- Email: [email protected]
Difficulties in fault-tree synthesis for process plant
902
World Abstracts on Microclectronics and Reliability
equal, the procedures for scale alternative models and for proportional hazard models are valid. If the shape parameters are not equal, none of the procedures are appropriate and some more complicated method should be Used.
quantile) there will be two lognormal distributions, if there' are any.
Optimizattea of maintained systems. P: K. W. CrIAN and T. DowNs. IEEE Trans. Reliab: R-29 (1) 42 (April 1980). This paper formulates the problem of optimization of maintained systems with constraints on both availability and mean cycle-time. The objective function is the sum of recurring and nonrecurring costs. An example is solved using Fletcber's ideai-penalty-function algorithm which is also briefly described.
Achieving high reliability in sonar power supplies. JF.~OMEC. BOBROWSKI. Prec. Annual Reliability and Maintc~inability Symposium, San Francisco, p. 55 (22-24 January 1980). This paper presents a case history of the design process, testing, environmental screening and resultant measured reliability on the high reliability, militarized low-voltage power supplies (LVPS) used in the Navy's AN/BQQ-5 Sonar Set. There are twelve types and a total of 90 LVPS per Sonar Set. The Development tasks were conducted from March 1974 through November 1977 under contract with the US Navy at IBM's Federal Systems Division facility in Owego, New York. A key requirement was to design and build a LVPS capable of exceeding a Mean Time Between Failure (MTBF) of 100,000 hours.
Ground-hypotheses for beta distribution as Bayesian prior. A. G. Coi.o~mo and D. CONSTANTINI. IEEE Trans. Reliab. R-29 (1) 17 (April 1980): The paper discusses the problem of a reasonable basis for choosing a prior distribution for a probability. The beta distribution is derived on the basis of some ground-hypotheses. The limitations of the proposed approach and a simple application are discussed with reference to reliability. Reliability bounds for decomposable multi-component systems. N. SINGH and S. KUMAR. IEEE Trans. Reliab. R.29 (1) 22 (April 1980). This paper obtains lower and upper bounds for decomposable multi-component complex systems. Some particular cases are discussed. Log-rank vs x test for exponentiality. CRAYTONC. WALKER, DENNIS W. MCLEAVL:Yand WARREN ROGERS. IEEE Trans. Reliab. R-29 (1) 45 (April 1980). This paper appraises a convenient test sometimes recommended to determine whether a set of observations has been drawn from an exponential distribution with unknown mean. The test uses simple linear regression techniques. Historically, it has been used in an intuitive manner. The intuitive procedure usually involves plotting logarithms of the empirical Cdf against corresponding observed values, then "eyeballing" the plotted points for linearity, or intuitively determining whether r 2 calculated for the bivariate distribution is "high enough" or not. Using the objective procedure introduced in this paper, one regresses logarithms of ranks against observed values, calculates a standardized slope statistic, and checks this value against the tabled rejection region(s) provided. Our appraisal of the s-power of the objective log-rank test suggests that it is less s-powerful than competing tests (W, S*, D*) at larger sample sizes. Its relative performance appears to improve somewhat for smaller sample sizes. It seems fair to describe the objective log-rank test as a medium-grade test. Therefore, the practitioner should use the competing tests, unless samples are small, or practical considerations, such as convenience, are decisive in some particular situation. If convenience is important, then the log-rank test with the standardized slope used as the test statistic is an attractive option. The use of the log-rank test in its intuitive form is not recommended at all, since it very likely inclines the practitioner too often to accept the exponential hypothesis when false. On the specification of repair time requirements. Sltlgxg~ E. EMOTe and PAx E. SCHAn~. IEEE Trans. Reliab. R-29 (1) 13 (April 1980). When specifying maintainability requirements, it is widely accepted practice (virtually universal in US military and DoD specifications) to specify the meantime-to-repair and a "maximum" quantile of the repair time distribution. This practice is unsatisfactory for the lognormal distribution of repair times because: (1) As is well-known, it may be that for a given pair (mean, quantile) there is no lognormal distribution. (2) As is not so well-known, for a given pair (mean,
In short, the specification of a mean and a quantile does not uniquelydctermine a single iognormal distribution.
