LESSONS LEARNED IN PHYSICS-BASED RELIABILITY Fayssal M. Safie, PhD, - - PowerPoint PPT Presentation

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 1

LESSONS LEARNED IN PHYSICS-BASED RELIABILITY

Fayssal M. Safie, PhD, A-P-T Research, Inc., Huntsville, Alabama SRE Monthly, March 10, 2020

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 2

AGENDA

• Definitions
• What is Physics-Based Reliability?
• Why Physics Based Reliability
• Where Does Physics-Based Reliability Fit in a “Reliability Case”
• Case Studies - Discussions

 Bearing Inner Race – A Design Development Case  Frangible Joints – Understanding Failure Mechanism and Design Margins  Challenger O-Rings – A Design Failure Case  Columbia External Tank Foam – A Process/Design Failure Case

• Concluding Remarks

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 3

DEFINITIONS

• Mission Reliability prediction is the process of quantitatively estimating the mission reliability for a

system, subsystem, or component using both objective and subjective data. Operational reliability prediction techniques are dependent on the degree of the design definition and the availability of the relevant data.

• Process Reliability is the process of mapping the design drivers in the manufacturing process to

identify the process parameters critical to generate the material properties that meet the specs. A high process reliability is achieved by maintaining a uniform, capable, and controlled processes.

• Design Reliability prediction is the process of predicting the reliability of a given design based on

failure physics using statistical techniques and probabilistic engineering models.

• Reliability Demonstration is the process of quantitatively demonstrating certain reliability level (i.e.,

comfort level) using objective data at the level intended for demonstration. Models and techniques used in reliability demonstration include Binomial, Exponential, Weibull models, etc.

• Probabilistic Risk Assessment (PRA) is the systematic process of analyzing a system, a process,
• r an activity to answer three basic questions: What can go wrong that would lead to loss or

degraded performance; how likely is it (probabilities); and what is the severity of the degradation (consequences). Reliability engineers and probabilistic risk analyst need to understand the terminology and the purpose of each one to help program management to optimize system reliability for better safety, affordability, and mission success.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 4

HOW DO THEY STACK

Design Reliability (Physics based) Demonstrated Reliability

(Based on Objective data)

Mission Reliability (based on objective and subjective data) Expert Elicitation/Bayesian Analysis

common cause, human error, external events

Process Reliability

(process capability, uniformity and control)

Surrogate Data, Test Data, Field Data, Generic Data Probabilistic Risk Assessment (PRA)

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 5

WHAT IS PHYSICS-BASED RELIABILITY?

• Physics-based reliability is a methodology to assess a component reliability for a given

failure mode using engineering failure models.

• The component is characterized by a pair of transfer functions (Strength and Stress) that

represent the load (stress, or burden) that the component is placed under by a given failure mode, and capability (strength) the component must withstand failure in that mode.

• The variables of these transfer functions are represented by probability density functions.
• The interference area of these two probability distributions is indicative of failure.

Operating Stress Material Strength Failure Region

Note: In general, structural engineers use high safety factor where affordable to achieve high reliability (A deterministic approach))

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 6

Assuming both the stress and strength are normally distributed, the following expression defines the reliability for a structural component. If:

Failure Region Stress f(s) Strength f(S) µS µs

Note 1: In general, reliability is defined as the probability that the strength exceeds the stress for all values of the stress. Note 2: Normality assumption does not apply to all engineering phenomena; and, under these special circumstances when the Normal does not apply, different methodology is used to determine reliability.

WHAT IS PHYSICS-BASED RELIABILITY?

THE NORMAL CASE

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 7

WHY PHYSICS – BASED RELIABILITY?

Design Reliability Process Reliability

µS µs

• The design part is physics-based mainly driven by the loads and environment vs. capability.
• The process part is driven by process capability, process uniformity, and process control.
• The chart shows that critical design parameters (on the left) are mapped in the process (on the

right). The result is a set of critical process variables which are assessed for process capability, process uniformity, and process control.

