CHEN Ying, WANG Yanfang,*, YANG Song,3, and KANG Rui

1.School of Reliability and System Engineering, Beihang University, Beijing 100191, China;2.Science and Technology on Reliability and Environmental Engineering Laboratory, Beihang University, Beijing 100191, China;3.China Academy of Launch Vehicle Technology, Bejing 100076, China

Abstract: Recently, the physics-of-failure (PoF)method has been more and more popular in engineering to understand the failure mechanisms (FMs)of products.However, due to the lack of system modeling methods and problem-solving algorithms,the information of FMs cannot be used to evaluate system reliability.This paper presents a system reliability evaluation method with failure mechanism tree (FMT)considering physical dependency (PDEP)such as competition, trigger, acceleration, inhibition, damage accumulation, and parameter combination.And the binary decision diagram (BDD)analytical algorithm is developed to establish a system reliability model.The operation rules of ite operators for generating BDD are discussed.The flow chart of system reliability evaluation method based on FMT and BDD is proposed.The proposed method is applied in the case of an electronic controller drive unit.Results show that the method is effective to evaluate system reliability from the perspective of FM.

Keywords: system reliability modeling, failure physical dependency, failure mechanism tree (FMT), binary decision diagram(BDD).

1.Introduction

Traditionally, reliability evaluation of complex systems is usually based on system modeling method, in which the most important task is to model the dependency between failures and different parts of the system.These dependencies include functional dependency (FDEP)and physical dependency (PDEP).The former exists in the process of realizing system function, which includes common cause failure (CCF), load sharing effect, and failure isolation effect, and can be modeled with reliability block diagram (RBD), fault trees (FT), petri net (PN), Bayesian network (BN), etc.PDEP describes the correlations between failure mechanisms (FMs), which are caused by the interaction of physical factors, including failure mechanism (FM)trigger, acceleration and accumulation effect.These failure dependencies should be carefully considered in the system reliability assessment process in order to achieve more accurate evaluation results.

Among the traditional system reliability modeling methods, FT analysis (FTA)technique is the most popular one in engineering, which was firstly developed by Watson in 1960’s at Bell Telephone Laboratories to facilitate the analysis of a launch control system of the minuteman intercontinental ballistic missile [1].FTA can provide graphical representation of logical relationships between the undesired system event and the basic failure events.From the system design perspective, FTA provides a logical framework for understanding the ways in which a system can fail with particular failure modes, which is as important as understanding how a system can work successfully [2,3].Many dynamic behaviors, such as sequence-dependency, functional dependency, and priority relationships, can be modeled with FTA by incorporating additional dynamic gates into traditional static FTA [4],which makes this method even more promising [5].These dynamic gates include the priority AND gate (PAND),the sequence enforcing gate (SEG), functional dependency gate (FDEPG), the standby or spare gate, which includes hot spare gate (HSP)and cold spare gate (CSP)[6].

Traditional approaches to solve the FT models are mostly based on the Markov method, Monte Carlo simulation and binary decision diagram (BDD)method [7,8].The Markov method suffers from the well-known space explosion problem and requires exponential time-to-failure distribution of each component.The Monte Carlo simulation is a statistical method used to solve real problems in many engineering fields, in particular when analytical approaches are not feasible.Many studies concentrate on the Monte Carlo simulation method to solve FTand recently dynamic fault tree (DFT)[2,9-11], however this approach can only offer approximate results and often involves long computational time if a higher degree of accuracy is required.Lindhe et al.[12] performed DFT calculations based on a Markov approach and also used standard Monte Carlo simulation to avoid the space exploration of the Markov method.

The BDD method can be used for analyzing static FT that represent the system failure in terms of logic AND/OR combinations of component failures [13].As an extended version of a traditional BDD, sequential BDD(SBDD)[14] can model dependent behaviors and the failure sequences of the components, such as the PAND behavior or sequence dependence.Zhang showed that the modeling method based on BDD can avoid the state space explosion problem to some degree [15].Xing proposed the research results about the application of BDD method to analyze the reliability of phased mission systems [16,17].Xing et al.[13] also analyzed the reliability of cold-standby system and multi-state phased mission system with the SBDD method [18].