A generalized computer program for the estimation of the optimum number of trials for establishing a system reliability. V, SWAMINATHAN,S. RAJAGOPALANand C. M. CHACKO. QR J, India, 17 (January 1980). A problem of importance in proving the reliability of a system is the optimization of the number of trials (each with constant probability of success) to be carried out. This paper is concerned with (i) a numerical technique for determining the optimum number of trials, with all successes or with a few failures, to be carried out with a view to establishing a pre-assigned overall system reliability figure at a certain confidence level, and (ii) a computer program developed for doing the relevant calculations. Graphs, exhibiting the optimum number of trials to be made in such cases as a function of the reliability and confidence level percentages, are also included in the paper. Difficulties in fault-tree synthesis for process phmt. P. K. ANDOW. IEEE Trans. Reliab. R-29 (1) 2 (April 1980). This paper identifies a number of related difficulties, some of which are still unsolved. Attention is drawn to failings in the type of pressure-flow model commonly used in the literature. Difficulties also exist when published algorithms are applied to control loops. These are illustrated for simple and cascade control applications and discussed in some detail. Eight general conclusions are: 1. The concept of 2-way flow of information in failure models is important in certain situations, e.g. fluid flow. 2. The accuracy of failure models is generally low. This reflects the fact that much of the effort expended in systematic failure analyses has been heavily oriented towards algorithms. 3. Models used in failure analyses do not have to be comprehensive. Only the credible set of events is needed. 4. No always-satisfactory algorithm has been published for fault-tree synthesis where control loops are encountered. 5. The control loop problem is inextricably interlinked with the general difficulty that fault-tree methodology is primarily oriented to binary systems where the time dimension can be ignored. 6. Fault-tree methodology uses simple models to approximate system failures. If these failOres are complex then fault trees might not be suitable. The results of analyses involving complex failures must be treated with great care. 7. When fault-tree methodology is not completely suitable one ought to consider using a different technique altogether. The cause-consequence diagram might be appropriate since it can be used to study failure modes where time is important: 8. Algorithms must be carefully examined and properly validated before widespread use of computer-aided fault-tree
World Abstracts on Microelectronies and Reliability synthesis is attempted. If this is not done, computer-aided synthesis will fall into disrepute. Cost Imulyses for aviollks acquls~on. EDWARD F. TOOHL~ and ALB~,tTO B. CALVO. Prec. Annual Reliabilit~ and Maintainability Symposium, San Francisco, p. 85 (22-24 January 1980). The Design-to-Cost (DTC)/Lifc-Cycle Cost (LCC) coneept promulgated by the Department of Defense (DoD) for equipment acquisition programs requires that a long-term perspective be applied by the Acquisition Program Manager in the formulation of his acquisition plans. The planning should assure that the out year operations and support requirements are accorded the same degree of visibility during development as that given to production cost and technical performance. The paper reports on the types of cost, reliability and maintenance trade-off studies which are required to be performect in formulating an effective acquisition strategy. Sample study results are provided. A description of how the study results are used to focus on critical issues in the acquisition program is also provided. Because of the influence which such studies have in guiding the development of the acquisition strategy and test program structure, it is concluded that they should be considered an essential element in early program plans. Further, early emphasis in development on determination of potential cost drivers forms the basis for providing more precise guidance to equipment contractors regarding critical cost-sensitive areas of concern to the Government. An analysis of MIL-STD-471 test methods. DAVID A.
HelS~r.~ Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 43 (22-24 January 1980~. TWO test methods in MIL-STD-471A, which also appeared in a recent draft of MIL-STD-471B, were studied for actual consumers and producers risks, based on random data from lognormal distributions. The lognormal distributions used had parameter value ranges typical of that found in actual corrective maintenance data sets. The effect of distribution truncation was investigated and found to have a significant effect on producers risk. The results indicated that actual consumers and producers risks involved in the MIL-STD471 tests for the mean and sequential tests for both the mean and upper percentiles are considerably different from that stated and have a complex dependency on the shape of the lognormal distribution; the difference between the accept/reject requirement parameters and the inherent population parameters; and the degree and nature of the truncation that takes place with real data.
