- Email: [email protected]
Aggregated combinatorial reliability model for non-repairable parallel phased-mission systems
Reliability Engineering and System Safety 176 (2018) 242–250
Contents lists available at ScienceDirect
Reliability Engineering and System Safety journal homepage: www.elsevier.com/locate/ress
Aggregated combinatorial reliability model for non-repairable parallel phased-mission systems
T
⁎
Zhai Qingqinga, Xing Liudongb, Peng Ruic, , Yang Jund a
School of Management, Shanghai University, Shanghai, China University of Massachusetts, Dartmouth, MA, USA c Donlinks School of Economics & Management, University of Science and Technology Beijing, Beijing, China d School of Reliability and Systems Engineering, Beihang University, Beijing, China b
A R T I C LE I N FO
A B S T R A C T
Keywords: Aggregated binary decision diagram Fault level coverage Parallel systems Phased-mission systems Reliability modeling
Phased-mission systems (PMSs) are common in many real-world applications. A PMS has to accomplish a mission with multiple phases with varied requirements on system operation and demand. Reliability evaluation of PMSs is more challenging than single-phased systems due to dynamics in system configuration (or structure function) and component behavior, as well as inherent inter-phase dependence. Though many efforts have been dedicated to the PMS reliability analysis, it is still difficult to evaluate the reliability of a large-scale PMS with many phases. In this paper, we make original contributions by proposing a new combinatorial model, named aggregated binary decision diagram (ABDD) for reliability analysis of non-repairable parallel PMSs subject to dynamic demand requirements. The proposed approach constructs a single ABDD model considering failure combinations in all phases simultaneously, enabling efficient analysis of PMSs with many phases. The approach is also extended to address the effects of fault level coverage. Examples of PMSs with different scales are analyzed to demonstrate application and efficiency of the proposed ABDD-based approach.
Notations n Number of components in the system Ai The ith component in the PMS, i = 1, …, n M Number of phases in the mission Tj Duration of phase j wi,j Nominal capacity of Ai in phase j dj Mission demand of phase j, j = 1, …, M Fi( · ), Ri( · ) Baseline cumulative distribution function/reliability function of Ai αi, j Lifetime acceleration factor for component Ai in phase j Ξi Mission phase in which component Ai fails pi,j Probability that Ai fails in phase j, pi, j = Pr{Ξi = j} pi, M + 1 Probability that Ai survives the mission, pi, M + 1 = Pr{Ξi = M + 1} Pi,j, Qi,j Probability that Ai fails/survives before j + 1, Pi, j + Qi, j = 1 ci, j Capacity of Ai in phase j, taking value of wi, j or 0 ci Capacity vector of Ai, ci = (ci,1, …, ci, M ) Cj System capacity in phase j C Capacity vector of the PMS, C = (C1, …, CM )
el Jl Fl Al
Bl
R El βr RS RS,
FLC
A path in the ABDD Index of a critical phase for path el, Jl = max (Cl, j < dj ) 1≤j≤M Set of failed components on a path el Set of failure combinations where all and only components in Fl fail in the mission Set of failure combinations where all and only components in Fl fail before phase (Jl + 1) Set of failure combinations leading to mission success Set of failure combinations aggregated in path el, El = Al ∩ R Fault coverage probability for the rth component failure System reliability with perfect fault coverage, RS = Pr{R } System reliability considering FLC
1. Introduction A phased-mission system (PMS) is a system that has to accomplish a mission with multiple tasks sequentially [27]. These tasks have different requirements on the system configuration and operation, and the operating environments may vary during different phases. As a result,
Abbreviations: ABDD, Aggregated binary decision diagram; BDD, Binary decision diagram; FLC, Fault level coverage; IFC, Imperfect fault coverage; MDD, Multi-valued decision diagram; PMS, Phased-mission system ⁎ Corresponding author. E-mail address: [email protected] (R. Peng). https://doi.org/10.1016/j.ress.2018.04.017 Received 11 March 2017; Received in revised form 17 August 2017; Accepted 24 April 2018 Available online 25 April 2018 0951-8320/ © 2018 Elsevier Ltd. All rights reserved.
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
that Ai survives the mission. Due to variation of working conditions, the failure rate of a component may vary in different phases. Based the accelerated failure time model and the cumulative exposure model [17], component Ai in phase j suffers an acceleration factor αi,j. More specifically, the virtual lifetime of Ai in phase j in an interval Δt is αi,jΔt when transformed to the baseline lifetime. Therefore, the probability that Ai fails in phase j is
the system would experience different stress levels, system success criteria and component failure behavior across the mission [29]. In addition, the state of one component at the end of one phase is identical to its state at the beginning of the next phase, which inherently introduces inter-phase dependence. Therefore, reliability modeling of PMSs is more challenging than single-phased systems. Many efforts have been devoted to the reliability modeling of PMSs, see, e.g., [1,6,8,11,12,19,20,22,25,26,31]. In terms of adopted analytical modeling techniques for PMSs, there are state space oriented approaches based on Markov chains or Petri nets [5,11,23], combinatorial methods [14,20,24,25,30,31], and modular solutions based on binary decision diagram (BDD) and Markov chains [18]. Though the state space oriented approaches can explicitly model the state transition in the system and handle dynamic PMSs with random phase durations, they suffer the well-known space explosion problem for large-scale systems. In contrast, the combinatorial methods are effective in analyzing larger scale systems by exploiting BDD to reduce the computational complexity [9,10]. The BDD is an acyclic directed graph based on Shannon's decomposition of Boolean functions [4]. It has been widely used in reliability engineering since 1990s due to its computational advantage over traditional cut/path-sets based methods [13,21]. In 1999, BDD was first applied to the reliability modeling of PMSs [5], where the number of variables introduced to construct the system model is proportional to the number of system components multiplied by the number of phases. Phase algebra and new BDD generation and evaluation operations were developed to handle the dependence across phases. In Xing and Dugan [29], the BDD-based approach was extended to analyze reliability of a general PMS with combinatorial phase requirements, imperfect fault coverage (IFC) and multiple grade-level performance criteria. Xing [27] made a further extension to the PMS BDD method considering commoncause failures. However, due to the nature of the BDD model, all these existing BDD-based methods can still face severe computational complexity when the number of mission phases is large. To address these difficulties, we propose a new combinatorial method named aggregated BDD (ABDD) for reliability modeling and analysis of parallel PMSs with heterogeneous components subject to dynamic demand. Real-world examples of such PMSs include power systems, engine systems of airplanes, and multi-processor data processing systems [12,15,28,29]. In the proposed approach, a single ABDD is constructed considering the requirements and success criteria of all the mission phases. The scale of ABDD is independent of the number of phases, which significantly reduces the computational complexity of the proposed approach. The remainder of the paper is organized as follows. Section 2 gives a detailed description of the parallel PMS considered in this work. Section 3 discusses the traditional BDD-based method by constructing individual BDD for each phase. Section 4 presents the ABDD-based approach for system reliability evaluation. Section 5 gives examples of different scales to illustrate the application and efficiency of the proposed method. Section 6 concludes the paper and points out directions for future study.
j−1
j
⎞ ⎛ ⎞ ⎛ pi, j = Pr{Ξi = j} = Fi ⎜ ∑ αi, k Tk ⎟ − Fi ⎜ ∑ αi, k Tk ⎟, j = 1, …, M , ⎠ ⎝ k=1 ⎠ ⎝ k=1 and the probability that Ai survives the mission is M
⎞ ⎛ pi, M + 1 = Pr{Ξi = M + 1} = 1 − Fi ⎜ ∑ αi, k Tk ⎟. ⎠ ⎝ k=1 The probabilities that Ai fails before phase j + 1 and Ai survives j before phase j + 1 are Pi, j = ∑k = 1 pi, j and Qi, j = 1 − Pi, j , respectively. Define Pi,0 = 0 and Qi,0 = 1. Each component has a nominal capacity wi,j in phase j when it is in the normal state. Here, wi,j can vary with j to account for the performance dependence of Ai on environments, working conditions, etc. Depending on the phase Ξi where Ai fails, the capacity ci,j that Ai can sustain in phase j can take value of wi,j or 0. Clearly, ci,j is a function of Ξi, ci, j = ci, j (Ξi ) . The system capacity in phase j is equal to the sum of the n working components’ capacity: Cj = ∑i = 1 ci, j . The system capacity has to meet a predetermined mission demand dj in phase j, and the mission succeeds if the demand is satisfied in all the phases. A practical example of such systems is the power system in a region, which consists of multiple power plants with variable capacity. The system capacity has to meet the power demand that may also vary with time. Given the phase Ξi = ξi that Ai fails for i = 1, …, n , the capacity of each component and the system capacity in all the M phases are determined. Accordingly, the success or failure of the system, as a binomial random variable, is determined conditional on the failure combination (ξ1, …, ξn ) . Define
Ω = {(ξ1, …, ξn ) 1 ≤ ξi≤M + 1, 1 ≤ i ≤ n} and
⎧ R = (ξ1, …, ξn) ⎨ ⎩
n
∑ ci,j (ξi) ≥ dj i=1
⎫ ∀ j = 1, …, M . ⎬ ⎭
Here, Ω is the universal set of failure combinations with Pr{Ω} = 1, and R denotes the set of failure combinations that lead to mission success. Thus, the system reliability is RS = Pr{R } . Peng, et al [20] developed a multi-valued decision diagram (MDD)based approach to efficiently enumerate the failure combinations for system reliability calculation. However, the MDD method still has the worst-case computational complexity being exponential to the number of phases. In particular, the scale of the MDD model can increase rapidly with the increase of the number of phases. To facilitate the reliability evaluation of PMSs, a new ABDD-based approach is proposed to efficiently deal with missions involving many phases. In the following, we first present a preliminary approach using traditional BDDs, from which the ABDD is developed.
2. Parallel PMS with heterogeneous components Consider a non-repairable system with n statistically independent components A1 , …, An working in parallel. Each component is binary, i.e., normal or failed. The lifetime of component Ai follows an arbitrary baseline distribution with cumulative distribution function Fi(t). A failed component would stay in the failure state for the rest of the mission. The system has to complete a mission with M successive phases. The duration of phase j has a predetermined length Tj, j = 1, …, M . Component Ai may fail in any of the M phases or survive the mission. Denote the phase where Ai fails by Ξi, which is a discrete random variable and may take values of 1, …, M + 1. Here, Ξi = M + 1 indicates
3. Preliminary approach based on BDD for each phase Given that Ai is in operation at the beginning of phase j, it may fail or survive phase j. Correspondingly, there will be a capacity loss of wi, j to the system if Ai fails and 0 otherwise. The two possible scenarios can be modeled by a traditional BDD with two branches, as shown in Fig. 1. In the figure, the node Ai,j denotes component Ai in phase j. Each branch represents a possible scenario of Ai,j while the corresponding terminal value represents the capacity loss due to Ai,j. We can build the BDD representation for each component in the 243
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
number of phases increases. In the following, we show how to model the PMS using an aggregated BDD, where the information of all the phases can be integrated in a single BDD.
4. ABDD-based approach This section presents the ABDD-based approach, which involves three main tasks: (1) system representation by ABDD, (2) interpretation of the system ABDD, and (3) path probability and system reliability evaluation. In the following subsections, we describe each task in detail.
Fig. 1. Component BDD for Ai in phase j.
system in phase j. Based on the component BDDs, the system level BDD for phase j can be constructed iteratively. Let Cj denote the terminal value of a general path in the intermediate system BDD during the construction, and let ci,j denote the terminal value of the component n BDD for Ai,j (i.e., ci,j can be wi,j or 0). Initially, C j(0) = ∑i = 1 wi, j . Then, the system BDD in phase j can be constructed as follows.
4.1. ABDD construction Fig. 3 gives a component-level ABDD. It is similar to an ordinary single-phase BDD in Section 3, except that the terminal value is an Mtuple instead of a scalar variable. The jth element of the terminal for the left branch is wi,j, representing that the failure of Ai before or during phase j incurs a capacity loss of wi,j in phase j. In contrast, the terminal for the right branch is (0, …, 0) , representing that no capacity loss is incurred if component Ai survives a certain phase. Thus, this component-level ABDD aggregates the states of Ai and the corresponding consequences in all the M phases. Then, based on such an ABDD, it is possible to represent the system operation scenarios in an aggregated way. Based on the component-level ABDD, the system ABDD can be constructed iteratively, similar as for the phase BDD in Section 3. Let ci be the terminal value of the component ABDD for Ai, which takes value of (wi,1, …, wi, M ) for the left branch and (0, …, 0) for the right branch, respectively. Moreover, an M-tuple C = (C1, …, CM ) is used to denote the terminal value of a general path in the intermediate system ABDD n n during the construction. Initially, C (0) = (∑i = 1 wi,1, …, ∑i = 1 wi, M ) . Then, the system ABDD can be obtained with the following three-step procedure.
