Claudia Picoco,Valentin Rychkov

2024-06-13

Abstract:In this paper we propose a dynamic model of Common Cause Failures (CCF) that allows to generate common cause events in time. The proposed model is a generalization of Binomial Failure Rate Model (Atwood model) that can generate staggered failures of multiple components due to a common cause. We implement the model using statechart formalism, a similar implementation can be adopted in other modeling languages like Petri Nets or Hybrid Stochastic Automata. The presented model was integrated in a Dynamic PRA study.

Performance

Dongliang Zhang,Kaiwen Zhang,Liufeng Wang,Qinqin Hong

DOI: https://doi.org/10.1088/1742-6596/1754/1/012059

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract Digital control is an inevitable trend in the development of nuclear power. The application of digital control systems in nuclear power plants not only improves the control capability of nuclear power plants, but also increases the complexity of the system. Traditional reliability analysis methods (such as event trees and fault trees) can only perform static analysis on the reactor protection system, but cannot reflect the impact of maintenance activities on system reliability. In the dynamic analysis method, the Markov model is usually applied to the exponential distribution, and the failure and maintenance process of the reactor protection system does not all obey the exponential distribution. In this paper, the Petri net method is used to model the reactor protection system, and the modules are modeled separately according to the function of the system, and finally the model is integrated. Modularization improves the flexibility and understandability of the model, shortens modeling time, and improves robustness. The proposed model was simulated using the GPenSIM tool, and the state reachability diagram of the system with or without maintenance process was obtained, and the probability of shutdown and refusal was obtained.

Nazakat Ali,Sasikumar Punneket,Abdul Rauf

DOI: https://doi.org/10.1016/j.jss.2024.111958

IF: 3.5

2024-01-04

Journal of Systems and Software

Abstract:Context Collaborative systems enable multiple independent systems to work together towards a common goal. These systems can include both human-system and system-system interactions and can be found in a variety of settings, including smart manufacturing, smart transportation, and healthcare. Safety is an important consideration for collaborative systems because one system's failure can significantly impact the overall system performance and adversely affect other systems, humans or the environment. Goal Fail-safe mechanisms for safety-critical systems are designed to bring the system to a safe state in case of a failure in the sensors or actuators. However, a collaborative safety-critical system must do better and be safe-operational, for e.g., a failure of one of the members in a platoon of vehicles in the middle of a highway is not acceptable. Thus, failures must be compensated, and compliance with safety constraints must be ensured even under faults or failures of constituent systems. Method In this paper, we model and analyze safety for collaborative safety-critical systems using hierarchical Coloured Petri nets (CPN). We used an automated Human Rescue Robot System (HRRS) as a case study, modeled it using hierarchical CPN, and injected some specified failures to check and confirm the safe behavior in case of unexpected scenarios. Results The system behavior was observed after injecting three types of failures in constituent systems, and then safety mechanisms were applied to mitigate the effect of these failures. After applying safety mechanisms, the HRRS system's overall behavior was again observed both in terms of verification and validation, and the simulated results show that all the identified failures were mitigated and HRRS completed its mission. Conclusion It was found that the approach based on formal methods (CPN modeling) can be used for the safety analysis, modeling, and verification of collaborative safety-critical systems like HRRS. The hierarchical CPN provides a rigorous way of modeling to implement complex collaborative systems.

computer science, theory & methods, software engineering

Yongjin Guo,Mingjun Zhong,Chao Gao,Hongdong Wang,Xiaofeng Liang,Hong Yi

DOI: https://doi.org/10.1016/j.ress.2021.108028

IF: 7.247

2021-01-01

Reliability Engineering & System Safety

Abstract:The dynamic and dependant behaviors are typical characteristics of modern complex systems, whose reliability is often improved through the design of multichannel parallel structures. The existence of common cause failures (CCFs) has a significant impact on system reliability. A reliability analysis model is proposed for dynamic systems with CCFs based on discrete-time Bayesian networks (DTBNs). The system operating time is dispersed into several time intervals, and the component failures are divided into independent and CCF states. Dynamic systems with cold and warm spare parts are examined to determine the modelling methodology and conditional probability tables (CPTs) of Bayesian network (BN) nodes. The reliability calculation is realised through the Bayesian inference mechanism. The model is applied to the CCF analysis and fault diagnosis of a digital safety-level distributed control system (DCS) of nuclear power plants (NPPs) to prove the effectiveness and feasibility of the method.

