research article unavailability analysis for k -out-of- n...

13
Research Article Unavailability Analysis for k-out-of-n:G Systems with Multiple Failure Modes Based on Micro-Markov Models Shengjin Tang, 1 Xiaosong Guo, 1 Xiaoyan Sun, 2 Haijian Xue, 1 and Zhaofa Zhou 1 1 High-Tech Institute of Xi’an, Xi’an, Shaanxi 710025, China 2 Suzhou INVO Automotive Electronics Co., Ltd., Suzhou, Jiangsu 215200, China Correspondence should be addressed to Xiaosong Guo; guoxiaosong [email protected] Received 2 January 2014; Revised 16 March 2014; Accepted 19 March 2014; Published 24 April 2014 Academic Editor: Carsten Proppe Copyright © 2014 Shengjin Tang et al. is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Markov models are commonly used for unavailability analysis of redundant systems. However, due to the exploding states of Markov models for redundant systems, the states need to be merged to simplify the computation, which is called micro-Markov models. However, how to derive the failure rates and repair rates of the newly developed micro-Markov models has not been studied thoroughly. erefore, this paper proposes detailed explanations and rules to derive the static unavailability by the micro-Markov models for the k-out-of-n:G systems with multiple failure modes. Firstly, two properties about applying the Markov models to the repairable system with independent multiple failure modes are presented. Based on these two properties, two rules are proposed for implementing the micro-Markov models. e micro-Markov models provide the exact same results for the repairable k-out-of-n:G system with multiple independent failure modes and repair mechanisms and approximate results for systems with multiple hybrid failure modes. A case study of safety integrity verification for safety instrumented systems is provided to illustrate the application of the proposed method. e conceptual comparison and numerical examples demonstrate the reasonability and usefulness of the proposed micro-Markov models. 1. Introduction A k-out-of-n:G system (hereinaſter referred to as koon system) is a redundant system where at least out of components (or channels) must be functional for the redundant system to be successful [13]. Due to the fault- tolerant ability of the koon system, it has been widely used in process industry, oil and gas industry, nuclear industry, and so forth. Reliability analysis for koon systems is a classic issue in reliability engineering. For the koon system with a single failure mode, it is easy to derive the system reliability whether the system could be repaired immediately or not [4]. However, many systems have multiple failure modes [58], which increases the complexity of the reliability analysis. A typical system with multiple failure modes is the safety instrumented system (SIS), which has been widely used in the process industry as an important protection layer to prevent hazardous events or mitigate their consequences [3, 911]. Due to the self-diagnostic function of the SIS, the dangerous failure of the SIS can be divided into dangerous detected (DD) failure and dangerous undetected (DU) failure. e DD failure, which is detected by the self-diagnostic function, can be repaired immediately. However, the DU failure can only be detected and repaired in the proof test. As the static unavailability is an important value in the reliability analysis for safety systems [925], this paper focuses on the static unavailability evaluation for koon systems with multiple failure modes. ere are many modeling techniques for unavailability analysis of koon systems with multiple failure modes, for example, simplified equations [915], reliability block dia- gram (RBD) [16], fault tree analysis (FTA) [17, 18], and Markov analysis (MA) methods [1921]. Rouvroye and Van den Bliek [22] compared these techniques and obtained the following conclusion: FTA and RBD are intuitive and easy to model; however, a new model has to be established for evaluating a new parameter by FTA and RBD. MA covers most aspects that affect reliability and can describe the Hindawi Publishing Corporation Mathematical Problems in Engineering Volume 2014, Article ID 740936, 12 pages http://dx.doi.org/10.1155/2014/740936

Upload: others

Post on 10-Feb-2020

24 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Research ArticleUnavailability Analysis for k-out-of-nG Systems with MultipleFailure Modes Based on Micro-Markov Models

Shengjin Tang1 Xiaosong Guo1 Xiaoyan Sun2 Haijian Xue1 and Zhaofa Zhou1

1 High-Tech Institute of Xirsquoan Xirsquoan Shaanxi 710025 China2 Suzhou INVO Automotive Electronics Co Ltd Suzhou Jiangsu 215200 China

Correspondence should be addressed to Xiaosong Guo guoxiaosong 1957126com

Received 2 January 2014 Revised 16 March 2014 Accepted 19 March 2014 Published 24 April 2014

Academic Editor Carsten Proppe

Copyright copy 2014 Shengjin Tang et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Markov models are commonly used for unavailability analysis of redundant systems However due to the exploding states ofMarkov models for redundant systems the states need to be merged to simplify the computation which is called micro-Markovmodels However how to derive the failure rates and repair rates of the newly developedmicro-Markovmodels has not been studiedthoroughly Therefore this paper proposes detailed explanations and rules to derive the static unavailability by the micro-Markovmodels for the k-out-of-nG systems with multiple failure modes Firstly two properties about applying the Markov models to therepairable systemwith independentmultiple failuremodes are presented Based on these two properties two rules are proposed forimplementing the micro-MarkovmodelsThemicro-Markovmodels provide the exact same results for the repairable k-out-of-nGsystem with multiple independent failure modes and repair mechanisms and approximate results for systems with multiple hybridfailure modes A case study of safety integrity verification for safety instrumented systems is provided to illustrate the applicationof the proposed method The conceptual comparison and numerical examples demonstrate the reasonability and usefulness of theproposed micro-Markov models

1 Introduction

A k-out-of-nG system (hereinafter referred to as koonsystem) is a redundant system where at least 119896 out of119899 components (or channels) must be functional for theredundant system to be successful [1ndash3] Due to the fault-tolerant ability of the koon system it has been widely usedin process industry oil and gas industry nuclear industryand so forth Reliability analysis for koon systems is a classicissue in reliability engineering For the koon system with asingle failure mode it is easy to derive the system reliabilitywhether the system could be repaired immediately or not[4] However many systems have multiple failure modes [5ndash8] which increases the complexity of the reliability analysisA typical system with multiple failure modes is the safetyinstrumented system (SIS) which has beenwidely used in theprocess industry as an important protection layer to preventhazardous events or mitigate their consequences [3 9ndash11]Due to the self-diagnostic function of the SIS the dangerous

failure of the SIS can be divided into dangerous detected(DD) failure and dangerous undetected (DU) failure TheDD failure which is detected by the self-diagnostic functioncan be repaired immediately However the DU failure canonly be detected and repaired in the proof test As the staticunavailability is an important value in the reliability analysisfor safety systems [9ndash25] this paper focuses on the staticunavailability evaluation for koon systems with multiplefailure modes

There are many modeling techniques for unavailabilityanalysis of koon systems with multiple failure modes forexample simplified equations [9ndash15] reliability block dia-gram (RBD) [16] fault tree analysis (FTA) [17 18] andMarkov analysis (MA) methods [19ndash21] Rouvroye and Vanden Bliek [22] compared these techniques and obtained thefollowing conclusion FTA and RBD are intuitive and easyto model however a new model has to be established forevaluating a new parameter by FTA and RBD MA coversmost aspects that affect reliability and can describe the

Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2014 Article ID 740936 12 pageshttpdxdoiorg1011552014740936

2 Mathematical Problems in Engineering

dynamic transitions among different system statesThereforethe MA method has been widely used in the unavailabilityanalysis of complex systems [19ndash25] However the states ofMarkov models increase explosively as the system becomesmore complex and it is fallible and time-consuming tocreateMarkovmodelsmanually Knegtering andBrombacher[19] proposed micro-Markov models for quantitative safetyassessment for SISs where the RBD of the system is firstdeveloped and redefined and then themicro-Markovmodelsare established from the redefined RBD However how toderive the failure rates and repair rates of the newly developedmicro-Markov models has not been presented in detail Guoand Yang [21] presented an automatic Markov modelingmethod to reduce the burden of computation where thestates that have identical transition rates to common statesare merged However the states with nonidentical transitionrates have not been merged

Another issue about the micro-Markov models is totransform the nonrepairable failure into the repairable failureIf the failure modes are all nonrepairable the system relia-bility can be addressed by the classical probability analysismethods for example RBD method [15] Otherwise ifthe failure modes are all repairable Markov models couldbe used However many systems include repairable andnonrepairable failure modes simultaneously which is calledhybrid failure modes in this paper Take the SIS for examplethe DU failure can be regarded as the nonrepairable failuremode which is only repaired in the proof test while the DDfailure is repairable For the hybrid failure modes using theMA method directly could result in heavy computation toderive the analytical formulas of reliability since the systemis trapped in the absorbing state of the nonrepairable failure

There are two main ways to solve this problem The firstway is regarding the repairable failure as a failure with staticfailure probability and thus the system reliability can beanalyzed by the FTA method [17] However it is complexto build the fault trees for highly redundant systems Thesecond way is transforming the nonrepairable failure as therepairable failure which is called the approachedMAmethodin [23 24] The approached MA method has already beenapplied to the low redundant system for example 1oo1system 1oo2 system and 2oo3 system [20 23ndash26] and theaccuracy is satisfied However whether the approached MAmethod could be applied to the highly redundant system andhow to derive the approached Markov models for a generalkoon system have not been presented in detail

From the above review of the related researches it canbe observed that there are two main issues remaining to besolved The first is how to merge the states for the koonsystems with multiple failure modes which is central to themicro-Markov models The second is how to transform thenonrepairable failure as the repairable failure for the generalkoon system In response to these two issues a property aboutapplying the Markov models to the repairable system with asingle failure mode is first presented Based on this propertywe present a rule for transforming the nonrepairable failureto a repairable failure for the general koon system This isthe first contribution of this paper Secondly the states of thekoon system with multiple failure modes are merged and

thus the koon system with multiple failure modes can betransformed to that with a single failure mode A propertyregarding this transformation is proposed This is the secondcontribution of this paper since the states can be mergedreasonably Then two rules are proposed for implementingthe micro-Markov models based on these two propertiesAdditionally we present a case study about the safety integrityverification of the SIS and obtain the simplified equationsFinally a conceptual comparison and a numerical exampleare presented to illustrate the application and usefulness ofthe proposed method

The remainder of this paper is organized as followsSection 2 introduces the associated acronyms notationsand assumptions Section 3 presents two properties aboutapplying the Markov models to the repairable system andproposes the mechanism regarding how to merge the statesfor a general koon system In Section 4 we apply the resultsobtained in Section 3 to a case study about the safety integrityverification for the SIS and provide a numerical exampleto illustrate the application and usefulness of the proposedmethod Section 5 concludes the paper with a discussion

2 Acronyms Notations and Assumptions

21 Acronyms

CCF common cause failureDD dangerous detected failureDU dangerous undetected failureFTA fault tree analysiskoon k-out-of-nG systemMA Markov analysisRBD reliability block diagramSIL safety integrity levelSIS safety instrumented system

22 Notations

119862119896

119899 number of combinations of size ldquokrdquo froma setwith

ldquonrdquo components119860119896

119899 number of permutations of size ldquokrdquo from a set

with ldquonrdquo componentsDC119863 dangerous diagnostic coverage coefficient119865(119905) failure probability functionMDT mean down timeMRT mean repair timeMTTR mean time to restoration119875119895 the steady state probability of state jPFD probability of dangerous failure on demandPFDavg average probability of dangerous failure ondemand119905119886 the mean time when the system failure due to theundetected failures occurs over the interval [0 1198791]