903
not only the design but also: the operation, the maintenance, and the administration of the total system. The N 0. 4 ESS was successfully introduced into the domestic and the international networks. In comparison to existing electromechanical systems, the No. 4 ESS has provided improved system operation and new service features at reduced cost. The design features for system maintenaneeand reliability have made it possible for craft personnel to maintain the system. The operating experience of 34 in-service No. 4 ESS offices is considered excellent. Computer-aided determination of tests for the detection aml Ioealigttion of faults in eleetroaie ciremts and systems. U. FRUHAUF and P. SLOV~G. Nachricbtentechnik Elektronik 30 4, 144 (1980). (In German). Computer-aided methods are used with advantage for the fault diagnostic in electronic circuits in order to design more effective test determination to enable the introduction of objective evaluation criteria. As methods applicable for all circuit classes are too expensive, the various calculation methods are examined as to their specific possibilities and optimum fields of application. The result of these examinations is a comparative analysis being more profound than the conventional examinations. Some facts about environmental stress screening. IRVING QUART and DEAN EVGERTON, JR. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 220 (22-24 January 1980). This paper describes environmental stress screening experiments performed at Hughes Aircraft Company during the past three years. The experiments performed at the module level involved large numbers of production hardware. Data is presented indicating techniques for selecting environments and optimizing stress levels and duration for the screening of module level assemblies. The differences in screen results are discussed as to hardware and manufacturing processes. Also, some results tend to refute some intuitive ideas that are the rationale for some current screening practices. Common cause faiinres--a dilemma in perspective. AN-'rHo~rr M. S~,ITH and IAN A. WATSON. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 332 (22-24 January 1980). This paper identifies the broad spectrum of Common Cause Failure (CCF) definitions used by various authors. These definitions, as applied to real aircraft and nuclear reactor failure events, lead to a divergence of interpretation and a resultant confusion that obscures meaningful progression in CCF analysis. A newdefinition is proposed, explained, and tested against the examples. Technical as well as Administrative Practices are cited as ways to control or eliminate the product defects that lead to CCF.
A study of three environmemal reliability tests. JOHN C. WARNER. Prec. Annual Re.liability and Maintainability Symposium, San Francisco, p. 226 (22-24 January 1980). This paper is written to discuss the results of three types of mission profile tests conducted at Wright-Patterson Air Force Base, Ohio, on one of the Air Force's more recent pieces of avionics. Of the three tests performed, one was conducted using the environmental data as dictated in MILSTD-781C Appendix B, the other two tests were conducted using the Combined Environment Reliability Test (CERT). To evaluate the effect of altitude (which is not a part of the MIL-STD-781C test), one of the CERT tests was done without altitude simulation. The conclusions drawn from the tests show that CERT more accurately predicted field reliability.
Reliability problems with the store switching circuit U 253. D. GROS,~ and B. JUNGHANSt.Nacbrichtenteehnik Elektronik 30 112 (1980). (In German). By the example of the dynamic store switching circuit U 253 it is dealt with the reliability problems with. large-scale integration switching circuits. Possible error mechanisms and measures for their prevention are represented. By means of the results of the authors and by evaluating relevant publications in the international literature it is proved that the requirements as to the operating failure rate can be attained only in steps over longer periods.
No. 4 ESS--RelinbUity end maintainability experience. P. K. GILOTH. Prec. Annual Reliability and Maintainability Symposium, San Francisco. p. 388 (22-24 January 1980). The development of the No. 4 Electronic Switching System (ESS) and its deployment in the North American and International toll switching networks were based on a comprehensive and evolutionary plan. This plan considered
Hardware and software: an analytical aEpronch. WmLL~M L. BUNCE. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 209 (22-24 January 1980). An approach to analyzing the interaction of hardware failure modes with computer software is described. The approach considers the software requirements, not the design or implementation and is an extension of the FMEA (failure
World Abstracts on Microclectronics and Reliability
equal, the procedures for scale alternative models and for proportional hazard models are valid. If the shape parameters are not equal, none of the procedures are appropriate and some more complicated method should be Used.
quantile) there will be two lognormal distributions, if there' are any.
