Yves Dutuit

Dependability modelling and evaluation by using stochastic Petri nets: application to two test cases

Abstract The systems modelling and the assessment of their performances are the two key phases of any reliability or risk analysis study. However, it is well known and admitted that most of the methods devoted to this goal are unsuitable if the physical behaviour of the systems cannot be made independent from the probabilistic behaviour, as is the case for dynamic process systems. To overcome this inefficiency, some alternative methods have recently appeared. But they are not very approachable and could be, for this reason, ignored by most of the practitioners. Among these methods, however, simulation methods should be confirmed. From this point of view, the authors propose a straightforward approach to this problem by using stochastic Petri nets on a simple and well-known dynamic system from the literature. In addition, for testing this approach, the authors have carried it out on a system with periodically tested components. The results obtained are compared to those already published, the limits of the method are underlined and its efficiency in solving this kind of problem is being examined.

A linear-time algorithm to find modules of fault trees

A module of a fault tree is a subtree whose terminal events do not occur elsewhere in the tree. Modules, which are independent subtrees, can be used to reduce the computational cost of basic operations on fault trees, such as the computation of the probability of the root event or the computation of the minimal cut sets. This paper presents a linear time algorithm to detect modules of a fault tree, coherent or not, that is derived from the Tarjan algorithm to find strongly connected components of a graph. The authors show, on a benchmark of real fault trees, that their method detects modules of trees with several hundred gates and events within few milliseconds on a personal computer.

Probabilistic assessments in relationship with safety integrity levels by using Fault Trees

In this article, we study the assessment of safety integrity levels of safety-instrumented system by means of Fault Trees. We focus on functions with a low demand rate. For these functions, the appropriate measure of performance is the so-called probability of failure on demand (PFD) or probability of not functioning on demand. In order to calculate accurately the average PFD as per IEC 61508 standard, we introduce distributions for periodically tested components into Fault Tree models. We point out the specific problems raised by the assessment of safety integrity levels (SILs), which restrict the use of the formulae proposed in the standard. Among these problems there is the fact that SIL should be assessed by considering the time-dependent behavior of the system unavailability in addition to its average value. We check, on a simple pressure protection system, the results obtained by means of the Fault Tree approach against those obtained by means of stochastic Petri nets with predicates.

Approximate estimation of system reliability via fault trees

In this article, we show how fault tree analysis, carried out by means of binary decision diagrams (BDD), is able to approximate reliability of systems made of independent repairable components with a good accuracy and a good efficiency. We consider four algorithms: the Murchland lower bound, the Barlow-Proschan lower bound, the Vesely full approximation and the Vesely asymptotic approximation. For each of these algorithms, we consider an implementation based on the classical minimal cut sets/rare events approach and another one relying on the BDD technology. We present numerical results obtained with both approaches on various examples.

Efficient algorithms to assess component and gate importance in fault tree analysis

Abstract One of the principal activities of risk assessment is either the ranking or the categorization of structures, systems and components with respect to their risk-significance or their safety-significance. Several measures, so-called importance factors, of such a significance have been proposed for the case where the support model is a fault tree. In this article, we show how binary decision diagrams can be use to assess efficiently a number of classical importance factors. This work completes the preliminary results obtained recently by Andrews and Sinnamon, and the authors. It deals also with the concept of joint reliability importance.

The AltaRica data-flow language in use: modeling of production availability of a multi-state system

This article presents an application of the AltaRica Data-Flow language to the assessment of the average production of a production line throughout a period of time. Its contribution is twofold. The problem is described. Modelling difficulties are pointed out. Solutions are proposed via the use of the AltaRica Data-Flow language. The ability of this language to represent complex systems is demonstrated. It is shown, by means of an experimental study, that AltaRica Data-Flow models can be assessed efficiently.

A practical comparison of methods to assess sum-of-products

Abstract Many methods have been proposed in the literature to assess the probability of a sum-of-products. This problem has been shown computationally hard (namely #P-hard). Therefore, algorithms can be compared only from a practical point of view. In this article, we propose first an efficient implementation of the pivotal decomposition method. This kind of algorithms is widely used in the Artificial Intelligence framework. It is unfortunately almost never considered in the reliability engineering framework, but as a pedagogical tool. We report experimental results that show that this method is in general much more efficient than classical methods that rewrite the sum-of-products under study into an equivalent sum of disjoint products. Then, we derive from our method a factorization algorithm to be used as a preprocessing method for binary decision diagrams. We show by means of experimental results that this latter approach outperforms the formers.

A combined approach to solve the redundancy optimization problem for multi-state systems under repair policies

This paper combines universal moment generating function technique with stochastic Petri nets to solve the redundancy optimization problem for multi-state systems under repair policies. Redundant elements are included in order to achieve a desirable level of production availability. The elements of the system are characterized by their cost, performance and availability. These elements are chosen from a list of products available on the market. The number of repair teams is less than the number of reparable elements, and a repair policy specifies the maintenance priorities between the system elements. A heuristic is proposed to determine the minimal cost system configuration under availability constraints. This heuristic, first applies universal moment generating function technique to evaluate the system availability, assuming unlimited maintenance resources. Once a preliminary solution is found by the optimization algorithm, stochastic Petri nets are used to model different repair policies, and to find the best system configuration (architecture and number of repairmen) in terms of global performance (availability and cost). This combined procedure is applied to a reference example.

Make your Petri nets understandable: Reliability block diagrams driven Petri nets

For more than 30 years, the Petri nets (PNs) have proven to be very powerful for safety/dependability modeling and calculations. The number of publications is increasing and a standard is even going to be issued soon. Nevertheless, the dissemination is slow and the PNs are not yet commonly used by reliability engineers. As a matter of fact, the current PNs are often intricate and difficult to understand even if, in reality, they model simple systems. This is discouraging both for the PN designers and the PN readers and this is certainly one of the causes impeding the dissemination of this approach. Hopefully, some simple additional graphical rules can be easily implemented to undertake the PN modeling of large industrial systems while keeping the readability and the understandability all along the building process. The aim of this publication is to deal with the graphical aspects of Petri nets and it proposes first some very simple tricks and guidelines to structure and improve the drawing of standard PNs. It explains how the introduction of predicates and assertions allows developing modules (i.e., generic sub-PNs) in order to build the PNs in a modular way. Then it shows how reliability block diagrams (respectively flow diagrams) may be used as guidelines to build large PNs by using the above modules. It describes the RBD driven PNs which are very effective to model safety systems (e.g. safety instrumented systems) and explains how to extend them to the flow diagram (FD) driven PNs which allow to undertake simplified production availability modeling and calculations.

New insight into the average probability of failure on demand and the probability of dangerous failure per hour of safety instrumented systems

The aim of this paper is to give a new insight into some fundamental concepts of the IEC 61508 standard. First, low and high or continuous demand modes of operation of safety instrumented systems are examined by analysing their official definitions given in the IEC 61508 and IEC 61511 standards. In this context, the paper proposes a new criterion for distinguishing these two modes of operation. A study allowing the determination of accident frequency is also presented, where the system under study consists of one element under control and its associated safety instrumented system. Second, the relationship between the average probabilities of failure on demand and the risk reduction factor is studied. It is shown that the commonly used approach (the standard approach) may lead to an optimistic value for the risk reduction factor. Finally, the paper clarifies the nature of the probability of failure per hour of a safety instrumented system and proposes different ways to compute this in the general case, based on fault tree, Markov model, and Petri nets approaches.