the DU failure is only detected in the proof test with the interval of . The MDT is generated from the time of the DU failure to the proof test and the repair time, as shown in Figure 3. In the figure, t is the time when the DU failure occurs, MRT is the mean repair time if the DU failure is detected in the proof test, t_a is the mean time when system failure due to the DU failures occurs over the interval [0, ], and is the duration of the down time.

Zhang et al. [20] gave a clear definition of the equivalent MDT for the DU failure and provided the result of the equivalent MDT for the 1oo1 system and 1oo2 system. However, it is not applicable to the case when the system size changes. Thus, we attempt to calculate the equivalent MDT for a common 1-out-of-n system.

For a 1oon system, the cumulative distribution function for the DU failure is

Hence, the mean time when system failure due to the DU failures occurs over the interval [0, ] (t_a) can be formulated as

Set u = and x = ; then we get

Since x = 1, t_a can be approximately calculated as

From (13), it can be observed that the approximate value of t_a is independent of .

Referring to Figure 3, the approximation of the equivalent MDT of DU failures for a 1-out-of-n system is

The DD failure is detected by the self-diagnostic function of SISs and can be repaired immediately in the time of MTTR, which denotes the mean time to restoration for the DD failure. It is assumed that the failure and repair rate of the DD failure are independent. Thus, from Proposition 1, the MDT of DD failures for the 1-out-of-n system can be formulated as

Based on Rule 2, the equivalent MDT of the combined two failure modes for the 1-out-of-n system () can be calculated based on the law of total probability. It is composed of the MDT of the DU failure with a conditional probability / and the MDT of the DD failure with a conditional probability /. Then, we have

After determining the component equivalent MDT for the 1-out-of-n system, the repair rate can be represented by the inverse of the equivalent MDT. Then, the of the koon system can be analyzed, as illustrated in the next subsection.

4.3. PFD_avg Calculation by Micro-Markov Models

For the koon system, the system fails when at least components fail. The micro-Markov state transition diagram could be represented by Figure 1. Let () represent the steady state probability; from Figure 1, we derive the transition matrix as follows:where is inverse of .

Let represent the steady state probability of state ; then we have

By solving the above equations, we have

Then, the PFD_koon can be written as

4.4. PFD_avg Calculation with Considering the CCF

Common cause failure (CCF) is a phenomenon which mitigates the effects of redundancy, and thus it often plays a dominating role for the unavailability of a koon system. CCF is a dependent failure when two or more redundant components fail simultaneously or within a short time interval, due to a shared cause. There are several models for quantification of CCF in SISs, such as β-factor model [9], multiple beta factor (MBF) [28, 29] model, and the PDS model [30]. The β-factor model, as suggested by IEC 61508, is the most popular CCF model due to its simplicity. The β-factor represents the fraction of the total failure rate that can cause all channels to fail. Therefore, the existence of CCF splits the DD failure and DU failure into independent failure parts and CCF parts, which can be, respectively, expressed as follows:

If the β-factor model is used to model CCF, the CCF part can be regarded as an independent part with the independent failures in the reliability block diagram of the koon system and thus the CCF can be included as an add-on to the system unavailability. Then, the PFD_koon with CCF can be calculated as where and + . The derived equations of PFD_koon in (20) and (22) can also be regarded as simplified equations for the SIL verification.

4.5. Conceptual Comparison

From the above derivation of the PFD_koon, it can be observed that there are two main steps of transforming the DU failure and DD failure into a single failure mode. The first is transforming the DU failure as a repairable failure. The second is combining the two failure modes to a single failure mode. In order to compare the results of the micro-Markov models with the actual results, we present a conceptual comparison in this subsection. As the unavailability equations of the CCF part are the same in different methods, we only compare the independent part of the unavailability. The numerical comparison of some typical koon systems is presented in the next subsection.

Firstly, the results of transforming the DU failure into a repairable failure are compared with the actual results. For the DU failure, the exact results can be derived by the classic probability method, for example, the RBD method or the FTA method. To implement the comparison, the mean repair time of is assumed to be zero (i.e., MRT = 0) and the CCF is not considered (i.e., β = 0 and = 0). Then, we propose the following proposition.

Proposition 4. Let and represent the PFD_avg calculated by the transformed Markov models and the classic probability method, respectively; then, the following holds on condition that :(1);(2).

