Skip to main content
main-content

Über dieses Buch

This book originates from the NATO Advanced Study Institute on Synthesis and Analysis Methods for Safety and Reliability Studies held at Sogesta Conference Centre, Urbino, Italy, 3-14 July 1978. The Institute, co-directed by Prof. E.J. Henley and Dr. G. Volta, was attended by 67 persons from twelve countries. The focus of the Institute was on theoretical and applied aspects of reliability and risk analysis methodologies. The Institute was composed of lectures, workshops and gu~ded discussions. From the large quantity of written material that was used and produced during the Institute, a number of papers introducing the most relevant research results and trends in the field have been selected. The papers have been edited, partly rewritten and rearranged in order to obtain in the end an integrat­ ed exposition of methods and techniques for reliability analysis and computation of complex systems. The book is divided into four sections which correspond to fairly homogeneous areas from a methodological point of view. Each section is preceded by an introduction prepared by the Editors which aims at helping the readers to put in perspective and appre­ ciate the contribution of each paper to the subject of the section.

Inhaltsverzeichnis

Frontmatter

Binary Systems

Frontmatter

Fault Tree Analysis by List-Processing Techniques

Abstract
The paper outlines an approach for AND-OR-NOT fault-tree analysis which uses simultaneously logical or qualitative and numerical or quantitative information structured in the tree. The analysis is carried out in two steps: search of the most important minimal cut-sets (MCS), computation of the availability and reliability for the cut-sets and for top events. The paper describes in detail the algorithms applied in the first phase: for the simplification of the tree, for the use of the cut-off, for the evaluation of the error introduced by the cut-off, for the search of the cut-sets in order of importance taking into account quantitative (probability) and qualitative (dependencies between events or gates) information, for the optimization of the process of analysis in order to reduce the number of cut-sets to be minimized, for the analysis of the NOT operators. These algorithms are based on the use of list processing techniques for the direct manipulation of graphs. The algorithms have been implemented in computer codes SALP-3 and SALP-4 for which examples of application are given.
M. Astolfi, S. Contini, C. L. Van den Muyzenberg, G. Volta

PATREC, a Computer Code for Fault-Tree Calculations

Abstract
A computer code for evaluating the unreliability/unavailability of complex systems defined in the fault-tree representation is described. It uses a successive reductions approach with pattern recognition; the realization is based on various programming techniques from IBM PL/1 language. The code can take into account several present-day problems: multi-dependencies treatment, uncertainties in the reliability data parameters, influence of common mode failures … The code has been running steadily for two years.
A. Blin, A. Carnino, J. P. Signoret, F. Bouscatie, B. Duchemin, J. M. Landré, H. Kalli, M. J. De Villeneuve

Repairable Multiphase Systems - Markov and Fault-Tree Approaches for Reliability Evaluation

Abstract
The reliability evaluation of a multiphase system has been described in a number of papers, if components were assumed to be non repairable. If a system is composed of repairable components, only an upper bound can be found using the fault-tree approach. In order to find an exact solution to the problem, the Markov approach can successfully be used. The purpose of this paper is to present both above-mentioned approaches.
C. A. Clarotti, S. Contini, R. Somma

Reliability Parameters for Chemical Process Systems

Abstract
The KITT (Kinetic Tree Theory) computer program for calculating system reliability parameters was modified to include time delays (storage tanks) and component (standby) redudancy. The modified program was applied to the material handling subsection of an oil shale process to obtain system availability.
Ernest J. Henley, James O. Y. Ong

About the Definition of Coherency in Binary System Reliability Analysis

Abstract
This paper was stimulated by discussions which arose at the last NATO-ASI in Urbino and by Caldarola’s new definition of coherency [1]. Moreover, the development of a procedure, for the analysis of a fault-tree constituted by AND-OR-NOT gates [2], showed the necessity of identifying the possible logic structures of actual physical systems.
A. Amendola, S. Contini