Step 1: Start the system BDD construction with the BDD of A1,j. Update the terminal value of each path by C j(1) = C j(0) − c1, j . Specifically, for the path led by the right (survival) branch of A1,j, n C j(1)R = ∑i = 1 wi, j ; for the path led by the left (failure) branch of A1,j, n
C j(1)L = ∑i = 2 wi, j . Set k = 2 . Step 2: Add the component BDD of Ak,j to the terminal of each path with C j(k − 1) ≥ dj in the intermediate system BDD. Update the terminal value of each path by C j(k ) = C j(k − 1) − ck, j . Specifically, for the path led by the right branch of Ak,j, C j(k )R = C j(k − 1) ; for the path led by the left branch of Ak,j, C j(k )L = C j(k − 1) − wk, j . Step 3: k = k + 1. If k > n, then the system BDD for phase j, denoted by BDDj, is obtained; otherwise, go to Step 2. With the above three-step algorithm, the system BDD for phase j, BDDj, can be derived. Viewing each phase BDD as an element and adding BDDj + 1 to all the paths of BDDj with terminal value Cj ≥ dj for j = 1, 2, …, M − 1, the BDD for the PMS can be obtained following a similar iterative construction process as in constructing the system BDD for each single phase. Because the paths in the PMS BDD exhaustively represent all the possible scenarios during the phased-mission, the system reliability is the sum of the occurrence probabilities of all the paths that fulfill the demands in all the M phases. Note that there would be unrealistic paths where a component fails multiple times in different phases. Therefore, the phase algebra in [5] should be applied appropriately when evaluating the system reliability. For example, consider a three-component system that has to perform a three-phase mission. The three components A1, A2 and A3 have varied capacity across the three phases, which are
Step 1: Start with the ABDD of A1. Update the terminal values by C (1) = C (0) − c1. Specifically, for the path led by the right branch of n n A1, C (1)R = (∑i = 1 wi,1, …, ∑i = 1 wi, M ) . For the path led by the left n n (1)L branch of A1, C = (∑i = 2 wi,1, …, ∑i = 2 wi, M ) . Set k = 2. Step 2: Add the component ABDD of Ak to the end of each path with (k − 1) ≥ dM . Update the terminal the Mth element of its terminal CM ( k ) ( k − 1) − ck . Particularly, for the path led by the values by C = C right branch of Ak, C (k )R = C (k − 1) . For the path led by the left branch of Ak, C (k )L = C (k − 1) − (wk,1, …, wk, M ) . Step 3: k = k + 1. If k > n, then the system ABDD is obtained. Otherwise, go to Step 2. At the end of the ABDD construction procedure, we obtain a tree data structure similar to a traditional BDD but with the terminal values being M-tuples instead of scalars. Because we aggregate the possible state of each component in the M phases using a single component-level ABDD, each path in the system ABDD is also an aggregation of multiple failure combinations. This is different from the traditional BDD where each path corresponds to just one failure combination leading to mission success or failure. As shown in Section 4.2, we only need to record the index of the critical phase where the system demand cannot be satisfied before and during it but the demand can be satisfied after it, i.e., J = max (Cj < dj ). Thus, we can replace the terminal of each path
w1,1 = 3, w1,2 = 2, w1,3 = 1, w2,1 = 3, w2,2 = 2, w2,3 = 1,
w3,1 = 1, w3,2 = 3, w3,3 = 4. Suppose the demands in three phases are d1 = 5, d2 = 3 and d3 = 4 , respectively. Fig. 2 gives the BDD for each single phase constructed according to the three-step algorithm. Note that to transit from the BDD to the newly proposed ABDD, expansion is performed for branches with terminal value Cj < dj in the phase BDD generation (in dashed style). Thus, BDDs for the three phases have the same tree structure, except that the terminal values are different. With BDDj , j = 1, 2, 3, the PMS BDD can be obtained by adding BDD2 to these paths of BDD1 that satisfy C1 ≥ d1 = 5 (i.e., the two paths with terminal values 6 and 7), and adding BDD3 to these paths of BDD2 with terminal value C2 ≥ d2 = 3. Since the manipulation is straightforward, we do not present the PMS BDD. Nevertheless, it is easy to figure out that the scale of the whole PMS BDD can increase quickly if the
1≤j≤M
by a scalar for simplification. As an illustration, consider the example three-component PMS described in Section 3. The component ABDDs for A1, A2 and A3 are given in Fig. 4, and the system ABDD constructed according to the above three-step algorithm is given in Fig. 5. The critical phase of each path is also given in the ABDD. Comparing Figs. 5 and 2, it can be noted that the ABDD aggregates the BDDs of the three phases in Fig. 2. 244
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
Fig. 2. Illustration of phase BDD construction for the example PMS (the terminal values that can meet the demand are boxed).
set of the indices of nodes that have the left (failure) branch in the path by Fl . Then, the set Fl and the terminal value Jl jointly characterize path el. To be specific, path el implies that the system is possible to succeed the mission if all and only the components in Fl fail during the mission. For example, if all the components in Fl fail after Jl , then the system should succeed the mission according to the definition of . Define
Al = {(ξ1, …, ξn) 1 ≤ ξi ≤ M for i ∈ Fl and ξi = M + 1 for i ∉ Fl }. Then, El def Al ∩ R is the set of failure combinations aggregated in path el, where all and only the components of Fl fail during the mission and the system survives the mission. Because Al are exclusive and
Fig. 3. Component-level ABDD.
4.2. Interpretation of the ABDD
R ⊂ ⎛⎜⋃Al ⎞⎟, we have ⎠ ⎝l RS = Pr{R } = Pr ⎧⋃Al ∩ R ⎫ = ⎬ ⎨ ⎭ ⎩l
Let el be an arbitrary path in the system ABDD. According to the construction procedure, some paths are not fully expanded because CM < dM in the intermediate construction. Because these paths would not account for the mission success, the following discussion would not take these paths into account. Except for these paths, all the other paths contain the left or right branch out of node Ai for i = 1, …, n . Denote the
∑ Pr{Al ∩ R} = ∑ Pr{El}. l
l
In the following, we calculate Pr{El} for all the paths in the ABDD. First, we clarify that Pr{El} = 0 if the path el has a terminal Jl = M . From the definition of Jl , the failure of components in Fl , regardless of Fig. 4. Component level ABDD for the example three-component PMS.
245
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
Fig. 5. System ABDD for the example three-component PMS.
Pr{El} = Pr{ElU,0}
the failure sequence, leads to an unsatisfied demand in the Mth phase if Jl = M , i.e., Pr{R Al } = 0 . Therefore, Pr{El} = Pr{Al }Pr{R Al } = 0 . Second, if Jl = 0 , then the system demand in all the phases can be satisfied given that all and only the components in Fl fail during the mission, regardless of the failure sequence. In this case, Pr{R Al } = 1 and El ≡ Al . Accordingly, we have
Pr{El} =
∏ Pi,M ∏ Qi,M , i ∈ Fl
L
−
…−(−1) L − 2Pr{ElU,0⋂⋂kL= 1, k ≠ l Bk }.
(3)
In the following, we show how to calculate the terms in Eq. (3). 4.3. Evaluation of path probability
(1)
i ∉ Fl
L
− ∑k = 1, k ≠ l Pr{ElU,0 ∩ Bk } + ∑k1< k2, k1, k2≠ l Pr{ElU,0 ∩ Bk1 ∩ Bk2}
where Pi,M and Qi,M are the probabilities that component Ai fails and survives the mission, respectively. In the following, we confine our discussion to these paths with the terminal 0 < Jl < M . Because 0 < Jl < M , the failure combinations in Al may lead to a failed mission, i.e.,
Based on the definitions of Al and Bl , ElU,0 = Al ∩ Bl∁ = Al ∖Bl is the set of failure combinations where all and only the components in Fl fail in the mission, but not all these components fail before phase (Jl + 1) . Thus the corresponding occurrence probability is
Pr{El} < Pr{Al }, Pr{R Al } < 1.
Pr{ElU,0} =
In other words, the success of the mission also depends on the failure sequence of components in Fl . To calculate Pr{El} , define
Clearly, Bl is the set of failure combinations in which all and only the components of Fl fail before phase (Jl + 1) . From the definition of Jl , it can be justified that Pr{R Bl} = 0 , i.e., the system capacity cannot meet the demand in phase Jl and will definitely fail conditional on Bl . Further, we have the following result for Pr{El} . Proposition 1. Suppose there are totally L paths with terminal 0 < J < M in the ABDD. We have
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , Jk1 < ⋯< Jks ≤ Jl .
The proof is given in Appendix B. This proposition states that for
Here, S1 ∖S2 ≡ S1 ∩ S2∁ is difference of sets S1 and S2 and the superscript “∁” denotes the complement of a set. The proof of the equality is given in Appendix A. With this equality, we can derive that
s
any non-empty ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟, there is an order relation between the ⎝ r=1 ⎠ corresponding F and . Specifically, define Fk 0 = ∅ and Jk 0 = 0 . Then, s
ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟ is the set of failure combinations where components in ⎝ r=1 ⎠ Fkr ∖Fkr − 1 fail between phase (Jkr − 1 + 1) and phase Jkr for 1 ≤ r ≤ s, components in Fl ∖Fks fail after phase Jks but not all of them fail before phase (Jl + 1), and the other components survive the mission. With this
L
⎫ ⋃ Bk ⎞⎟ ⎬ k = 1, k ≠ l ⎠⎭ L
⋃ Bk ⎫ ⎬ k = 1, k ≠ l ⎭
s
proposition, we can evaluate the probability of ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟ as fol⎝ r=1 ⎠ lows. Without loss of generality (and for illustration simplicity), we assume Fl = {1, 2, …, l} (i.e., only components A1 , …, Al fail during the mission), Fkr = {1, 2, …, kr } for r = 1, ..,s and k1 < k2 < ⋅⋅⋅ < ks < l. Then, the failure intervals of components A1 , …, Aks can be represented using the following two ks-dimensional vectors
L
= Pr{Al ∩ Bl∁} − Pr ⎧ ⋃ (Al ∩ Bl∁) ∩ Bk ⎫ ⎨ k = 1, k ≠ l ⎬ ⎩ ⎭ L
= Pr{ElU,0} − Pr ⎧ ⋃ (ElU,0 ∩ Bk ) ⎫ , ⎨ k = 1, k ≠ l ⎬ ⎩ ⎭ where have
ElU,0 def Al
∩
Bl∁.
(4)
s
L
= Pr{Al } − Pr{Al ∩ Bl} − Pr ⎧ (Al ∩ Bl∁) ∩ ⎨ ⎩
⎟
Proposition 2. For paths e k1, …, e ks , we have ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ≠ ∅ if and ⎝ r=1 ⎠ only if
⎫ ⎧ Pr{El} = Pr ⎧Al ∖ ⋃ Bk ⎫ = Pr{Al } − Pr Al ∩ ⎜⎛ ⋃ Bk ⎟⎞ . ⎨ ⎬ ⎨ = = k 1 k 1 ⎝ ⎠⎬ ⎭ ⎩ ⎭ ⎩
⎧ Pr{El} = Pr{Al } − Pr (Al ∩ Bl ) ∪ ⎛⎜ (Al ∩ Bl∁) ∩ ⎨ ⎝ ⎩
⎜
Clearly, Pr{ElU,0} provides an upper bound for Pr{El} . Now, consider a general term ElU,0⋂(⋂rs= 1 Bkr ) in Eq. (3), where Bk1, …, Bks are the set of failure combinations related to s paths e k1, …, e ks . Without loss of generality, we assume that the numbers of failed components related to the s paths, Fk1 , …, Fks , are in an ascent order, where |S| denotes the number of elements in set S. Then we have the following proposition.
Bl = {(ξ1, …, ξn) 1 ≤ ξi ≤ Jl for i ∈ Fl and ξi > Jl for i ∉ Fl }.