Physics-based reliability is key to understanding failure mechanisms and identifying critical design and process variables

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 8

WHERE DOES PHYSICS-BASED RELIABILITY FIT?

Reliability Case

Reliability Testing Reliability Program Management & Control Reliability Program Plan Contractors and Suppliers Monitoring Reliability Program Audits Reliability Progress Reports Failure Review Processes Process Reliability Process Characterization Identification of Critical Process Parameters Process Uniformity Process Capability Process Control Process Monitoring Identification of Design Reliability Drivers Selected Design Reliability Elements Parts Derating Human Reliability Analysis Sneak Circuit Analysis

Physics-based Reliability Analysis

Accelerated Testing Failure Modes and Effects Analysis Reliability Requirements Reliability Prediction Reliability Requirements Analysis Reliability Requirements Allocation

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 9

CASE STUDIES - DISCUSSIONS

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 10

BEARING INNER RACE – A DESIGN DEVELOPMENT CASE

• During rig testing, the High Pressure Fuel Turbo-pump (HPFTP) Bearing of

the Space Shuttle Main Engine (SSME) experienced several cracked races. Three out of four tests failed (440C bearing races fractured). As a result, a study was formulated to:

 Determine the probability of failure due to the hoop stress exceeding the material’s capability strength causing a fracture.  Study the effect of manufacturing stresses

• n the fracture probability for two different

materials, the 440C (current material) and the 9310 (alternative material). The hoop stress is the force exerted circumferentially (perpendicular both to the axis and to the radius of the object) in both directions on every particle in the cylinder wall.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 11

BEARING INNER RACE – A DESIGN DEVELOPMENT CASE

The Simulation Model

Operating Stress Material Strength

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 12

Test Failures Race Configuration Failures in 100,000 firings** 3 of 4 440C w/ actual*

• mfg. stresses

68,000 N/A 440C w /no mfg. stresses 1,500 N/A 440 C w/ ideal mfg. stresses 27,000 0 of 15 9310 w/ ideal mfg. stresses 10

*Ideal + abusive grinding **Probabilistic Structural Analysis

THE ANALYSIS RESULTS

• The results of this analysis clearly showed that the 9310 material was preferred over

the 440C in terms of the inner race fracture failure mode.

• Manufacturing stresses effect for the 440C material was very significant.
• Material selection has a major impact on reliability.
• Physics-based reliability analysis is critical to perform sensitivity analysis and trade

studies for material selection and testing.

Manufacturing Induced stresses effect

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 13

FRANGIBLE JOINTS– UNDERSTANDING FAILURE MECHANISM AND DESIGN MARGINS CASE

Frangible Joint D Structure

Generic FJ Separation System

Control Initiator C I Det. Transfer MDF Tube assembly

Control: Spacecraft subsystem commanding the separation. Initiator: First explosive element in the firing chain. Detonation Transfer: The essential function is to transfer the detonation of the initiator to the Mild Detonating Fuse (MDF). Tube Assembly: Couple sufficient MDF energy, to the surrounding rail structure, to affect complete fracture at the notch. Structure: Carries the load of the vehicle above it during mission phases prior to separation. It is completely fracture allowing separation, when desired. Questions: 1) How Does it break? What is the failure mechanism? 2) How much margins do we have to reliably break the notch (Physics-based reliability)

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 14

FRANGIBLE JOINT - RING NOTCH RELIABILITY

Assuming both the stress and strength are normally distributed, the following expression defines the reliability for a structural component

Energy Generated by detonated Explosion Energy Required to break the ring notch

f(S) f(s) µS µs Note: In the frangible join case, a success is stress or load overcomes the notch strength

• r resistance, opposite to the general notion of strength larger than stress.