Zhiqiang Li,Tingxue Xu,Junyuan Gu,Haowei Wang,Jianzhong Zhao

DOI: https://doi.org/10.1007/s13369-018-3307-y

IF: 2.807

2018-05-15

Arabian Journal for Science and Engineering

Abstract:Common cause failure (CCF) has become a hot topic in reliability and availability analysis of redundant systems. Aiming at the shortage of β$$\beta $$-factor model in distinguishing three or more failures, multiple error shock theory is put forward. Having the problem in determining minimal cut sets and structure functions for dynamic fault tree (DFT), dynamic Bayesian network (DBN) is applied to transit DFT events to corresponding nodes and express causal relations between the nodes. On the base of explicit modeling for CCF, DBN models for hot spare (HSP) gate, cold spare (CSP) gate and warm spare (WSP) gate are established considering CCF processes. For a HSP gate, all failure processes are listed in the stress event layer for each component. For a CSP gate and a WSP gate, CCF node and intermediate nodes are introduced to express causal relations. At last, a control unit and its improved type are taken as examples. The DBN models are built by referring to corresponding DFT structures when taking CCFs into consideration. From the results, it is obvious that the modern unit has a relative higher reliability and availability. And it is less easily influenced by uncertainty such as failure rates and coverage factor through sensitivity analysis.

multidisciplinary sciences

Z Wang,F Huang,YX Sun,YQ Song

DOI: https://doi.org/10.1109/etfa.2003.1247768

2003-01-01

Abstract:A CPN based IEC FB model and its application are introduced in this paper. The model not only can analyze the internal procedure of IEC FB, especially the parameter's status propagation and the mode's switch, but also can be integrated into modeling IEC FB application. The latter is explained with an FB application, FB based boiler water level control system.

Yanfu Li,E. Zio,Yan-Hui Lin,Mithlesh Kumar

2012-01-01

Abstract:: Multi physical state modeling (MPSM) is a novel approach being investigated for estimating the reliability of components and systems in the context of probabilistic risk assessment (PRA). The approach integrates multi-state modeling, which describes the degradation process by transitions among discrete states (e.g. initial, micro-crack, rupture, etc) and physical modeling by (physical) equations that govern the degradation process. In practice, the degradation process is non-Markovian and its transition rates are time-dependent and influenced by external factors such as temperature and stress. Under these conditions, it is in general difficult to derive the state probabilities analytically. On the contrary, Petri nets provide a flexible modeling framework for describing degradation processes with arbitrary transition rates. In this paper, we build a Petri net in support of Monte Carlo simulation of the stochastic aging behavior of a nuclear component undergoing stress corrosion cracking. The results are compared with analytical results derived in a previous work of literature.

Yingrui Zhang,Osman Yagan

DOI: https://doi.org/10.48550/arXiv.1807.08064

2018-07-21

Abstract:Integrated cyber-physical systems (CPSs), such as the smart grid, are increasingly becoming the underpinning technology for major industries. A major concern regarding such systems are the seemingly unexpected large-scale failures, which are often attributed to a small initial shock getting escalated due to intricate dependencies within and across the individual counterparts of the system. In this paper, we develop a novel interdependent system model to capture this phenomenon, also known as cascading failures. Our framework consists of two networks that have inherently different characteristics governing their intra-dependency: i) a cyber-network where a node is functional as long as it belongs to the largest connected (i.e., giant) component; and ii) a physical network where nodes are given an initial flow and a capacity, and failure of a node results with redistribution of its flow to the remaining nodes, upon which further failures might take place due to overloading (i.e., the flow of a node exceeding its capacity). Furthermore, it is assumed that these two networks are inter-dependent. For simplicity, we consider a one-to-one interdependency model where every node in the cyber-network is dependent upon and supports a single node in the physical network, and vice versa. We provide a thorough analysis of the dynamics of cascading failures in this interdependent system initiated with a random attack. The system robustness is quantified as the surviving fraction of nodes at the end of cascading failures, and is derived in terms of all network parameters involved (e.g., degree distribution, load/capacity distribution, failure size, etc.). Analytic results are supported through an extensive numerical study. Among other things, these results demonstrate the ability of our model to capture the unexpected nature of large-scale failures and provide insights on improving system robustness.