Regeneration Diagrams

Summary
The diagrammatic formalism developed to deal with component reliability problems is summarized. The effect of the time structure of failure and repair processes is discussed. An extention to a simple system calculation illustrates the incorrectness of one of the equations of kinetic tree theory.
G W Parry

Uncertainty Propagation in Fault-Tree Analysis

Abstract
This paper deals with methods of investigating the propagation of the uncertainty from the lower level (primary event) to the higher level (top) of a complex system, such as a nuclear plant.
A numerical method to determine the probability distribution at each level of the fault-tree is illustrated.
A. G. Colombo

Multistate Systems - Logic Diagram

Frontmatter

The Cat Methodology for Fault Tree Construction

Abstract
This paper presents a methodology for the systematic construction of fault trees based on decision tables. The presentation is made through an example. The modeling capability of decision tables is demonstrated and the construction of a fault tree from the decision tables is shown in a step by step fashion.
Steven L. Salem, George Apostolakis

L.A.M. Technique: Systematic Generation of Logical Structures in Systems Reliability Studies

Summary
A new approach for the reliability analysis of coherent and non-coherent systems is presented with regard to the problem of the systematic generation of failure logical structures. In particular, this methodology allows us to derive the logical behaviour of the system by means of the physical behaviour of its components.
To this end, suitable component failure-dependent analytical models are constructed to describe the component behaviour under normal and failure conditions. These models constitute, in their whole, a set of parametric equations describing the normal and failure behaviour of the whole system.
Starting from the considered component failure events, all the possible configurations of the system hypothetical failure structures are automatically generated in a controlled way. Now, by definition, to each given logical structure it corresponds a specific set of equations. Thus, the comparison of the corresponding numerical solution with analytically defined critical TOP conditions allows TOP and/or NON-TOP sets of events to be identified.
An application to the study of a simplified mixing circuit of an ethylene oxide production plant is presented.
Giuseppe Reina, Giuseppe Squellati

Multivalued Logic in the Representation of Engineering Systems

Abstract
The paper deals with the construction process of a reliability-oriented system representation made in terms of a multivalued logical tree (MVLT) which computes logical statements. The propositional variables of these logical statements assume values related with the behaviours of the system, and of its subsystems and components. When fed by a set of values for input variables, the MVLT gives the instantaneous value of the proposition it represents. A formal procedure of system decomposition and recomposition can be designed for the automatic construction of the MVLT. Foundations of this procedure are provided and solutions discussed for two cases. Merits of MVLT seem to lay on a better control of information to retain in the representation of the system, high degree of compactness, evidence given to the correspondence between logical structures and physical behaviours.
S. Garribba, P. Mussio, F. Naldi

Fault Tree Analysis with Multistate Components

Abstract
A general analytical theory has been developed which allows one to calculate the occurrence probability of the top event of a fault tree with multistate (more than two states) components.
It is shown that, in order to correctly describe a system with multistate components, a special type of boolean algebra is required. This is called “boolean algebra with restrictions on variables” and its basic rules are the same as those of the traditional boolean algebra with some additional restrictions on the variables. These restrictions are extensively discussed in the paper.
Important features of the method are the identification of the complete base and of the smallest irredundant base of a boolean function which does not necessarily need to be coherent. It is shown that the identification of the complete base of a boolean function requires the application of some algorithms which are not used in today’s computer programmes for fault tree analysis.
The problem of statistical dependence among primary components is discussed. The paper includes a small demonstrative example to illustrate the method. The example includes also statistical dependent components.
L. Caldarola

Multistate Systems - Other Methods

Frontmatter

Reliability Analysis of a Repairable Single Unit Under General Age-Dependence

Abstract
The case is considered of a single two-state unit which undergoes a symmetric alternating process of failure and restoration. It is admitted that under general circumstances aging may be described in terms of total elapsed calendar-time, total accumulated on-time (or down-time) and, possibly, upon the number of transitions. Thus it is of utmost importance to be able to calculate and find explicit analytic expressions for the p.d.f. of total on-time (or total down-time) at a given time instant. The solution of the problem relies upon a set of integral equations. This set can be easily reduced to a set of partial differential equations. The solutions appear to be rather simple and manageable for a number of cases of practical interest. Finally, relations are established with the Chapman-Kolmogorov equations describing the non-homogeneous Markov repair process.
A. Foglio Para, S. Garribba