𝑆𝑇 = Φ μ𝑡 − μ𝑇 σ𝑇

2 + σ𝑡 2

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 15

0.0 0.2 0.4 0.6 0.8 1.0 1.2 10 20 30 40 DISTRIBUTION ENERGY (gr/ft) Strength: s=5% Load: s=1.5 gr/ft 0.99994

FRANGIBLE JOINTS PHYSICS-BASED RELIABILITY – FAULT TOLERANCE CASE

Failure Region – Notch will not break

𝑆𝑇 = Φ μ𝑡 − μ𝑇 σ𝑇

2 + σ𝑡 2

Strength: Energy, expressed as explosive load, required to completely fracture the joint Load: Energy available from the explosive

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 16

CHALLENGER O-RINGS A DESIGN FAILURE CASE

On January 28, 1986, the NASA shuttle orbiter mission STS-51-L and the tenth flight of Space Shuttle Challenger (OV-99) broke apart 73 seconds into its flight, killing all seven crew members, which consisted of five NASA astronauts and two Payload Specialists. Failure of a field joint of the solid rocket booster was deemed to be the cause of the accident.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 17

CHALLENGER O-RINGS A DESIGN FAILURE CASE

• The solid rocket booster field joint was

evaluated to determine the potential causes for the gas leak caused by the failure of the joint to seal.

• Evaluation identified the Zinc

Chromate putty and the O-ring material were the weak links in the joint design.

Lack of sufficient understanding of the impact of the loads and environment on the field joint O-ring material was a major contributor to the Challenger accident.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 18

CHALLENGER O-RINGS A DESIGN FAILURE CASE

• The likelihood of the putty failing and the O-ring not sealing was high:

 The zinc chromate putty frequently failed and permitted the gas to erode the primary O-rings.  The particular material used in the manufacture of the shuttle O-rings was the wrong material to use at low temperatures. The material becomes brittle at low temperatures.

Failure Region Stress f(s) Strength f(S) µS µs

A Physics-based Reliability Issue

• There was a wo-hour

delay due to the ice and a failed fire-protection

• device. NASA cleared

the liftoff for 11:38 a.m.

• Because of the cold

weather, the two O-rings used in the lower most field joint of the right solid rocket booster had become stiff and lost their ability to completely seal the joint.

Lower Capability

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 19

CHALLENGER O-RINGS A DESIGN FAILURE CASE

• The field joint design was modified to improve the reliability of the joint and

reduce the risk of a catastrophic failure

 The redesign of the joint/seal added a third O-ring and eliminated the troublesome putty which served as a partial seal.  Bonded insulation replaced the putty  A capture device was added to prevent or reduce the opening of the joint as the booster inflated under motor gas pressure during ignition.  The third O-ring would be added to seal the joint at the capture device.  The former O-rings would be replaced by rings of the same size but made of a better performing material called fluorosilicone or nitrile rubber.  Heating strips were added around the joints to ensure the O-rings did not experience temperatures lower than 75°F regardless of the surrounding temperature.  The gap openings that the O-rings were designed to seal were reduced to 6 thousandths of an inch, from the former gap of 30 thousandths of an inch.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 20

CHALLENGER O-RINGS A DESIGN FAILURE CASE

• The new joint design shown below was accepted and

approved for STS-26 mission and subsequent flights.

• It was flown successfully until the retirement of the

Space Shuttle.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 21

COLUMBIA EXTERNAL TANK FOAM A PROCESS/DESIGN FAILURE CASE

• On February 1, 2003, the Space Shuttle Columbia disintegrated upon reentering Earth's

atmosphere, killing all seven crew members.

• During the launch of STS-107, Columbia's 28th mission, a breach in the Thermal

Protection System (TPS) caused by the left bipod ramp foam insulation foam (suitcase- sized piece) striking the left wing reinforced carbon-carbon (RCC) panels. This likely created a hole, allowing hot gases to enter the wing when Columbia later re-entered the atmosphere.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 22

COLUMBIA EXTERNAL TANK FOAM A PROCESS/DESIGN FAILURE CASE

• The ET thermal protection system is a foam-type material applied to the external tank

to maintain cryogenic propellant quality, minimize ice and frost formation, and protect the structure from ascent, plume, and re-entry heating.