L
⎛ ∏ Pi,M − ∏ Pi,Jl⎞ ∏ Qi,M . i ∈ Fl ⎝ i ∈Fl ⎠ i ∉Fl
(2)
Applying the inclusion-exclusion principle, we
246
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
VL =
⎞ ⎛ 1 , Jk1 + 1, …, Jks − 1 + 1 , ⎜⏟ ⎟ k1 k2− k1 ks − ks − 1 ⎠ ⎝
VR =
According to Eq. (4), we have
⎛ ⎞ Jk1 , Jk2 , …, Jks . ⎜ ⎟ k1 k2⏟ − k1 ks −⏟ ks − 1 ⎠ ⎝⏟
3
Pr{A1 ∩ B1∁} = (P1,3 P2,3 − P1,1 P2,1) Q3,3 =
To be specific, the phase Ξi where Ai fails takes value from the set {ViL, ViL + 1, …, ViR − 1} . With VL and VR, the occurrence probability of
3
∑ p2,j j=1
⎞ − p1,1 p2,1 p3,4 . ⎟ ⎠
Thus, Pr{E1} can be derived as
s
Pr{E1} = (p1,2 + p1,3 )(p2,2 + p2,3 ) p3,4 ,
event Al⋂⎛⎜ ⋂ Bkr ⎞⎟ can be calculated as ⎝ r=1 ⎠ s ⎫ ⎧ ⎛ Pr Al⋂⎜ ⋂ Bkr ⎟⎞ ⎬ ⎨ r 1 = ⎝ ⎠ ⎭ ⎩ k
⎛ p ⎜ ∑ 1, j ⎝ j=1
l
which is the probability that “A1 and A2 fail between phase 2 and phase 3 and A3 survives the mission”. The evaluation of Pr{E2} and Pr{E3} are simpler, which are Pr{E2} = Pr{A2 ∩ B2∁} and Pr{E3} = Pr{A3 ∩ B3∁} , respectively (others terms are zero according to Proposition 2). The value of Pr{E4} can be calculated according to Eq. (1), and the reliability of the example PMS 4 is RS = ∑l = 1 Pr{El} .
n
= ∏i =s 1 (Pi, ViR − Pi, ViL − 1) ∏i = ks + 1 (Pi, M − Pi, Jks ) ∏i = l + 1 Qi, M .
(5)
Here, (Pi, ViR − Pi, ViL − 1) is the probability that Ai, 1 ≤ i ≤ ks fails between phase ViL and ViR , (Pi, M − Pi, Jks ) is the probability that component Ai , (ks + 1) ≤ i ≤ l fails after phase Jks and Qi,M is the probability that Ai , (l + 1) ≤ i ≤ n survives the mission.
4.4. Complexity issue
s
Similarly, the occurrence probability of Al ∩ Bl⋂⎛⎜ ⋂ Bkr ⎞⎟ is ⎝ r=1 ⎠ s ⎧ ⎫ ⎛ ⎞ Pr Al ∩ Bl ∩ ⎜ ⋂ Bkr ⎟ ⎨ ⎝ r=1 ⎠ ⎬ ⎩ ⎭ k
l
In the ABDD-based method for PMSs, we consider the component failures in all the phases simultaneously, and each path in the ABDD aggregates a set of failure combinations. This is different from traditional BDD-based methods where the component failures are analyzed phased-by-phase and each path in the BDD represents a single failure combination. Hence, the scale of the ABDD is independent of the number of phases, and it avoids the construction and storage problems encountered by the traditional BDD-based method when the number of phases is large. On the other hand, the set El related to a path in the ABDD may contain many failure combinations, making the calculation of its occurrence probability difficult. A formula using inclusion-exclusion principle is developed to calculate Pr{El} , which appears more complicated than the computation of the occurrence probability of a path in traditional BDDs. According to Proposition 2, nevertheless, many terms in Pr{El} are excluded in the calculation. Specifically, if a term is empty, say Al ∩ Bl∁ ∩ Bk1 = ∅, then all the terms involving Bk1, e.g.,
n
= ∏i =s 1 (Pi, ViR − Pi, ViL − 1) ∏i = ks + 1 (Pi, Jl − Pi, Jks ) ∏i = l + 1 Qi, M ,
(6)
where (Pi, Jl − Pi, Jks ) is the probability that Ai , (ks + 1) ≤ i ≤ l fails after phase Jks and before Jl + 1. In the end, we have s
⎫ ⎧ Pr ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎨ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ s
s
⎫ ⎧ ⎫ ⎧ = Pr Al⋂⎜⎛ ⋂ Bkr ⎟⎞ − Pr Al ∩ Bl⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎨ ⎨ ⎝ r=1 ⎠ ⎬ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ ⎭ ⎩ k = ∏i =s 1 (Pi, ViR − Pi, ViL − 1)
(
n
l
)
(7)
Jks = Jl ,
we
l
× ∏i = l + 1 Qi, M ∏i = ks + 1 (Pi, M − Pi, Jks ) − ∏i = ks + 1 (Pi, Jl − Pi, Jks ) .
s
Note
that
in
the
case
Al ∩ Bl∁⋂⎜⎛ ⋂ Bkr ⎞⎟, would be ∅. This ensures that the calculation of ⎝ r=1 ⎠ Pr{El} can be achieved efficiently. In addition, Eq. (3) provides a practical way to assess the system reliability within a controllable time. By truncating some terms, the upper or lower bound for Pr{El} can be obtained. For instance, if we only keep the first and the second terms in Eq. (3), then a first-order lower bound for Pr{El} is obtained
s
s
haveAl ∩ Bl⋂⎛⎜ ⋂ Bkr ⎞⎟ = ∅. ⎝ r=1 ⎠
where
Then
⎫ ⎧ Pr ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎬ ⎨ = r 1 ⎝ ⎠ ⎭ ⎩
is
simply
s
⎫ ⎧ Pr Al⋂⎜⎛ ⋂ Bkr ⎟⎞ . Following the above procedure, all the terms in ⎨ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ Eq. (3) and Pr{El} can be obtained. As an illustration, consider the ABDD in Fig. 5. We have three paths e1, e2 and e3 with 0 < J < 3. For these three paths, we have F1 = {1, 2} , J1 = 1, F2 = {1} , J2 = 1 and F3 = {2} , J3 = 1, respectively. Then according to Eq. (3), we have
L
Pr{El} ≥ Pr{ElU,0} −
∑
Pr{ElU,0 ∩ Bk } def Pr{ElL,1}.
k = 1, k ≠ l
(8)
If we further include the third term in the calculation, then the second-order upper bound is obtained for Pr{El}
Pr{E1} = Pr{A1 ∩ B1∁} − Pr{A1 ∩ B1∁ ∩ B2} − Pr{A1 ∩ B1∁ ∩ B3} + Pr{A1 ∩ B1∁ ∩ B2 ∩ B3}.
L
Pr{El} ≤ Pr{ElL,1} +
First, it can be easily verified that A1 ∩ B1∁ ∩ B2 ∩ B3 = ∅ and Pr{A1 ∩ B1∁ ∩ B2 ∩ B3} = 0 . For the term Pr{A1 ∩ B1∁ ∩ B2} , we have V L = 1 and V R = 1, i.e., the failure interval of component A2 is in phase 1. According to Eq. (7), we can obtain that
∑
Pr{ElU,0 ∩ Bk1 ∩ Bk2} ∩ def Pr{ElU,2}.
k1< k2, k1, k2≠ l
(9) Apparently, by including more terms in the calculation, the obtained bound approaches the true value of Pr{El} . Hence, by controlling the terms involving in the calculation, we can make a tradeoff between the computational accuracy and the running time.
Pr{A1 ∩ B1∁ ∩ B2} = (P1, V R − P1, V L − 1) Q3, M (P2, M − P2, J1) = P1,1 Q3,3 (P2,3 − P2,1) = p1,1 (p2,2 + p2,3 ) p3,4 .
4.5. ABDD incorporating fault level coverage
This is just the probability that “A1 fails at phase 1, A2 fails in phase 2 or phase 3 and A3 survives the mission”. Similarly, we can obtain that
For redundant systems, the system has to detect and isolate (i.e., cover) the component failure to prevent fault propagation when a component failure occurs. If some component failures cannot be successfully covered, the system could fail due to the propagation effect [7]. Such phenomenon, called imperfect fault coverage (IFC), has been well recognized in reliability engineering. The effectiveness of
Pr{A1 ∩ B1∁ ∩ B3} = P2,1 Q3,3 (P1,3 − P1,1) = (p1,2 + p1,3 ) p2,1 p3,4 , which is the probability that “A1 fails in phase 2 or phase 3, A2 fails at phase 1 and A3 survives the mission”. 247
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
redundancy design can be significantly deteriorated by IFC. Hence it is important to take the IFC effect into account in the system reliability evaluation. The fault coverage factor is defined as the conditional probability that the system recovers given the occurrence of a component failure in the system [3]. According to different coverage mechanisms, two widely-used IFC models are element level coverage model and fault level coverage (FLC) model [2]. The element level coverage model assigns coverage factors for each system component, which is applicable for systems with built-in test. On the other hand, the coverage factor in the FLC model depends on the failure sequence occurring in the system. Specifically, the rth component failure is covered with a probability βr. FLC is typically used to model the mid-value-select voting coverage mechanism [16]. Generally, the mid-value-select mechanism can achieve extremely high coverage probability, and it is more applicable for redundant systems. Therefore, we consider the FLC model in this work and incorporate it into the ABDD-based reliability modeling for the demand-based redundant PMS. For a path in the ABDD, The probability that all the Fl component F failures being covered is ∏r =l1 βr , where βr is the probability that the rth failure is covered. Therefore, the system reliability considering IFC is
Fig. 6. System ABDD for the four-component three-phase system. Table 2 Five paths in the ABDD of the four-component three-phase system.
Fl
RS,FLC =
∑ Pr{El}Pr{Failure convered El} = ∑ ∏ βr Pr{El}. l
l
r=1
Path el
Fl
Jl
1 2 3 4 5
{1} {3, 4} {3} {4} ∅
1 1 0 0 0
5. Illustrative examples For paths e1 and e2, we note that A1 ∩ B1∁ ∩ B2 = ∅ and A2 ∩ B2∁ ∩ B1 = ∅ according to Proposition 2, because there is no inclusion relationship between F1 and F2 . Therefore,
This section presents three examples to show the application and efficiency of the proposed method. The first example uses a four-component three-phase system to illustrate the application and correctness of the ABDD method, and the second and third examples consider a twenty-component PMS to compare the ABDD-based approach with the MDD-based approach in [20].
Pr{E1} = Pr{A1 ∩ B1} 3
1
Pr{E2} = Pr{A2 ∩ B2} = ⎛⎜∏i ∈ {3,4} Fi (∑k = 1 αi, k Tk ) − ∏i ∈ {3,4} Fi (∑k = 1 αi, k Tk ) ⎞⎟· ∏i ∈ {1,2} Ri (∑k = 1 αi, k Tk ) = 0.04413. ⎠ ⎝ 3
5.1. Four-component three-phase system
3
3
3
3
l=1
RS,FLC = Pr{E5} + β1 (Pr{E1} + Pr{E3} + Pr{E4}) + β1 β2 Pr{E2} = 0.8950, which matches the result in [20]. This verifies the correctness of the ABDD approach.
3
Pr{E5} = ∏i = 1 Ri (∑k = 1 αi, k Tk ) = 0.51667.
5.2. Twenty-component four-phase system To compare efficiency of the proposed method and the existing MDD-based approach in [20], we consider the twenty-component system therein. Peng, et al [20] supposed that the system is subject to a four-phase mission, and studied the system MDD scale and computation time for different system demands. Following their approach and using the same parameter setting, we run programs of the MDD-based method and the ABDD-based method on the same platform (using Matlab 2010b with CPU Intel Core i5-3230M 2.60 GHz). As shown in Table 3, the ABDD-based method is more efficient than the MDD-based approach in terms of the CPU time in seconds for all the cases. In particular, for the mission demands of (40, 65, 39, 41) and (38, 65, 39, 40), the ABDDbased method takes less than 5% and 20% of CPU times used by the MDD-based approach, respectively.
Table 1 Configuration of the four-component three-phase system. Component
Baseline lifetime distribution
Acceleration factor
Component capacity
Ai 1
Fi(t)
(αi,1, αi,2, αi,3) (1.1,1.2,1)
(wi,1, wi,2, wi,3) (4,5,3)
(1.1,1.2,1)
(3,5,4)
(1.1,1.2,1)
(2,3,1)
(1.1,1.2,1)
(2,3,1)
Demands of phases d1 = 9, d2 = 10, d3 = 6
Coverage factors β1 = β2 = β3 = 0.95
2 3 4
( )⎭
1 − exp ⎧− ⎨ ⎩
( ) ⎫⎬⎭
t 2 100
t 1 − exp ⎧− ⎫ 80 ⎬ ⎨ ⎩ ⎭
t 1 − exp ⎧− ⎫ 80 ⎬ ⎨ ⎩ ⎭ Durations of phases T1 = 8, T2 = 3, T3 = 10
∑ Pr{El} = 0.9171.