Physics and Society,Systems and Control

Jianing Wu,Shaoze Yan,R. X. Gao

DOI: https://doi.org/10.1177/1748006x13519621

2014-01-01

Proceedings of the Institution of Mechanical Engineers Part O Journal of Risk and Reliability

Abstract:Modeling and analyzing the behavior of mechanical systems is a promising solution to achieve higher stability, reliability, availability and operability. The accurate description of the complex working principle in the mechanical system, especially the stepwise operation, is one of the crucial issues in developing a model for monitoring the state of mechanical system. This article introduces a practical method for system behavior modeling and failure analysis of the mechanism with principles of multi-operation, using high-level Petri net as the modeling language. The importance of faults and failure propagation mechanism is investigated by the state vector and the mutation vector. Case study of the proposed method contributes to validating the effectiveness of the method and provides clues for identifying weak links and evaluating reliability of the solar array system.

Tate Shorthill,Han Bao,Edward Chen,Heng Ban

DOI: https://doi.org/10.48550/arXiv.2206.11321

2022-06-22

Software Engineering

Abstract:This paper presents an approach for modeling software common cause failures (CCFs) within digital instrumentation and control (I&C) systems. CCFs consist of a concurrent failure between two or more components due to a shared failure cause and coupling mechanism. This work emphasizes the importance of identifying software-centric attributes related to the coupling mechanisms necessary for simultaneous failures of redundant software components. The groups of components that share coupling mechanisms are called common cause component groups (CCCGs). Most CCF models rely on operational data as the basis for establishing CCCG parameters and predicting CCFs. This work is motivated by two primary concerns: (1) a lack of operational and CCF data for estimating software CCF model parameters; and (2) the need to model single components as part of multiple CCCGs simultaneously. A hybrid approach was developed to account for these concerns by leveraging existing techniques: a modified beta factor model allows single components to be placed within multiple CCCGs, while a second technique provides software-specific model parameters for each CCCG. This hybrid approach provides a means to overcome the limitations of conventional methods while offering support for design decisions under the limited data scenario.