Mathematical Problems in Engineering 3

119905119889 the duration of time after system failure due to theundetected failures1198791 proof test interval120582119863 dangerous failure rate120582DD dangerous detected failure rate120582DU dangerous undetected failure rate120583DD repair rate for dangerous detected failure120583119895 the repair rate for a koon system from state j tostate 119895 minus 11205831015840

119895 the repair rate for a koon system from state j to

state 119895 minus 1 with considering the CCF120573 beta factor for DU failures120573119863 beta factor for DD failures

23 Assumptions

(i) All the 119899 components in a koon system are identicaland independent

(ii) The failure modes in one component are identicalwith those in other components (ie with the samefailure rates and repair rates)

(iii) The failuremodes in one component are independentof each other and independent of the failure modesin other components

(iv) The unrepairable failure mode can only be detectedin a proof test (1198791) and if detected it is repaired inthe time of MRT (mean repair time)

(v) The repairable failure mode can be detected andrepaired immediately If the repairable failure of acomponent is being repairing the component is notfunctioning

3 Modeling koon Systems by theMicro-Markov Models

31 A Property of Modeling koon Systems with a SingleRepairable Failure Mode In this subsection we use theMarkov models to model the koon system with a singlerepairable failure mode and derive a property of the mod-eling process The property is summarized in the followingproposition The proposition is based on the assumptionthat the failure of any component is independent of othercomponents

Proposition 1 For a koon system let 120582 and 120583 be respectivelythe failure rate and repair rate of a single component and let 120583119895be the repair rate from the state with 119895 failed components to thestate with (119895 minus 1) failed components as shown in Figure 1 (Therepair rate from the state with 119895 failed components to the statewith (119895 minus 1) failed components is affected by the dependence

of the repairs If there are 119899 repair crews existing then 120583119895 =119895120583 If only one repair crew exists then 120583119895 = 120583 To represent ageneral condition we use 120583119895 to describe the failure rate) Thenthe following holds

(1) The mean down time (MDT) of a 1oon system(MDT1oo119899) is 1120583119899

(2) For any koon system 120583119895 = 1MDT1oo119895 whereMDT1oo119895represents the MDT of a 1ooj system

Proof For a 1oon system the system fails only in state 119899 andthe MDT of the 1oon structure is 1120583119899 For a koon system asshown in Figure 1 it can be observed that when the processenters state 119895 with 119895 faults the repair team will start repairingand will bring the system to state 119895 minus 1 after a mean repairtime of 1120583119895 As the 119895 failure components are independent ofthe other 119899 minus 119895 working components the mean repair timefrom state 119895 to state 119895 minus 1 (1120583119895) is equal to the MDT of a 1oojsystem This completes the proof

The second result of Proposition 1 demonstrates therelationship between the repair rates and the MDTs of the 1-out-of-j systems This relationship provides a reasonable wayto transform the nonrepairable failure to the repairable failureor to combine the multiple failure modes to a single failuremode Based on Proposition 1 we propose novel micro-Markov models in the following subsection

32 Micro-Markov Models for koon Systems with MultipleRepairable Failure Modes As mentioned above multiplefailure modes exist widely in redundant systems Thereforeit is necessary to combine the multiple failure modes toreduce the burden of computation In the following wefirst propose micro-Markov models for koon systems withtwo repairable failure modes as illustrated in Proposition 2The assumption of Proposition 2 is that the failure andrepair of any component are independent of that of othercomponents

Proposition 2 For a koon system each component has twofailure modes with failure rates 1205821 and 1205822 and the repairrates of the two components are 1205831 and 1205832 respectively Thestate unavailability of the koon system with two failure modesequals a transformed koon system with a single failure modewhose failure rate and failure rate are 120582119898 = 1205821 + 1205822 and120583119898 = 12058211989812058311205832(12058211205832 + 12058221205831) respectively Moreover thetransformed koon system has independent failure and repairrate

Proof As the derivation of Proposition 2 changes due to thesize of the system we only give detailed derivation for aduplicate system for an illustrative purpose The derivationfor other systems for example one component system andtriplicate system is similar The Markov states transitiondiagram for a duplicate system is shown in Figure 2

From Figure 2(a) we derive the transition matrix for theoriginal duplicate system as follows

4 Mathematical Problems in Engineering

n120582 (n minus 1)120582 k120582

n minus k n minus k + 1

120583nminusk+1

1205831

1205832

0 1 2 middot middot middot

Figure 1 Markov states transition diagram for a koon system

2KO(F1)

1KO(F1)

1KO(F1)1OK

1KO(F2)1OK

2OK1KO(F2)

2KO(F2)

0

1

2

3

4

5

1205821

1205821

21205821

1205822

1205822

21205822

1205831

1205831

21205831

1205832

1205832

21205832

(a)

0 1 2

120582m2120582m

120583m

2120583m

(b)

Figure 2 Markov states transition diagram for a duplicate system ((a) Original duplicate system with two failure modes (b) transformedduplicate system with a single failure mode)

119872 =

[[[[[[[

[

minus2 (1205821 + 1205822) 21205821 21205822 0 0 0

1205831 minus1205821 minus 1205822 minus 1205831 0 1205821 1205822 0

1205832 0 minus1205821 minus 1205822 minus 1205832 0 1205821 12058220 21205831 0 minus21205831 0 0

0 1205832 1205831 0 minus1205831 minus 1205832 0

0 0 21205832 0 0 minus21205832

]]]]]]]

]

(1)

Let119901119895 (119895 = 0 1 2 5) represent the steady state probabilityof state 119895 for the original duplicate system then we have

[1199010 1199011 sdot sdot sdot 1199015]119872 = [0 0 sdot sdot sdot 0]

1199010 + 1199011 + sdot sdot sdot + 1199015 = 1

(2)

By solving the above equations we have

1199010 =1205832

11205832

2

119876 1199011 =

212058311205832

21205821

119876

1199012 =21205832

112058321205822

119876 1199013 =

1205832

21205822

1

119876

1199014 =21205831120583212058211205822

119876 1199015 =

1205832

11205822

2

119876

where 119876 = (12058311205832 + 12058311205822 + 12058321205821)2

(3)

From Figure 2(b) let 119875119895 (119895 = 0 1 2) represent the steadystate probability of state 119895 for the transformed duplicatesystem the following result can be obtained after somemanipulations

1198750 =1205832

119898

(120582119898 + 120583119898)2

Mathematical Problems in Engineering 5

1198751 =2120582119898120583119898

(120582119898 + 120583119898)2

1198752 =1205822

119898

(120582119898 + 120583119898)2

(4)

Substituting 120582119898 = 1205821 + 1205822 and 120583119898 = 12058211989812058311205832(12058211205832 +12058221205831) into (4) yields

1198750 =1205832

11205832

2

119876= 1199010

1198751 =212058311205832 (12058311205822 + 12058321205821)

119876= 1199011 + 1199012

1198752 =(12058311205822 + 12058321205821)

2

119876= 1199013 + 1199014 + 1199015

(5)

This completes the proof

Proposition 2 is based on the result of Proposition 1 Totransform themultiple failuremodes to a single failuremodethe MDT of any 1-out-of-j system is calculated by adding theindividualMDTs of the two failuremodes that is 1(1198951205831) and1(1198951205832) in direct proportion to each failurersquos contribution tothe failure probability of the system Thus we have

MDT1oo119895 =1205821

1205821198981198951205831

+1205822

1205821198981198951205832

=1

119895(1205821

1205821198981205831

+1205822

1205821198981205832

) =1

119895MDT1oo1

(6)

Similar procedure to derive the system MDT has alsobeen presented in Chapter 93 in [27] Let 1120583119898 = 12058211205821198981205831 +12058221205821198981205832 that is 120583119898 = 12058211989812058311205832(12058211205832+12058221205831) the novel koonsystem with a single failure mode can be derived

Proposition 2 demonstrates how to transform the koonsystem with two failure modes to that with a single failuremode It can also be generalized to the koon systemwithmul-tiple failure modes which is summarized in Proposition 3

Proposition 3 For a koon system each component has 119897failure modes with failure rates 1205821 1205822 120582119897 and the repairrates of these 119897 failure modes are 1205831 1205832 120583119897 The stateunavailability of the koon system with multiple failure modesequals the transformed koon system with a single failure modewhose failure rate and the inverse of the failure rate are 120582119898 =sum119897

119894=1120582119894 and 1120583119898 = sum

119897

119894=1120582119894120582119898120583119894 respectively Moreover the

transformed koon system has independent failure rates andrepair rates

Proof Mathematical induction is used to proveProposition 3 From Proposition 2 it can be observedthat the koon system with two failure modes is equivalent tothe transformed system with a single failure mode Assumethat the koon system with 119897 failure modes is equivalent tothe transformed system with a single failure mode withfailure rate 120582119898 = sum

119897

119894=1120582119894 and repair rate whose inverse

is 1120583119898 = sum119897

119894=1120582119894120582119898120583119894 Therefore the koon system with

119897 + 1 failure modes can be transformed to the system withtwo failure modes The failure rates of the two transformedmodes are respectively 120582119898 and 120582119897+1 and the repair rates are120583119898 and 120583119897+1 Based on Proposition 2 the two failure modes ofthe transformed system could continue to be combined andthus the failure rate and repair rate of the final transformedsystem can be written as follows

1205821015840

119898= 120582119898 + 120582119897+1 =

119897+1

sum

119894=1

120582119894

1

1205831015840119898

=120582119898

1205821015840119898120583119898

+120582119897+1

1205821015840119898120583119897+1

=

119897+1

sum

119894=1

120582119894

1205821015840119898120583119894

(7)

This completes the proof

Compared with Proposition 1 Propositions 2 and 3 addan assumption that the repair rates are independent Inother words Propositions 2 and 3 are correct on conditionthat there are 119899 repair crews for a koon system AlthoughPropositions 2 and 3 may not be strictly correct when therepair rates are not independent it provides a reasonable wayto combine the multiple modes together

33 The Rules of the Micro-Markov Models Overall fromthe above analysis of applying the Markov models to koonsystems with multiple failure modes we obtain two rules ofthe micro-Markov modes

Rule 1 For a koon system the repair rate from the state with 119895failed components to the state with (119895 minus 1) failed componentscan be represented by the inverse of theMDT of the 1-out-of-jsystem

Rule 2 For a koon system with 119897 failure modes it can betransformed to a novel systemwith a single failure modeThefailure rate and repair rate of the transformed system fit thefollowing criteria

120582119898 =

119897

sum

119894=1

120582119894

1

120583119898

=

119897

sum

119894=1

120582119894

120582119898120583119894

(8)

Note that Rule 1 is strictly correct for the repairablesystem and Rule 2 is strictly correct for the repairable systemwith multiple independent failure modes However whetherthese rules could derive satisfactory results for the systemwith nonrepairable failure modes or hybrid failure modeshas not been demonstrated we address this issue in the nextsection through a case study

4 A Case Study

41 Safety Integrity Level Verification Safety instrumentedsystems (SISs) are widely used in the process industry as

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 2: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

2 Mathematical Problems in Engineering

dynamic transitions among different system statesThereforethe MA method has been widely used in the unavailabilityanalysis of complex systems [19ndash25] However the states ofMarkov models increase explosively as the system becomesmore complex and it is fallible and time-consuming tocreateMarkovmodelsmanually Knegtering andBrombacher[19] proposed micro-Markov models for quantitative safetyassessment for SISs where the RBD of the system is firstdeveloped and redefined and then themicro-Markovmodelsare established from the redefined RBD However how toderive the failure rates and repair rates of the newly developedmicro-Markov models has not been presented in detail Guoand Yang [21] presented an automatic Markov modelingmethod to reduce the burden of computation where thestates that have identical transition rates to common statesare merged However the states with nonidentical transitionrates have not been merged