If the FLC effect is taken into account, the system reliability becomes
Pr{E4} = F4 (∑k = 1 α4, k Tk )· ∏i ∈ {1,2,3} Ri (∑k = 1 αi, k Tk ) = 0.16695,
t 2⎫ 100 ⎬
3
5
RS =
Pr{E3} = F3 (∑k = 1 α3, k Tk )· ∏i ∈ {1,2,4} Ri (∑k = 1 αi, k Tk ) = 0.16695,
1 − exp ⎧− ⎨ ⎩
1
Then, the system reliability with perfect fault coverage is
We first consider a four-component three-phase system from [20].The detailed configuration is listed in Table 1. Fig. 6 illustrates the system ABDD constructed with the three-step approach in Section 4.1. There are five paths whose terminal is smaller than M = 3, and the corresponding Fl and Jl are given in Table 2. According to Eq. (1), we have
4
3
= (F1 (∑k = 1 α1, k Tk ) − F1 (∑k = 1 α1, k Tk ))· ∏i ∈ {2,3,4} Ri (∑k = 1 αi, k Tk ) = 0.02240,
5.3. Twenty-component six-phase system To further compare the two methods, we modify the above example 248
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
under two different mission demands. The results are reported in Table 5. Apparently, the computation time of the MDD-based approach increases dramatically with the increase in the number of phases, while the ABDD-based approach takes time that has the same order of magnitude as in the four-phase case.
Table 3 Comparison of the ABDD-based approach and the MDD-based approach. Demand
(48,74,42,43) (45,70,40,42) (40,65,39,41) (38,65,39,40)
System reliability
0.4574 0.5819 0.6670 0.7315
CPU time (second) ABDD-based
MDD-based
1.38 3.70 1.32 15.76
2.00 9.10 28.47 82.35
6. Conclusions and future work To enable efficient reliability analysis of large-scale redundant PMSs with dynamic demand requirements, a new combinatorial approach is proposed where a unified ABDD model is constructed considering all phases of the mission. The proposed method encompasses new procedures developed for ABDD model construction and evaluation generating the PMS reliability result. The way to incorporate effects of fault level coverage into the ABDD approach is also presented. As demonstrated through three examples with different scales, the proposed ABDD method is computationally more efficient than the existing method, and this advantage becomes far more prominent as the number of mission phases increases. This work mainly focuses on the demand-based redundant PMS. In the future we will extend the ABDD-based approach to reliability analysis of non-repairable systems with other structures. For such an extension, the ABDD construction procedure can be based on, e.g. the fault tree analysis. Once the ABDD model is obtained, we expect that the same interpretation and system reliability evaluation based on ABDD can be carried out. We are also interested in extending the ABDD model to the reliability analysis of PMSs with components configured in warm, cold or mixed standby modes.
Table 4 Configuration for the twenty-component six-phase system. Component
Acceleration factor
A1 , …, A7 A8, A9, A10 A11 , …, A16 A17 , …, A20 Durations of phases: (8,
(1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, 3, 10, 10, 8, 3)
1.1, 1.1, 1.1, 1.1,
Component capacity 1.2) 1.2) 1.2) 1.2)
(4, (3, (2, (1,
5, 5, 3, 3,
3, 4, 1, 2,
3, 4, 2, 1,
4, 3, 2, 1,
5) 5) 3) 3)
Table 5 Comparison results for the twenty-component six-phase system. Demand
System reliability
CPU time (second) ABDD-based MDD-based
(40,65,39,41, 40,65) (38,65,39,40, 38,65)
0.3647 0.3738
3.70 1.11
316.00 312.54
Acknowledgment
to a six-phase PMS. The baseline lifetime distributions for the twenty components are kept unchanged, while the component acceleration factors, capacity and duration of each phase are listed in Table 4. It can be noted that the added two phases are simply replication of the first two phases. The system reliability is evaluated by the two methods
The research was partially supported by the NSFC under the grant number 71671016 and the Fundamental Research Fund of Central Universities under the grant number FRF-GF-17-B14.
Appendix A. Proof of Proposition 1 To prove Proposition 1, we only need to show that ⋃kL= 1 Bk contains all the failure combinations where all and only the components of Fl fail during the mission and the system fails, i.e.,
Al ∖R ⊂ ⋃kL= 1 Bk . Recall that Al is the set of failure combinations where all and only the components of Fl fail during the mission. Without loss of generality, suppose Fl = {1, 2, …, l} , i.e., only components A1 , …, Al fail during the mission. Then, any failure combination in Al ∖R can be described by an ndimensional vector
X = (ξ1, ξ2, …, ξl, M + 1, …M + 1), where the ith element of X denotes the phase in which component Ai fails. Accordingly, we can obtain the system capacity CX in each phase. Define JX = max (CX , j < dj ) , and split Fl into Fl,1 and Fl,2 , where Fl,2 contains the indices of the components fail after phase JX and Fl,1 = Fl ∖Fl,2 . Here, 1≤j≤M
we can infer that if all the components in Fl,1 fail before (JX + 1) , the system cannot meet the system demand in phase JX and thus will fail the mission. Note that JX > 0 and Fl,1 ≠ ∅. Then, there must exist a path among paths e1, …, eL corresponding to the failure combination defined by Fl,1. We can identify it and suppose it is path er. Path er is characterized by Fr and Jr , where Fr = Fl,1. Now, we can show that Jr is exactly JX . In fact, Jr cannot be smaller than JX . If Jr < JX , then according to the definition of Jr , the system demand in phase JX can be met when all and only the components in Fr fail. This contradicts with that X leads to an unmet demand in phase JX . On the other hand, if Jr > JX , then we can infer that the failure of components in Fr before (Jr + 1) can lead to an unmet mission demand in phase Jr . This again contradicts with that CX, j ≥ dj for all j > JX . Therefore, Jr = JX and Br is the set of failure combinations where all and only the components of Fr fail before phase (Jr + 1) . Obviously, X ∈ Br . Considering the arbitrariness of X, Al ∖R ⊂ ⋃kL= 1 Bk holds. In addition, from the definition of Bk , we have ⋃kL= 1 Bk ⊂ R ∁. Consequently,
R ⊂ (⋃kL= 1 Bk )∁ ⊂ (Al ∖R )∁ = Al∁ ∪ R ∁
⇒ El = Al ∩ R = Al⋂(⋃kL= 1 Bk ) .
249
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
B. Proof of Proposition 2 First note that if Fkr ∩ Fl∁ ≠ ∅ for any 1 ≤ r ≤ s, then
Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅. This can be easily verified from the definitions of Al and Bkr . Besides, for any two paths e k1, …e ks , say e k1 and e k2 , if Fk1 ∖Fk2 ≠ ∅ and Fk2 ∖Fk1 ≠ ∅, then s
⋂ Bkr = ∅ ⇒ Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅. r=1
For example, suppose Fk1 = {1, 2} and Fk2 = {1, 3} . Then, Bk1 is the set of failure combinations that only components A1 and A2 fail before phase (Jk1 + 1) , and the other components fail after Jk1 or survive the mission, while Bk2 is the set of failure combinations where only components A1 and A3 fail before phase (Jk2 + 1) , and the other components fail after Jk2 or survive the mission. No matter Jk1 ≥ Jk2 or Jk1 < Jk2 , we see that Bk1 ∩ Bk2 is ∅. Hence, for a general event Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅, we should have a sequential inclusion relationship
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl . Recall that we have assumed that e k1, …, e ks are ordered according to the number of failed components. With Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , we can further assert that Jk1 < ⋯< Jks and Jks ≤ Jl . The reason is as follows. Without loss of generality, suppose Jk1 ≥ Jk2 . Then Bk1 is the set of failure combinations where all and only the components in Fk1 fail before (Jk1 + 1) , while Bk2 is the set of failure combinations that all and only the components in Fk2 , including the components in Fk1 and the components in Fk2 ∖Fk1, fail before phase (Jk2 + 1) . Clearly, Bk1 ∩ Bk2 = ∅. Therefore, for any nonempty term Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) , we have
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , Jk1 < ⋯< Jks ≤ Jl .
(RAMS2007). IEEE; 2007. p. 7–12. [16] Myers AF. k-out-of-n: G system reliability with imperfect fault coverage. IEEE Trans Reliab 2007;56:464–73. [17] Nelson W. Accelerated life testing-step-stress models and data analyses. IEEE Trans Reliab 1980;29:103–8. [18] Ou Y, Dugan JB. Modular solution of dynamic multi-phase systems. IEEE Trans Reliab 2004;53:499–508. [19] Peng R, Zhai Q, Xing L, Yang J. Reliability analysis and optimal structure of seriesparallel phased-mission systems subject to fault-level coverage. IIE Trans 2016;48:736–46. [20] Peng R, Zhai Q, Xing L, Yang J. Reliability of demand-based phased-mission systems subject to fault level coverage. Reliab Eng Syst Saf 2014;121:18–25. [21] Rauzy A. New algorithms for fault trees analysis. Reliab Eng Syst Saf 1993;40:203–11. [22] Shrestha A, Xing L, Dai Y. Reliability analysis of multistate phased-mission systems with unordered and ordered states. IEEE Trans Syst Man Cybern Part A: Syst Hum 2011;41:625–36. [23] Smotherman M, Zemoudeh K. A non-homogeneous Markov model for phasedmission reliability analysis. IEEE Trans Reliab 1989;38:585–90. [24] Somani AK, Trivedi KS. Boolean algebraic methods for phased-mission system analysis. Institute for Computer Applications in Science and Engineering (ICASE); 1997. [25] Tang Z, Dugan JB. BDD-based reliability analysis of phased-mission systems with multimode failures. IEEE Trans Reliab 2006;55:350–60. [26] Wang C, Xing L, Peng R, Pan Z. Competing failure analysis in phased-mission systems with multiple functional dependence groups. Reliab Eng Syst Saf 2017;164:24–33. [27] Xing L. Reliability evaluation of phased-mission systems with imperfect fault coverage and common-cause failures. IEEE Trans Reliab 2007;56:58–68. [28] Xing L, Amari SV, Wang C. Reliability of k-out-of-n systems with phased-mission requirements and imperfect fault coverage. Reliab Eng Syst Saf 2012;103:45–50. [29] Xing L, Dugan JB. Analysis of generalized phased-mission system reliability, performance, and sensitivity. IEEE Trans Reliab 2002;51:199–211. [30] Xing L, Levitin G. BDD-Based reliability evaluation of phased-mission systems with internal/external common-cause failures. Reliab Eng Syst Saf 2012;112:145–53. [31] Zang X, Sun N, Trivedi KS. A BDD-based algorithm for reliability analysis of phasedmission systems. IEEE Trans Reliab 1999;48:50–60.
References [1] Amari SV. A practical method for reliability analysis of phased-mission systems. Annual Reliability and Maintainability Symposium (RAMS2011). IEEE; 2011. p. 1–6. [2] Amari SV, Myers AF, Rauzy A, Trivedi KS. Imperfect coverage models: status and trends editor In: Misra KB, editor. Handbook of performability engineeringLondon: Springer; 2008. p. 321–48. [3] Bouricius W, Carter WC, Schneider P. Reliability modeling techniques for self-repairing computer systems. The 24th National ACM Conference. ACM; 1969. p. 295–309. [4] Bryant RE. Graph-based algorithms for Boolean function manipulation. IEEE Trans Comput 1986;100:677–91. [5] Chew SP, Dunnett SJ, Andrews JD. Phased mission modelling of systems with maintenance-free operating periods using simulated Petri nets. Reliab Eng Syst Saf 2008;93:980–94. [6] Dai Y, Levitin G, Xing L. Structure optimization of nonrepairable phased mission systems. IEEE Trans Syst Man Cybern Syst 2014;44:121–9. [7] Dugan JB. Fault trees and imperfect coverage. IEEE Trans Reliab 1989;38:177–85. [8] Levitin G, Finkelstein M, Dai Y. Redundancy optimization for series-parallel phased mission systems exposed to random shocks. Reliab Eng Syst Saf 2017;167:554–60. [9] Li S, Si S, Dui H, Cai Z, Sun S. A novel decision diagrams extension method. Reliab Eng Syst Saf 2014;126:107–15. [10] Lin YH, Li YF, Zio E. A reliability assessment framework for systems with degradation dependency by combining binary decision diagrams and Monte Carlo simulation. IEEE Trans Syst Man Cybern Syst 2016;46:1556–64. [11] Lu J-M, Wu X-Y, Liu Y, Ann Lundteigen M. Reliability analysis of large phasedmission systems with repairable components based on success-state sampling. Reliab Eng Syst Saf 2015;142:123–33. [12] Mo Y, Siewiorek D, Yang X. Mission reliability analysis of fault-tolerant multiplephased systems. Reliab Eng Syst Saf 2008;93:1036–46. [13] Mo Y, Xing L, Cui L, Si S. MDD-based performability analysis of multi-state linear consecutive-k-out-of-n: F systems. Reliab Eng Syst Saf 2017;166:124–31. [14] Mo Y, Xing L, Dugan JB. MDD-based method for efficient analysis on phased-mission systems with multimode failures. IEEE Trans Syst Man Cybern Syst 2014;44:757–69. [15] Murphy KE, Carter CM, Malerich AW. Reliability analysis of phased-mission systems: a correct approach. Annual Reliability and Maintainability Symposium
250
Contents lists available at ScienceDirect
Reliability Engineering and System Safety journal homepage: www.elsevier.com/locate/ress
Aggregated combinatorial reliability model for non-repairable parallel phased-mission systems
T
⁎
Zhai Qingqinga, Xing Liudongb, Peng Ruic, , Yang Jund a
School of Management, Shanghai University, Shanghai, China University of Massachusetts, Dartmouth, MA, USA c Donlinks School of Economics & Management, University of Science and Technology Beijing, Beijing, China d School of Reliability and Systems Engineering, Beihang University, Beijing, China b
A R T I C LE I N FO
A B S T R A C T
Keywords: Aggregated binary decision diagram Fault level coverage Parallel systems Phased-mission systems Reliability modeling
Phased-mission systems (PMSs) are common in many real-world applications. A PMS has to accomplish a mission with multiple phases with varied requirements on system operation and demand. Reliability evaluation of PMSs is more challenging than single-phased systems due to dynamics in system configuration (or structure function) and component behavior, as well as inherent inter-phase dependence. Though many efforts have been dedicated to the PMS reliability analysis, it is still difficult to evaluate the reliability of a large-scale PMS with many phases. In this paper, we make original contributions by proposing a new combinatorial model, named aggregated binary decision diagram (ABDD) for reliability analysis of non-repairable parallel PMSs subject to dynamic demand requirements. The proposed approach constructs a single ABDD model considering failure combinations in all phases simultaneously, enabling efficient analysis of PMSs with many phases. The approach is also extended to address the effects of fault level coverage. Examples of PMSs with different scales are analyzed to demonstrate application and efficiency of the proposed ABDD-based approach.
