Dependability analysis of systems with on-demand and active failure modes, using dynamic fault trees

Safety systems and protection systems can experience two phases of operation (standby and active); an accurate dependability analysis must combine an analysis of both phases. The standby mode can last for a long time, during which the safety system is periodically tested and maintained. Once a demand occurs, the safety system must operate successfully for the length of demand. The failure characteristics of the system are different in the two phases, and the system can fail in two ways: (1) it can fail to start (fail on-demand), or (2) it can fail while in active mode. Failure on demand requires an availability analysis of components (typically electromechanical components) which are required to start or support the safety system. These support components are usually maintained periodically while not in active use. Active failure refers to the failure while running (once started) of the active components of the safety system. These active components can be fault tolerant and use spares or other forms of redundancy, but are not maintainable while in use. The approach, in this paper, automatically combines the "availability analysis of the system in standby mode" with the "reliability analysis of the system in its active mode." The general approach uses an availability analysis of the standby phase to determine the initial state probabilities for a Markov model of the demand phase. A detailed method is presented in terms of a dynamic fault-tree model. A new "dynamic fault-tree construct" captures the dependency of the demand-components on the support systems, which are required to detect the demand or to start the demand system. The method is discussed using a single example sprinkler system and then applied to a more complete system taken from the off-shore industry.

[1]  John Andrews,et al.  Dependency modelling using fault tree analysis , 1999 .

[2]  Ravishankar K. Iyer,et al.  Faults, symptoms, and software fault tolerance in the Tandem GUARDIAN90 operating system , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[3]  J. Dugan,et al.  A modular approach for analyzing static and dynamic fault trees , 1997, Annual Reliability and Maintainability Symposium.

[4]  Kishor S. Trivedi,et al.  An improved algorithm for symbolic reliability analysis , 1991 .

[5]  Mansoor Alam,et al.  Quantitative Reliability Evaluation of Repairable Phased-Mission Systems Using Markov Approach , 1986, IEEE Transactions on Reliability.

[6]  Lu Wei,et al.  Evaluation of fault-tolerant systems with nonhomogeneous workloads , 1989, [1989] The Nineteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[7]  V.V.S. Sarma,et al.  Phased-Mission Analysis for Evaluating the Effectiveness of Aerospace Computing-Systems , 1981, IEEE Transactions on Reliability.

[8]  J. D. Andrews,et al.  Analysis of systems with standby dependencies , 1998 .

[9]  Antoine Rauzy,et al.  New algorithms for fault trees analysis , 1993 .

[10]  Kishor S. Trivedi,et al.  Coverage Modeling for Dependability Analysis of Fault-Tolerant Systems , 1989, IEEE Trans. Computers.

[11]  Salvatore J. Bavuso,et al.  Dynamic fault-tree models for fault-tolerant computer systems , 1992 .

[12]  James A. Ritcey,et al.  Computationally-efficient phased-mission reliability analysis for systems with variable configurations , 1992 .