FT can model FDEPs, but it cannot describe the dependencies between FMs.In one of our previous works[19], PDEP was categorized as competition, trigger, acceleration, inhibit, and accumulation.Failure mechanism tree (FMT)is firstly introduced to model the PDEP in a dynamic and probability form.Then the Monte Carlo simulation method was applied to analyze the PDEP.The reliability of cold-standby systems [20],k-out-of-nsystems [21], imperfect fault coverage systems [22], multistate systems [23] and multi-state phased-mission systems [24] with PDEP effect were also studied.However,to simplify the problem, the aforementioned algorithm was based on Monte Carlo simulation, the BDD was only used to represent the failure logic.

From the above discussion, traditional system reliability evaluation is usually based on the FTA method and failure statistical data.With the deepening understanding of FMs, it is a general trend to carry out system modeling from the perspective of failure physics, in which understanding of FM correlations is the first step.FMT method has been proposed to describe the PDEP, but not as a complete system modeling method.Moreover, there is only simulation method to solve FMT, and no analytical algorithms.In this paper we proposed a system modeling method with FMT and the analytical BDD algorithm.The accuracy and efficiency of the proposed method are studied and compared with the Monte Carlo simulation results.

The remainder of this paper is organized as follows.Section 2 introduces the related work of this paper.In Section 3, the operation rules ofiteoperator for generating BDD and the analytical algorithm of BDD are proposed.In Section 4, the system model considering PDEP with FMT and the BDD algorithm is proposed.Section 5 is a case study of an aero-engine electronic controller drive circuit, the reliability results obtained by the proposed analytical algorithm and the aforementioned Monte-Carlo simulation method will be compared.Finally, Section 6 presents the conclusion of this paper.

2.Related works

2.1 Physical dependency and FMT

From the engineering aspect, there are different types of PDEP for non-repairable systems [25] as shown in Fig.1.

Fig.1 Classification of PDEP for non-repairable systems

Here, independent FM is defined as a mechanism only triggered by environmental condition, loads, and inner parameters such as structure and material parameters.Independent FM will not be initiated, triggered, or affected by any other FMs.

The MACO gate has multiple FMs acting as basic events and a single output event of component failure,which is shown in Fig.2(a).The FMs are independent with each other, they develop independently, and the one that evolves to reach its threshold would result in the failure of a component (i.e., output of this gate).The output events of the competition gate can be the failure mode of components or parts and can be directly connected to a basic event of the FT.The mechanism activate (MACT)gate has a single trigger input event, one or multiple input basic events and one or multiple output basic events(illustrated in Fig.2(b)).The trigger event can be failure mechanism (FM)or an intermediate event (i.e., output of another gate).The occurrence of the trigger event forces the input FM to initiate the output basic events (i.e., another FM)to occur.The mechanism acceleration (MACC)and mechanism inhibition (MINH)gate has a single trigger input event, one or multiple input basic events and one or multiple output basic events (illustrated in Fig.2(c)).Similar to the MACT gate, the trigger event can be other FM or an intermediate event.The difference between MICC/MINH and MACT is that the former will not result in new FMs, they only accelerate or inhibit the devel-oping speed of existing mechanisms.The mechanism damage accumulation (MADA)and mechanism parameter combination (MAPA)gate has multiple FMs as basic events and a single output event as shown in Fig.2(d).The input FMs develop independently, however, the results of these FMs will accumulate.The difference of MADA and MAPA gate is that the former is used when FMs can be characterized by damage, and the latter by performance parameters.

Fig.2 Basic physical gate of FMT

2.2 Binary decision diagram

The BDD method, which is based on Shannon decomposition rule [26], has been widely used in solving complex FT.

In (1),Fis a Boolean expression,xis a Boolean variable.Fx=1andFx=0are the values ofFwhenx=1 andx= 0.