Notations n Number of components in the system Ai The ith component in the PMS, i = 1, …, n M Number of phases in the mission Tj Duration of phase j wi,j Nominal capacity of Ai in phase j dj Mission demand of phase j, j = 1, …, M Fi( · ), Ri( · ) Baseline cumulative distribution function/reliability function of Ai αi, j Lifetime acceleration factor for component Ai in phase j Ξi Mission phase in which component Ai fails pi,j Probability that Ai fails in phase j, pi, j = Pr{Ξi = j} pi, M + 1 Probability that Ai survives the mission, pi, M + 1 = Pr{Ξi = M + 1} Pi,j, Qi,j Probability that Ai fails/survives before j + 1, Pi, j + Qi, j = 1 ci, j Capacity of Ai in phase j, taking value of wi, j or 0 ci Capacity vector of Ai, ci = (ci,1, …, ci, M ) Cj System capacity in phase j C Capacity vector of the PMS, C = (C1, …, CM )
el Jl Fl Al
Bl
R El βr RS RS,
FLC
A path in the ABDD Index of a critical phase for path el, Jl = max (Cl, j < dj ) 1≤j≤M Set of failed components on a path el Set of failure combinations where all and only components in Fl fail in the mission Set of failure combinations where all and only components in Fl fail before phase (Jl + 1) Set of failure combinations leading to mission success Set of failure combinations aggregated in path el, El = Al ∩ R Fault coverage probability for the rth component failure System reliability with perfect fault coverage, RS = Pr{R } System reliability considering FLC
1. Introduction A phased-mission system (PMS) is a system that has to accomplish a mission with multiple tasks sequentially [27]. These tasks have different requirements on the system configuration and operation, and the operating environments may vary during different phases. As a result,
Abbreviations: ABDD, Aggregated binary decision diagram; BDD, Binary decision diagram; FLC, Fault level coverage; IFC, Imperfect fault coverage; MDD, Multi-valued decision diagram; PMS, Phased-mission system ⁎ Corresponding author. E-mail address: [email protected] (R. Peng). https://doi.org/10.1016/j.ress.2018.04.017 Received 11 March 2017; Received in revised form 17 August 2017; Accepted 24 April 2018 Available online 25 April 2018 0951-8320/ © 2018 Elsevier Ltd. All rights reserved.
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
that Ai survives the mission. Due to variation of working conditions, the failure rate of a component may vary in different phases. Based the accelerated failure time model and the cumulative exposure model [17], component Ai in phase j suffers an acceleration factor αi,j. More specifically, the virtual lifetime of Ai in phase j in an interval Δt is αi,jΔt when transformed to the baseline lifetime. Therefore, the probability that Ai fails in phase j is
the system would experience different stress levels, system success criteria and component failure behavior across the mission [29]. In addition, the state of one component at the end of one phase is identical to its state at the beginning of the next phase, which inherently introduces inter-phase dependence. Therefore, reliability modeling of PMSs is more challenging than single-phased systems. Many efforts have been devoted to the reliability modeling of PMSs, see, e.g., [1,6,8,11,12,19,20,22,25,26,31]. In terms of adopted analytical modeling techniques for PMSs, there are state space oriented approaches based on Markov chains or Petri nets [5,11,23], combinatorial methods [14,20,24,25,30,31], and modular solutions based on binary decision diagram (BDD) and Markov chains [18]. Though the state space oriented approaches can explicitly model the state transition in the system and handle dynamic PMSs with random phase durations, they suffer the well-known space explosion problem for large-scale systems. In contrast, the combinatorial methods are effective in analyzing larger scale systems by exploiting BDD to reduce the computational complexity [9,10]. The BDD is an acyclic directed graph based on Shannon's decomposition of Boolean functions [4]. It has been widely used in reliability engineering since 1990s due to its computational advantage over traditional cut/path-sets based methods [13,21]. In 1999, BDD was first applied to the reliability modeling of PMSs [5], where the number of variables introduced to construct the system model is proportional to the number of system components multiplied by the number of phases. Phase algebra and new BDD generation and evaluation operations were developed to handle the dependence across phases. In Xing and Dugan [29], the BDD-based approach was extended to analyze reliability of a general PMS with combinatorial phase requirements, imperfect fault coverage (IFC) and multiple grade-level performance criteria. Xing [27] made a further extension to the PMS BDD method considering commoncause failures. However, due to the nature of the BDD model, all these existing BDD-based methods can still face severe computational complexity when the number of mission phases is large. To address these difficulties, we propose a new combinatorial method named aggregated BDD (ABDD) for reliability modeling and analysis of parallel PMSs with heterogeneous components subject to dynamic demand. Real-world examples of such PMSs include power systems, engine systems of airplanes, and multi-processor data processing systems [12,15,28,29]. In the proposed approach, a single ABDD is constructed considering the requirements and success criteria of all the mission phases. The scale of ABDD is independent of the number of phases, which significantly reduces the computational complexity of the proposed approach. The remainder of the paper is organized as follows. Section 2 gives a detailed description of the parallel PMS considered in this work. Section 3 discusses the traditional BDD-based method by constructing individual BDD for each phase. Section 4 presents the ABDD-based approach for system reliability evaluation. Section 5 gives examples of different scales to illustrate the application and efficiency of the proposed method. Section 6 concludes the paper and points out directions for future study.
j−1
j
⎞ ⎛ ⎞ ⎛ pi, j = Pr{Ξi = j} = Fi ⎜ ∑ αi, k Tk ⎟ − Fi ⎜ ∑ αi, k Tk ⎟, j = 1, …, M , ⎠ ⎝ k=1 ⎠ ⎝ k=1 and the probability that Ai survives the mission is M
⎞ ⎛ pi, M + 1 = Pr{Ξi = M + 1} = 1 − Fi ⎜ ∑ αi, k Tk ⎟. ⎠ ⎝ k=1 The probabilities that Ai fails before phase j + 1 and Ai survives j before phase j + 1 are Pi, j = ∑k = 1 pi, j and Qi, j = 1 − Pi, j , respectively. Define Pi,0 = 0 and Qi,0 = 1. Each component has a nominal capacity wi,j in phase j when it is in the normal state. Here, wi,j can vary with j to account for the performance dependence of Ai on environments, working conditions, etc. Depending on the phase Ξi where Ai fails, the capacity ci,j that Ai can sustain in phase j can take value of wi,j or 0. Clearly, ci,j is a function of Ξi, ci, j = ci, j (Ξi ) . The system capacity in phase j is equal to the sum of the n working components’ capacity: Cj = ∑i = 1 ci, j . The system capacity has to meet a predetermined mission demand dj in phase j, and the mission succeeds if the demand is satisfied in all the phases. A practical example of such systems is the power system in a region, which consists of multiple power plants with variable capacity. The system capacity has to meet the power demand that may also vary with time. Given the phase Ξi = ξi that Ai fails for i = 1, …, n , the capacity of each component and the system capacity in all the M phases are determined. Accordingly, the success or failure of the system, as a binomial random variable, is determined conditional on the failure combination (ξ1, …, ξn ) . Define
Ω = {(ξ1, …, ξn ) 1 ≤ ξi≤M + 1, 1 ≤ i ≤ n} and
⎧ R = (ξ1, …, ξn) ⎨ ⎩
n
∑ ci,j (ξi) ≥ dj i=1
⎫ ∀ j = 1, …, M . ⎬ ⎭
Here, Ω is the universal set of failure combinations with Pr{Ω} = 1, and R denotes the set of failure combinations that lead to mission success. Thus, the system reliability is RS = Pr{R } . Peng, et al [20] developed a multi-valued decision diagram (MDD)based approach to efficiently enumerate the failure combinations for system reliability calculation. However, the MDD method still has the worst-case computational complexity being exponential to the number of phases. In particular, the scale of the MDD model can increase rapidly with the increase of the number of phases. To facilitate the reliability evaluation of PMSs, a new ABDD-based approach is proposed to efficiently deal with missions involving many phases. In the following, we first present a preliminary approach using traditional BDDs, from which the ABDD is developed.
2. Parallel PMS with heterogeneous components Consider a non-repairable system with n statistically independent components A1 , …, An working in parallel. Each component is binary, i.e., normal or failed. The lifetime of component Ai follows an arbitrary baseline distribution with cumulative distribution function Fi(t). A failed component would stay in the failure state for the rest of the mission. The system has to complete a mission with M successive phases. The duration of phase j has a predetermined length Tj, j = 1, …, M . Component Ai may fail in any of the M phases or survive the mission. Denote the phase where Ai fails by Ξi, which is a discrete random variable and may take values of 1, …, M + 1. Here, Ξi = M + 1 indicates
3. Preliminary approach based on BDD for each phase Given that Ai is in operation at the beginning of phase j, it may fail or survive phase j. Correspondingly, there will be a capacity loss of wi, j to the system if Ai fails and 0 otherwise. The two possible scenarios can be modeled by a traditional BDD with two branches, as shown in Fig. 1. In the figure, the node Ai,j denotes component Ai in phase j. Each branch represents a possible scenario of Ai,j while the corresponding terminal value represents the capacity loss due to Ai,j. We can build the BDD representation for each component in the 243
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
number of phases increases. In the following, we show how to model the PMS using an aggregated BDD, where the information of all the phases can be integrated in a single BDD.
4. ABDD-based approach This section presents the ABDD-based approach, which involves three main tasks: (1) system representation by ABDD, (2) interpretation of the system ABDD, and (3) path probability and system reliability evaluation. In the following subsections, we describe each task in detail.
Fig. 1. Component BDD for Ai in phase j.
system in phase j. Based on the component BDDs, the system level BDD for phase j can be constructed iteratively. Let Cj denote the terminal value of a general path in the intermediate system BDD during the construction, and let ci,j denote the terminal value of the component n BDD for Ai,j (i.e., ci,j can be wi,j or 0). Initially, C j(0) = ∑i = 1 wi, j . Then, the system BDD in phase j can be constructed as follows.
4.1. ABDD construction Fig. 3 gives a component-level ABDD. It is similar to an ordinary single-phase BDD in Section 3, except that the terminal value is an Mtuple instead of a scalar variable. The jth element of the terminal for the left branch is wi,j, representing that the failure of Ai before or during phase j incurs a capacity loss of wi,j in phase j. In contrast, the terminal for the right branch is (0, …, 0) , representing that no capacity loss is incurred if component Ai survives a certain phase. Thus, this component-level ABDD aggregates the states of Ai and the corresponding consequences in all the M phases. Then, based on such an ABDD, it is possible to represent the system operation scenarios in an aggregated way. Based on the component-level ABDD, the system ABDD can be constructed iteratively, similar as for the phase BDD in Section 3. Let ci be the terminal value of the component ABDD for Ai, which takes value of (wi,1, …, wi, M ) for the left branch and (0, …, 0) for the right branch, respectively. Moreover, an M-tuple C = (C1, …, CM ) is used to denote the terminal value of a general path in the intermediate system ABDD n n during the construction. Initially, C (0) = (∑i = 1 wi,1, …, ∑i = 1 wi, M ) . Then, the system ABDD can be obtained with the following three-step procedure.