James F. Coleman,Emmanuel K. Boafo,S. Yamoah,F. Ameyaw

DOI: https://doi.org/10.1155/2023/5889803

IF: 0.849

2023-03-05

Science and Technology of Nuclear Installations

Abstract:Common cause failures (CCFs) may lead to the simultaneous unavailability or failure of numerous components in the nuclear power plant because of the existence of a shared cause when an initiating event disrupts the normal functioning of nuclear power plants. The presence of common cause failures (intra-unit and inter-unit) can be recognized in a multi-unit probabilistic safety assessment (MUPSA) as a crucial dependency factor that can influence accident scenarios and the core damage frequency (CDF), as CCF may affect the availability and proper operation of mitigating systems. Since such failures are likely to significantly undermine the benefits of the concept of redundancy in nuclear power plant systems, it is necessary to identify the CCFs that contribute to the core damage in a multi-unit site and analyse their overall quantitative magnitude and qualitative proportions. In this study, a twin-unit generic pressurized water reactor (PWR) nuclear plant is modeled using the AIMS-PSA software. For the loss-of-offsite-power (LOOP) and station blackout (SBO) events, the site CDF was calculated, and the cut-sets produced by this quantification were examined for the modeled CCF basic events in the fault trees. The quantitative and qualitative contributions of the CCFs to the frequency of site core damage were examined. CCFs in the modeled fault trees contributed to 4.58% to the site CDF of the combined LOOP followed by SBO event. In the LOOP event alone that leads to core damage, the CCF contributed 4.58% to the site CDF while CCFs contributed 17.19% to the site CDF in the SBO event alone that leads to core damage. With CCF events considered in the modeling process, the site CDF estimated with CCF events increased by 7.53% in the combined LOOP followed by SBO event. In the LOOP event alone that leads to core damage, inclusion of CCF events in the modeling increased the site CDF by 7.42%. A 15.66% increase in site CDF was recorded in the SBO event alone that leads to core damage as compared to modeling without CCF events. The results show how crucial the common cause failure contribution is to site CDF. The safety of the nuclear plant at a site is impacted by an increase in site CDF when common cause failures are considered. The various CCF fundamental event compositions and their percentage contributions were explicitly examined by the minimal cut-sets which leads to core damage in the units. In conclusion, this study's findings can help us better understand how CCFs increase multi-unit site risk and can also act as a starting point for future studies on the qualitative and quantitative categorizations of CCF effects within MUPSA.

nuclear science & technology

Han Bao,Hongbin Zhang,Tate Shorthill,Edward Chen,Svetlana Lawrence

DOI: https://doi.org/10.1016/j.ress.2022.108973

2022-11-19

Abstract:Digital instrumentation and control (DI&C) systems at nuclear power plants (NPPs) have many advantages over analog systems. They are proven to be more reliable, cheaper, and easier to maintain given obsolescence of analog components. However, they also pose new engineering and technical challenges, such as possibility of common cause failures (CCFs) unique to digital systems. This paper proposes a Platform for Risk Assessment of DI&C (PRADIC) that is developed by Idaho National Laboratory (INL). A methodology for evaluation of software CCFs in high safety-significant safety-related DI&C systems of NPPs was developed as part of the framework. The framework integrates three stages of a typical risk assessment—qualitative hazard analysis and quantitative reliability and consequence analyses. The quantified risks compared with respective acceptance criteria provide valuable insights for system architecture alternatives allowing design optimization in terms of risk reduction and cost savings. A comprehensive case study performed to demonstrate the framework's capabilities is documented in this paper. Results show that the PRADIC is a powerful tool capable to identify potential digital-based CCFs, estimate their probabilities, and evaluate their impacts on system and plant safety.

engineering, industrial,operations research & management science

Florent Brissaud,Fernando Luiz

DOI: https://doi.org/10.48550/arXiv.1501.06487

2015-01-21

Abstract:According to the IEC 61508 functional safety standard, it is required to estimate the achieved safety integrity of the system due to random hardware failures. For a safety function operating in a low demand mode, this measure is the average probability of a dangerous failure on demand (PFDavg). In the present paper, four techniques have been applied to various configurations of a case study: fault tree analyses supported by GRIF/Tree, multi-phase Markov models supported by GRIF/Markov, stochastic Petri nets with predicates supported by GRIF/Petri, and approximate equations (developed by DNV and different from those given in IEC 61508) supported by OrbitSIL. It is shown that all these methods yield very similar results for PFDavg, taking the characteristics required by the standard into account. The choice of a method should therefore not be determined by dogmatic assumptions, but should result of a balance between modelling effort and objectives, given the system properties. For this task, a discussion about pros and cons of each method is proposed.