Another issue about the micro-Markov models is totransform the nonrepairable failure into the repairable failureIf the failure modes are all nonrepairable the system relia-bility can be addressed by the classical probability analysismethods for example RBD method [15] Otherwise ifthe failure modes are all repairable Markov models couldbe used However many systems include repairable andnonrepairable failure modes simultaneously which is calledhybrid failure modes in this paper Take the SIS for examplethe DU failure can be regarded as the nonrepairable failuremode which is only repaired in the proof test while the DDfailure is repairable For the hybrid failure modes using theMA method directly could result in heavy computation toderive the analytical formulas of reliability since the systemis trapped in the absorbing state of the nonrepairable failure

There are two main ways to solve this problem The firstway is regarding the repairable failure as a failure with staticfailure probability and thus the system reliability can beanalyzed by the FTA method [17] However it is complexto build the fault trees for highly redundant systems Thesecond way is transforming the nonrepairable failure as therepairable failure which is called the approachedMAmethodin [23 24] The approached MA method has already beenapplied to the low redundant system for example 1oo1system 1oo2 system and 2oo3 system [20 23ndash26] and theaccuracy is satisfied However whether the approached MAmethod could be applied to the highly redundant system andhow to derive the approached Markov models for a generalkoon system have not been presented in detail

From the above review of the related researches it canbe observed that there are two main issues remaining to besolved The first is how to merge the states for the koonsystems with multiple failure modes which is central to themicro-Markov models The second is how to transform thenonrepairable failure as the repairable failure for the generalkoon system In response to these two issues a property aboutapplying the Markov models to the repairable system with asingle failure mode is first presented Based on this propertywe present a rule for transforming the nonrepairable failureto a repairable failure for the general koon system This isthe first contribution of this paper Secondly the states of thekoon system with multiple failure modes are merged and

thus the koon system with multiple failure modes can betransformed to that with a single failure mode A propertyregarding this transformation is proposed This is the secondcontribution of this paper since the states can be mergedreasonably Then two rules are proposed for implementingthe micro-Markov models based on these two propertiesAdditionally we present a case study about the safety integrityverification of the SIS and obtain the simplified equationsFinally a conceptual comparison and a numerical exampleare presented to illustrate the application and usefulness ofthe proposed method

The remainder of this paper is organized as followsSection 2 introduces the associated acronyms notationsand assumptions Section 3 presents two properties aboutapplying the Markov models to the repairable system andproposes the mechanism regarding how to merge the statesfor a general koon system In Section 4 we apply the resultsobtained in Section 3 to a case study about the safety integrityverification for the SIS and provide a numerical exampleto illustrate the application and usefulness of the proposedmethod Section 5 concludes the paper with a discussion

2 Acronyms Notations and Assumptions

21 Acronyms

CCF common cause failureDD dangerous detected failureDU dangerous undetected failureFTA fault tree analysiskoon k-out-of-nG systemMA Markov analysisRBD reliability block diagramSIL safety integrity levelSIS safety instrumented system

22 Notations

119862119896

119899 number of combinations of size ldquokrdquo froma setwith

ldquonrdquo components119860119896

119899 number of permutations of size ldquokrdquo from a set

with ldquonrdquo componentsDC119863 dangerous diagnostic coverage coefficient119865(119905) failure probability functionMDT mean down timeMRT mean repair timeMTTR mean time to restoration119875119895 the steady state probability of state jPFD probability of dangerous failure on demandPFDavg average probability of dangerous failure ondemand119905119886 the mean time when the system failure due to theundetected failures occurs over the interval [0 1198791]

Mathematical Problems in Engineering 3

119905119889 the duration of time after system failure due to theundetected failures1198791 proof test interval120582119863 dangerous failure rate120582DD dangerous detected failure rate120582DU dangerous undetected failure rate120583DD repair rate for dangerous detected failure120583119895 the repair rate for a koon system from state j tostate 119895 minus 11205831015840

119895 the repair rate for a koon system from state j to

state 119895 minus 1 with considering the CCF120573 beta factor for DU failures120573119863 beta factor for DD failures

23 Assumptions

(i) All the 119899 components in a koon system are identicaland independent

(ii) The failure modes in one component are identicalwith those in other components (ie with the samefailure rates and repair rates)

(iii) The failuremodes in one component are independentof each other and independent of the failure modesin other components

(iv) The unrepairable failure mode can only be detectedin a proof test (1198791) and if detected it is repaired inthe time of MRT (mean repair time)

(v) The repairable failure mode can be detected andrepaired immediately If the repairable failure of acomponent is being repairing the component is notfunctioning

3 Modeling koon Systems by theMicro-Markov Models

31 A Property of Modeling koon Systems with a SingleRepairable Failure Mode In this subsection we use theMarkov models to model the koon system with a singlerepairable failure mode and derive a property of the mod-eling process The property is summarized in the followingproposition The proposition is based on the assumptionthat the failure of any component is independent of othercomponents

Proposition 1 For a koon system let 120582 and 120583 be respectivelythe failure rate and repair rate of a single component and let 120583119895be the repair rate from the state with 119895 failed components to thestate with (119895 minus 1) failed components as shown in Figure 1 (Therepair rate from the state with 119895 failed components to the statewith (119895 minus 1) failed components is affected by the dependence

of the repairs If there are 119899 repair crews existing then 120583119895 =119895120583 If only one repair crew exists then 120583119895 = 120583 To represent ageneral condition we use 120583119895 to describe the failure rate) Thenthe following holds

(1) The mean down time (MDT) of a 1oon system(MDT1oo119899) is 1120583119899

(2) For any koon system 120583119895 = 1MDT1oo119895 whereMDT1oo119895represents the MDT of a 1ooj system

Proof For a 1oon system the system fails only in state 119899 andthe MDT of the 1oon structure is 1120583119899 For a koon system asshown in Figure 1 it can be observed that when the processenters state 119895 with 119895 faults the repair team will start repairingand will bring the system to state 119895 minus 1 after a mean repairtime of 1120583119895 As the 119895 failure components are independent ofthe other 119899 minus 119895 working components the mean repair timefrom state 119895 to state 119895 minus 1 (1120583119895) is equal to the MDT of a 1oojsystem This completes the proof

The second result of Proposition 1 demonstrates therelationship between the repair rates and the MDTs of the 1-out-of-j systems This relationship provides a reasonable wayto transform the nonrepairable failure to the repairable failureor to combine the multiple failure modes to a single failuremode Based on Proposition 1 we propose novel micro-Markov models in the following subsection

32 Micro-Markov Models for koon Systems with MultipleRepairable Failure Modes As mentioned above multiplefailure modes exist widely in redundant systems Thereforeit is necessary to combine the multiple failure modes toreduce the burden of computation In the following wefirst propose micro-Markov models for koon systems withtwo repairable failure modes as illustrated in Proposition 2The assumption of Proposition 2 is that the failure andrepair of any component are independent of that of othercomponents

Proposition 2 For a koon system each component has twofailure modes with failure rates 1205821 and 1205822 and the repairrates of the two components are 1205831 and 1205832 respectively Thestate unavailability of the koon system with two failure modesequals a transformed koon system with a single failure modewhose failure rate and failure rate are 120582119898 = 1205821 + 1205822 and120583119898 = 12058211989812058311205832(12058211205832 + 12058221205831) respectively Moreover thetransformed koon system has independent failure and repairrate

Proof As the derivation of Proposition 2 changes due to thesize of the system we only give detailed derivation for aduplicate system for an illustrative purpose The derivationfor other systems for example one component system andtriplicate system is similar The Markov states transitiondiagram for a duplicate system is shown in Figure 2

From Figure 2(a) we derive the transition matrix for theoriginal duplicate system as follows

4 Mathematical Problems in Engineering

n120582 (n minus 1)120582 k120582

n minus k n minus k + 1

120583nminusk+1

1205831

1205832

0 1 2 middot middot middot

Figure 1 Markov states transition diagram for a koon system

2KO(F1)

1KO(F1)

1KO(F1)1OK

1KO(F2)1OK

2OK1KO(F2)

2KO(F2)

0

1

2

3

4

5

1205821

1205821

21205821

1205822

1205822

21205822

1205831

1205831

21205831

1205832

1205832

21205832

(a)

0 1 2

120582m2120582m

120583m

2120583m

(b)

Figure 2 Markov states transition diagram for a duplicate system ((a) Original duplicate system with two failure modes (b) transformedduplicate system with a single failure mode)

119872 =

[[[[[[[

[

minus2 (1205821 + 1205822) 21205821 21205822 0 0 0

1205831 minus1205821 minus 1205822 minus 1205831 0 1205821 1205822 0

1205832 0 minus1205821 minus 1205822 minus 1205832 0 1205821 12058220 21205831 0 minus21205831 0 0

0 1205832 1205831 0 minus1205831 minus 1205832 0

0 0 21205832 0 0 minus21205832

]]]]]]]

]

(1)

Let119901119895 (119895 = 0 1 2 5) represent the steady state probabilityof state 119895 for the original duplicate system then we have

[1199010 1199011 sdot sdot sdot 1199015]119872 = [0 0 sdot sdot sdot 0]

1199010 + 1199011 + sdot sdot sdot + 1199015 = 1

(2)

By solving the above equations we have

1199010 =1205832

11205832

2

119876 1199011 =

212058311205832

21205821

119876

1199012 =21205832

112058321205822

119876 1199013 =

1205832

21205822

1

119876

1199014 =21205831120583212058211205822

119876 1199015 =

1205832

11205822

2

119876

where 119876 = (12058311205832 + 12058311205822 + 12058321205821)2

(3)

From Figure 2(b) let 119875119895 (119895 = 0 1 2) represent the steadystate probability of state 119895 for the transformed duplicatesystem the following result can be obtained after somemanipulations

1198750 =1205832

119898

(120582119898 + 120583119898)2

Mathematical Problems in Engineering 5

1198751 =2120582119898120583119898

(120582119898 + 120583119898)2

1198752 =1205822

119898

(120582119898 + 120583119898)2

(4)

Substituting 120582119898 = 1205821 + 1205822 and 120583119898 = 12058211989812058311205832(12058211205832 +12058221205831) into (4) yields

1198750 =1205832

11205832

2

119876= 1199010

1198751 =212058311205832 (12058311205822 + 12058321205821)

119876= 1199011 + 1199012

1198752 =(12058311205822 + 12058321205821)

2

119876= 1199013 + 1199014 + 1199015

(5)

This completes the proof

Proposition 2 is based on the result of Proposition 1 Totransform themultiple failuremodes to a single failuremodethe MDT of any 1-out-of-j system is calculated by adding theindividualMDTs of the two failuremodes that is 1(1198951205831) and1(1198951205832) in direct proportion to each failurersquos contribution tothe failure probability of the system Thus we have

MDT1oo119895 =1205821

1205821198981198951205831

+1205822

1205821198981198951205832

=1

119895(1205821

1205821198981205831

+1205822

1205821198981205832

) =1

119895MDT1oo1

(6)

Similar procedure to derive the system MDT has alsobeen presented in Chapter 93 in [27] Let 1120583119898 = 12058211205821198981205831 +12058221205821198981205832 that is 120583119898 = 12058211989812058311205832(12058211205832+12058221205831) the novel koonsystem with a single failure mode can be derived

