Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
System Reliability
8.1 Introduction
Analysis of system reliability has an initiating event that starts a sequence of subsequent
events that ultimately leads to failure of the overall system. Some examples are improper
maintenance measures such as those of drains, occurrence of natural hazards such as
earthquakes, floods and hurricanes. The steps involved in a system reliability assessment
are:
The individual reliabilities should be calculated to evaluate the overall reliability of the
system. The relationship between different failure modes or elements is quite complex.
At best one can consider that they are independent. Two idealized systems are possible.
Let R1, R2, R3,…… RN be the reliabilities of system of N elements and assume that all are
independent .If all the element s are connected in series , failure of any one of the
elements will lead to failure of the system. Therefore overall reliability is the probability
1
Ps = R1 R2 .......RN
Pf = 1 − π (1 − Pi ) = 1 − (1 − P )
N
N N
i =1
Pf = 1 − (1 − 0.01) = 0.0394
4
R = 1 − 0.0394 = 0.9065
Consider another system, in which system will fail only if all the elements fail. The
failure is that all elements should fail. Pf = PN. The reliability of the system is
If R1=R2……………..RN
Ps = 1 − (1 − R )
N
Pf = P N
Pf = (0.01)4 = 0.000001
The series system failure can be considered as lower bound. Parallel system can be
considered as upper bound of reliability. This is because, series system will fail if one of
the links fails and parallel system will fail if all the system fails. In general it is possible
that one has links which have a combination of both series and parallel configurations..
For example
2
3 7
1 2 4 6
Input Output
5 8
N
Pf = 1 − (1 − P ) 1 − π (1 − Pi )
N
or
i =1
A redundant system is one wherein more than one component is able to perform the
Engineering designs are generally improved by adding redundant components using r out
of N model which means that at least r out of N operate for the system to succeed.
Ex: A footing resting on N piles such that ‘r’ are required to function to support load
If all the components have the same reliability or probability of failure, then binomial
b(r , N , R )= N C r R (1 − R )
( N −r )
The system requires at least r elements to be reliable . The system is stable for r+1,
r+2……………N
3
Hence reliability of r out of N model is
R = ∑ b(K , N , R )
N
K =r
R = ∑ N C r R K (1 − R )
N
(N −K )
K =r
Suppose out of 5 channels for drainage 4 should effectively function for stability of slope
then,
N =5
⎛5⎞
∑ ⎜⎜ 4 ⎟⎟(1 − P ) P (5 − K )
K
R=
⎝ ⎠
K =4
⎛5⎞ ⎛ 5⎞
= ⎜⎜ ⎟⎟(1 − P ) P 1 + ⎜⎜ ⎟⎟(1 − P ) (1 − P )
4 5 0
⎝ 4⎠ ⎝ 5⎠
= 5(1 − P ) P + (1 − P )
4 5
For series system with two components having individual failure probability PA and PB
the failure event is {A+B}. From the addition rule of probability theory
Pr [ A + B] = PA + PB − Pr [AB]
thus
and substituting the lower and upper bounds of equation for min(Pr[AB]) and
min(Pr[AB]) respectively
PA + PB − Pa − Pb ≤ Pr [A + B ] ≤ Pa + Pb − max (Pa , Pb )
4
1 − PA − PB + max (Pa , Pb ) ≤ r ≤ 1 − PA − PB + Pa + Pb
for a constant component reliability index β, the individual failure probability is from the
⎡ ⎛ 1− ρ ⎞⎤ ⎡ ⎛ ⎞⎤
1 − 2Φ (− β )Φ )⎢2 − Φ⎜ − β ⎟⎥ ≤ r ≤ 1 − 2Φ (− β )⎢1 − Φ⎜ − β 1 − ρ ⎟⎥
⎢ ⎜ 1− ρ 2 ⎟⎥ ⎢ ⎜ 1− ρ 2 ⎟⎥
⎣ ⎝ ⎠⎦ ⎣ ⎝ ⎠⎦
Example 1
Two mountain resorts are connected by roads a and b. During a snowstorm in the region
there is a 20 percent chance that traffic will be suspended in road a, and a corresponding
10 percent chance for road b. The road between the two resorts can be modeled as a
redundant system, with individual probabilities of failure PA = 0.2 and PB=0.1. Assuming
independent failures, the risk Pf that there is no access between the two resorts during a
storm is simply
Pf = PA PB = 0.2 * 0.1 = 0.02
However limited facilities in the area delay the removal of snow from the two roads.