Software Engineering,Probability

Vegard Steinsland,Lars Michael Kristensen,Shujun Zhang

DOI: https://doi.org/10.48550/arXiv.2212.06781

2022-12-14

Abstract:We apply Coloured Petri Nets (CPNs) and the CPN Tools to develop a formal model of an embedded system consisting of a power converter and an associated controller. Matlab/Simulink is the de-facto tool for embedded control and system design, but it relies on informal semantics and has limited support for transparent and integrated specification and validation of both the power converter electronics, controller (hardware), and the control logic (software). The contribution of this paper is to develop a timed hierarchical CPN model that mitigates the shortcomings of Simulink by relying on a Petri net formalisation. We demonstrate the application of our approach by developing a fully integrated model of a buck power converter with controller in CPN Tools. Furthermore, we perform time-domain simulation to verify the capability of the controller to serve the control objectives. To validate the developed CPN model, we compare the simulation results obtained in an open-loop configuration with a corresponding implementation in Simulink. The experimental results show correspondence between the CPN model and the Simulink model. As our CPN model reflects the fully integrated system, we are able to compare CPN simulation results to measurements obtained with a corresponding implementation in real hardware/software and compare closed-loop with open-loop configuration. The results show alignment for the steady state while further refinement of the control algorithm and validation is required.

Logic in Computer Science,Hardware Architecture

Jinhyung Park,Kyoshik Park,Chang Jun Lee

DOI: https://doi.org/10.1016/j.jlp.2024.105270

IF: 3.916

2024-04-01

Journal of Loss Prevention in the Process Industries

Abstract:A common cause factor (CCF) significantly affects achieving high safety integrity levels (SIL), such as SIL3 and SIL4. Even with very low dangerous undetected failure rates, a high CCF reduces the resulting SIL. This study proposes a new method to classify common causes, to establish more practical countermeasures for lower CCF. Real statistics guide the classification into hardware failures, systematic failures, and human errors. To determine CCF, it is crucial to thorough investigate countermeasures for these three common causes on-site. The prevailing method for CCF determination uses a score table from the latest International Electrotechnical Commission (IEC) 61508. However, some controversies surround this table. This study proposes a new table based on systematic classifications (hardware failures, systematic failures, and human errors). Additionally, the table is designed to include elements for the latest technologies, such as digital transformation systems in process safety, aligning with the International Association of Oil and Gas Producers (IOGP) report requirements. A case study illustrates the efficacy of the proposed study, revealing that the proposed table is more effective in preventing accidents than the latest IEC 61508 Part 6 Edition 2.0.

engineering, chemical

MD Jeng,XL Xie

DOI: https://doi.org/10.1109/robot.2001.932529

2001-01-01

IEEE Transactions on Robotics and Automation

Abstract:Degraded behavior, such as reworks, failures, and maintenance, of a semiconductor manufacturing system (SMS) is not negligible in practice. When modeled by Petri nets, degraded behavior may be represented as initially-unmarked elementary circuits, interpreted as local processing cycles. Most existing "well-behaved" net classes for manufacturing have problems with describing such cycles and thus may have difficulties in modeling SMSs. We extend the class of nets in Jeng and DiCesare (1995) into the class of RCN* merged nets that model SMSs with such cycles. To model an SMS, we first describe the behavior of each resource type using a state-machine module, called RCN. Any RCN can be constructed as a connection of acyclic sub-nets called blocks, where one of them denotes the normal behavior of the resource type and the others denote its degraded behavior. Next, an RCN* merged net for the entire system is built by fusing all modules, conforming to three constraints, along their common transition sub-nets, which represent their synchronization. In the analysis of RCN* merged nets, we prove that their liveness and reversibility depend on the absence of unmarked siphons, which are structural objects that mixed integer programming can check rapidly. Examples are given to illustrate the proposed approach.