Proposition 2 demonstrates how to transform the koonsystem with two failure modes to that with a single failuremode It can also be generalized to the koon systemwithmul-tiple failure modes which is summarized in Proposition 3

Proposition 3 For a koon system each component has 119897failure modes with failure rates 1205821 1205822 120582119897 and the repairrates of these 119897 failure modes are 1205831 1205832 120583119897 The stateunavailability of the koon system with multiple failure modesequals the transformed koon system with a single failure modewhose failure rate and the inverse of the failure rate are 120582119898 =sum119897

119894=1120582119894 and 1120583119898 = sum

119897

119894=1120582119894120582119898120583119894 respectively Moreover the

transformed koon system has independent failure rates andrepair rates

Proof Mathematical induction is used to proveProposition 3 From Proposition 2 it can be observedthat the koon system with two failure modes is equivalent tothe transformed system with a single failure mode Assumethat the koon system with 119897 failure modes is equivalent tothe transformed system with a single failure mode withfailure rate 120582119898 = sum

119897

119894=1120582119894 and repair rate whose inverse

is 1120583119898 = sum119897

119894=1120582119894120582119898120583119894 Therefore the koon system with

119897 + 1 failure modes can be transformed to the system withtwo failure modes The failure rates of the two transformedmodes are respectively 120582119898 and 120582119897+1 and the repair rates are120583119898 and 120583119897+1 Based on Proposition 2 the two failure modes ofthe transformed system could continue to be combined andthus the failure rate and repair rate of the final transformedsystem can be written as follows

1205821015840

119898= 120582119898 + 120582119897+1 =

119897+1

sum

119894=1

120582119894

1

1205831015840119898

=120582119898

1205821015840119898120583119898

+120582119897+1

1205821015840119898120583119897+1

=

119897+1

sum

119894=1

120582119894

1205821015840119898120583119894

(7)

This completes the proof

Compared with Proposition 1 Propositions 2 and 3 addan assumption that the repair rates are independent Inother words Propositions 2 and 3 are correct on conditionthat there are 119899 repair crews for a koon system AlthoughPropositions 2 and 3 may not be strictly correct when therepair rates are not independent it provides a reasonable wayto combine the multiple modes together

33 The Rules of the Micro-Markov Models Overall fromthe above analysis of applying the Markov models to koonsystems with multiple failure modes we obtain two rules ofthe micro-Markov modes

Rule 1 For a koon system the repair rate from the state with 119895failed components to the state with (119895 minus 1) failed componentscan be represented by the inverse of theMDT of the 1-out-of-jsystem

Rule 2 For a koon system with 119897 failure modes it can betransformed to a novel systemwith a single failure modeThefailure rate and repair rate of the transformed system fit thefollowing criteria

120582119898 =

119897

sum

119894=1

120582119894

1

120583119898

=

119897

sum

119894=1

120582119894

120582119898120583119894

(8)

Note that Rule 1 is strictly correct for the repairablesystem and Rule 2 is strictly correct for the repairable systemwith multiple independent failure modes However whetherthese rules could derive satisfactory results for the systemwith nonrepairable failure modes or hybrid failure modeshas not been demonstrated we address this issue in the nextsection through a case study

4 A Case Study

41 Safety Integrity Level Verification Safety instrumentedsystems (SISs) are widely used in the process industry as

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 3: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Mathematical Problems in Engineering 3

119905119889 the duration of time after system failure due to theundetected failures1198791 proof test interval120582119863 dangerous failure rate120582DD dangerous detected failure rate120582DU dangerous undetected failure rate120583DD repair rate for dangerous detected failure120583119895 the repair rate for a koon system from state j tostate 119895 minus 11205831015840

119895 the repair rate for a koon system from state j to

state 119895 minus 1 with considering the CCF120573 beta factor for DU failures120573119863 beta factor for DD failures

23 Assumptions

(i) All the 119899 components in a koon system are identicaland independent

(ii) The failure modes in one component are identicalwith those in other components (ie with the samefailure rates and repair rates)

(iii) The failuremodes in one component are independentof each other and independent of the failure modesin other components

(iv) The unrepairable failure mode can only be detectedin a proof test (1198791) and if detected it is repaired inthe time of MRT (mean repair time)

(v) The repairable failure mode can be detected andrepaired immediately If the repairable failure of acomponent is being repairing the component is notfunctioning

3 Modeling koon Systems by theMicro-Markov Models

31 A Property of Modeling koon Systems with a SingleRepairable Failure Mode In this subsection we use theMarkov models to model the koon system with a singlerepairable failure mode and derive a property of the mod-eling process The property is summarized in the followingproposition The proposition is based on the assumptionthat the failure of any component is independent of othercomponents

Proposition 1 For a koon system let 120582 and 120583 be respectivelythe failure rate and repair rate of a single component and let 120583119895be the repair rate from the state with 119895 failed components to thestate with (119895 minus 1) failed components as shown in Figure 1 (Therepair rate from the state with 119895 failed components to the statewith (119895 minus 1) failed components is affected by the dependence

of the repairs If there are 119899 repair crews existing then 120583119895 =119895120583 If only one repair crew exists then 120583119895 = 120583 To represent ageneral condition we use 120583119895 to describe the failure rate) Thenthe following holds

(1) The mean down time (MDT) of a 1oon system(MDT1oo119899) is 1120583119899

(2) For any koon system 120583119895 = 1MDT1oo119895 whereMDT1oo119895represents the MDT of a 1ooj system

Proof For a 1oon system the system fails only in state 119899 andthe MDT of the 1oon structure is 1120583119899 For a koon system asshown in Figure 1 it can be observed that when the processenters state 119895 with 119895 faults the repair team will start repairingand will bring the system to state 119895 minus 1 after a mean repairtime of 1120583119895 As the 119895 failure components are independent ofthe other 119899 minus 119895 working components the mean repair timefrom state 119895 to state 119895 minus 1 (1120583119895) is equal to the MDT of a 1oojsystem This completes the proof

The second result of Proposition 1 demonstrates therelationship between the repair rates and the MDTs of the 1-out-of-j systems This relationship provides a reasonable wayto transform the nonrepairable failure to the repairable failureor to combine the multiple failure modes to a single failuremode Based on Proposition 1 we propose novel micro-Markov models in the following subsection

32 Micro-Markov Models for koon Systems with MultipleRepairable Failure Modes As mentioned above multiplefailure modes exist widely in redundant systems Thereforeit is necessary to combine the multiple failure modes toreduce the burden of computation In the following wefirst propose micro-Markov models for koon systems withtwo repairable failure modes as illustrated in Proposition 2The assumption of Proposition 2 is that the failure andrepair of any component are independent of that of othercomponents

Proposition 2 For a koon system each component has twofailure modes with failure rates 1205821 and 1205822 and the repairrates of the two components are 1205831 and 1205832 respectively Thestate unavailability of the koon system with two failure modesequals a transformed koon system with a single failure modewhose failure rate and failure rate are 120582119898 = 1205821 + 1205822 and120583119898 = 12058211989812058311205832(12058211205832 + 12058221205831) respectively Moreover thetransformed koon system has independent failure and repairrate

Proof As the derivation of Proposition 2 changes due to thesize of the system we only give detailed derivation for aduplicate system for an illustrative purpose The derivationfor other systems for example one component system andtriplicate system is similar The Markov states transitiondiagram for a duplicate system is shown in Figure 2

From Figure 2(a) we derive the transition matrix for theoriginal duplicate system as follows

4 Mathematical Problems in Engineering

n120582 (n minus 1)120582 k120582

n minus k n minus k + 1

120583nminusk+1

1205831

1205832

0 1 2 middot middot middot

Figure 1 Markov states transition diagram for a koon system

2KO(F1)

1KO(F1)

1KO(F1)1OK

1KO(F2)1OK

2OK1KO(F2)

2KO(F2)

0

1

2

3

4

5

1205821

1205821

21205821

1205822

1205822

21205822

1205831

1205831

21205831

1205832

1205832

21205832

(a)

0 1 2

120582m2120582m

120583m

2120583m

(b)

Figure 2 Markov states transition diagram for a duplicate system ((a) Original duplicate system with two failure modes (b) transformedduplicate system with a single failure mode)

119872 =

[[[[[[[

[

minus2 (1205821 + 1205822) 21205821 21205822 0 0 0

1205831 minus1205821 minus 1205822 minus 1205831 0 1205821 1205822 0

1205832 0 minus1205821 minus 1205822 minus 1205832 0 1205821 12058220 21205831 0 minus21205831 0 0

0 1205832 1205831 0 minus1205831 minus 1205832 0

0 0 21205832 0 0 minus21205832

]]]]]]]

]

(1)

Let119901119895 (119895 = 0 1 2 5) represent the steady state probabilityof state 119895 for the original duplicate system then we have

[1199010 1199011 sdot sdot sdot 1199015]119872 = [0 0 sdot sdot sdot 0]

1199010 + 1199011 + sdot sdot sdot + 1199015 = 1

(2)

By solving the above equations we have

1199010 =1205832

11205832

2

119876 1199011 =

212058311205832

21205821

119876

1199012 =21205832

112058321205822

119876 1199013 =

1205832

21205822

1

119876

1199014 =21205831120583212058211205822

119876 1199015 =

1205832

11205822

2

119876

where 119876 = (12058311205832 + 12058311205822 + 12058321205821)2

(3)

From Figure 2(b) let 119875119895 (119895 = 0 1 2) represent the steadystate probability of state 119895 for the transformed duplicatesystem the following result can be obtained after somemanipulations

1198750 =1205832

119898

(120582119898 + 120583119898)2

Mathematical Problems in Engineering 5

1198751 =2120582119898120583119898

(120582119898 + 120583119898)2

1198752 =1205822

119898

(120582119898 + 120583119898)2

(4)

Substituting 120582119898 = 1205821 + 1205822 and 120583119898 = 12058211989812058311205832(12058211205832 +12058221205831) into (4) yields

1198750 =1205832

11205832

2

119876= 1199010

1198751 =212058311205832 (12058311205822 + 12058321205821)

119876= 1199011 + 1199012

1198752 =(12058311205822 + 12058321205821)

2

119876= 1199013 + 1199014 + 1199015

(5)

This completes the proof

Proposition 2 is based on the result of Proposition 1 Totransform themultiple failuremodes to a single failuremodethe MDT of any 1-out-of-j system is calculated by adding theindividualMDTs of the two failuremodes that is 1(1198951205831) and1(1198951205832) in direct proportion to each failurersquos contribution tothe failure probability of the system Thus we have

MDT1oo119895 =1205821

1205821198981198951205831

+1205822

1205821198981198951205832

=1

119895(1205821

1205821198981205831

+1205822

1205821198981205832

) =1

119895MDT1oo1

(6)

Similar procedure to derive the system MDT has alsobeen presented in Chapter 93 in [27] Let 1120583119898 = 12058211205821198981205831 +12058221205821198981205832 that is 120583119898 = 12058211989812058311205832(12058211205832+12058221205831) the novel koonsystem with a single failure mode can be derived

Proposition 2 demonstrates how to transform the koonsystem with two failure modes to that with a single failuremode It can also be generalized to the koon systemwithmul-tiple failure modes which is summarized in Proposition 3