Optimizattea of maintained systems. P: K. W. CrIAN and T. DowNs. IEEE Trans. Reliab: R-29 (1) 42 (April 1980). This paper formulates the problem of optimization of maintained systems with constraints on both availability and mean cycle-time. The objective function is the sum of recurring and nonrecurring costs. An example is solved using Fletcber's ideai-penalty-function algorithm which is also briefly described.
Achieving high reliability in sonar power supplies. JF.~OMEC. BOBROWSKI. Prec. Annual Reliability and Maintc~inability Symposium, San Francisco, p. 55 (22-24 January 1980). This paper presents a case history of the design process, testing, environmental screening and resultant measured reliability on the high reliability, militarized low-voltage power supplies (LVPS) used in the Navy's AN/BQQ-5 Sonar Set. There are twelve types and a total of 90 LVPS per Sonar Set. The Development tasks were conducted from March 1974 through November 1977 under contract with the US Navy at IBM's Federal Systems Division facility in Owego, New York. A key requirement was to design and build a LVPS capable of exceeding a Mean Time Between Failure (MTBF) of 100,000 hours.
Ground-hypotheses for beta distribution as Bayesian prior. A. G. Coi.o~mo and D. CONSTANTINI. IEEE Trans. Reliab. R-29 (1) 17 (April 1980): The paper discusses the problem of a reasonable basis for choosing a prior distribution for a probability. The beta distribution is derived on the basis of some ground-hypotheses. The limitations of the proposed approach and a simple application are discussed with reference to reliability. Reliability bounds for decomposable multi-component systems. N. SINGH and S. KUMAR. IEEE Trans. Reliab. R.29 (1) 22 (April 1980). This paper obtains lower and upper bounds for decomposable multi-component complex systems. Some particular cases are discussed. Log-rank vs x test for exponentiality. CRAYTONC. WALKER, DENNIS W. MCLEAVL:Yand WARREN ROGERS. IEEE Trans. Reliab. R-29 (1) 45 (April 1980). This paper appraises a convenient test sometimes recommended to determine whether a set of observations has been drawn from an exponential distribution with unknown mean. The test uses simple linear regression techniques. Historically, it has been used in an intuitive manner. The intuitive procedure usually involves plotting logarithms of the empirical Cdf against corresponding observed values, then "eyeballing" the plotted points for linearity, or intuitively determining whether r 2 calculated for the bivariate distribution is "high enough" or not. Using the objective procedure introduced in this paper, one regresses logarithms of ranks against observed values, calculates a standardized slope statistic, and checks this value against the tabled rejection region(s) provided. Our appraisal of the s-power of the objective log-rank test suggests that it is less s-powerful than competing tests (W, S*, D*) at larger sample sizes. Its relative performance appears to improve somewhat for smaller sample sizes. It seems fair to describe the objective log-rank test as a medium-grade test. Therefore, the practitioner should use the competing tests, unless samples are small, or practical considerations, such as convenience, are decisive in some particular situation. If convenience is important, then the log-rank test with the standardized slope used as the test statistic is an attractive option. The use of the log-rank test in its intuitive form is not recommended at all, since it very likely inclines the practitioner too often to accept the exponential hypothesis when false. On the specification of repair time requirements. Sltlgxg~ E. EMOTe and PAx E. SCHAn~. IEEE Trans. Reliab. R-29 (1) 13 (April 1980). When specifying maintainability requirements, it is widely accepted practice (virtually universal in US military and DoD specifications) to specify the meantime-to-repair and a "maximum" quantile of the repair time distribution. This practice is unsatisfactory for the lognormal distribution of repair times because: (1) As is well-known, it may be that for a given pair (mean, quantile) there is no lognormal distribution. (2) As is not so well-known, for a given pair (mean,
In short, the specification of a mean and a quantile does not uniquelydctermine a single iognormal distribution.
