Dependability Evaluation through Markovian model

Dependability Evaluationthrough Markovian model

Markovian model

The combinatorial methods are unable to:

- take care easily of the coverage factor

- model the maintenance

The Markov model is an alternative to the combinatorial methods.

Two main concepts: - state

- state transition

State and state transitionsState: the state of a system represents all that must be

known to describe the system at any given instant of time

For the reliability/availability models each state represents a distinct combination of faulty and fault-free components

State transitions govern the changes if state that occur within a system

For the reliability/availability models each transition take place when one or more components change state for the event of a fault or for a repair action

State and state transitions (cnt.)

• State transitions are characterized by probabilities, such probability of fault, fault coverage and the probability of repair

• The probability of being in any given state, s, at some time,t+t depends both:– the probability that the system was in a state from which it could transit

to state state s given that the transition occurs during t – the probability that the system was in state s at instant t and there was

no event in the interval time t • The initial state should be any state, normally it is that representing all

fault-free components

• IMPORTANT: IN A MARKOV CHAIN THE PROBABILITY TRANSITION DEPEND ONLY BY THE ACTUAL STATE, i.e. THE STATE CAPTURES THE HISTORY OF THE OLD TRANSITIONS

TMR reliability evaluation

I O

C1

C2

C3

r/n

• There are 4 components (1 voter + computation module), therefore each state is represented by 4 bit:• if the component is fault-free then the bit value is 1• otherwise the bit value is 0.

• For example (1,1,1,1) represents the faut-free state• For example (0,0,0,0) represents all components faulty

TMR reliability evaluation: states diagram

1,1,1,1

1,1,0,1

0,1,1,1

0,0,1,1

0,1,1,00,0,1,0

1,0,1,11,0,1,0

0,1,0,0

0,0,0,01,1,1,0

1,0,0,0

1,1,0,01,0,0,1

0,0,0,1

0,1,0,1

Markov chain reliability evaluation methodology

• State transition probability evaluation:

• If the fault occurence of a component is exponentially distributed (e-t) with fault rate equal to (), then the probability that the fault-free component at istant t in the interval t become faulty is equal to:

• 1 – e-t

Probability property

Prob{there is a fault between t e t+t} =

= Prob{there is a fault before t+t/the component was fault-free at t} =

= Prob{there is a faul before t+t and the component was fault-free at t} Prob{the component was fault-free at t}

= Prob{there is a fault before t+t} Prob{there is a fault before t} =

Prob{the component was fault-free at t}

= (1 – e-(t+t)) (1 – e-t) 1 – e-(t+t) 1 + e-t = e-t e-t

Probability property

= e-t – e-(t+t) = e-t

= e-t _ e-(t+t) = 1 e-t

e-t e-t

If we expand the exponential part we have the

following series:

1 – e-t = 1 1 + (t) + (t)2 + … 2!

t (t)2 … 2!

For value of t << 1, we have the following good approximation:

1 – e-t t

TMR reliability evaluation: reduced states diagram

3e2,1

G

2e+v

3,1

v

State (3,1) (1,1,1,1)

State (2,1) (0,1,1,1) +

(1,0,1,1) + (1,1,0,1)

State (G) all the other states

Transition probability (in the interval between t and t+t): from state (3,1) to state (2,1) -> 3et ; from state (3,1) to state (G) -> vt ;from state(2,1) to state (G) -> 2et+vt .


Transition probability (in the interval between t and t+t): from state (3,1) to state (2,1) -> 3et ; from state (3,1) to state (G) -> vt ;from state(2,1) to state (G) -> 2et+vt .


Given the Markov process properties, i.e.the probability of being in any given state, s, at some time, t+t depends

both:– the probability that the system was in a state from which it could transit to

state state s given that the transition occurs during t – the probability that the system was in state s at instant t and there was no

event in the interval time t we have that

P(3,1) (t+t) = (1 3e t v t) P(3,1) (t)

P(2,1) (t+t) = 3e t P(3,1) (t) + (1 2e t v t) P(2,1) (t)

P(G) (t+t) = v t P(3,1) (t) + (2e t + v t) P(2,1) (t) + P(G) (t)


With algebric operations:

t 0

P(3,1) (t+t) P(3,1) (t) = (3e + v) P(3,1) (t) = d P(3,1) (t)

t dt

t 0

P(2,1) (t+t) P(2,1) (t) = 3e P(3,1) (t) (2e + v) P(2,1) (t) = d P(2,1) (t)

t dt

t 0

P(G) (t+t) P(G) (t) = v P(3,1) (t) + (2e + v) P(2,1) (t) = d P(G) (t)

t dt


i.e:P'3,1 (t) = (3e + v )P3,1 (t)P'2,1 (t) = 3e P3,1 (t) (2e + v )P2,1 (t)P'G (t) = v P3,1 (t) + (2e + v )P2,1 (t)

That in matrix notation can be expressed as:

(t) = (t) Q(t)

dt

(P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q


the reliability is the probability of being in any fault-free state, i.e, in this case of being in state (3,1) or (2,1).