Use of Markov Processes for Reliability Problems

Abstract
It is not possible to use methods such as fault tree analysis, to assess the reliability or the availability of time-evolutive systems. Stochastic processes have to be used and among them the Markov processes are the most interesting ones.
The basic theory of Markov processes is described in this paper in connection with reliability problems. Then the MARK-GE code developed by the French CEA is presented with an example of reliability assessment of a complex system: AC power supply of a 900 MW PWR.
A. Blin, A. Carnino, J. P. Georgin, J. P. Signoret

Some Considerations on the Markov Approach to Reliability

Abstract
The dimension of the transition rate matrix is a big problem in solving reliability problems using the Markov approach; this limitation can be partially overcome by using the sparsity and structure properties of this matrix, the problem is presented in the first part of this paper. The second part is a brief outline of a computer program to solve automatically the stationary Markov description of systems. The third part contains a discussion about what is the system behaviour described by a non stationary Markov process.
Roberto Somma

How to Use the Minimal Cuts of Fault Tree Analysis in Markov Modelling

Abstract
This contribution has been stimulated by the NATO Conference at Sogesta and worked out there. It is an attempt to clarify the concepts of a fault tree and of minimal cuts in Markov-modelling of binary systems. These concepts which are currently used in reliability theory are still meaningful if we describe a binary system by a time evolutive process instead of a statical fault tree. So it seems to us worth-wile to demonstrate by a fairly simple example what can be done with these concepts in Markov modelling. Formal proofs and further examples will be given by the author elsewhere. 1
The result will be that we can use the minimal cuts of a fault tree model to identify in a formal way the failed states relevant in the corresponding Markov model. This may be helpful for the evaluation of a Markov model related to a larger binary system by means of a computer code involving the following two problems:
(i)
Automatization of the construction of the transition matrix A of a Markov process.
 
(ii)
Calculation of the eigenvalues of the transition matrix A.
 
A lot of work has been done in numerical mathematics to solve problem (ii). By contrast not much work has been done to solve problem (i).2 The main purpose of this paper is a tutorial one.
Heinz Wenzelburger

Response Surface Methodology in Risk Analysis

Abstract
The Response Surface Methodology as a general approach to the system identification is presented. The method organises several statistical techniques in order to provide an estimate of the p.d.f. of the output variable of the identified system as a function of the p.d.f.’s of the input variable, as the final result. In particular the following techniques are dealt with:
  • the sensitivity analysis;
  • the choice of the approximating function;
  • the experimental design;
  • the parameter estimation.
A typical application is provided.
L. Olivi

Optimization Problems on System Supervision

Abstract
This paper discusses optimization of system supervision for the following two situations: (A) States of some components are monitored all the time by supervisors and states of other components are not monitored at any time, (B) Every component is subject to a supervisor with active and inactive times. For the first situation, we give an optimum supervisors allocation problem together with a simple method of solution. The second situation is discussed for protective systems. We give an optimization problem which is useful in systematic construction of a non-synchronized supervision schedule. For both situations, illustrative examples are given.
Toshiyuki Inagaki

Calculation of System Downtimes Resulting from Parallel Subsystem Repair

Abstract
This method was developed to convert “raw” maintainability data (as collected in the field or derived by the analyst) into system characteristics which can be used in subsequent effectiveness models or directly to compare the recoverability of alternate systems.
Maintainability characteristics of system elements can be described in terms of the probability of maintenance after an operating time interval and the mean and variance of its repair time. The report derives the equations to compute system downtime and repair time distribution from this data in a deterministic manner. The computation has been mechanized for use on direct access computing equipment.
Bernd Krogull

