Dependability analysis of systems with on-demand and active failuremodes, using dynamic fault trees

摘要

Safety systems and protection systems can experience two phases ofnoperation (standby and active); an accurate dependability analysis mustncombine an analysis of both phases. The standby mode can last for a longntime, during which the safety system is periodically tested andnmaintained. Once a demand occurs, the safety system must operatensuccessfully for the length of demand. The failure characteristics ofnthe system are different in the two phases, and the system can fail inntwo ways: (1) it can fail to start (fail on-demand), or (2) it can failnwhile in active mode. Failure on demand requires an availabilitynanalysis of components (typically electromechanical components) whichnare required to start or support the safety system. These supportncomponents are usually maintained periodically while not in active use.nActive failure refers to the failure while running (once started) of thenactive components of the safety system. These active components can benfault tolerant and use spares or other forms of redundancy, but are notnmaintainable while in use. The approach, in this paper, automaticallyncombines the "availability analysis of the system in standby mode" withnthe "reliability analysis of the system in its active mode." The generalnapproach uses an availability analysis of the standby phase to determinenthe initial state probabilities for a Markov model of the demand phase.nA detailed method is presented in terms of a dynamic fault-tree model. Annew "dynamic fault-tree construct" captures the dependency of thendemand-components on the support systems, which are required to detectnthe demand or to start the demand system. The method is discussed usingna single example sprinkler system and then applied to a more completensystem taken from the off-shore industry