Dependability Evaluation through Markovian model Markovian model - - PowerPoint PPT Presentation

Dependability Evaluation through Markovian model

Markovian model

The combinatorial methods are unable to:

• take care easily of the coverage factor
• model the maintenance

The Markov model is an alternative to the combinatorial methods. T wo main concepts:

• state
• state transition

State and state transitions

State: the state of a system represents all that must be known to describe the system at any given instant of time

For the reliability/availability models each state represents a distinct combination of faulty and fault-free components

State transitions govern the changes if state that occur within a system

For the reliability/availability models each transition takes place when one or more components change state due to an event of a fault or a repair action

State and state transitions (cnt.)

• State transitions are characterized by probabilities, such as probability of fault,

fault coverage and the probability of repair

• The probability of being in any given state, s, at some time,t+∆t depends both:

– the probability that the system was in a state from which it could transit to state state s given that the transition occurs during ∆t – the probability that the system was in state s at instant t and there was no event in the interval time ∆t

• The initial state should be any state, normally it is that representing all fault-

free components IMPORTANT: IN A MARKOV CHAIN THE PROBABILITY TRANSITION DEPENDS ONLY ON THE ACTUAL STATE (Memoryless Property)

TMR reliability evaluation

I O

C1 C2 C3 r/n

• There are 4 components (1 voter + computation

module), therefore each state is represented by 4 bit:

• if the component is fault-free then the bit value is 1
• otherwise the bit value is 0.
• For example (1,1,1,1) represents the faut-free state
• For example (0,0,0,0) represents all components faulty

TMR reliability evaluation: states diagram

1,1,1,1 1,1,0,1 0,1,1,1 0,0,1,1 0,1,1,0 0,0,1,0 1,0,1,1 1,0,1,0 0,1,0,0 0,0,0,0 1,1,1,0 1,0,0,0 1,1,0,0 1,0,0,1 0,0,0,1 0,1,0,1

Markov chain reliability evaluation methodology

• State transition probability evaluation:
• If the fault occurence of a component is

exponentially distributed (e-λt) with fault rate equal to (λ), then the probability that the fault-free component at istant t in the interval ∆t become faulty is equal to:

• 1 – e-λ∆t

Probability property

Prob{there is a fault between t e t+∆t} = = Prob{there is a fault before t+∆t/the component was fault-free at t} = = Prob{there is a faul before t+∆t and the component was fault-free at t} Prob{the component was fault-free at t} = Prob{there is a fault before t+∆t} − Prob{there is a fault before t} = Prob{the component was fault-free at t} = (1 – e-λ(t+∆t)) − (1 – e-λt) = 1 – e-λ(t+∆t) − 1 + e-λt e-λt e-λt

Probability property

= e-λt – e-λ(t+∆t) = e-λt = e-λt _ e-λ(t+∆t) = 1 − e-λ∆t

e-λt

e-λt

If we expand the exponential part we have the following series: 1 – e-λ∆t = 1 − 1 + (−λ∆t) + (−λ∆t)2 + … 2! = λ∆t − (−λ∆t)2 − … 2! For value of λ∆t << 1, we have the following good approximation: 1 – e-λ∆t ≈ λ∆t

c

TMR reliability evaluation: reduced states diagram

3λe 2,1 G 2λe+λv 3,1 λv

State (3,1) → (1,1,1,1) State (2,1) → (0,1,1,1) + (1,0,1,1) + (1,1,0,1) State (G) → all the other states

Transition probability (in the interval between t and t+∆t):

• from state (3,1) to state (2,1) -> 3λe∆t ;
• from state (3,1) to state (G) -> λv∆t ;
• from state(2,1) to state (G) -> 2λe∆t+λv∆t .

TMR reliability evaluation

Given the Markov process properties, i.e.

the probability of being in any given state, s, at some time, t+∆t depends both:

– the probability that the system was in a state from which it could transit to state state s given that the transition

• ccurs during ∆t

– the probability that the system was in state s at instant t and there was no event in the interval time ∆t

we have that:

P(3,1) (t+∆t) = (1− 3λe ∆t − λv ∆t) P(3,1) (t) P(2,1) (t+∆t) = 3λe ∆t P(3,1) (t) + (1− 2λe ∆t − λv ∆t) P(2,1) (t) P(G) (t+∆t) = λv ∆t P(3,1) (t) + (2λe ∆t + λv ∆t) P(2,1) (t) + P(G) (t)

TMR reliability evaluation

With algebric operations:

∆t → 0

P(3,1) (t+∆t) − P(3,1) (t) = − (3λe + λv) P(3,1) (t) = d P(3,1) (t) ∆t dt ∆t → 0 P(2,1) (t+∆t) − P(2,1) (t) = 3λe P(3,1) (t) − (2λe + λv) P(2,1) (t) = d P(2,1) (t) ∆t dt ∆t → 0 P(G) (t+∆t) − P(G) (t) = λv P(3,1) (t) + (2λe + λv) P(2,1) (t) = d P(G) (t) ∆t dt

TMR reliability evaluation

i.e: P'3,1 (t) = − (3λe + λv )P3,1 (t) P'2,1 (t) = 3λe P3,1 (t) − (2λe + λv )P2,1 (t) P'G (t) = λv P3,1 (t) + (2λe + λv )P2,1 (t)