Proof. Let () represent the steady state probability; from Figure 1 and (19), we can obtain that where . Then, the can be written as
For the SIS, it is generally known that ; thus . Then, we have
It follows that
Additionally, the exact results derived by the classic probability method could also be simplified as [27, 31]
This completes the proof.

Proposition 4 indicates that when , the transformation of the nonrepairable failure to the repairable failure leads to satisfactory results. In the following, we demonstrate the effect of combining the DU failure and DD failure to a single failure mode. The comparison is made when only one type of failure exists. The results are summarized in Proposition 5.

Proposition 5. The results of PFD_koon evaluated by the micro-Markov models when only one type of failure exists are consistent with the results by the classic probability when only one type of failure is considered.

Proof. For the SIS, it is generally known that ; thus the in (20) can be simplified as
If λ_DD = 0 and MRT = 0, (28) can be simplified as
It is in accord with the results by the classic probability method when the DU failure is only considered; see (27).
If λ_DU = 0, (28) can be simplified as
It is consistent with the results by the classic probability method; see [31]. This completes the proof.

From Proposition 5, it can be observed that when only one type of failure exists, the results via the micro-Markov models are in accord with the results when only one type of failure is considered. We further compare the simplified equations through some typical koon systems when only one type of failure exists. The simplified equations are illustrated in Tables 2 and 3. The equations presented by [4] are deduced when only one type of failure is considered, which are also consistent with the equations presented by Smith [31] and Rausand and Høyland [27]. It can be observed that only the simplified equations derived in this paper are equal to the equations presented in [4].

The reason why different results are obtained by different references can be explained as follows. The equivalent MDT of a component or the group is an approximation. Different approximation assumptions could obtain different results. Take the 1oo2 system for instance; the group equivalent MDT is approximately equal to (see (16)). However, the approximate results from IEC 61508 [16, 20] are , , and + , respectively. Therefore, the controversial results are obtained. However, regardless of approximation process, the results by combining the failure modes should be consistent with those when only one type of failure modes is considered. Thus, the group equivalent MDTs in these references have not been accurately approximated. This verifies the results via micro-Markov models to some extent.

4.6. Numerical Comparison

In this experiment, we compare the results by the micro-Markov models with some classic probability methods. Similar to the above subsection, the transformation of the DU failure to a repairable failure is first compared. For simplicity, the calculation of PFD_avg by the classic probability method, the presented micro-Markov model in this paper (i.e., (20)), and the simplified equations presented by IEC 61508 are referred to as , , and , respectively. To compare these methods, the is regarded as a basic method and the relative error is used to implement the comparison. The relative error expressed as a percentage is represented by the ratio of the difference between the result of and (or ) to that of .

We consider a triple system for an illustrative purpose. With different proof test intervals, the value of changes from 0.033 to 0.263. The compared results are illustrated in Table 4, where RE1 and RE2 represent the relative error of and , respectively. In Table 4, it can be observed that the relative error increases with the increase of the value of for any koon system and the relative error of is always smaller than that of . This implies that obtains more accuracy results than . When the value of is small (e.g., λ_DUT₁ = 0.033), the relative error of and is able to meet the accuracy requirements. However, for the case that = 4 years, that is, = 0.263, the relative error of for 3oo3 system is −27.9%. In such circumstances, for , the methods which have more fundamental principles, for example, FTA or RBD method, should be used.

In the following, we utilize the method presented in [17] as a basic method to perform the comparison, which has more fundamental principles for the SIS. The method presented in [17] assumes that the unavailability caused by the DD failure is a constant value denoted by . However, the constant value is directly added to the instantaneous unavailability, which is an approximate value. Take the 1oo1 system for example; we have . However, when , the unavailability equals . This is not consistent with the assumption that the unavailability is less than or equal to 1. Thus, in this paper, we remedy this deficiency as follows. Essentially, the constant value can be regarded as a static failure probability. Thus, the instantaneous unavailability can be represented as = . This is consistent with the assumption. For simplicity, the method presented in [17] is referred to as . Table 5 gives the compared results, where the value of DC_D changes from 25% to 75%. It is shown that the relative error of is always smaller than that of . And the maximum value of the relative error of is 2.67%, which could satisfy the accuracy requirements. Overall, the presented method could obtain the desired results for the SIL verification and can be potentially applied to other koon systems.