A generalized computer program for the estimation of the optimum number of trials for establishing a system reliability. V, SWAMINATHAN,S. RAJAGOPALANand C. M. CHACKO. QR J, India, 17 (January 1980). A problem of importance in proving the reliability of a system is the optimization of the number of trials (each with constant probability of success) to be carried out. This paper is concerned with (i) a numerical technique for determining the optimum number of trials, with all successes or with a few failures, to be carried out with a view to establishing a pre-assigned overall system reliability figure at a certain confidence level, and (ii) a computer program developed for doing the relevant calculations. Graphs, exhibiting the optimum number of trials to be made in such cases as a function of the reliability and confidence level percentages, are also included in the paper. Difficulties in fault-tree synthesis for process phmt. P. K. ANDOW. IEEE Trans. Reliab. R-29 (1) 2 (April 1980). This paper identifies a number of related difficulties, some of which are still unsolved. Attention is drawn to failings in the type of pressure-flow model commonly used in the literature. Difficulties also exist when published algorithms are applied to control loops. These are illustrated for simple and cascade control applications and discussed in some detail. Eight general conclusions are: 1. The concept of 2-way flow of information in failure models is important in certain situations, e.g. fluid flow. 2. The accuracy of failure models is generally low. This reflects the fact that much of the effort expended in systematic failure analyses has been heavily oriented towards algorithms. 3. Models used in failure analyses do not have to be comprehensive. Only the credible set of events is needed. 4. No always-satisfactory algorithm has been published for fault-tree synthesis where control loops are encountered. 5. The control loop problem is inextricably interlinked with the general difficulty that fault-tree methodology is primarily oriented to binary systems where the time dimension can be ignored. 6. Fault-tree methodology uses simple models to approximate system failures. If these failOres are complex then fault trees might not be suitable. The results of analyses involving complex failures must be treated with great care. 7. When fault-tree methodology is not completely suitable one ought to consider using a different technique altogether. The cause-consequence diagram might be appropriate since it can be used to study failure modes where time is important: 8. Algorithms must be carefully examined and properly validated before widespread use of computer-aided fault-tree
World Abstracts on Microelectronies and Reliability synthesis is attempted. If this is not done, computer-aided synthesis will fall into disrepute. Cost Imulyses for aviollks acquls~on. EDWARD F. TOOHL~ and ALB~,tTO B. CALVO. Prec. Annual Reliabilit~ and Maintainability Symposium, San Francisco, p. 85 (22-24 January 1980). The Design-to-Cost (DTC)/Lifc-Cycle Cost (LCC) coneept promulgated by the Department of Defense (DoD) for equipment acquisition programs requires that a long-term perspective be applied by the Acquisition Program Manager in the formulation of his acquisition plans. The planning should assure that the out year operations and support requirements are accorded the same degree of visibility during development as that given to production cost and technical performance. The paper reports on the types of cost, reliability and maintenance trade-off studies which are required to be performect in formulating an effective acquisition strategy. Sample study results are provided. A description of how the study results are used to focus on critical issues in the acquisition program is also provided. Because of the influence which such studies have in guiding the development of the acquisition strategy and test program structure, it is concluded that they should be considered an essential element in early program plans. Further, early emphasis in development on determination of potential cost drivers forms the basis for providing more precise guidance to equipment contractors regarding critical cost-sensitive areas of concern to the Government. An analysis of MIL-STD-471 test methods. DAVID A.
HelS~r.~ Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 43 (22-24 January 1980~. TWO test methods in MIL-STD-471A, which also appeared in a recent draft of MIL-STD-471B, were studied for actual consumers and producers risks, based on random data from lognormal distributions. The lognormal distributions used had parameter value ranges typical of that found in actual corrective maintenance data sets. The effect of distribution truncation was investigated and found to have a significant effect on producers risk. The results indicated that actual consumers and producers risks involved in the MIL-STD471 tests for the mean and sequential tests for both the mean and upper percentiles are considerably different from that stated and have a complex dependency on the shape of the lognormal distribution; the difference between the accept/reject requirement parameters and the inherent population parameters; and the degree and nature of the truncation that takes place with real data.
