Sei sulla pagina 1di 11

8.

System Reliability

8.1 Introduction

Analysis of system reliability has an initiating event that starts a sequence of subsequent
events that ultimately leads to failure of the overall system. Some examples are improper
maintenance measures such as those of drains, occurrence of natural hazards such as
earthquakes, floods and hurricanes. The steps involved in a system reliability assessment
are:

1. Identify initiating events and determine the probabilities of these events.

2. Quantitatively define the meaning of failure of the system.

3. Develop quantitative models of the performance of individual components.

4. Identify mechanical interactions among component failures and failure modes.

5. Investigate statistical or probabilistic correlations, if any, among component failures


and failure modes.

6. Integrate component performance, models, interactions and correlations within an over


all system performance model.

7. Calculate numerical results for system reliability.

The individual reliabilities should be calculated to evaluate the overall reliability of the

system. The relationship between different failure modes or elements is quite complex.

At best one can consider that they are independent. Two idealized systems are possible.

8.2 Series system

Let R1, R2, R3,…… RN be the reliabilities of system of N elements and assume that all are

independent .If all the element s are connected in series , failure of any one of the

elements will lead to failure of the system. Therefore overall reliability is the probability

of success of all elements is product of individual reliability.

1
Ps = R1 R2 .......RN

Pf = 1 − π (1 − Pi ) = 1 − (1 − P )
N
N N

i =1

Pi = PN the probaility of failure are equal


Pf = 1 − (1 − P )
N

If there are 4 modes of failure and in each case Pf = 0.01 then

Pf = 1 − (1 − 0.01) = 0.0394
4

R = 1 − 0.0394 = 0.9065

8.3 Parallel system

Consider another system, in which system will fail only if all the elements fail. The

failure probabilities of individual elements are independent. The overall probability of

failure is that all elements should fail. Pf = PN. The reliability of the system is

Ps = 1 − ((1 − R1 )(1 − R2 )(1 − R3 )............(1 − R N )) .

If R1=R2……………..RN

Ps = 1 − (1 − R )
N

Pf = P N

For 4 modes of failure and Pf1 = Pf 2 = 0.01

Pf = (0.01)4 = 0.000001

The series system failure can be considered as lower bound. Parallel system can be

considered as upper bound of reliability. This is because, series system will fail if one of

the links fails and parallel system will fail if all the system fails. In general it is possible

that one has links which have a combination of both series and parallel configurations..

For example

2
3 7
1 2 4 6

Input Output
5 8

P345 = P3 * P4 * P5 and P78 = P7 * P8

N
Pf = 1 − (1 − P ) 1 − π (1 − Pi )
N
or
i =1

= 1 − (1 − P1 )(1 − P2 )(1 − P345 )(1 − P6 )(1 − P78 )

8.4 Redundant System

A redundant system is one wherein more than one component is able to perform the

function. The failure of a component is a non-redundant system produces the failure of

the entire system.

Ex : Single wire, Limited access highway (single road)

Engineering designs are generally improved by adding redundant components using r out

of N model which means that at least r out of N operate for the system to succeed.

Ex: A footing resting on N piles such that ‘r’ are required to function to support load

If all the components have the same reliability or probability of failure, then binomial

distribution gives r success out of N components.

b(r , N , R )= N C r R (1 − R )
( N −r )

The system requires at least r elements to be reliable . The system is stable for r+1,

r+2……………N

3
Hence reliability of r out of N model is

R = ∑ b(K , N , R )
N

K =r

R = ∑ N C r R K (1 − R )
N
(N −K )

K =r

Suppose out of 5 channels for drainage 4 should effectively function for stability of slope

then,

N =5
⎛5⎞
∑ ⎜⎜ 4 ⎟⎟(1 − P ) P (5 − K )
K
R=
⎝ ⎠
K =4

⎛5⎞ ⎛ 5⎞
= ⎜⎜ ⎟⎟(1 − P ) P 1 + ⎜⎜ ⎟⎟(1 − P ) (1 − P )
4 5 0

⎝ 4⎠ ⎝ 5⎠
= 5(1 − P ) P + (1 − P )
4 5

If P=0.01, then R=5(1-0.01)40.01+(1-0.01)5 = 0.999

8.5 Mutual dependent failure modes

For series system with two components having individual failure probability PA and PB

the failure event is {A+B}. From the addition rule of probability theory

Pr [ A + B] = PA + PB − Pr [AB]

thus

PA + PB − Max (PR [AB]) ≤ PR [A + B] ≤ PA + PB − Min(PR [AB])

and substituting the lower and upper bounds of equation for min(Pr[AB]) and

min(Pr[AB]) respectively

PA + PB − Pa − Pb ≤ Pr [A + B ] ≤ Pa + Pb − max (Pa , Pb )