Accordingly the system reliability is bound by
min(1 − PA ,1 − PB ) ≤ r ≤ 1 − PA PB
that is, 0.8 ≤ r ≤ 0.98. Hence, 0.02 ≤ Pf ≤ 0.2
From past experience the failure modes can be assumed to be normally distributed with a
positive correlation of ρ=0.7
β A = Φ −1 (1 − PA ) = Φ −1 (0.8) = 0.842
and
β A = Φ −1 (1 − PB ) = Φ −1 (0.9) = 1.282
5
⎛ β − ρβ A ⎞ ⎛ ⎞
Pa = PA Φ⎜ − B ⎟ = 0.2Φ⎜ − 1.282 − 0.7 * 0.842 ⎟ = 0.0332
⎜ 1 − ρ 2 ⎟⎠ ⎜ ⎟
⎝ ⎝ 1 − 0 .7 2 ⎠
and
⎛ β − ρβ B ⎞ ⎛ ⎞
Pb = PB Φ⎜ − A ⎟ = 0.1Φ⎜ − 0.842 − 0.7 * 1.282 ⎟ = 0.0531
⎜ 1− ρ2 ⎟ ⎜ 2 ⎟
⎝ ⎠ ⎝ 1 − 0 .7 ⎠
Hence, from
1-0.0332-0.0531 ≤ r ≤ 1- max (0.0332, 0.0531)
that is 0.914 ≤ r ≤ 0.947, Thus the required risk of failure is bounded as 0.053 ≤
Pf ≤ 0.086. These limits are much narrower than those obtained by distribution-free
methods (parallel and series systems), and thus provide an improved assessment of the
road system.
Example 2
6
Figure 8. 2
However, if liquefaction of the site caused by seismic ground shaking had an annual
probability of occurring of 0.001, and should liquefaction occur, both the tank and
firewall would fail and the probability of this failure is then 0.001. While the probability
of liquefaction is a small contributor to the annual risk of tank failure alone, it increases
the annual probability of loss of oil off the site (system failure) by a factor of ten.
In this way, we can build an event tree for the previous example. This event tree is shown
in the upper part of Figure 2. The first event is loss of oil from the tank occurs with
probability p. If the tank leaks, then either the fire wall retains the spilled oil or it does
not, let the probability that the fire wall fails to retain the oil be q. Note, this probability q
7
depends on whether the tank leaks or not. The pressure of ponded oil against the firewall
presumably makes the wall more likely to fail, compared to the case without oil pressure.
If system failure is defined as loss of oil off the site, then the only end node in the event
tree that includes a failure is that for which both the tank has spilled its oil and the fire
wall does not retain the oil. Thus, the probability of system failure is p x q.
8
probabilistically independent, they are correlated through the occurrence of a common
event which causes each of them to fail at the same time. An event tree serves as a simple
way of showing the interrelationship of events in a system fail tree.
Considering again the simple case of the oil storage of Figure 4, In building an event tree
of this system, we started with a spill of oil from the tank and then considered the
subsequent event that the fire wall fails to contain the oil. In building a fault tree of the
same system, We start with the system failure, ‘oil spilled off site.’ and then ask, how this
might have happened. For oil to be spilled off site both the fire wall must fail to contain
any spilled oil existing on the site, and the tank must somehow fail to hold the oil that
was contained within it.
Common practice is to draw a fault tree from top to bottom as in Figure 5. At the top is
the system failure condition, ‘oil spilled off site.’ Beneath are the two faults that need to
occur to enabled is system failure, namely, ‘tank fails to contain oil,’ and ‘fire wall Fails
lo contain oil.’ Since both of these things must occur for the system failure to occur, they
are connected in the tree by an ‘AND’ node denoted by a bullet shaped symbol. The
probabilities are multiplied to obtain the probability of the next higher fault in which p0 =
P;{oil spilled off site}, p1 = Pr{ tank Fails to contain oil } and p2 = Pr{fire wall fails to
contain oil}.
9
Figure 2 - Fault tree for tank farm failure
One continues to decompose the fault at each level into the contributing faults that would
cause it to occur. For the fault, ‘tank fails to contain oil,’ to occur, one could assume that
either of two other faults might have to occur, namely, structural tank shell ruptures or
‘piping connecting tank breaks.’ Since only one or the other (or both) of these need occur
for containment to be lost by the tank, they are connected by an ‘OR’ node, denoted with
a plus sign. This shows that the probabilities are added to obtain the probability of the
next higher fault
(1 − p0 ) = (1 − p1 )(1 − p 2 )
p 0 = p1 + p 2 − p1 p 2
in which p0= Pr{tank fails to contain oil }, p1 = Pr{ structural tank shell ruptures} and
The advantage of a fault tree over an event tree is that it focuses only on chains leading to
failures; the disadvantage is that it may fail to uncover important combinations of events.
For example, it is not clear that the fault tree of figure can identify the hazard posed by
liquefaction induced lid hare of both the tanks and the lire walls. Thus, the advantage of
the event tree is that it comprehensively uncovers combinations of events leading to
10
failures, but the disadvantage is that event trees quickly become quite complicated in big
projects if multiple events are involved..
Fault trees have been comparatively less used in geotechnical risk and reliability than
have event trees. One geotechnical application in which fault trees have been widely
used, however, is safety assessment for nuclear waste disposal facilities. Presumably the
close connection of this enterprise to the nuclear industry, where fault tree analysis is
common, explains the phenomenon.
8.8. Summary
This chapter describes some of the procedures for evaluating the reliability of a system
rather than a single component. The use of event tree and fault tree representations in the
analysis is also illustrated.
11