Xiaoxiao Cao,Huasheng Xiong,Chao Guo,Duo Li,Haojing Zhang,Xiaojin Huang

DOI: https://doi.org/10.1299/jsmeicone.2019.27.1803

2019-01-01

Abstract:Reactor protection system (RPS) is one of the most important safety systems in nuclear power plant (NPP). A RPS usually consists of 4 redundant channels, in which a triggering signal is generated to safely shut down the reactor if necessary. The reliability analysis and assessment of RPS is a very important aspect which has been received widespread concern. Fault tree analysis (FTA) and Markov chain are two conventional reliability analysis methods for RPS. However, FTA is a static methodology which can not model the periodic surveillance test (PST) and maintenance. And Markov chain is only applicable for the exponential distribution process, whereas the failure and maintenance process for RPS do not always follow exponential distribution. Moreover, the RPS will degrade the voting logic from 2-outof-4 to 2-out-of-3 during the PST. In fact, there are few models consider this degradation process. In this paper, a dynamic reliability model for the RPS is proposed based on Petri nets. The dynamic transition processes of all states are described by Petri nets, in which the PST and maintenance are considered. Different from other models assuming the PST process following an exponential distribution, a deterministic time duration of the PST is adopted in this model. During the PST, the degradation process that voting logic transit from 2- out-of-4 to 2-out-of-3 is determined. The correctness and applicability of the model are analyzed by comparing the analytical solution and numerical solution. A comparison among the other two models and the proposed model is simulated. The result shows that degradation process voting logic from 2-out-of-4 to 2-out-of-3 will significantly increase the instantaneous unavailability during the PST. Therefore, it is indeed necessary to accurately model maintenance process and the degradation process result from that for RPS.

Yan-Feng Li,Yang Liu,Tudi Huang,Hong-Zhong Huang,Jinhua Mi

DOI: https://doi.org/10.1002/qre.2713

2020-01-01

Quality and Reliability Engineering International

Abstract:The Bayesian network (BN) is an efficient tool for probabilistic modeling and causal inference, and it has gained considerable attentions in the field of reliability assessment. The common cause failure (CCF) is simultaneous failure of multiple elements in a system under a common cause, and it is a common phenomenon in engineering systems with dependent elements. Several models and methods have been proposed for modeling and assessment of complex systems with CCF. In this paper, a new reliability assessment method is proposed for the systems suffering from CCF in a dynamic environment. The CCF among components is characterized by a BN, which allows for bidirectional reasoning. A proportional hazards model is applied to capture the dynamic working environment of components and then the reliability function of the system is obtained. The proposed method is validated through an illustrative example, and some comparative studies are also presented.

Francesco Flammini,Stefano Marrone,Nicola Mazzocca,Valeria Vittorini

DOI: https://doi.org/10.48550/arXiv.1304.6656

2013-04-16

Software Engineering

Abstract:A large number of safety-critical control systems are based on N-modular redundant architectures, using majority voters on the outputs of independent computation units. In order to assess the compliance of these architectures with international safety standards, the frequency of hazardous failures must be analyzed by developing and solving proper formal models. Furthermore, the impact of maintenance faults has to be considered, since imperfect maintenance may degrade the safety integrity level of the system. In this paper we present both a failure model for voting architectures based on Bayesian Networks and a maintenance model based on Continuous Time Markov Chains, and we propose to combine them according to a compositional multiformalism modeling approach in order to analyze the impact of imperfect maintenance on the system safety. We also show how the proposed approach promotes the reuse and the interchange of models as well the interchange of solving tools.

Lin Zuo,Tangfan Xiahou,Yu Liu

DOI: https://doi.org/10.3233/JIFS-18290

2019-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Reliability assessment of complex engineered systems is challenging as epistemic uncertainty and common cause failure (CCF) are inevitable. The probabilistic common cause failure (PCCF), which characterizes the simultaneous failures of multiple components with distinguished chances, is a generalized model of traditional CCF model. To accurately assess system reliability, it is of great significance to take both the effects of PCCF and the epistemic uncertainty of components' state probabilities into account. In this paper, an evidential network model is proposed to assess system reliability with interval-valued PCCFs and epistemic uncertainty associated with components' state probabilities. The procedures of computing the mass distribution of a component suffering from multiple PCCFs are detailed. The inference algorithm in the evidential network is, then, used to calculate the mass distribution of the entire system. The Birnbaum importance measure is also defined to identify the weak components under PCCFs and epistemic uncertainty. A safety instrumented system is exemplified to demonstrate the effectiveness of the proposed evidential network model in terms of coping with PCCFs and epistemic uncertainty. The importance results show that both the epistemic uncertainty associated with components' state probabilities and PCCFs have impact on components' importance.