5. Concluding Remarks

This paper proposes micro-Markov models for the reliability analysis of koon systems with multiple failure modes. Two rules are proposed to implement the micro-Markov models. For the repairable koon systems with multiple independent failures and repairs, the micro-Markov models could derive the same results with the basic Markov models. For the koon systems with hybrid failure modes, approximated and satisfied results could be obtained by the micro-Markov models. A case study regarding the SIL verification for the SIS indicates that when only one type of failure modes exists, the results derived by the micro-Markov models are consistent with the results by the classic probability method when only one type of failure modes is considered. When the DU failure and the DD failure both exist, the results are approximately equal to the results by the methods with more fundamental principles. Additionally, simplified equations are presented for the SIL verification. In summary, the micro-Markov models can be applied to the koon systems with multiple failure modes.

In this paper, we mainly discuss how to develop the micro-Markov models for the koon systems with multiple failure modes. However, we only use the simple beta factor model to model CCF, which could not distinguish between different koon systems. To improve the accuracy of modeling CCF, more advanced CCF models (e.g., the MBF model) should be used, and how to use the micro-Markov models with the MBF model needs to be further exploited. Additionally, as the koon system normally works in a finite time zone, it obtains a pessimistic evaluation by using the static unavailability of the repairable failure to represent the average unavailability in the finite time zone. To derive a better evaluation in a finite time zone, the time independent Markov method should be used. However, for the koon system with multiple failure modes, especially for the system with hybrid failure modes, it is different to obtain the exact and closed form solution of the system unavailability. This may encourage the research that is reducing the computation complexity of the time-independent unavailability for koon systems.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This work was supported by the National Science Foundation of China under Grant 41174162.