Step 1: Start the system BDD construction with the BDD of A1,j. Update the terminal value of each path by C j(1) = C j(0) − c1, j . Specifically, for the path led by the right (survival) branch of A1,j, n C j(1)R = ∑i = 1 wi, j ; for the path led by the left (failure) branch of A1,j, n
C j(1)L = ∑i = 2 wi, j . Set k = 2 . Step 2: Add the component BDD of Ak,j to the terminal of each path with C j(k − 1) ≥ dj in the intermediate system BDD. Update the terminal value of each path by C j(k ) = C j(k − 1) − ck, j . Specifically, for the path led by the right branch of Ak,j, C j(k )R = C j(k − 1) ; for the path led by the left branch of Ak,j, C j(k )L = C j(k − 1) − wk, j . Step 3: k = k + 1. If k > n, then the system BDD for phase j, denoted by BDDj, is obtained; otherwise, go to Step 2. With the above three-step algorithm, the system BDD for phase j, BDDj, can be derived. Viewing each phase BDD as an element and adding BDDj + 1 to all the paths of BDDj with terminal value Cj ≥ dj for j = 1, 2, …, M − 1, the BDD for the PMS can be obtained following a similar iterative construction process as in constructing the system BDD for each single phase. Because the paths in the PMS BDD exhaustively represent all the possible scenarios during the phased-mission, the system reliability is the sum of the occurrence probabilities of all the paths that fulfill the demands in all the M phases. Note that there would be unrealistic paths where a component fails multiple times in different phases. Therefore, the phase algebra in [5] should be applied appropriately when evaluating the system reliability. For example, consider a three-component system that has to perform a three-phase mission. The three components A1, A2 and A3 have varied capacity across the three phases, which are
Step 1: Start with the ABDD of A1. Update the terminal values by C (1) = C (0) − c1. Specifically, for the path led by the right branch of n n A1, C (1)R = (∑i = 1 wi,1, …, ∑i = 1 wi, M ) . For the path led by the left n n (1)L branch of A1, C = (∑i = 2 wi,1, …, ∑i = 2 wi, M ) . Set k = 2. Step 2: Add the component ABDD of Ak to the end of each path with (k − 1) ≥ dM . Update the terminal the Mth element of its terminal CM ( k ) ( k − 1) − ck . Particularly, for the path led by the values by C = C right branch of Ak, C (k )R = C (k − 1) . For the path led by the left branch of Ak, C (k )L = C (k − 1) − (wk,1, …, wk, M ) . Step 3: k = k + 1. If k > n, then the system ABDD is obtained. Otherwise, go to Step 2. At the end of the ABDD construction procedure, we obtain a tree data structure similar to a traditional BDD but with the terminal values being M-tuples instead of scalars. Because we aggregate the possible state of each component in the M phases using a single component-level ABDD, each path in the system ABDD is also an aggregation of multiple failure combinations. This is different from the traditional BDD where each path corresponds to just one failure combination leading to mission success or failure. As shown in Section 4.2, we only need to record the index of the critical phase where the system demand cannot be satisfied before and during it but the demand can be satisfied after it, i.e., J = max (Cj < dj ). Thus, we can replace the terminal of each path
w1,1 = 3, w1,2 = 2, w1,3 = 1, w2,1 = 3, w2,2 = 2, w2,3 = 1,
w3,1 = 1, w3,2 = 3, w3,3 = 4. Suppose the demands in three phases are d1 = 5, d2 = 3 and d3 = 4 , respectively. Fig. 2 gives the BDD for each single phase constructed according to the three-step algorithm. Note that to transit from the BDD to the newly proposed ABDD, expansion is performed for branches with terminal value Cj < dj in the phase BDD generation (in dashed style). Thus, BDDs for the three phases have the same tree structure, except that the terminal values are different. With BDDj , j = 1, 2, 3, the PMS BDD can be obtained by adding BDD2 to these paths of BDD1 that satisfy C1 ≥ d1 = 5 (i.e., the two paths with terminal values 6 and 7), and adding BDD3 to these paths of BDD2 with terminal value C2 ≥ d2 = 3. Since the manipulation is straightforward, we do not present the PMS BDD. Nevertheless, it is easy to figure out that the scale of the whole PMS BDD can increase quickly if the
1≤j≤M
by a scalar for simplification. As an illustration, consider the example three-component PMS described in Section 3. The component ABDDs for A1, A2 and A3 are given in Fig. 4, and the system ABDD constructed according to the above three-step algorithm is given in Fig. 5. The critical phase of each path is also given in the ABDD. Comparing Figs. 5 and 2, it can be noted that the ABDD aggregates the BDDs of the three phases in Fig. 2. 244
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
Fig. 2. Illustration of phase BDD construction for the example PMS (the terminal values that can meet the demand are boxed).
set of the indices of nodes that have the left (failure) branch in the path by Fl . Then, the set Fl and the terminal value Jl jointly characterize path el. To be specific, path el implies that the system is possible to succeed the mission if all and only the components in Fl fail during the mission. For example, if all the components in Fl fail after Jl , then the system should succeed the mission according to the definition of . Define
Al = {(ξ1, …, ξn) 1 ≤ ξi ≤ M for i ∈ Fl and ξi = M + 1 for i ∉ Fl }. Then, El def Al ∩ R is the set of failure combinations aggregated in path el, where all and only the components of Fl fail during the mission and the system survives the mission. Because Al are exclusive and
Fig. 3. Component-level ABDD.
4.2. Interpretation of the ABDD
R ⊂ ⎛⎜⋃Al ⎞⎟, we have ⎠ ⎝l RS = Pr{R } = Pr ⎧⋃Al ∩ R ⎫ = ⎬ ⎨ ⎭ ⎩l
Let el be an arbitrary path in the system ABDD. According to the construction procedure, some paths are not fully expanded because CM < dM in the intermediate construction. Because these paths would not account for the mission success, the following discussion would not take these paths into account. Except for these paths, all the other paths contain the left or right branch out of node Ai for i = 1, …, n . Denote the
∑ Pr{Al ∩ R} = ∑ Pr{El}. l
l
In the following, we calculate Pr{El} for all the paths in the ABDD. First, we clarify that Pr{El} = 0 if the path el has a terminal Jl = M . From the definition of Jl , the failure of components in Fl , regardless of Fig. 4. Component level ABDD for the example three-component PMS.
245
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
Fig. 5. System ABDD for the example three-component PMS.
Pr{El} = Pr{ElU,0}
the failure sequence, leads to an unsatisfied demand in the Mth phase if Jl = M , i.e., Pr{R Al } = 0 . Therefore, Pr{El} = Pr{Al }Pr{R Al } = 0 . Second, if Jl = 0 , then the system demand in all the phases can be satisfied given that all and only the components in Fl fail during the mission, regardless of the failure sequence. In this case, Pr{R Al } = 1 and El ≡ Al . Accordingly, we have
Pr{El} =
∏ Pi,M ∏ Qi,M , i ∈ Fl
L
−
…−(−1) L − 2Pr{ElU,0⋂⋂kL= 1, k ≠ l Bk }.
(3)
In the following, we show how to calculate the terms in Eq. (3). 4.3. Evaluation of path probability
(1)
i ∉ Fl
L
− ∑k = 1, k ≠ l Pr{ElU,0 ∩ Bk } + ∑k1< k2, k1, k2≠ l Pr{ElU,0 ∩ Bk1 ∩ Bk2}
where Pi,M and Qi,M are the probabilities that component Ai fails and survives the mission, respectively. In the following, we confine our discussion to these paths with the terminal 0 < Jl < M . Because 0 < Jl < M , the failure combinations in Al may lead to a failed mission, i.e.,
Based on the definitions of Al and Bl , ElU,0 = Al ∩ Bl∁ = Al ∖Bl is the set of failure combinations where all and only the components in Fl fail in the mission, but not all these components fail before phase (Jl + 1) . Thus the corresponding occurrence probability is
Pr{El} < Pr{Al }, Pr{R Al } < 1.
Pr{ElU,0} =
In other words, the success of the mission also depends on the failure sequence of components in Fl . To calculate Pr{El} , define
Clearly, Bl is the set of failure combinations in which all and only the components of Fl fail before phase (Jl + 1) . From the definition of Jl , it can be justified that Pr{R Bl} = 0 , i.e., the system capacity cannot meet the demand in phase Jl and will definitely fail conditional on Bl . Further, we have the following result for Pr{El} . Proposition 1. Suppose there are totally L paths with terminal 0 < J < M in the ABDD. We have
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , Jk1 < ⋯< Jks ≤ Jl .
The proof is given in Appendix B. This proposition states that for
Here, S1 ∖S2 ≡ S1 ∩ S2∁ is difference of sets S1 and S2 and the superscript “∁” denotes the complement of a set. The proof of the equality is given in Appendix A. With this equality, we can derive that
s
any non-empty ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟, there is an order relation between the ⎝ r=1 ⎠ corresponding F and . Specifically, define Fk 0 = ∅ and Jk 0 = 0 . Then, s
ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟ is the set of failure combinations where components in ⎝ r=1 ⎠ Fkr ∖Fkr − 1 fail between phase (Jkr − 1 + 1) and phase Jkr for 1 ≤ r ≤ s, components in Fl ∖Fks fail after phase Jks but not all of them fail before phase (Jl + 1), and the other components survive the mission. With this
L
⎫ ⋃ Bk ⎞⎟ ⎬ k = 1, k ≠ l ⎠⎭ L
⋃ Bk ⎫ ⎬ k = 1, k ≠ l ⎭
s
proposition, we can evaluate the probability of ElU,0⋂⎛⎜ ⋂ Bkr ⎞⎟ as fol⎝ r=1 ⎠ lows. Without loss of generality (and for illustration simplicity), we assume Fl = {1, 2, …, l} (i.e., only components A1 , …, Al fail during the mission), Fkr = {1, 2, …, kr } for r = 1, ..,s and k1 < k2 < ⋅⋅⋅ < ks < l. Then, the failure intervals of components A1 , …, Aks can be represented using the following two ks-dimensional vectors
L
= Pr{Al ∩ Bl∁} − Pr ⎧ ⋃ (Al ∩ Bl∁) ∩ Bk ⎫ ⎨ k = 1, k ≠ l ⎬ ⎩ ⎭ L
= Pr{ElU,0} − Pr ⎧ ⋃ (ElU,0 ∩ Bk ) ⎫ , ⎨ k = 1, k ≠ l ⎬ ⎩ ⎭ where have
ElU,0 def Al
∩
Bl∁.
(4)
s
L
= Pr{Al } − Pr{Al ∩ Bl} − Pr ⎧ (Al ∩ Bl∁) ∩ ⎨ ⎩
⎟
Proposition 2. For paths e k1, …, e ks , we have ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ≠ ∅ if and ⎝ r=1 ⎠ only if
⎫ ⎧ Pr{El} = Pr ⎧Al ∖ ⋃ Bk ⎫ = Pr{Al } − Pr Al ∩ ⎜⎛ ⋃ Bk ⎟⎞ . ⎨ ⎬ ⎨ = = k 1 k 1 ⎝ ⎠⎬ ⎭ ⎩ ⎭ ⎩
⎧ Pr{El} = Pr{Al } − Pr (Al ∩ Bl ) ∪ ⎛⎜ (Al ∩ Bl∁) ∩ ⎨ ⎝ ⎩
⎜
Clearly, Pr{ElU,0} provides an upper bound for Pr{El} . Now, consider a general term ElU,0⋂(⋂rs= 1 Bkr ) in Eq. (3), where Bk1, …, Bks are the set of failure combinations related to s paths e k1, …, e ks . Without loss of generality, we assume that the numbers of failed components related to the s paths, Fk1 , …, Fks , are in an ascent order, where |S| denotes the number of elements in set S. Then we have the following proposition.
Bl = {(ξ1, …, ξn) 1 ≤ ξi ≤ Jl for i ∈ Fl and ξi > Jl for i ∉ Fl }.
L
⎛ ∏ Pi,M − ∏ Pi,Jl⎞ ∏ Qi,M . i ∈ Fl ⎝ i ∈Fl ⎠ i ∉Fl
(2)
Applying the inclusion-exclusion principle, we
246
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
VL =
⎞ ⎛ 1 , Jk1 + 1, …, Jks − 1 + 1 , ⎜⏟ ⎟ k1 k2− k1 ks − ks − 1 ⎠ ⎝
VR =
According to Eq. (4), we have
⎛ ⎞ Jk1 , Jk2 , …, Jks . ⎜ ⎟ k1 k2⏟ − k1 ks −⏟ ks − 1 ⎠ ⎝⏟
3
Pr{A1 ∩ B1∁} = (P1,3 P2,3 − P1,1 P2,1) Q3,3 =
To be specific, the phase Ξi where Ai fails takes value from the set {ViL, ViL + 1, …, ViR − 1} . With VL and VR, the occurrence probability of
3
∑ p2,j j=1
⎞ − p1,1 p2,1 p3,4 . ⎟ ⎠
Thus, Pr{E1} can be derived as
s
Pr{E1} = (p1,2 + p1,3 )(p2,2 + p2,3 ) p3,4 ,
event Al⋂⎛⎜ ⋂ Bkr ⎞⎟ can be calculated as ⎝ r=1 ⎠ s ⎫ ⎧ ⎛ Pr Al⋂⎜ ⋂ Bkr ⎟⎞ ⎬ ⎨ r 1 = ⎝ ⎠ ⎭ ⎩ k
⎛ p ⎜ ∑ 1, j ⎝ j=1
l
which is the probability that “A1 and A2 fail between phase 2 and phase 3 and A3 survives the mission”. The evaluation of Pr{E2} and Pr{E3} are simpler, which are Pr{E2} = Pr{A2 ∩ B2∁} and Pr{E3} = Pr{A3 ∩ B3∁} , respectively (others terms are zero according to Proposition 2). The value of Pr{E4} can be calculated according to Eq. (1), and the reliability of the example PMS 4 is RS = ∑l = 1 Pr{El} .
n
= ∏i =s 1 (Pi, ViR − Pi, ViL − 1) ∏i = ks + 1 (Pi, M − Pi, Jks ) ∏i = l + 1 Qi, M .