That in matrix notation can be expressed as: π(t) = π(t) Q(t) dt (P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q

−

TMR reliability evaluation

the reliability is the probability of being in any fault- free state, i.e, in this case of being in state (3,1) or (2,1). R(t) = P3,1 (t) + P2,1 (t) = 1 − PG (t) with the initial condition P3,1(0) = 1

TMR reliability evaluation

where:

−(3λe+λv) 3λe λv Q = 0 −(2λe+λv) (2λe+λv) 0 0 0 P = Q + I → Q = P − I 1−(3λe+λv) 3λe λv P = 0 1−(2λe+λv) (2λe+λv) 0 0 1

Properties of Laplace’s transformation

Markov Processes for maintenable systems

Two kinds of events:

• fault of a component (module or voter)
• repair of the system (of a module or the voter or both)

Hypothesis: the maintenance process is exponentially distributed with repair rate equal to µ

3λe

2,1 G

2λe+λv

3,1

λv µ µ

Availability evaluation of TMR system

3λe

2,1 G

2λe+λv

3,1

λv µ µ

P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1 P’3,1(t) = − (3λe + λv ) P3,1(t) + µ P2,1(t) + µ PG(t) P’2,1(t) = 3λe P3,1(t) − (2λe + λv + µ) P2,1(t) P’G(t) = λv P3,1(t) + (2λe + λv) P2,1(t) − µ PG(t)

dπ(t) = π(t) Q(t)

dt

i.e. (P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q

Availability evaluation of TMR system

−(3λe+λv) 3λe λv Q = µ −(2λe+λv+µ ) (2λe+λv) µ − µ Q = P − I → P = Q + I 1 −(3λe+λv) 3λe λv P = µ 1 − (2λe+λv+µ) (2λe+λv) µ 1 − µ

Istantaneous Availability evaluation

• f TMR system

The Istantaneous Availability is the probability of being in any fault-free state (in this case: state (3,1) or (2,1)). A(t) = P3,1 (t) + P2,1 (t) = 1 − PG (t) with the initial conditionP3,1(0) = 1

Limiting or steady state Availability evaluation

• f TMR system

P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1 with t 00 we have that P’(t) = 0 P’3,1(t) = 0 = − (3λe + λv ) P3,1(t) + µ P2,1(t) + µ PG(t) P’2,1(t) = 0 = 3λe P3,1(t) − (2λe + λv + µ) P2,1(t) P’G(t) = 0 = λv P3,1(t) + (2λe + λv) P2,1(t) − µ PG(t)

Limiting or steady state Availability evaluation

• f TMR system

P3,1(t) + P2,1(t) + PG(t) = 1 P3,1(0) = 1 with t 00 we have that P’(t) = 0 and P(t) = P P’3,1(t) = 0 = − (3λe + λv ) P3,1 + µ P2,1 + µ PG P’2,1(t) = 0 = 3λe P3,1 − (2λe + λv + µ) P2,1 P’G(t) = 0 = λv P3,1 + (2λe + λv) P2,1(t) − µ PG

Limiting or steady state Availability evaluation

• f TMR system

P3,1 + P2,1 + PG= 1 P3,1 = P2,1 = PG =

Safety evaluation

Four types of events:

• fault of a component (module or voter) correcttly

diagnoticated

• fault of a component not detected
• correct repair of the system (of a module or the voter
• r both)
• uncorrect repair of the system

λ → fault rate µ → repair rate Cg → fault detection coverage factor Cr → correct repair coverage factor

Single component Safety evaluation

λ Cf

S U

µ (1-Cr)

λ (1-Cf)

µ Cr

→ fault free state S→ safe fault state U→ unsafe fault state

Hypothesis:

• if a fault is not well diagnosticated then it

will never be detected

• If a reconfiguration is not wel done then it

will be never detected

Therefore U is an absorbing state

Single component Safety evaluation

Safety = probability to stay in state 0 or GS

PO(t) + PGS(t) = 1 − PGI(t) PO(0) = 1 P’O(t) = − (λ(1− Cg) + λCg)) PO(t) + µCr PGS(t) P’GS(t) = λCg PO(t) − (µ(1− Cr)+ µCr) PGS(t) P’GI(t) = λ(1− Cg) PO(t) + (µ(1− Cr)PGS(t)

Single component Safety evaluation

−λ λCg λ(1-Cg) Q = µCr µ µ (1-Cr)

dπ(t) = π(t) Q(t)

dt

i.e. (P'3,1 P'2,1 P'G) = (P3,1 P2,1 PG) * Q

Performability

Index taking into account even the performance of the system given its state (related to the number of fault-free components)

f(z(t)) t

fmin

S1 S2

We will discuss it when we will know how evaluate the performance of a system

I O C21 C23 C22 C111 C12 C112 C11 C1 C2

R 11 = R 111 . R 112 R 1 = 1 - (1 - R 11) . (1 - R 12) R 2 = 1 - (1 - R 21) . (1 - R 22) . (1 - R 23) R = R 1 . R 2

Reliability/Availability/Safety evaluation of complex system