R(t) = P3,1 (t) + P2,1 (t) = 1 PG (t)

with the initial conditionP3,1(0) = 1

aaTMR reliability evaluation

where: (3e+v) 3e v

Q = 0 (2e+v) (2e+v)

0 0 0

P = Q + I Q = P I

1(3e+v) 3e v

P = 0 1(2e+v) (2e+v)

0 0 1

Properties of Laplace’s transformation

Markov Processes for maintenable systems

Two kind of events:- fault of a component (module or voter)- repair of the system (of a module or the voter or both)

Hypothesis: the maintenance process is exponentially distributed with repair rate equal to

3e

2,1

G

2e+v

3,1

v

Availability evaluation of TMR system

3e

2,1

G

2e+v

3,1

v

P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1

P’3,1(t) = (3e + v ) P3,1(t) + P2,1(t) + PG(t)

P’2,1(t) = 3e P3,1(t) (2e + v + ) P2,1(t)

P’G(t) = v P3,1(t) + (2e + v) P2,1(t) PG(t)

d(t) = (t) Q(t) dt

i.e. (P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q

Availability evaluation of TMR system

(3e+v) 3e v

Q

= (2e+v+

)

(2e+v)

0

Q = P I P = Q + I

1 (3e+v) 3e v

P

= 1

(2e+v+)(2e+v)

0 1

Istantaneous Availability evaluation of TMR system

the Istantaneous Availability is the probability of being in any fault-free state, i.e, in this case of being in state (3,1) or (2,1).

A(t) = P3,1 (t) + P2,1 (t) = 1 PG (t)

with the initial conditionP3,1(0) = 1

Limiting or steady state Availability evaluation of TMR system

P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1

with t we have thatP’(t) = 0

P’3,1(t) = 0 = (3e + v ) P3,1(t) + P2,1(t) + PG(t)

P’2,1(t) = 0 = 3e P3,1(t) (2e + v + ) P2,1(t)

P’G(t) = 0 = v P3,1(t) + (2e + v) P2,1(t) PG(t)


P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1

with t we have thatP’(t) = 0 and P(t) = P

P’3,1(t) = 0 = (3e + v ) P3,1 + P2,1 + PG

P’2,1(t) = 0 = 3e P3,1 (2e + v + ) P2,1

P’G(t) = 0 = v P3,1 + (2e + v) P2,1(t) PG


P3,1 + P2,1 + PG= 1

P3,1 =

P2,1 =

PG =

Safety evaluation

Four kind of events:- fault of a component (module or voter) correcttly diagnoticated - fault of a component not detected- correct repair of the system (of a module or the voter or both)- uncorrect repair of the system

fault rate

repair rateCg fault detection coverage factor

Cr correct repair coverage factor

Single component Safety evaluation

Cg

GS

GI

(1-Cr)

0

(1-Cg)

Cr

0 fault free state

GS safe fault state

GI unsafe fault state

Hypothesis:- if a fault is not well diagnosticated then

it will never be detected

- If a reconfiguration is not wel done

then it will be never detected

Therefore GI is an absorbing state


Safety = probability to stay in state 0 or GS

PO(t) + PGS(t) = 1 PGI(t) PO(0) = 1

P’O(t) = ((1 Cg) + Cg)) PO(t) + Cr PGS(t)

P’GS(t) = Cg PO(t) ((1 Cr)+ Cr) PGS(t)

P’GI(t) = (1 Cg) PO(t) + ((1 Cr)PGS(t)


Cg (1-Cg)

Q

=

Cr (1-Cr)

0 0 0

d(t) = (t) Q(t) dt

i.e. (P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q

Performability

Index taking into account even the performance of the system given its state (related to the number of fault-free components)

f(z(t))

t

fmin

S1

S2

We will discuss it when we will know how evaluate the performance of a system

I OC21

C23

C22

C111

C12

C112

C11

C1 C2

R 11 = R 111 . R 112

R 1 = 1 - (1 - R 11) . (1 - R 12) R 2 = 1 - (1 - R 21) . (1 - R 22) . (1 - R 23)

R = R 1 . R 2

Reliability/Availability/Safety evaluation of complex system

Dependability Evaluation through Markovian model

Documents