Where Pa and Pb are given in the above equations

4
1 − PA − PB + max (Pa , Pb ) ≤ r ≤ 1 − PA − PB + Pa + Pb

for a constant component reliability index β, the individual failure probability is from the

equation P = Φ(− β ) substituting into the equation yields

⎡ ⎛ 1− ρ ⎞⎤ ⎡ ⎛ ⎞⎤
1 − 2Φ (− β )Φ )⎢2 − Φ⎜ − β ⎟⎥ ≤ r ≤ 1 − 2Φ (− β )⎢1 − Φ⎜ − β 1 − ρ ⎟⎥
⎢ ⎜ 1− ρ 2 ⎟⎥ ⎢ ⎜ 1− ρ 2 ⎟⎥
⎣ ⎝ ⎠⎦ ⎣ ⎝ ⎠⎦

Example 1
Two mountain resorts are connected by roads a and b. During a snowstorm in the region
there is a 20 percent chance that traffic will be suspended in road a, and a corresponding
10 percent chance for road b. The road between the two resorts can be modeled as a
redundant system, with individual probabilities of failure PA = 0.2 and PB=0.1. Assuming
independent failures, the risk Pf that there is no access between the two resorts during a
storm is simply
Pf = PA PB = 0.2 * 0.1 = 0.02
However limited facilities in the area delay the removal of snow from the two roads.
Accordingly the system reliability is bound by
min(1 − PA ,1 − PB ) ≤ r ≤ 1 − PA PB
that is, 0.8 ≤ r ≤ 0.98. Hence, 0.02 ≤ Pf ≤ 0.2

From past experience the failure modes can be assumed to be normally distributed with a
positive correlation of ρ=0.7
β A = Φ −1 (1 − PA ) = Φ −1 (0.8) = 0.842
and
β A = Φ −1 (1 − PB ) = Φ −1 (0.9) = 1.282

These are substituted into Equations we obtain

5
⎛ β − ρβ A ⎞ ⎛ ⎞
Pa = PA Φ⎜ − B ⎟ = 0.2Φ⎜ − 1.282 − 0.7 * 0.842 ⎟ = 0.0332
⎜ 1 − ρ 2 ⎟⎠ ⎜ ⎟
⎝ ⎝ 1 − 0 .7 2 ⎠
and
⎛ β − ρβ B ⎞ ⎛ ⎞
Pb = PB Φ⎜ − A ⎟ = 0.1Φ⎜ − 0.842 − 0.7 * 1.282 ⎟ = 0.0531
⎜ 1− ρ2 ⎟ ⎜ 2 ⎟
⎝ ⎠ ⎝ 1 − 0 .7 ⎠
Hence, from
1-0.0332-0.0531 ≤ r ≤ 1- max (0.0332, 0.0531)
that is 0.914 ≤ r ≤ 0.947, Thus the required risk of failure is bounded as 0.053 ≤
Pf ≤ 0.086. These limits are much narrower than those obtained by distribution-free
methods (parallel and series systems), and thus provide an improved assessment of the
road system.

Example 2

The interdependencies of component failures are extremely important in system


reliability. Consider the system shown in Figure 1, in which one tank in a courtyard is
surrounded by a firewall to contain leaks. Presume that the annual probability of the tank
failing and spilling its contents in the courtyard is PT = 0.01 and that the overflow
capacity of the boundary wall is sufficient to retain the full volume of one tank. For oil to
leak out of the courtyard, the tank must fail, and then the firewall must fail, too. Let the
probability of the firewall failing given an oil load behind it be PF = 0.01. The joint
probability of both the tank and firewall failing, presuming the probabilities independent,
is the product, Pr{oil loss} = PT PF =0.0001 , a fairly small number which is obtained by
multiplication considering that the failures are in series.

6
Figure 8. 2

However, if liquefaction of the site caused by seismic ground shaking had an annual
probability of occurring of 0.001, and should liquefaction occur, both the tank and
firewall would fail and the probability of this failure is then 0.001. While the probability
of liquefaction is a small contributor to the annual risk of tank failure alone, it increases
the annual probability of loss of oil off the site (system failure) by a factor of ten.