Proposition 3 For a koon system each component has 119897failure modes with failure rates 1205821 1205822 120582119897 and the repairrates of these 119897 failure modes are 1205831 1205832 120583119897 The stateunavailability of the koon system with multiple failure modesequals the transformed koon system with a single failure modewhose failure rate and the inverse of the failure rate are 120582119898 =sum119897

119894=1120582119894 and 1120583119898 = sum

119897

119894=1120582119894120582119898120583119894 respectively Moreover the

transformed koon system has independent failure rates andrepair rates

Proof Mathematical induction is used to proveProposition 3 From Proposition 2 it can be observedthat the koon system with two failure modes is equivalent tothe transformed system with a single failure mode Assumethat the koon system with 119897 failure modes is equivalent tothe transformed system with a single failure mode withfailure rate 120582119898 = sum

119897

119894=1120582119894 and repair rate whose inverse

is 1120583119898 = sum119897

119894=1120582119894120582119898120583119894 Therefore the koon system with

119897 + 1 failure modes can be transformed to the system withtwo failure modes The failure rates of the two transformedmodes are respectively 120582119898 and 120582119897+1 and the repair rates are120583119898 and 120583119897+1 Based on Proposition 2 the two failure modes ofthe transformed system could continue to be combined andthus the failure rate and repair rate of the final transformedsystem can be written as follows

1205821015840

119898= 120582119898 + 120582119897+1 =

119897+1

sum

119894=1

120582119894

1

1205831015840119898

=120582119898

1205821015840119898120583119898

+120582119897+1

1205821015840119898120583119897+1

=

119897+1

sum

119894=1

120582119894

1205821015840119898120583119894

(7)

This completes the proof

Compared with Proposition 1 Propositions 2 and 3 addan assumption that the repair rates are independent Inother words Propositions 2 and 3 are correct on conditionthat there are 119899 repair crews for a koon system AlthoughPropositions 2 and 3 may not be strictly correct when therepair rates are not independent it provides a reasonable wayto combine the multiple modes together

33 The Rules of the Micro-Markov Models Overall fromthe above analysis of applying the Markov models to koonsystems with multiple failure modes we obtain two rules ofthe micro-Markov modes

Rule 1 For a koon system the repair rate from the state with 119895failed components to the state with (119895 minus 1) failed componentscan be represented by the inverse of theMDT of the 1-out-of-jsystem

Rule 2 For a koon system with 119897 failure modes it can betransformed to a novel systemwith a single failure modeThefailure rate and repair rate of the transformed system fit thefollowing criteria

120582119898 =

119897

sum

119894=1

120582119894

1

120583119898

=

119897

sum

119894=1

120582119894

120582119898120583119894

(8)

Note that Rule 1 is strictly correct for the repairablesystem and Rule 2 is strictly correct for the repairable systemwith multiple independent failure modes However whetherthese rules could derive satisfactory results for the systemwith nonrepairable failure modes or hybrid failure modeshas not been demonstrated we address this issue in the nextsection through a case study

4 A Case Study

41 Safety Integrity Level Verification Safety instrumentedsystems (SISs) are widely used in the process industry as

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 4: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

4 Mathematical Problems in Engineering

n120582 (n minus 1)120582 k120582

n minus k n minus k + 1

120583nminusk+1

1205831

1205832

0 1 2 middot middot middot

Figure 1 Markov states transition diagram for a koon system

2KO(F1)

1KO(F1)

1KO(F1)1OK

1KO(F2)1OK

2OK1KO(F2)

2KO(F2)

0

1

2

3

4

5

1205821

1205821

21205821

1205822

1205822

21205822

1205831

1205831

21205831

1205832

1205832

21205832

(a)

0 1 2

120582m2120582m

120583m

2120583m

(b)

Figure 2 Markov states transition diagram for a duplicate system ((a) Original duplicate system with two failure modes (b) transformedduplicate system with a single failure mode)

119872 =

[[[[[[[

[

minus2 (1205821 + 1205822) 21205821 21205822 0 0 0

1205831 minus1205821 minus 1205822 minus 1205831 0 1205821 1205822 0

1205832 0 minus1205821 minus 1205822 minus 1205832 0 1205821 12058220 21205831 0 minus21205831 0 0

0 1205832 1205831 0 minus1205831 minus 1205832 0

0 0 21205832 0 0 minus21205832

]]]]]]]

]

(1)

Let119901119895 (119895 = 0 1 2 5) represent the steady state probabilityof state 119895 for the original duplicate system then we have

[1199010 1199011 sdot sdot sdot 1199015]119872 = [0 0 sdot sdot sdot 0]

1199010 + 1199011 + sdot sdot sdot + 1199015 = 1

(2)

By solving the above equations we have

1199010 =1205832

11205832

2

119876 1199011 =

212058311205832

21205821

119876

1199012 =21205832

112058321205822

119876 1199013 =

1205832

21205822

1

119876

1199014 =21205831120583212058211205822

119876 1199015 =

1205832

11205822

2

119876

where 119876 = (12058311205832 + 12058311205822 + 12058321205821)2

(3)

From Figure 2(b) let 119875119895 (119895 = 0 1 2) represent the steadystate probability of state 119895 for the transformed duplicatesystem the following result can be obtained after somemanipulations

1198750 =1205832

119898

(120582119898 + 120583119898)2

Mathematical Problems in Engineering 5

1198751 =2120582119898120583119898

(120582119898 + 120583119898)2

1198752 =1205822

119898

(120582119898 + 120583119898)2

(4)

Substituting 120582119898 = 1205821 + 1205822 and 120583119898 = 12058211989812058311205832(12058211205832 +12058221205831) into (4) yields

1198750 =1205832

11205832

2

119876= 1199010

1198751 =212058311205832 (12058311205822 + 12058321205821)

119876= 1199011 + 1199012

1198752 =(12058311205822 + 12058321205821)

2

119876= 1199013 + 1199014 + 1199015

(5)

This completes the proof

Proposition 2 is based on the result of Proposition 1 Totransform themultiple failuremodes to a single failuremodethe MDT of any 1-out-of-j system is calculated by adding theindividualMDTs of the two failuremodes that is 1(1198951205831) and1(1198951205832) in direct proportion to each failurersquos contribution tothe failure probability of the system Thus we have

MDT1oo119895 =1205821

1205821198981198951205831

+1205822

1205821198981198951205832

=1

119895(1205821

1205821198981205831

+1205822

1205821198981205832

) =1

119895MDT1oo1

(6)

Similar procedure to derive the system MDT has alsobeen presented in Chapter 93 in [27] Let 1120583119898 = 12058211205821198981205831 +12058221205821198981205832 that is 120583119898 = 12058211989812058311205832(12058211205832+12058221205831) the novel koonsystem with a single failure mode can be derived

Proposition 2 demonstrates how to transform the koonsystem with two failure modes to that with a single failuremode It can also be generalized to the koon systemwithmul-tiple failure modes which is summarized in Proposition 3

Proposition 3 For a koon system each component has 119897failure modes with failure rates 1205821 1205822 120582119897 and the repairrates of these 119897 failure modes are 1205831 1205832 120583119897 The stateunavailability of the koon system with multiple failure modesequals the transformed koon system with a single failure modewhose failure rate and the inverse of the failure rate are 120582119898 =sum119897

119894=1120582119894 and 1120583119898 = sum

119897

119894=1120582119894120582119898120583119894 respectively Moreover the

transformed koon system has independent failure rates andrepair rates

Proof Mathematical induction is used to proveProposition 3 From Proposition 2 it can be observedthat the koon system with two failure modes is equivalent tothe transformed system with a single failure mode Assumethat the koon system with 119897 failure modes is equivalent tothe transformed system with a single failure mode withfailure rate 120582119898 = sum

119897

119894=1120582119894 and repair rate whose inverse

is 1120583119898 = sum119897

119894=1120582119894120582119898120583119894 Therefore the koon system with

119897 + 1 failure modes can be transformed to the system withtwo failure modes The failure rates of the two transformedmodes are respectively 120582119898 and 120582119897+1 and the repair rates are120583119898 and 120583119897+1 Based on Proposition 2 the two failure modes ofthe transformed system could continue to be combined andthus the failure rate and repair rate of the final transformedsystem can be written as follows

1205821015840

119898= 120582119898 + 120582119897+1 =

119897+1

sum

119894=1

120582119894

1

1205831015840119898

=120582119898

1205821015840119898120583119898

+120582119897+1

1205821015840119898120583119897+1

=

119897+1

sum

119894=1

120582119894

1205821015840119898120583119894

(7)

This completes the proof

Compared with Proposition 1 Propositions 2 and 3 addan assumption that the repair rates are independent Inother words Propositions 2 and 3 are correct on conditionthat there are 119899 repair crews for a koon system AlthoughPropositions 2 and 3 may not be strictly correct when therepair rates are not independent it provides a reasonable wayto combine the multiple modes together

33 The Rules of the Micro-Markov Models Overall fromthe above analysis of applying the Markov models to koonsystems with multiple failure modes we obtain two rules ofthe micro-Markov modes

Rule 1 For a koon system the repair rate from the state with 119895failed components to the state with (119895 minus 1) failed componentscan be represented by the inverse of theMDT of the 1-out-of-jsystem

Rule 2 For a koon system with 119897 failure modes it can betransformed to a novel systemwith a single failure modeThefailure rate and repair rate of the transformed system fit thefollowing criteria

120582119898 =

119897

sum

119894=1

120582119894

1

120583119898

=

119897

sum

119894=1

120582119894

120582119898120583119894

(8)

Note that Rule 1 is strictly correct for the repairablesystem and Rule 2 is strictly correct for the repairable systemwith multiple independent failure modes However whetherthese rules could derive satisfactory results for the systemwith nonrepairable failure modes or hybrid failure modeshas not been demonstrated we address this issue in the nextsection through a case study

4 A Case Study

41 Safety Integrity Level Verification Safety instrumentedsystems (SISs) are widely used in the process industry as

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 5: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Mathematical Problems in Engineering 5

1198751 =2120582119898120583119898

(120582119898 + 120583119898)2

1198752 =1205822

119898

(120582119898 + 120583119898)2

(4)

Substituting 120582119898 = 1205821 + 1205822 and 120583119898 = 12058211989812058311205832(12058211205832 +12058221205831) into (4) yields

1198750 =1205832

11205832

2

119876= 1199010

1198751 =212058311205832 (12058311205822 + 12058321205821)

119876= 1199011 + 1199012

1198752 =(12058311205822 + 12058321205821)

2

119876= 1199013 + 1199014 + 1199015

(5)

This completes the proof

Proposition 2 is based on the result of Proposition 1 Totransform themultiple failuremodes to a single failuremodethe MDT of any 1-out-of-j system is calculated by adding theindividualMDTs of the two failuremodes that is 1(1198951205831) and1(1198951205832) in direct proportion to each failurersquos contribution tothe failure probability of the system Thus we have

MDT1oo119895 =1205821

1205821198981198951205831

+1205822

1205821198981198951205832

=1

119895(1205821

1205821198981205831

+1205822

1205821198981205832

) =1

119895MDT1oo1

(6)

Similar procedure to derive the system MDT has alsobeen presented in Chapter 93 in [27] Let 1120583119898 = 12058211205821198981205831 +12058221205821198981205832 that is 120583119898 = 12058211989812058311205832(12058211205832+12058221205831) the novel koonsystem with a single failure mode can be derived