In (2),iterepresents the concise if-then-else format.The BDD is constituted by rooted, directed acyclic graph(DAG), which has two sink nodes, each labeled by a distinct logic value “0” and “1”, representing the system being in an operational or a failed state respectively.As illustrated in Fig.3, each non-sink node is associated with a Boolean variablexand has two outgoing edges called 1-edge (or then-edge)and 0-edge (or else-edge)respectively.The 1-edge represents the failure of the corresponding component and leads to the child nodeFx=1.The 0-edge represents the operation of the component and leads to the child nodeFx=0.Each non-sink node in the BDD encodes aniteexpression.

Fig.3 Graphic representation of ite expression of single Boolean variable

Theiteoperator can describe the following three important relationships [27]:

(i)Basic events：

(ii)Logical “AND” relationship between events：

(iii)Logical “OR” relationship between events：

With theiteoperators, the FT logical relationship of the basic events can be easily described [28-30].Therefore, it is necessary to study theiteof FMT considering PDEP for solving FMT, which is the foundation of constructing BDD.

3.BDD analytical algorithms for FMT

3.1 Competition ite operation rules and BDD algorithm

The operation rules ofitefor different PDEP logics are studied.In traditional BDD for competition correlation,the 0-edge represents the normally operating state and is connected to the sink nodes “0”.The 1-edge represents the failure of the corresponding component, which is not connected with each other and points to the sink nodes“1”.To integrate PDEP into BDD, all the 1-edges of nonsink nodes represent an integral value in improved BDD.Therefore, the symbol 0 →tare added to all 1-edges to represent that the integral lower limit is zero and the upper limit ist.The value of sink nodes “1” is the probability of system state.In theiteexpression, “” instead of “1” is used to represent 1-edge.

Firstly, for MACO, if there are multiple competing FMsmi(i=1,···,n), the operation rule of theiteis to replace the “0” inite(mi,1,0)withite(mi+1,1,0)in turn and using” to represent 1-edge.The following formula is theiteobtained from the competition correlation algorithm:

The BDD for competition correlation can be constructed with (6), which is shown in Fig.4.And the formula of the cumulative distribution function (CDF)of the competition failure process is

Fig.4 BDD model of competition correlation

whereF(t)is the CDF of the component, ζirepresents the component lifetime,fi(τ)is the failure probability distribution function (PDF)of mechanismmi, which can be obtained with the probabilistic physics-of-failure (PoF)method.

In order to solve BDD for competition with analytical algorithms, firstly, the number of FMs, the life distribution types, and distribution parameters of each FM should be determined.Then (7)is used to calculate the CDF of the component or system.

3.2 Trigger ite operation rules and BDD algorithm

Assumemais the trigger FM,mi(i=1,···,n)is the dependent FMs.In the BDD for trigger correlation, the FMs will be connected by 0-edge, and the 1-edge will not connected with each other.Symbol “〉” is used to distinguish trigger FMs and dependent FMs inite.The symbol is followed by dependent FMs and preceded by trigger FMs,which will appear after the trigger timetr.Then theitecan be constructed according to the relationship betweentand.

The BDD for trigger correlation can be constructed according to (8), which is shown in Fig.5.And theiteoperation rule for trigger correlation is as follows:

Fig.5 BDD model for trigger correlation

(i)Divide the 0-edge ofmainto two paths,t＞trandt＜tr.They are connected with symbol ? in BDD, whichindicates that there is only one path existing at any time.

” is used to represent 1-edge ofma.

(ii)Whent＞tr, “0 ” inite(mi,1,0)is replaced byite(mi+1,1,0), and” is used to represent 1-edge ofmi.Particularly, 1-edge ofmiis drawn by the dotted line to indicate that the new FM is triggered in BDD.

(iii)Whent＜tr, “0” inite(ma,1,0)is retained and directly connected to sink nodes in BDD.

The CDF of component for trigger correlation is

where [t1,t2,···,tn] indicates the operation time of the dependent FMs,tais the lifetime of the component due tomaandfa(t)is the PDF ofma.