• The Thermal Protection System (TPS) during re-entry is needed because after

ET/Orbiter separation, premature structural overheating due to loss of TPS could result in a premature ET breakup with debris landing outside the predicted footprint.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 23

CAUSES FOR FOAM FAILURE

• The TPS design and manufacturing processes were evaluated for potential

foam failure causes:  Process control for the TPS manual spray process was identified as a major process design weak link.

• Dissections of foam revealed high likelihood of subsurface flaws and defects due to

lack of process control.

 Cryopumping and cryoingestion were experienced during tanking, launch, and ascent.

• Physics based failure analysis revealed high likelihood of cryopumping and

cryoingestion was very high.

In summary, insufficient process control and design weaknesses combined with lack of understanding of the physics of failure of the foam (cryopumping and cryoingestion) were major causes to the foam failure.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 24

COLUMBIA EXTERNAL TANK FOAM A PROCESS/DESIGN FAILURE CASE

Cryopumping:  Occurs when a void in a material or structure is at a low enough temperature to densify a contained volume of gases. As the gases are condensed, a vacuum is

• created. If there is a pathway to the surface or other voids, additional gases are

pulled or pumped into the void. When the material or structure is heated, the densified gases expand and are expelled or pumped from the void. Cryoingestion:  Occurs when gases are pulled or ingested through leak paths into regions under the foam at cryogenic temperatures. These gases condense into liquid during tanking on the launch pad, and later expand back into gases during ascent as the tank structure warms. This rapid expansion can cause increases in pressure under the foam, potentially causing divots to be liberated.  For the bipod, the leak path for this gas could have been through the heater or temperature sensor wiring harness. Another potential contributor to the cryoingestion scenario is the voids found in the material used to bond the wire harnesses to the substrate. These voids can act as reservoirs for the liquid nitrogen ingested through the harness.

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 25

COLUMBIA EXTERNAL TANK FOAM A PROCESS/DESIGN FAILURE CASE

• As part of return to flight:

 The manual spray processes were modified to improve process control, process uniformity, process capability and process control which resulted in in less subsurface flaws and defects and better material properties.  Design changes were made to eliminate cryopumping and cryoingestion during tanking, launch, and ascent.  Conducted an engineering based risk assessment supported by extensive physics- based reliability/failure integrated analysis. Process improvements, the elimination of cryopumping and cryoingestion, and understanding of the foam physics of failure led to a better foam reliability and better system safety

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 26

COLUMBIA EXTERNAL TANK FOAM A PROCESS/DESIGN FAILURE CASE

TPS Void Statistical Distributions Process Control TPS Debris Generation (divot/no divot, size/shape (mass), time and location

• f release, and pop-off velocity)

Physics-based foam Reliability ET TPS Dissections (ET Project) TPS Geometry, Properties, Boundary Conditions (ET Project) TPS Transport Model (axial/lateral locations and velocities during ascent) Orbiter Impact Algorithms (impact/no impact, location, time, mass, velocity and angle) Orbiter Geometric Models (Orbiter Project)

Input Data Validation Data

Thermal-Vacuum and Flight Imagery Data ET Dissection / Manufacturing Data Orbiter Damage Analysis (tile/RCC panel damage) Orbiter Impact / Damage Tolerances (Orbiter Project) Debris Transport and CFD Calculations (SE&I) Debris Transport Analysis Probability of Orbiter Damage Exceeding Damage Tolerance - System Risk Orbiter Post-Flight Data

The integrated Model

A-P-T Research, Inc. | 4950 Research Drive, Huntsville, AL 35805 | 256.327.3373 | www.apt-research.com ISO 9001:2015 Certified T-20-00200 | 27

CONCLUDING REMARKS

• Physics-based reliability is critical for solving complex design

problems, understanding failure mechanisms, and evaluating

design margins..

• Physics-based reliability is key in identifying critical design

drivers and process variables for a better process control and high process and design reliability.

• Because physic-based reliability requires extensive effort and

resources, it is generally used on as needed bases when failure data is limited or unavailable and the design is characterized by complex geometry or is sensitive to loads, material properties, and environments.