Proposition 2 demonstrates how to transform the koonsystem with two failure modes to that with a single failuremode It can also be generalized to the koon systemwithmul-tiple failure modes which is summarized in Proposition 3

Proposition 3 For a koon system each component has 119897failure modes with failure rates 1205821 1205822 120582119897 and the repairrates of these 119897 failure modes are 1205831 1205832 120583119897 The stateunavailability of the koon system with multiple failure modesequals the transformed koon system with a single failure modewhose failure rate and the inverse of the failure rate are 120582119898 =sum119897

119894=1120582119894 and 1120583119898 = sum

119897

119894=1120582119894120582119898120583119894 respectively Moreover the

transformed koon system has independent failure rates andrepair rates

Proof Mathematical induction is used to proveProposition 3 From Proposition 2 it can be observedthat the koon system with two failure modes is equivalent tothe transformed system with a single failure mode Assumethat the koon system with 119897 failure modes is equivalent tothe transformed system with a single failure mode withfailure rate 120582119898 = sum

119897

119894=1120582119894 and repair rate whose inverse

is 1120583119898 = sum119897

119894=1120582119894120582119898120583119894 Therefore the koon system with

119897 + 1 failure modes can be transformed to the system withtwo failure modes The failure rates of the two transformedmodes are respectively 120582119898 and 120582119897+1 and the repair rates are120583119898 and 120583119897+1 Based on Proposition 2 the two failure modes ofthe transformed system could continue to be combined andthus the failure rate and repair rate of the final transformedsystem can be written as follows

1205821015840

119898= 120582119898 + 120582119897+1 =

119897+1

sum

119894=1

120582119894

1

1205831015840119898

=120582119898

1205821015840119898120583119898

+120582119897+1

1205821015840119898120583119897+1

=

119897+1

sum

119894=1

120582119894

1205821015840119898120583119894

(7)

This completes the proof

Compared with Proposition 1 Propositions 2 and 3 addan assumption that the repair rates are independent Inother words Propositions 2 and 3 are correct on conditionthat there are 119899 repair crews for a koon system AlthoughPropositions 2 and 3 may not be strictly correct when therepair rates are not independent it provides a reasonable wayto combine the multiple modes together

33 The Rules of the Micro-Markov Models Overall fromthe above analysis of applying the Markov models to koonsystems with multiple failure modes we obtain two rules ofthe micro-Markov modes

Rule 1 For a koon system the repair rate from the state with 119895failed components to the state with (119895 minus 1) failed componentscan be represented by the inverse of theMDT of the 1-out-of-jsystem

Rule 2 For a koon system with 119897 failure modes it can betransformed to a novel systemwith a single failure modeThefailure rate and repair rate of the transformed system fit thefollowing criteria

120582119898 =

119897

sum

119894=1

120582119894

1

120583119898

=

119897

sum

119894=1

120582119894

120582119898120583119894

(8)

Note that Rule 1 is strictly correct for the repairablesystem and Rule 2 is strictly correct for the repairable systemwith multiple independent failure modes However whetherthese rules could derive satisfactory results for the systemwith nonrepairable failure modes or hybrid failure modeshas not been demonstrated we address this issue in the nextsection through a case study

4 A Case Study

41 Safety Integrity Level Verification Safety instrumentedsystems (SISs) are widely used in the process industry as

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 6: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

6 Mathematical Problems in Engineering

an important protection layer to prevent hazardous eventsor mitigate their consequences Safety integrity level (SIL) isproposed to measure how well a SIS performs its intendedfunction by the safety standards IEC 61508 and IEC 61511[9 10] And SIL verification is to verify that whether the relia-bility of the SIS meets the required level For the low demandmode of SIS operation the SIL of a SIS is defined in terms ofthe average probability of failure on demand (PFDavg) whichcould be represented by the static unavailability of the systemThe relation between the SIL and the PFDavg is shown inTable 1

The PFDavg evaluation is concerned with the voting logicof the redundant systems failure rates diagnostic coverageproof test interval common cause failure (CCF) and someother factors [3] Since the SIL verification is provided as acase study to validate the results of themicro-Markovmodelswe mainly consider the dangerous failure and its repair timeThe dangerous failure with failure rate 120582119863 means the failureto perform the protective function when required Due to theself-diagnostic function of SIS the dangerous failure can bedivided into DU failure and DD failure with the failure ratesof 120582DD and 120582DU respectively Consider

120582119863 = 120582DU + 120582DD (9)

Additionally diagnostic coverage of dangerous failure(DC119863) expressed as a percentage is represented by the ratioof DD failure to the total dangerous failure

As discussed previously the repair mechanisms of theDU failure and DD failure are different thus it is difficult toderive the analytical PFDavg by usingMarkovmodels directlyTherefore the simplification equations of PFDavg have beenpresented for example the typical simplified equations byIEC 61508 However since IEC 61508 does not give detailedexplanations of PFDavg calculations which are difficult tounderstand for common safety engineers Even in the IEC61508 committee the issues how to calculate PFDavg andwhich models should be used are controversial [4]

In order to give detailed explanations to the simplifiedequations by IEC 61508 Zhang et al [20] redefined theequivalent MDT of the undetected failure and derived theequivalent MDTs of 1oo1 and 1oo2 architectures Then thePFD value of a few typical architectures was calculated bytheMAmethod Guo and Yang [16] calculated the equivalentMDT by using the ratio of steady failure probability to thesteady failure frequency and evaluated the PFD value forthe most used architectures by the RBD method Howeverthese obtained results are different from the equations givenby the IEC 61508 standard [9] which may confuse thesafety engineers Innal [23] explained the analytical formulaspresented in the IEC 61508 by the approachedMarkovmodelThis paper attempts to solve this problem by the two rulesof the micro-Markov models proposed in Section 2 The keyissue of the micro-Markov models is to derive the repair rateof the states which is handled in the next subsection

42 EquivalentMDT FromRule 1 it can be observed that therepair rate is determined by the MDT of the 1oon system Asthe DD failure is repairable we first calculate the MDT of the

Table 1 SIL for the low demand mode of operation

SIL PFDavg

4 ge10minus5 to lt10minus4

3 ge10minus4 to lt10minus3

2 ge10minus3 to lt10minus2

1 ge10minus2 to lt10minus1

DU failure which is called equivalent MDT time for the SISsIt is assumed that the DU failure is only detected in the prooftest with the interval of 1198791 The MDT is generated from thetime of the DU failure to the proof test and the repair timeas shown in Figure 3 In the figure t is the time when the DUfailure occurs MRT is the mean repair time if the DU failureis detected in the proof test ta is the mean time when systemfailure due to the DU failures occurs over the interval [0 1198791]and 119905119889 is the duration of the down time

Zhang et al [20] gave a clear definition of the equivalentMDT for the DU failure and provided the result of the equiv-alentMDT for the 1oo1 system and 1oo2 systemHowever it isnot applicable to the case when the system size changesThuswe attempt to calculate the equivalent MDT for a common 1-out-of-n system

For a 1oon system the cumulative distribution functionfor the DU failure is

119865 (119905) = (1 minus 119890minus120582DU119905)

119899

(10)

Hence the mean time when system failure due to the DUfailures occurs over the interval [01198791] (ta) can be formulatedas

119905119886 =int1198791

01199051198651015840(119905) 119889119905

int1198791

01198651015840 (119905) 119889119905

=1198791119865 (1198791) minus int

1198791

0119865 (119905) 119889119905

119865 (1198791)

= 1198791 minusint1198791

0(1 minus 119890

minus120582DU119905)119899

119889119905

(1 minus 119890minus120582DU1198791)119899

(11)

Set u = 120582DU119905 and x = 120582DU1198791 then we get

119905119886 = 1198791 minus 1198791

int119909

0(1 minus 119890

minus119906)119899119889119906

119909(1 minus 119890minus119909)119899 = 1198791 minus 1198791

int119909

0(119906119899+ o (119906119899)) 119889119906

119909 (119909119899 + o (119909119899))

= 1198791 minus 1198791

(1 (119899 + 1)) 119909119899+1+ o (119909119899+1)

119909119899+1 + o (119909119899+1)

(12)

Since x = 120582DU1198791 ≪ 1 ta can be approximately calculatedas

119905119886 asymp119899

119899 + 11198791 (13)

From (13) it can be observed that the approximate valueof ta is independent of 120582DU

Referring to Figure 3 the approximation of the equivalentMDT of DU failures for a 1-out-of-n system is

MDTDU1oo119899 = 1198791 minus 119905119886 +MRT asymp 1

119899 + 11198791 +MRT (14)

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 7: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Mathematical Problems in Engineering 7

0

t td

taT1

MRT

Figure 3 Failure process of the DU failure

The DD failure is detected by the self-diagnostic functionof SISs and can be repaired immediately in the time ofMTTRwhich denotes the mean time to restoration for the DDfailure It is assumed that the failure and repair rate of the DDfailure are independent Thus from Proposition 1 the MDTof DD failures for the 1-out-of-n system can be formulated as

MDTDD1oo119899 =

MTTR119899 (15)

Based on Rule 2 the equivalent MDT of the combinedtwo failure modes for the 1-out-of-n system (MDT1oo119899) canbe calculated based on the law of total probability It is

composed of the MDT of the DU failure with a conditionalprobability 120582DU120582119863 and the MDT of the DD failure with aconditional probability 120582DD120582119863 Then we have

MDT1oo119899 =120582DU120582119863

MDTDU1oo119899 +

120582DD120582119863

MDTDD1oo119899

=120582DU120582119863

(1

119899 + 11198791 +MRT) + 120582DD

120582119863

MTTR119899

(16)

After determining the component equivalent MDT forthe 1-out-of-n system the repair rate can be representedby the inverse of the equivalent MDT Then the PFDavg ofthe koon system can be analyzed as illustrated in the nextsubsection

43 PFD119886119907119892 Calculation by Micro-Markov Models For thekoon system the system fails when at least 119899 minus 119896 + 1components fail The micro-Markov state transition diagramcould be represented by Figure 1 Let 119875119895 (119895 = 0 1 2 119899)represent the steady state probability fromFigure 1 we derivethe transition matrix as follows

119872 =

[[[[[

[

minus119899120582119863 119899120582119863 0

1205831 minus1205831 minus (119899 minus 1) 120582119863 (119899 minus 1) 120582119863d d d

120583119899minus119896 minus120583119899minus119896 minus 119896120582119863 1198961205821198630 120583119899minus119896+1 minus120583119899minus119896+1

]]]]]

]

(17)

where 120583119895 is inverse of MDT1oo119895Let 119875119895 (119895 = 0 1 2 119899) represent the steady state

probability of state 119895 then we have

[1198750 1198751 sdot sdot sdot 119875119899minus119896+1]119872 = [0 0 sdot sdot sdot 0]

1198750 + 1198751 + sdot sdot sdot + 119875119899minus119896+1 = 1

(18)

By solving the above equations we have

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

119875119899 for 119895 lt 119899 minus 119896 + 1

(19)

Then the PFDkoon can be written as

PFD119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

119863

)

minus1

(20)

44 PFD119886119907119892 Calculation with Considering the CCF Commoncause failure (CCF) is a phenomenon which mitigates theeffects of redundancy and thus it often plays a dominatingrole for the unavailability of a koon system CCF is adependent failure when two or more redundant componentsfail simultaneously or within a short time interval due toa shared cause There are several models for quantificationof CCF in SISs such as 120573-factor model [9] multiple betafactor (MBF) [28 29] model and the PDS model [30]The 120573-factor model as suggested by IEC 61508 is themost popular CCF model due to its simplicity The 120573-factorrepresents the fraction of the total failure rate that can causeall channels to fail Therefore the existence of CCF splitsthe DD failure and DU failure into independent failure partsand CCF parts which can be respectively expressed asfollows