References

S. Eryilmaz, “Consecutive k-within-m-out-of-n:F system with nonidentical components,” Mathematical Problems in Engineering, vol. 2012, Article ID 106359, 8 pages, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
R. Moghaddass, M. J. Zuo, and W. Wang, “Availability of a general k-out-of-n:G system with non-identical components considering shut-off rules using quasi-birthdeath process,” Reliability Engineering & System Safety, vol. 96, no. 4, pp. 489–496, 2011.
View at: Publisher Site | Google Scholar
M. Rausand, Reliability of Safety-Critical Systems: Theory and Applications, Wiley Online Library, John Wiley & Sons, New York, NY, USA, 2014.
J. V. Bukowski, “A comparison of techniques for computing PFD average,” in Annual Reliability and Maintainability Symposium, 2005 Proceedings: The International Symposium on Product Quality and Integrity, pp. 590–595, usa, January 2005.
View at: Google Scholar
S. Wang, “Reliability model of mechanical components with dependent failure modes,” Mathematical Problems in Engineering, vol. 2013, Article ID 828407, 6 pages, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
Q. Yang, Y. Hong, Y. Chen, and J. Shi, “Failure profile analysis of complex repairable systems with multiple failure modes,” IEEE Transactions on Reliability, vol. 61, no. 1, pp. 180–191, 2012.
View at: Publisher Site | Google Scholar
J. Wu, S. Yan, and L. Xie, “Reliability analysis method of a solar array by using fault tree analysis and fuzzy reasoning Petri net,” Acta Astronautica, vol. 69, no. 11-12, pp. 960–968, 2011.
View at: Publisher Site | Google Scholar
J. Wu and S. Yan, “An approach to system reliability prediction for mechanical equipment using fuzzy reasoning Petri net,” Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 2013.
View at: Publisher Site | Google Scholar
IEC 61508, "Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, International Electrotechnical Commission, Geneva, Switzerland, 2nd edition, 2010.
IEC 61511, Functional Safety: Safety Instrumented Systems for the Process Industry Sector, International Electrotechnical Commission, Geneva, Switzerland, 2003.
H. Jin, M. A. Lundteigen, and M. Rausand, “Reliability performance of safety instrumented systems: a common approach for both low- and high-demand mode of operation,” Reliability Engineering & System Safety, vol. 96, no. 3, pp. 365–373, 2011.
View at: Publisher Site | Google Scholar
L. F. Oliveira and R. N. Abramovitch, “Extension of ISA TR84.00.02 PFD equations to KooN architectures,” Reliability Engineering & System Safety, vol. 95, no. 7, pp. 707–715, 2010.
View at: Publisher Site | Google Scholar
J. K. Vaurio, “Unavailability equations for k-out-of-n systems,” Reliability Engineering & System Safety, vol. 96, no. 2, pp. 350–352, 2011.
View at: Publisher Site | Google Scholar
H. Jin, M. A. Lundteigen, and M. Rausand, “New PFH-formulas for k-out-of-n:F-systems,” Reliability Engineering & System Safety, vol. 111, pp. 112–118, 2013.
View at: Google Scholar
H. Jin and M. Rausand, “Reliability of safety-instrumented systems subject to partial testing and common-cause failures,” Reliability Engineering & System Safety, vol. 121, pp. 146–151, 2014.
View at: Google Scholar
H. Guo and X. Yang, “A simple reliability block diagram method for safety integrity verification,” Reliability Engineering & System Safety, vol. 92, no. 9, pp. 1267–1273, 2007.
View at: Publisher Site | Google Scholar
A. C. Torres-Echeverría, S. Martorell, and H. A. Thompson, “Modeling safety instrumented systems with MooN voting architectures addressing system reconfiguration for testing,” Reliability Engineering & System Safety, vol. 96, no. 5, pp. 545–563, 2011.
View at: Publisher Site | Google Scholar
Y. Dutuit, F. Innal, A. Rauzy, and J.-P. Signoret, “Probabilistic assessments in relationship with safety integrity levels by using Fault Trees,” Reliability Engineering & System Safety, vol. 93, no. 12, pp. 1867–1876, 2008.
View at: Publisher Site | Google Scholar
B. Knegtering and A. C. Brombacher, “Application of micro Markov models for quantitative safety assessment to determine safety integrity levels as defined by the IEC 61508 standard for functional safety,” Reliability Engineering & System Safety, vol. 66, no. 2, pp. 171–175, 1999.
View at: Publisher Site | Google Scholar
T. Zhang, W. Long, and Y. Sato, “Availability of systems with self-diagnostic components—applying Markov model to IEC 61508-6,” Reliability Engineering & System Safety, vol. 80, no. 2, pp. 133–141, 2003.
View at: Publisher Site | Google Scholar
H. Guo and X. Yang, “Automatic creation of Markov models for reliability assessment of safety instrumented systems,” Reliability Engineering & System Safety, vol. 93, no. 6, pp. 829–837, 2008.
View at: Publisher Site | Google Scholar
J. L. Rouvroye and E. G. Van den Bliek, “Comparing safety analysis techniques,” Reliability Engineering & System Safety, vol. 75, no. 3, pp. 289–294, 2002.
View at: Publisher Site | Google Scholar
F. Innal, Contribution to modelling safety instrumented systems and to assessing their performance critical analysis of iec 61508 standard [Ph.D. thesis], University of Technology, 2008.
F. Innal, Y. Dutuit, A. Rauzy, and J.-P. Signoret, “New insight into the average probability of failure on demand and the probability of dangerous failure per hour of safety instrumented systems,” Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, vol. 224, no. 2, pp. 75–86, 2010.
View at: Publisher Site | Google Scholar
Y. Liu and M. Rausand, “Reliability assessment of safety instrumented systems subject to different demand modes,” Journal of Loss Prevention in the Process Industries, vol. 24, no. 1, pp. 49–56, 2011.
View at: Publisher Site | Google Scholar
J. V. Bukowski and I. Van Beurden, “Impact of proof test effectiveness on safety instrumented system performance,” in Annual Reliability and Maintainability Symposium (RAMS '09), pp. 157–163, January 2009.
View at: Publisher Site | Google Scholar
M. Rausand and A. Høyland, System Reliability Theory: Models, Statistical Methods, and Applications, Wiley Series in Probability and Statistics, John Wiley & Sons, Hoboken, NJ, USA, 2nd edition, 2004.
View at: MathSciNet
P. Hokstad and K. Corneliussen, “Loss of safety assessment and the IEC 61508 standard,” Reliability Engineering & System Safety, vol. 83, no. 1, pp. 111–120, 2004.
View at: Publisher Site | Google Scholar
P. Hokstad, A. Maria, and P. Tomis, “Estimation of common cause factors from systems with different numbers of channels,” IEEE Transactions on Reliability, vol. 55, no. 1, pp. 18–25, 2006.
View at: Publisher Site | Google Scholar
S. Hauge, M. A. Lundteigen, P. Hokstad, and S. Habrekke, “Reliability prediction method for safety instrumented systems-PDS method handbook, 2010 edition,” SINTEF report STF50 A, vol. 6031, 2010.
View at: Google Scholar
D. Smith, Reliability, Maintainability and Risk-Practical Methods for Engineers, Elsevier Butterworth-Heinemann, Burlington, Mass, USA, 2005.

Copyright

Copyright © 2014 Shengjin Tang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1910

Downloads

1492

Citations