Man-System Interactions

Frontmatter

Notes on Human Error Analysis and Prediction

Abstract
An increasing effort is being put into the study of human error analysis and quantification. Unfortunately, the need for results has been growing more rapidly than the research needed to supply the basic knowledge on human functions in industrial installations and the related human failure mechanisms. Accordingly, the following review will be as much a review of problems as a survey of possible solutions. However, if the conditions under which present methods are applicable can be stated explicitly, then these conditions can be used as design criteria for systems by serving as “criteria of analys-ability”. Those criteria can then be modified or released as more efficient methods of analysis and better data become available.
Jens Rasmussen

Improving System Reliability by the Elimination of a Class of Design Errors

Abstract
This paper considers a hypothesis on the relationship between system design methods and system reliability. It sets out to discuss a class of human errors which affect system reliability and are committed, or indirectly caused, by system designers.
It defines the concept of ‘perceivable’ systems and illustrates how perceivability reduces the frequency of occurrence of human errors. A method for the design of perceivable systems is then described. The method is based on a set of principles, which are summarised in the paper, and on a set of detailed guidelines, which are referenced. The same principles can be applied to the design of hardware, software and management systems; different guidelines are required for different classes of systems.
Finally, comments are made on experience gained in using the method by members of staff and postgraduate students in the School of Electronic Engineering and Computer Science at Kingston Polytechnic.
George Rzevski

LNG Operations Risk Analyses: Evaluation and Comparison of Techniques and Results

Abstract
This paper surveys the results and compares the techniques that have been employed in LNG risk analysis for three prospective sites of large scale LNG import terminals. Risks may arise from LNG vessel operations near populated areas and from operations at the terminal. The probability of an accident occurring in LNG operations, that would be a significant threat to the public, is very small. Should such an accident occur, nevertheless, its consequences could be great. Moreover, it has to be recognised that, with a view to the differences in the models and hypotheses on which computations are based, significant uncertainties may affect final estimates.
Lloyd L. Philipson

Real Time Analysis of Process Plant Alarms

Abstract
The human operator has received little attention in the design of process monitoring and control systems. His tasks are not usually clearly defined. The instruments and controls that he is provided with might be considered as a collection of individual components rather than as a properly-engineered system. (1) In the case of alarms in a nuclear power station there may be several thousand alarms. Each alarm in a conventional system consists of a fascia panel mounted in grids on the control room walls. When ap. alarm occurs the fascia panel is illuminated and made to flash until the alarm is “accepted” by the operator. In the United Kingdom during the 1960’s it was decided that this type of system was not suitable for the 3000 alarms in use.
P. K. Andow, F. P. Lees

Material Control Study: A Directed Graph and Fault-Tree Procedure for Adversary Event Set Generation

Abstract
Lawrence Livermore Laboratory is developing an assessment procedure to evaluate the effectiveness of a potential nuclear facility licensee’s material control (MC) system. The purpose of an MC system is to prevent the theft of special nuclear material such as plutonium and highly enriched uranium. The key in the assessment procedure is the generation and analysis of the adversary event sets by a directed graph and fault-tree methodology. The methodology is described step-by-step and its application illustrated by an example.
H. E. Lambert, J. J. Lim, F. M. Gilman

The Availability of a Computer System Communications Network as Perceived by a User and Viewed Centrally

Abstract
A communications network has been assessed for availability as perceived by a user of the system and also as seen from the centralised computer. The user view analysis uses a state transition model to demonstrate that high availability is attainable for individual services at remote locations. There is a penalty that might be incurred in achieving this level of service which is revealed in a simulation model of the distribution of availability of the complete system. The second analysis based on the central view of the system confirmed the need for a centrally located operators console to control the interconnection and fault diagnosis of the communications equipment. The paper describes the communications network, gives a summary of the user view analyses and the results of the simulation.
B. K. Daniels

Backmatter

Weitere Informationen