120582DU = (1 minus 120573) 120582DU + 120573120582DU

120582DD = (1 minus 120573119863) 120582DD + 120573119863120582DD

(21)

If the 120573-factor model is used to model CCF the CCF partcan be regarded as an independent part with the independentfailures in the reliability block diagram of the koon systemand thus the CCF can be included as an add-on to the system

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 8: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

8 Mathematical Problems in Engineering

unavailability Then the PFDkoon with CCF can be calculatedas

PFDCCF119896oo119899

asymp 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)1205831015840

119895+11205831015840

119895+2sdot sdot sdot 1205831015840

119899minus119896+1

(119899 minus 119895)1205821015840119863

119899minus119896+1minus119895)

minus1

+ 120573120582DU (1198791

2+MRT) + 120573119863120582DDMTTR

(22)

where 1205821015840119863

= (1 minus 120573)120582DU + (1 minus 120573119863)120582DD and11205831015840

119895= ((1 minus 120573)120582DU120582

1015840

119863)((1(119895 + 1))1198791 + MRT) + ((1 minus

120573119863)120582DD1205821015840

119863)(MTTR119895) The derived equations of PFDkoon

in (20) and (22) can also be regarded as simplified equationsfor the SIL verification

45 Conceptual Comparison From the above derivation ofthe PFDkoon it can be observed that there are two main stepsof transforming the DU failure and DD failure into a singlefailure mode The first is transforming the DU failure as arepairable failure The second is combining the two failuremodes to a single failure mode In order to compare theresults of the micro-Markov models with the actual resultswe present a conceptual comparison in this subsection Asthe unavailability equations of the CCF part are the same indifferent methods we only compare the independent part ofthe unavailabilityThe numerical comparison of some typicalkoon systems is presented in the next subsection

Firstly the results of transforming the DU failure into arepairable failure are compared with the actual results Forthe DU failure the exact results can be derived by the classicprobabilitymethod for example the RBDmethod or the FTAmethod To implement the comparison themean repair timeof 120582DU is assumed to be zero (ie MRT = 0) and the CCF isnot considered (ie 120573 = 0 and 120573119863 = 0)Then we propose thefollowing proposition

Proposition 4 Let 119875119865119863119898119896119900119900119899

and 119875119865119863119888119896119900119900119899

represent thePFDavg calculated by the transformed Markov models andthe classic probability method respectively then the followingholds on condition that 1205821198631198801198791 ≪ 1

(1) 119875119865119863119898119896119900119900119899asymp 119862119899minus119896+1

119899(1205821198631198801198791)

119899minus119896+1(119899 minus 119896 + 2)

(2) 119875119865119863119898119896119900119900119899asymp 119875119865119863

119888

119896119900119900119899

Proof Let 119875119895 (119895 = 0 1 2 119899) represent the steady stateprobability from Figure 1 and (19) we can obtain that

119875119899minus119896+1 =[

[

1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

]

]

minus1

119875119895 =(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

119875119899 for 119895 lt 119899 minus 119896 + 1

(23)

where 120583119895 asymp (119899 + 1)1198791 Then the PFD119898119896oo119899 can be written as

PFD119898119896oo119899 = 119875119899minus119896+1

= 1 times (1 +

119899minus119896

sum

119895=0

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

)

minus1

(24)

For the SIS it is generally known that (119899 + 1)1198791 ≫ 120582DUthus 120583119895120582DU ≫ 1 Then we have

(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

119899120582119899minus119896+1

DU≫ 1 +

119899minus119896

sum

119895=1

(119896 minus 1)120583119895+1120583119895+2 sdot sdot sdot 120583119899minus119896+1

(119899 minus 119895)120582119899minus119896+1minus119895

DU

(25)

It follows that

PFD119898119896oo119899 asymp

119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

=119899120582119899minus119896+1

DU 119879119899minus119896+1

1

(119896 minus 1) (119899 minus 119896 + 2)

= 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2

(26)

Additionally the exact results derived by the classicprobability method could also be simplified as [27 31]

PFD119888119896oo119899 asymp 119862

119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (27)

This completes the proof

Proposition 4 indicates that when 120582DU1198791 ≪ 1 thetransformation of the nonrepairable failure to the repairablefailure leads to satisfactory results In the following wedemonstrate the effect of combining the DU failure and DDfailure to a single failuremodeThe comparison ismadewhenonly one type of failure exists The results are summarized inProposition 5

Proposition 5 The results of PFDkoon evaluated by the micro-Markov models when only one type of failure exists areconsistent with the results by the classic probability when onlyone type of failure is considered

Proof For the SIS it is generally known that 120583119895 ≫ 120582119863 thusthe PFD119896oo119899 in (20) can be simplified as

PFD119896oo119899

asymp119899120582119899minus119896+1

DU(119896 minus 1)12058311205832 sdot sdot sdot 120583119899minus119896+1

= 119860119899minus119896+1

119899

119899minus119896+1

prod

119895=1

[120582DU (1198791

119895 + 1+MRT) + 120582DD

MTTR119895]

(28)

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 9: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Mathematical Problems in Engineering 9

Table 2 Comparison of PFDavg equations only considering the DU failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912 120582DU11987912

1oo2 (120582DU1198791)23 (120582DU1198791)

23 (120582DU1198791)

29 (120582DU1198791)

24 (120582DU1198791)

23

2oo2 120582DU119879 120582DU119879 2 sdot 120582DU1198793 120582DU119879 120582DU119879

2oo3 (120582DU1198791)2

(120582DU1198791)2

(120582DU1198791)23 3(120582DU1198791)

24 (120582DU1198791)

2

1oo3 (120582DU1198791)34 (120582DU1198791)

34 mdasha mdasha

(120582DU1198791)34

aThe PFD1oo3 equation is not given in [16 20]

Table 3 Comparison of PFDavg equations only considering the DD failure

System type This paper IEC equation Reference [16] Reference [20] Reference [4]1oo1 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR 120582DDMTTR1oo2 (120582DDMTTR)2 2(120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2 (120582DDMTTR)2

2oo2 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR 2120582DDMTTR2oo3 3(120582DDMTTR)2 6(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2 3(120582DDMTTR)2

1oo3 (120582DDMTTR)3 6(120582DDMTTR)3 mdasha mdasha(120582DDMTTR)3

aThe PFD1oo3 equation is not given in [16 20]

If 120582DD = 0 and MRT = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899

(120582DU1198791)119899minus119896+1

119899 minus 119896 + 2 (29)

It is in accord with the results by the classic probabilitymethod when the DU failure is only considered see (27)

If 120582DU = 0 (28) can be simplified as

PFD119896oo119899 asymp 119862119899minus119896+1

119899(120582DDMTTR)119899minus119896+1 (30)

It is consistent with the results by the classic probabilitymethod see [31] This completes the proof

From Proposition 5 it can be observed that when onlyone type of failure exists the results via the micro-Markovmodels are in accord with the results when only one typeof failure is considered We further compare the simplifiedequations through some typical koon systems when only onetype of failure exists The simplified equations are illustratedin Tables 2 and 3The equations presented by [4] are deducedwhen only one type of failure is considered which are alsoconsistent with the equations presented by Smith [31] andRausand and Hoslashyland [27] It can be observed that only thesimplified equations derived in this paper are equal to theequations presented in [4]

The reason why different results are obtained bydifferent references can be explained as follows Theequivalent MDT of a component or the group is anapproximation Different approximation assumptionscould obtain different results Take the 1oo2 system forinstance the group equivalent MDT is approximately equalto (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)(MTTR2) (see(16)) However the approximate results from IEC 61508[16 20] are (120582DU120582119863)(11987913 + MRT) + (120582DD120582119863)MTTR(120582DU2120582119863)(11987912 + MRT) + (120582DD120582119863)(MTTR2) and(120582DU2120582119863)(11987913+MRT)+ (120582DD120582119863)(MTTR2) respectivelyTherefore the controversial results are obtained However

regardless of approximation process the results by combiningthe failure modes should be consistent with those when onlyone type of failure modes is considered Thus the groupequivalentMDTs in these references have not been accuratelyapproximated This verifies the results via micro-Markovmodels to some extent

46 Numerical Comparison In this experiment we comparethe results by the micro-Markov models with some classicprobability methods Similar to the above subsection thetransformation of the DU failure to a repairable failure isfirst compared For simplicity the calculation of PFDavg bythe classic probability method the presented micro-Markovmodel in this paper (ie (20)) and the simplified equationspresented by IEC 61508 are referred to as11987201198721 and1198722respectively To compare these methods the1198720 is regardedas a basic method and the relative error is used to implementthe comparison The relative error expressed as a percentageis represented by the ratio of the difference between the resultof1198720 and1198721 (or1198722) to that of1198720

We consider a triple system for an illustrative pur-pose With different proof test intervals the value of 120582DU1198791changes from 0033 to 0263 The compared results areillustrated in Table 4 where RE1 and RE2 represent therelative error of 1198721 and 1198722 respectively In Table 4 it canbe observed that the relative error increases with the increaseof the value of 120582DU1198791 for any koon system and the relativeerror of 1198721 is always smaller than that of 1198722 This impliesthat 1198721 obtains more accuracy results than 1198722 When thevalue of 120582DU1198791 is small (eg 120582DUT1 = 0033) the relativeerror of1198721 and1198722 is able tomeet the accuracy requirementsHowever for the case that 1198791 = 4 years that is 120582DU1198791 =0263 the relative error of1198722 for 3oo3 system is minus279 Insuch circumstances for 1198722 the methods which have morefundamental principles for example FTA or RBD methodshould be used

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 10: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

10 Mathematical Problems in Engineering

Table 4 Comparison of PFDavg results by11987201198721 and1198722

120582DU = 75119864 minus 06h 120582DD = 0 MRT = 0 h 1 year = 8760 h 120573 = 0System type T1 (year) 1198720 1198721 1198722 RE1 () RE2 ()

1oo305 852119864 minus 06 844119864 minus 06 886119864 minus 06 979119864 minus 01 minus401119864 + 00

1 656119864 minus 05 643119864 minus 05 709119864 minus 05 194119864 + 00 minus815119864 + 00

4 334119864 minus 03 309119864 minus 03 454119864 minus 03 733119864 + 00 minus360119864 + 01

2oo305 104119864 minus 03 103119864 minus 03 108119864 minus 03 821119864 minus 01 minus417119864 + 00

1 398119864 minus 03 391119864 minus 03 432119864 minus 03 164119864 + 00 minus848119864 + 00

4 503119864 minus 02 472119864 minus 02 691119864 minus 02 617119864 + 00 minus373119864 + 01

3oo305 477119864 minus 02 470119864 minus 02 493119864 minus 02 154119864 + 00 minus331119864 + 00

1 924119864 minus 02 897119864 minus 02 986119864 minus 02 289119864 + 00 minus668119864 + 00

4 308119864 minus 01 283119864 minus 01 394119864 minus 01 825119864 + 00 minus279119864 + 01

Table 5 Comparison of PFDavg results by11987201198721 and1198722

120582119863 = 1119864 minus 05h 1198791 = 8760 h MRT = 24 h MTTR = 24 h 120573 = 0 120573119863 = 0System type DC119863 () 119872