903
not only the design but also: the operation, the maintenance, and the administration of the total system. The N 0. 4 ESS was successfully introduced into the domestic and the international networks. In comparison to existing electromechanical systems, the No. 4 ESS has provided improved system operation and new service features at reduced cost. The design features for system maintenaneeand reliability have made it possible for craft personnel to maintain the system. The operating experience of 34 in-service No. 4 ESS offices is considered excellent. Computer-aided determination of tests for the detection aml Ioealigttion of faults in eleetroaie ciremts and systems. U. FRUHAUF and P. SLOV~G. Nachricbtentechnik Elektronik 30 4, 144 (1980). (In German). Computer-aided methods are used with advantage for the fault diagnostic in electronic circuits in order to design more effective test determination to enable the introduction of objective evaluation criteria. As methods applicable for all circuit classes are too expensive, the various calculation methods are examined as to their specific possibilities and optimum fields of application. The result of these examinations is a comparative analysis being more profound than the conventional examinations. Some facts about environmental stress screening. IRVING QUART and DEAN EVGERTON, JR. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 220 (22-24 January 1980). This paper describes environmental stress screening experiments performed at Hughes Aircraft Company during the past three years. The experiments performed at the module level involved large numbers of production hardware. Data is presented indicating techniques for selecting environments and optimizing stress levels and duration for the screening of module level assemblies. The differences in screen results are discussed as to hardware and manufacturing processes. Also, some results tend to refute some intuitive ideas that are the rationale for some current screening practices. Common cause faiinres--a dilemma in perspective. AN-'rHo~rr M. S~,ITH and IAN A. WATSON. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 332 (22-24 January 1980). This paper identifies the broad spectrum of Common Cause Failure (CCF) definitions used by various authors. These definitions, as applied to real aircraft and nuclear reactor failure events, lead to a divergence of interpretation and a resultant confusion that obscures meaningful progression in CCF analysis. A newdefinition is proposed, explained, and tested against the examples. Technical as well as Administrative Practices are cited as ways to control or eliminate the product defects that lead to CCF.
A study of three environmemal reliability tests. JOHN C. WARNER. Prec. Annual Re.liability and Maintainability Symposium, San Francisco, p. 226 (22-24 January 1980). This paper is written to discuss the results of three types of mission profile tests conducted at Wright-Patterson Air Force Base, Ohio, on one of the Air Force's more recent pieces of avionics. Of the three tests performed, one was conducted using the environmental data as dictated in MILSTD-781C Appendix B, the other two tests were conducted using the Combined Environment Reliability Test (CERT). To evaluate the effect of altitude (which is not a part of the MIL-STD-781C test), one of the CERT tests was done without altitude simulation. The conclusions drawn from the tests show that CERT more accurately predicted field reliability.
Reliability problems with the store switching circuit U 253. D. GROS,~ and B. JUNGHANSt.Nacbrichtenteehnik Elektronik 30 112 (1980). (In German). By the example of the dynamic store switching circuit U 253 it is dealt with the reliability problems with. large-scale integration switching circuits. Possible error mechanisms and measures for their prevention are represented. By means of the results of the authors and by evaluating relevant publications in the international literature it is proved that the requirements as to the operating failure rate can be attained only in steps over longer periods.
No. 4 ESS--RelinbUity end maintainability experience. P. K. GILOTH. Prec. Annual Reliability and Maintainability Symposium, San Francisco. p. 388 (22-24 January 1980). The development of the No. 4 Electronic Switching System (ESS) and its deployment in the North American and International toll switching networks were based on a comprehensive and evolutionary plan. This plan considered
Hardware and software: an analytical aEpronch. WmLL~M L. BUNCE. Prec. Annual Reliability and Maintainability Symposium, San Francisco, p. 209 (22-24 January 1980). An approach to analyzing the interaction of hardware failure modes with computer software is described. The approach considers the software requirements, not the design or implementation and is an extension of the FMEA (failure