8.6. Event Tree Representations

The most common way of decomposing a geotechnical risk assessment is by building an


event tree .An event tree starts with some initiating event, and then considers all possible
chains of events that could lead from the first event. Each chain of events leads to some
performance of the system. Some of these chains of events lead to adverse outcomes:
some do not. For each event in the tree, a probability is assessed presuming the
occurrence of all the events preceding it in the tree, that is a conditional probability. The
total probability for a particular chain of events or path through the tree is found by
multiplying the sequences of conditional probabilities.

In this way, we can build an event tree for the previous example. This event tree is shown
in the upper part of Figure 2. The first event is loss of oil from the tank occurs with
probability p. If the tank leaks, then either the fire wall retains the spilled oil or it does
not, let the probability that the fire wall fails to retain the oil be q. Note, this probability q

7
depends on whether the tank leaks or not. The pressure of ponded oil against the firewall
presumably makes the wall more likely to fail, compared to the case without oil pressure.
If system failure is defined as loss of oil off the site, then the only end node in the event
tree that includes a failure is that for which both the tank has spilled its oil and the fire
wall does not retain the oil. Thus, the probability of system failure is p x q.

Figure 1 - Event tree for tank farm failure


Now consider the initiating event that seismic ground shaking leads to liquefaction of the
soils underlying the patio. Once liquefaction occurs the assumption is made that both the
tank and the fire wall fail. So, in this case, rather than the two failures being

8
probabilistically independent, they are correlated through the occurrence of a common
event which causes each of them to fail at the same time. An event tree serves as a simple
way of showing the interrelationship of events in a system fail tree.

8.7. Fault Tree Representations

Considering again the simple case of the oil storage of Figure 4, In building an event tree
of this system, we started with a spill of oil from the tank and then considered the
subsequent event that the fire wall fails to contain the oil. In building a fault tree of the
same system, We start with the system failure, ‘oil spilled off site.’ and then ask, how this
might have happened. For oil to be spilled off site both the fire wall must fail to contain
any spilled oil existing on the site, and the tank must somehow fail to hold the oil that
was contained within it.

Common practice is to draw a fault tree from top to bottom as in Figure 5. At the top is
the system failure condition, ‘oil spilled off site.’ Beneath are the two faults that need to
occur to enabled is system failure, namely, ‘tank fails to contain oil,’ and ‘fire wall Fails
lo contain oil.’ Since both of these things must occur for the system failure to occur, they
are connected in the tree by an ‘AND’ node denoted by a bullet shaped symbol. The
probabilities are multiplied to obtain the probability of the next higher fault in which p0 =
P;{oil spilled off site}, p1 = Pr{ tank Fails to contain oil } and p2 = Pr{fire wall fails to
contain oil}.

9
Figure 2 - Fault tree for tank farm failure
One continues to decompose the fault at each level into the contributing faults that would
cause it to occur. For the fault, ‘tank fails to contain oil,’ to occur, one could assume that
either of two other faults might have to occur, namely, structural tank shell ruptures or
‘piping connecting tank breaks.’ Since only one or the other (or both) of these need occur
for containment to be lost by the tank, they are connected by an ‘OR’ node, denoted with
a plus sign. This shows that the probabilities are added to obtain the probability of the
next higher fault

(1 − p0 ) = (1 − p1 )(1 − p 2 )
p 0 = p1 + p 2 − p1 p 2

in which p0= Pr{tank fails to contain oil }, p1 = Pr{ structural tank shell ruptures} and

P2 = Pr{piping connecting tank breaks}

The advantage of a fault tree over an event tree is that it focuses only on chains leading to
failures; the disadvantage is that it may fail to uncover important combinations of events.
For example, it is not clear that the fault tree of figure can identify the hazard posed by
liquefaction induced lid hare of both the tanks and the lire walls. Thus, the advantage of
the event tree is that it comprehensively uncovers combinations of events leading to

10
failures, but the disadvantage is that event trees quickly become quite complicated in big
projects if multiple events are involved..

Fault trees have been comparatively less used in geotechnical risk and reliability than
have event trees. One geotechnical application in which fault trees have been widely
used, however, is safety assessment for nuclear waste disposal facilities. Presumably the
close connection of this enterprise to the nuclear industry, where fault tree analysis is
common, explains the phenomenon.

8.8. Summary
This chapter describes some of the procedures for evaluating the reliability of a system
rather than a single component. The use of event tree and fault tree representations in the
analysis is also illustrated.

11

Potrebbero piacerti anche