1015840

01198721 1198722 RE1 () RE2 ()

1oo325 663119864 minus 05 661119864 minus 05 733119864 minus 05 291119864 minus 01 minus105119864 + 01

50 203119864 minus 05 204119864 minus 05 221119864 minus 05 minus514119864 minus 01 minus860119864 + 00

75 266119864 minus 06 271119864 minus 06 289119864 minus 06 minus163119864 + 00 minus864119864 + 00

2oo325 401119864 minus 03 398119864 minus 03 440119864 minus 03 691119864 minus 01 minus960119864 + 00

50 184119864 minus 03 184119864 minus 03 197119864 minus 03 186119864 minus 01 minus707119864 + 00

75 481119864 minus 04 484119864 minus 04 506119864 minus 04 minus632119864 minus 01 minus532119864 + 00

3oo325 928119864 minus 02 903119864 minus 02 993119864 minus 02 267119864 + 00 minus699119864 + 00

50 634119864 minus 02 623119864 minus 02 664119864 minus 02 179119864 + 00 minus474119864 + 00

75 327119864 minus 02 325119864 minus 02 336119864 minus 02 823119864 minus 01 minus251119864 + 00

In the following we utilize the method presented in[17] as a basic method to perform the comparison whichhas more fundamental principles for the SIS The methodpresented in [17] assumes that the unavailability caused by theDD failure is a constant value denoted by 119902 gt 0 Howeverthe constant value is directly added to the instantaneousunavailability which is an approximate value Take the 1oo1system for example we have PFD(119905) = 119902 + 1 minus 119890minus120582119905 Howeverwhen 119905 rarr infin the unavailability equals PFD = 119902 +

1 gt 1 This is not consistent with the assumption that theunavailability is less than or equal to 1 Thus in this paperwe remedy this deficiency as follows Essentially the constantvalue 119902 can be regarded as a static failure probabilityThus theinstantaneous unavailability can be represented as PFD(119905) =1 minus (1 minus 119902)119890

minus120582119905 = 1 minus 119890minus120582119905 + 119902119890minus120582119905 This is consistent with theassumption For simplicity the method presented in [17] isreferred to as1198721015840

0 Table 5 gives the compared results where

the value of DCD changes from 25 to 75 It is shown thatthe relative error of 1198721 is always smaller than that of 1198722And the maximum value of the relative error of1198721 is 267which could satisfy the accuracy requirements Overall thepresented method could obtain the desired results for theSIL verification and can be potentially applied to other koonsystems

5 Concluding Remarks

This paper proposes micro-Markov models for the reliabilityanalysis of koon systems with multiple failure modes Two

rules are proposed to implement the micro-Markov modelsFor the repairable koon systems with multiple independentfailures and repairs the micro-Markov models could derivethe same results with the basic Markov models For thekoon systems with hybrid failure modes approximated andsatisfied results could be obtained by the micro-Markovmodels A case study regarding the SIL verification for the SISindicates that when only one type of failure modes exists theresults derived by the micro-Markov models are consistentwith the results by the classic probability method when onlyone type of failure modes is consideredWhen the DU failureand the DD failure both exist the results are approximatelyequal to the results by the methods with more fundamentalprinciples Additionally simplified equations are presentedfor the SIL verification In summary the micro-Markovmodels can be applied to the koon systems with multiplefailure modes

In this paper we mainly discuss how to develop themicro-Markov models for the koon systems with multi-ple failure modes However we only use the simple betafactor model to model CCF which could not distinguishbetween different koon systems To improve the accuracy ofmodeling CCF more advanced CCF models (eg the MBFmodel) should be used and how to use the micro-Markovmodels with the MBF model needs to be further exploitedAdditionally as the koon system normally works in a finitetime zone it obtains a pessimistic evaluation by using thestatic unavailability of the repairable failure to represent theaverage unavailability in the finite time zone To derive abetter evaluation in a finite time zone the time independent

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 11: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Mathematical Problems in Engineering 11

Markov method should be used However for the koonsystem with multiple failure modes especially for the systemwith hybrid failure modes it is different to obtain the exactand closed form solution of the system unavailability Thismay encourage the research that is reducing the computationcomplexity of the time-independent unavailability for koonsystems

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the National Science Foundationof China under Grant 41174162

References

[1] S Eryilmaz ldquoConsecutive k-within-m-out-of-nF system withnonidentical componentsrdquoMathematical Problems in Engineer-ing vol 2012 Article ID 106359 8 pages 2012

[2] R Moghaddass M J Zuo and W Wang ldquoAvailability of ageneral k-out-of-nG system with non-identical componentsconsidering shut-off rules using quasi-birthdeath processrdquo Reli-ability Engineering amp System Safety vol 96 no 4 pp 489ndash4962011

[3] M Rausand Reliability of Safety-Critical Systems Theory andApplications Wiley Online Library John Wiley amp Sons NewYork NY USA 2014

[4] J V Bukowski ldquoA comparison of techniques for computing PFDaveragerdquo in Annual Reliability and Maintainability Symposium2005 Proceedings The International Symposium on ProductQuality and Integrity pp 590ndash595 usa January 2005

[5] S Wang ldquoReliability model of mechanical components withdependent failure modesrdquoMathematical Problems in Engineer-ing vol 2013 Article ID 828407 6 pages 2013

[6] Q Yang Y Hong Y Chen and J Shi ldquoFailure profile analysis ofcomplex repairable systems with multiple failure modesrdquo IEEETransactions on Reliability vol 61 no 1 pp 180ndash191 2012

[7] J Wu S Yan and L Xie ldquoReliability analysis method of a solararray by using fault tree analysis and fuzzy reasoning Petri netrdquoActa Astronautica vol 69 no 11-12 pp 960ndash968 2011

[8] J Wu and S Yan ldquoAn approach to system reliability predictionfor mechanical equipment using fuzzy reasoning Petri netrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability 2013

[9] IEC 61508 rdquoFunctional Safety of ElectricalElectronicProgram-mable Electronic Safety-Related Systems International Elec-trotechnical Commission Geneva Switzerland 2nd edition2010

[10] IEC 61511 Functional Safety Safety Instrumented Systems for theProcess Industry Sector International Electrotechnical Commis-sion Geneva Switzerland 2003

[11] H Jin M A Lundteigen and M Rausand ldquoReliability per-formance of safety instrumented systems a common approachfor both low- and high-demand mode of operationrdquo ReliabilityEngineering amp System Safety vol 96 no 3 pp 365ndash373 2011

[12] L F Oliveira and R N Abramovitch ldquoExtension of ISATR840002 PFD equations to KooN architecturesrdquo ReliabilityEngineering amp System Safety vol 95 no 7 pp 707ndash715 2010

[13] J K Vaurio ldquoUnavailability equations for k-out-of-n systemsrdquoReliability Engineering amp System Safety vol 96 no 2 pp 350ndash352 2011

[14] H Jin M A Lundteigen and M Rausand ldquoNew PFH-formu-las for k-out-of-nF-systemsrdquo Reliability Engineering amp SystemSafety vol 111 pp 112ndash118 2013

[15] H Jin and M Rausand ldquoReliability of safety-instrumentedsystems subject to partial testing and common-cause failuresrdquoReliability Engineering amp System Safety vol 121 pp 146ndash1512014

[16] H Guo andX Yang ldquoA simple reliability block diagrammethodfor safety integrity verificationrdquoReliability Engineeringamp SystemSafety vol 92 no 9 pp 1267ndash1273 2007

[17] A C Torres-Echeverrıa S Martorell and H A ThompsonldquoModeling safety instrumented systems with MooN votingarchitectures addressing system reconfiguration for testingrdquoReliability Engineering amp System Safety vol 96 no 5 pp 545ndash563 2011

[18] Y Dutuit F Innal A Rauzy and J-P Signoret ldquoProbabilisticassessments in relationship with safety integrity levels by usingFault Treesrdquo Reliability Engineering amp System Safety vol 93 no12 pp 1867ndash1876 2008

[19] B Knegtering and A C Brombacher ldquoApplication of microMarkov models for quantitative safety assessment to determinesafety integrity levels as defined by the IEC 61508 standard forfunctional safetyrdquo Reliability Engineering amp System Safety vol66 no 2 pp 171ndash175 1999

[20] T ZhangW Long andY Sato ldquoAvailability of systemswith self-diagnostic componentsmdashapplyingMarkovmodel to IEC61508-6rdquoReliability Engineeringamp System Safety vol 80 no 2 pp 133ndash141 2003

[21] H Guo and X Yang ldquoAutomatic creation of Markov models forreliability assessment of safety instrumented systemsrdquo Reliabil-ity Engineeringamp System Safety vol 93 no 6 pp 829ndash837 2008

[22] J L Rouvroye and E G Van den Bliek ldquoComparing safetyanalysis techniquesrdquo Reliability Engineering amp System Safetyvol 75 no 3 pp 289ndash294 2002

[23] F Innal Contribution to modelling safety instrumented systemsand to assessing their performance critical analysis of iec 61508standard [PhD thesis] University of Technology 2008

[24] F Innal YDutuit A Rauzy and J-P Signoret ldquoNew insight intothe average probability of failure on demand and the probabilityof dangerous failure per hour of safety instrumented systemsrdquoProceedings of the Institution of Mechanical Engineers Part OJournal of Risk and Reliability vol 224 no 2 pp 75ndash86 2010

[25] Y Liu and M Rausand ldquoReliability assessment of safety instru-mented systems subject to different demand modesrdquo Journal ofLoss Prevention in the Process Industries vol 24 no 1 pp 49ndash562011

[26] J V Bukowski and I Van Beurden ldquoImpact of proof test effect-iveness on safety instrumented system performancerdquo inAnnualReliability andMaintainability Symposium (RAMS rsquo09) pp 157ndash163 January 2009

[27] M Rausand and A Hoslashyland System ReliabilityTheory ModelsStatisticalMethods andApplicationsWiley Series in Probabilityand Statistics John Wiley amp Sons Hoboken NJ USA 2ndedition 2004

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 12: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

12 Mathematical Problems in Engineering

[28] P Hokstad and K Corneliussen ldquoLoss of safety assessment andthe IEC 61508 standardrdquoReliability Engineeringamp System Safetyvol 83 no 1 pp 111ndash120 2004

[29] P Hokstad A Maria and P Tomis ldquoEstimation of commoncause factors from systems with different numbers of channelsrdquoIEEE Transactions on Reliability vol 55 no 1 pp 18ndash25 2006

[30] S Hauge M A Lundteigen P Hokstad and S HabrekkeldquoReliability predictionmethod for safety instrumented systems-PDSmethod handbook 2010 editionrdquo SINTEF report STF50 Avol 6031 2010

[31] D SmithReliabilityMaintainability andRisk-PracticalMethodsfor Engineers Elsevier Butterworth-Heinemann BurlingtonMass USA 2005

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of

Page 13: Research Article Unavailability Analysis for k -out-of- n ...downloads.hindawi.com/journals/mpe/2014/740936.pdf · Research Article Unavailability Analysis for k -out-of- n :G Systems

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Mathematical PhysicsAdvances in

Complex AnalysisJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

OptimizationJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Operations ResearchAdvances in

Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Algebra

Discrete Dynamics in Nature and Society

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Decision SciencesAdvances in

Discrete MathematicsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of