(5)
Here, (Pi, ViR − Pi, ViL − 1) is the probability that Ai, 1 ≤ i ≤ ks fails between phase ViL and ViR , (Pi, M − Pi, Jks ) is the probability that component Ai , (ks + 1) ≤ i ≤ l fails after phase Jks and Qi,M is the probability that Ai , (l + 1) ≤ i ≤ n survives the mission.
4.4. Complexity issue
s
Similarly, the occurrence probability of Al ∩ Bl⋂⎛⎜ ⋂ Bkr ⎞⎟ is ⎝ r=1 ⎠ s ⎧ ⎫ ⎛ ⎞ Pr Al ∩ Bl ∩ ⎜ ⋂ Bkr ⎟ ⎨ ⎝ r=1 ⎠ ⎬ ⎩ ⎭ k
l
In the ABDD-based method for PMSs, we consider the component failures in all the phases simultaneously, and each path in the ABDD aggregates a set of failure combinations. This is different from traditional BDD-based methods where the component failures are analyzed phased-by-phase and each path in the BDD represents a single failure combination. Hence, the scale of the ABDD is independent of the number of phases, and it avoids the construction and storage problems encountered by the traditional BDD-based method when the number of phases is large. On the other hand, the set El related to a path in the ABDD may contain many failure combinations, making the calculation of its occurrence probability difficult. A formula using inclusion-exclusion principle is developed to calculate Pr{El} , which appears more complicated than the computation of the occurrence probability of a path in traditional BDDs. According to Proposition 2, nevertheless, many terms in Pr{El} are excluded in the calculation. Specifically, if a term is empty, say Al ∩ Bl∁ ∩ Bk1 = ∅, then all the terms involving Bk1, e.g.,
n
= ∏i =s 1 (Pi, ViR − Pi, ViL − 1) ∏i = ks + 1 (Pi, Jl − Pi, Jks ) ∏i = l + 1 Qi, M ,
(6)
where (Pi, Jl − Pi, Jks ) is the probability that Ai , (ks + 1) ≤ i ≤ l fails after phase Jks and before Jl + 1. In the end, we have s
⎫ ⎧ Pr ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎨ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ s
s
⎫ ⎧ ⎫ ⎧ = Pr Al⋂⎜⎛ ⋂ Bkr ⎟⎞ − Pr Al ∩ Bl⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎨ ⎨ ⎝ r=1 ⎠ ⎬ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ ⎭ ⎩ k = ∏i =s 1 (Pi, ViR − Pi, ViL − 1)
(
n
l
)
(7)
Jks = Jl ,
we
l
× ∏i = l + 1 Qi, M ∏i = ks + 1 (Pi, M − Pi, Jks ) − ∏i = ks + 1 (Pi, Jl − Pi, Jks ) .
s
Note
that
in
the
case
Al ∩ Bl∁⋂⎜⎛ ⋂ Bkr ⎞⎟, would be ∅. This ensures that the calculation of ⎝ r=1 ⎠ Pr{El} can be achieved efficiently. In addition, Eq. (3) provides a practical way to assess the system reliability within a controllable time. By truncating some terms, the upper or lower bound for Pr{El} can be obtained. For instance, if we only keep the first and the second terms in Eq. (3), then a first-order lower bound for Pr{El} is obtained
s
s
haveAl ∩ Bl⋂⎛⎜ ⋂ Bkr ⎞⎟ = ∅. ⎝ r=1 ⎠
where
Then
⎫ ⎧ Pr ElU,0⋂⎜⎛ ⋂ Bkr ⎟⎞ ⎬ ⎨ = r 1 ⎝ ⎠ ⎭ ⎩
is
simply
s
⎫ ⎧ Pr Al⋂⎜⎛ ⋂ Bkr ⎟⎞ . Following the above procedure, all the terms in ⎨ ⎝ r=1 ⎠ ⎬ ⎭ ⎩ Eq. (3) and Pr{El} can be obtained. As an illustration, consider the ABDD in Fig. 5. We have three paths e1, e2 and e3 with 0 < J < 3. For these three paths, we have F1 = {1, 2} , J1 = 1, F2 = {1} , J2 = 1 and F3 = {2} , J3 = 1, respectively. Then according to Eq. (3), we have
L
Pr{El} ≥ Pr{ElU,0} −
∑
Pr{ElU,0 ∩ Bk } def Pr{ElL,1}.
k = 1, k ≠ l
(8)
If we further include the third term in the calculation, then the second-order upper bound is obtained for Pr{El}
Pr{E1} = Pr{A1 ∩ B1∁} − Pr{A1 ∩ B1∁ ∩ B2} − Pr{A1 ∩ B1∁ ∩ B3} + Pr{A1 ∩ B1∁ ∩ B2 ∩ B3}.
L
Pr{El} ≤ Pr{ElL,1} +
First, it can be easily verified that A1 ∩ B1∁ ∩ B2 ∩ B3 = ∅ and Pr{A1 ∩ B1∁ ∩ B2 ∩ B3} = 0 . For the term Pr{A1 ∩ B1∁ ∩ B2} , we have V L = 1 and V R = 1, i.e., the failure interval of component A2 is in phase 1. According to Eq. (7), we can obtain that
∑
Pr{ElU,0 ∩ Bk1 ∩ Bk2} ∩ def Pr{ElU,2}.
k1< k2, k1, k2≠ l
(9) Apparently, by including more terms in the calculation, the obtained bound approaches the true value of Pr{El} . Hence, by controlling the terms involving in the calculation, we can make a tradeoff between the computational accuracy and the running time.
Pr{A1 ∩ B1∁ ∩ B2} = (P1, V R − P1, V L − 1) Q3, M (P2, M − P2, J1) = P1,1 Q3,3 (P2,3 − P2,1) = p1,1 (p2,2 + p2,3 ) p3,4 .
4.5. ABDD incorporating fault level coverage
This is just the probability that “A1 fails at phase 1, A2 fails in phase 2 or phase 3 and A3 survives the mission”. Similarly, we can obtain that
For redundant systems, the system has to detect and isolate (i.e., cover) the component failure to prevent fault propagation when a component failure occurs. If some component failures cannot be successfully covered, the system could fail due to the propagation effect [7]. Such phenomenon, called imperfect fault coverage (IFC), has been well recognized in reliability engineering. The effectiveness of
Pr{A1 ∩ B1∁ ∩ B3} = P2,1 Q3,3 (P1,3 − P1,1) = (p1,2 + p1,3 ) p2,1 p3,4 , which is the probability that “A1 fails in phase 2 or phase 3, A2 fails at phase 1 and A3 survives the mission”. 247
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
redundancy design can be significantly deteriorated by IFC. Hence it is important to take the IFC effect into account in the system reliability evaluation. The fault coverage factor is defined as the conditional probability that the system recovers given the occurrence of a component failure in the system [3]. According to different coverage mechanisms, two widely-used IFC models are element level coverage model and fault level coverage (FLC) model [2]. The element level coverage model assigns coverage factors for each system component, which is applicable for systems with built-in test. On the other hand, the coverage factor in the FLC model depends on the failure sequence occurring in the system. Specifically, the rth component failure is covered with a probability βr. FLC is typically used to model the mid-value-select voting coverage mechanism [16]. Generally, the mid-value-select mechanism can achieve extremely high coverage probability, and it is more applicable for redundant systems. Therefore, we consider the FLC model in this work and incorporate it into the ABDD-based reliability modeling for the demand-based redundant PMS. For a path in the ABDD, The probability that all the Fl component F failures being covered is ∏r =l1 βr , where βr is the probability that the rth failure is covered. Therefore, the system reliability considering IFC is
Fig. 6. System ABDD for the four-component three-phase system. Table 2 Five paths in the ABDD of the four-component three-phase system.
Fl
RS,FLC =
∑ Pr{El}Pr{Failure convered El} = ∑ ∏ βr Pr{El}. l
l
r=1
Path el
Fl
Jl
1 2 3 4 5
{1} {3, 4} {3} {4} ∅
1 1 0 0 0
5. Illustrative examples For paths e1 and e2, we note that A1 ∩ B1∁ ∩ B2 = ∅ and A2 ∩ B2∁ ∩ B1 = ∅ according to Proposition 2, because there is no inclusion relationship between F1 and F2 . Therefore,
This section presents three examples to show the application and efficiency of the proposed method. The first example uses a four-component three-phase system to illustrate the application and correctness of the ABDD method, and the second and third examples consider a twenty-component PMS to compare the ABDD-based approach with the MDD-based approach in [20].
Pr{E1} = Pr{A1 ∩ B1} 3
1
Pr{E2} = Pr{A2 ∩ B2} = ⎛⎜∏i ∈ {3,4} Fi (∑k = 1 αi, k Tk ) − ∏i ∈ {3,4} Fi (∑k = 1 αi, k Tk ) ⎞⎟· ∏i ∈ {1,2} Ri (∑k = 1 αi, k Tk ) = 0.04413. ⎠ ⎝ 3
5.1. Four-component three-phase system
3
3
3
3
l=1
RS,FLC = Pr{E5} + β1 (Pr{E1} + Pr{E3} + Pr{E4}) + β1 β2 Pr{E2} = 0.8950, which matches the result in [20]. This verifies the correctness of the ABDD approach.
3
Pr{E5} = ∏i = 1 Ri (∑k = 1 αi, k Tk ) = 0.51667.
5.2. Twenty-component four-phase system To compare efficiency of the proposed method and the existing MDD-based approach in [20], we consider the twenty-component system therein. Peng, et al [20] supposed that the system is subject to a four-phase mission, and studied the system MDD scale and computation time for different system demands. Following their approach and using the same parameter setting, we run programs of the MDD-based method and the ABDD-based method on the same platform (using Matlab 2010b with CPU Intel Core i5-3230M 2.60 GHz). As shown in Table 3, the ABDD-based method is more efficient than the MDD-based approach in terms of the CPU time in seconds for all the cases. In particular, for the mission demands of (40, 65, 39, 41) and (38, 65, 39, 40), the ABDDbased method takes less than 5% and 20% of CPU times used by the MDD-based approach, respectively.
Table 1 Configuration of the four-component three-phase system. Component
Baseline lifetime distribution
Acceleration factor
Component capacity
Ai 1
Fi(t)
(αi,1, αi,2, αi,3) (1.1,1.2,1)
(wi,1, wi,2, wi,3) (4,5,3)
(1.1,1.2,1)
(3,5,4)
(1.1,1.2,1)
(2,3,1)
(1.1,1.2,1)
(2,3,1)
Demands of phases d1 = 9, d2 = 10, d3 = 6
Coverage factors β1 = β2 = β3 = 0.95
2 3 4
( )⎭
1 − exp ⎧− ⎨ ⎩
( ) ⎫⎬⎭
t 2 100
t 1 − exp ⎧− ⎫ 80 ⎬ ⎨ ⎩ ⎭
t 1 − exp ⎧− ⎫ 80 ⎬ ⎨ ⎩ ⎭ Durations of phases T1 = 8, T2 = 3, T3 = 10
∑ Pr{El} = 0.9171.
If the FLC effect is taken into account, the system reliability becomes
Pr{E4} = F4 (∑k = 1 α4, k Tk )· ∏i ∈ {1,2,3} Ri (∑k = 1 αi, k Tk ) = 0.16695,
t 2⎫ 100 ⎬
3
5
RS =
Pr{E3} = F3 (∑k = 1 α3, k Tk )· ∏i ∈ {1,2,4} Ri (∑k = 1 αi, k Tk ) = 0.16695,
1 − exp ⎧− ⎨ ⎩
1
Then, the system reliability with perfect fault coverage is
We first consider a four-component three-phase system from [20].The detailed configuration is listed in Table 1. Fig. 6 illustrates the system ABDD constructed with the three-step approach in Section 4.1. There are five paths whose terminal is smaller than M = 3, and the corresponding Fl and Jl are given in Table 2. According to Eq. (1), we have
4
3
= (F1 (∑k = 1 α1, k Tk ) − F1 (∑k = 1 α1, k Tk ))· ∏i ∈ {2,3,4} Ri (∑k = 1 αi, k Tk ) = 0.02240,
5.3. Twenty-component six-phase system To further compare the two methods, we modify the above example 248
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
under two different mission demands. The results are reported in Table 5. Apparently, the computation time of the MDD-based approach increases dramatically with the increase in the number of phases, while the ABDD-based approach takes time that has the same order of magnitude as in the four-phase case.
Table 3 Comparison of the ABDD-based approach and the MDD-based approach. Demand
(48,74,42,43) (45,70,40,42) (40,65,39,41) (38,65,39,40)
System reliability
0.4574 0.5819 0.6670 0.7315
CPU time (second) ABDD-based
MDD-based
1.38 3.70 1.32 15.76
2.00 9.10 28.47 82.35
6. Conclusions and future work To enable efficient reliability analysis of large-scale redundant PMSs with dynamic demand requirements, a new combinatorial approach is proposed where a unified ABDD model is constructed considering all phases of the mission. The proposed method encompasses new procedures developed for ABDD model construction and evaluation generating the PMS reliability result. The way to incorporate effects of fault level coverage into the ABDD approach is also presented. As demonstrated through three examples with different scales, the proposed ABDD method is computationally more efficient than the existing method, and this advantage becomes far more prominent as the number of mission phases increases. This work mainly focuses on the demand-based redundant PMS. In the future we will extend the ABDD-based approach to reliability analysis of non-repairable systems with other structures. For such an extension, the ABDD construction procedure can be based on, e.g. the fault tree analysis. Once the ABDD model is obtained, we expect that the same interpretation and system reliability evaluation based on ABDD can be carried out. We are also interested in extending the ABDD model to the reliability analysis of PMSs with components configured in warm, cold or mixed standby modes.
Table 4 Configuration for the twenty-component six-phase system. Component
Acceleration factor
A1 , …, A7 A8, A9, A10 A11 , …, A16 A17 , …, A20 Durations of phases: (8,
(1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, (1.1, 1.2, 1.1, 1, 3, 10, 10, 8, 3)
1.1, 1.1, 1.1, 1.1,
Component capacity 1.2) 1.2) 1.2) 1.2)
(4, (3, (2, (1,
5, 5, 3, 3,
3, 4, 1, 2,
3, 4, 2, 1,
4, 3, 2, 1,
5) 5) 3) 3)
Table 5 Comparison results for the twenty-component six-phase system. Demand
System reliability
CPU time (second) ABDD-based MDD-based
(40,65,39,41, 40,65) (38,65,39,40, 38,65)
0.3647 0.3738
3.70 1.11
316.00 312.54
Acknowledgment
to a six-phase PMS. The baseline lifetime distributions for the twenty components are kept unchanged, while the component acceleration factors, capacity and duration of each phase are listed in Table 4. It can be noted that the added two phases are simply replication of the first two phases. The system reliability is evaluated by the two methods
The research was partially supported by the NSFC under the grant number 71671016 and the Fundamental Research Fund of Central Universities under the grant number FRF-GF-17-B14.
Appendix A. Proof of Proposition 1 To prove Proposition 1, we only need to show that ⋃kL= 1 Bk contains all the failure combinations where all and only the components of Fl fail during the mission and the system fails, i.e.,
Al ∖R ⊂ ⋃kL= 1 Bk . Recall that Al is the set of failure combinations where all and only the components of Fl fail during the mission. Without loss of generality, suppose Fl = {1, 2, …, l} , i.e., only components A1 , …, Al fail during the mission. Then, any failure combination in Al ∖R can be described by an ndimensional vector
X = (ξ1, ξ2, …, ξl, M + 1, …M + 1), where the ith element of X denotes the phase in which component Ai fails. Accordingly, we can obtain the system capacity CX in each phase. Define JX = max (CX , j < dj ) , and split Fl into Fl,1 and Fl,2 , where Fl,2 contains the indices of the components fail after phase JX and Fl,1 = Fl ∖Fl,2 . Here, 1≤j≤M
we can infer that if all the components in Fl,1 fail before (JX + 1) , the system cannot meet the system demand in phase JX and thus will fail the mission. Note that JX > 0 and Fl,1 ≠ ∅. Then, there must exist a path among paths e1, …, eL corresponding to the failure combination defined by Fl,1. We can identify it and suppose it is path er. Path er is characterized by Fr and Jr , where Fr = Fl,1. Now, we can show that Jr is exactly JX . In fact, Jr cannot be smaller than JX . If Jr < JX , then according to the definition of Jr , the system demand in phase JX can be met when all and only the components in Fr fail. This contradicts with that X leads to an unmet demand in phase JX . On the other hand, if Jr > JX , then we can infer that the failure of components in Fr before (Jr + 1) can lead to an unmet mission demand in phase Jr . This again contradicts with that CX, j ≥ dj for all j > JX . Therefore, Jr = JX and Br is the set of failure combinations where all and only the components of Fr fail before phase (Jr + 1) . Obviously, X ∈ Br . Considering the arbitrariness of X, Al ∖R ⊂ ⋃kL= 1 Bk holds. In addition, from the definition of Bk , we have ⋃kL= 1 Bk ⊂ R ∁. Consequently,
R ⊂ (⋃kL= 1 Bk )∁ ⊂ (Al ∖R )∁ = Al∁ ∪ R ∁
⇒ El = Al ∩ R = Al⋂(⋃kL= 1 Bk ) .
249
Reliability Engineering and System Safety 176 (2018) 242–250
Q. Zhai et al.
B. Proof of Proposition 2 First note that if Fkr ∩ Fl∁ ≠ ∅ for any 1 ≤ r ≤ s, then
Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅. This can be easily verified from the definitions of Al and Bkr . Besides, for any two paths e k1, …e ks , say e k1 and e k2 , if Fk1 ∖Fk2 ≠ ∅ and Fk2 ∖Fk1 ≠ ∅, then s
⋂ Bkr = ∅ ⇒ Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅. r=1
For example, suppose Fk1 = {1, 2} and Fk2 = {1, 3} . Then, Bk1 is the set of failure combinations that only components A1 and A2 fail before phase (Jk1 + 1) , and the other components fail after Jk1 or survive the mission, while Bk2 is the set of failure combinations where only components A1 and A3 fail before phase (Jk2 + 1) , and the other components fail after Jk2 or survive the mission. No matter Jk1 ≥ Jk2 or Jk1 < Jk2 , we see that Bk1 ∩ Bk2 is ∅. Hence, for a general event Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) = ∅, we should have a sequential inclusion relationship
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl . Recall that we have assumed that e k1, …, e ks are ordered according to the number of failed components. With Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , we can further assert that Jk1 < ⋯< Jks and Jks ≤ Jl . The reason is as follows. Without loss of generality, suppose Jk1 ≥ Jk2 . Then Bk1 is the set of failure combinations where all and only the components in Fk1 fail before (Jk1 + 1) , while Bk2 is the set of failure combinations that all and only the components in Fk2 , including the components in Fk1 and the components in Fk2 ∖Fk1, fail before phase (Jk2 + 1) . Clearly, Bk1 ∩ Bk2 = ∅. Therefore, for any nonempty term Al ∩ Bl∁⋂(⋂rs= 1 Bkr ) , we have
Fk1 ⊂ Fk2 ⊂ ⋯⊂Fks ⊂ Fl , Jk1 < ⋯< Jks ≤ Jl .
(RAMS2007). IEEE; 2007. p. 7–12. [16] Myers AF. k-out-of-n: G system reliability with imperfect fault coverage. IEEE Trans Reliab 2007;56:464–73. [17] Nelson W. Accelerated life testing-step-stress models and data analyses. IEEE Trans Reliab 1980;29:103–8. [18] Ou Y, Dugan JB. Modular solution of dynamic multi-phase systems. IEEE Trans Reliab 2004;53:499–508. [19] Peng R, Zhai Q, Xing L, Yang J. Reliability analysis and optimal structure of seriesparallel phased-mission systems subject to fault-level coverage. IIE Trans 2016;48:736–46. [20] Peng R, Zhai Q, Xing L, Yang J. Reliability of demand-based phased-mission systems subject to fault level coverage. Reliab Eng Syst Saf 2014;121:18–25. [21] Rauzy A. New algorithms for fault trees analysis. Reliab Eng Syst Saf 1993;40:203–11. [22] Shrestha A, Xing L, Dai Y. Reliability analysis of multistate phased-mission systems with unordered and ordered states. IEEE Trans Syst Man Cybern Part A: Syst Hum 2011;41:625–36. [23] Smotherman M, Zemoudeh K. A non-homogeneous Markov model for phasedmission reliability analysis. IEEE Trans Reliab 1989;38:585–90. [24] Somani AK, Trivedi KS. Boolean algebraic methods for phased-mission system analysis. Institute for Computer Applications in Science and Engineering (ICASE); 1997. [25] Tang Z, Dugan JB. BDD-based reliability analysis of phased-mission systems with multimode failures. IEEE Trans Reliab 2006;55:350–60. [26] Wang C, Xing L, Peng R, Pan Z. Competing failure analysis in phased-mission systems with multiple functional dependence groups. Reliab Eng Syst Saf 2017;164:24–33. [27] Xing L. Reliability evaluation of phased-mission systems with imperfect fault coverage and common-cause failures. IEEE Trans Reliab 2007;56:58–68. [28] Xing L, Amari SV, Wang C. Reliability of k-out-of-n systems with phased-mission requirements and imperfect fault coverage. Reliab Eng Syst Saf 2012;103:45–50. [29] Xing L, Dugan JB. Analysis of generalized phased-mission system reliability, performance, and sensitivity. IEEE Trans Reliab 2002;51:199–211. [30] Xing L, Levitin G. BDD-Based reliability evaluation of phased-mission systems with internal/external common-cause failures. Reliab Eng Syst Saf 2012;112:145–53. [31] Zang X, Sun N, Trivedi KS. A BDD-based algorithm for reliability analysis of phasedmission systems. IEEE Trans Reliab 1999;48:50–60.
References [1] Amari SV. A practical method for reliability analysis of phased-mission systems. Annual Reliability and Maintainability Symposium (RAMS2011). IEEE; 2011. p. 1–6. [2] Amari SV, Myers AF, Rauzy A, Trivedi KS. Imperfect coverage models: status and trends editor In: Misra KB, editor. Handbook of performability engineeringLondon: Springer; 2008. p. 321–48. [3] Bouricius W, Carter WC, Schneider P. Reliability modeling techniques for self-repairing computer systems. The 24th National ACM Conference. ACM; 1969. p. 295–309. [4] Bryant RE. Graph-based algorithms for Boolean function manipulation. IEEE Trans Comput 1986;100:677–91. [5] Chew SP, Dunnett SJ, Andrews JD. Phased mission modelling of systems with maintenance-free operating periods using simulated Petri nets. Reliab Eng Syst Saf 2008;93:980–94. [6] Dai Y, Levitin G, Xing L. Structure optimization of nonrepairable phased mission systems. IEEE Trans Syst Man Cybern Syst 2014;44:121–9. [7] Dugan JB. Fault trees and imperfect coverage. IEEE Trans Reliab 1989;38:177–85. [8] Levitin G, Finkelstein M, Dai Y. Redundancy optimization for series-parallel phased mission systems exposed to random shocks. Reliab Eng Syst Saf 2017;167:554–60. [9] Li S, Si S, Dui H, Cai Z, Sun S. A novel decision diagrams extension method. Reliab Eng Syst Saf 2014;126:107–15. [10] Lin YH, Li YF, Zio E. A reliability assessment framework for systems with degradation dependency by combining binary decision diagrams and Monte Carlo simulation. IEEE Trans Syst Man Cybern Syst 2016;46:1556–64. [11] Lu J-M, Wu X-Y, Liu Y, Ann Lundteigen M. Reliability analysis of large phasedmission systems with repairable components based on success-state sampling. Reliab Eng Syst Saf 2015;142:123–33. [12] Mo Y, Siewiorek D, Yang X. Mission reliability analysis of fault-tolerant multiplephased systems. Reliab Eng Syst Saf 2008;93:1036–46. [13] Mo Y, Xing L, Cui L, Si S. MDD-based performability analysis of multi-state linear consecutive-k-out-of-n: F systems. Reliab Eng Syst Saf 2017;166:124–31. [14] Mo Y, Xing L, Dugan JB. MDD-based method for efficient analysis on phased-mission systems with multimode failures. IEEE Trans Syst Man Cybern Syst 2014;44:757–69. [15] Murphy KE, Carter CM, Malerich AW. Reliability analysis of phased-mission systems: a correct approach. Annual Reliability and Maintainability Symposium
250