In order to solve BDD for trigger correlation with the analytical algorithm, it is necessary to determine whether the dependent FMs are triggered or not by comparingtandtr.If they are triggered, the CDF is calculated by (9)with the path oft＞trin the BDD.If not, the CDF is calculated by (7)with the path oft＜tr.

3.3 Acceleration or inhibition ite operation rules and BDD algorithm

In the BDD for acceleration or inhibition correlation, the FMs are connected by 0-edge, and 1-edge are not connected with each other.Assumembis the FM which keeps a constant development rate,mi(i=1,···,n)will be accelerated or inhibited attα, their development speed will change.In order to distinguish them, use(i=1,···,n)to represent these FMs.Constructiteaccording to the relationship betweentandtα.

The BDD for acceleration or inhibition correlation is constructed according to (10), which is shown in Fig.6.

Fig.6 BDD model of acceleration or inhibition correlation

Therefore, theiteoperation rule for acceleration or inhibition correlation is as follows:

(i)Divide the 0-edge ofmbinto two paths:t＞tαandt＜tα, they are connected with symbol ? in BDD,”is used to represent 1-edge ofmbinite.

(ii)Whent＞tα, firstly, “1” inite(mi,1,0)is replaced byite(mi′,1,0), “0” inite(mi,1,0)andite(mi′,1,0)is replaced byite(mi+1,1,0).Then” is used to represent 1-edge ofmi,” is used to represent 1-edge ofmi′inite.Dashed lines are used to draw 1-edge ofmi′to show that the rate of development of FM has changed in BDD.

(iii)Whent＜tα, replace “0 ” inite(mi,1,0)withite(mi+1,1,0)and” is used to represent 1-edge ofmi.

Whent＞tα, formi, it goes through two stages.That is,FM develops at the normal development rate fortand develops at a new rate fortriafter being promoted/suppressed, which eventually leads to system failure.

The CDF of the component for acceleration or inhibition correlation is

wherefri(t)is the failure distribution function ofmi.

The analytical algorithm of BDD for acceleration/inhibition correlation is as follows: Firstly, determine whether the FMs will be accelerated or inhibited or not by comparingtandtα.If they are accelerated or inhibited,CDF is calculated by (12)with the path oft＞tαin BDD.If not, CDF is calculated by (7)with the path oft＜tα.

3.4 Damage accumulation or parameter combination ite operation rules and BDD algorithm

Damage accumulation and parameter combination are very similar.Take the damage accumulation effect for example.Assumemi(i=1,···,n)will result in the same kind of damage.λiis the scaling factor ofmi.In the BDD for accumulation, λi-edge is used to represent the different rates of FMs, which should be connected by λi-edge with each other.

Theiteoperation rule of accumulation is replacing “λi”inite(mi,λi,0)withite(mi+1,λi+1,0)λiin turn.The subscript λioutside the brackets is used to represent the scaling factor ofmi.

According to (13), the BDD for damage accumulation correlation can be constructed, which is shown in Fig 7.

Fig.7 BDD model for damage accumulation correlation

The CDF of component for accumulation correlation is shown in (14).

Living for the drugs and the wings I had grownMy feelings were lost, afraid to be shown.As I look at my past it s so easy to seeThe fear that I had, afraid to be me.

According to accumulation correlation,where Δdiis the damage in unit time due tomi.

Then the PDF of damage accumulation FMs can be expressed as

The continuous function value will be discretized during simulation.Assume the convolution variables are sequencesx(n)andh(n), the convolution calculation formula should be modified as the following:

When the degree of discretization is accurate enough,the resulting errors can be ignored.In (17),NandMare the lengths of the sequencesx(i)andh(i).s(n)is the result of the convolution sequence with the total length ofN+M-1.“*” is the convolution symbol when the ordern=0, the sequenceh(-i)is the reverse result of the time sequenceh(i).Timing inversion causesh(i)to flip 180°with the vertical axis, andnis the amount that makesh(-i)shift.Differentnwill correspond to different convolution results.

The convolution result of FMs is still a kind of PDF.Integrate the PDF on the time axis and use the following formulae then we can get the CDF after convolution:

To solve the BDD for accumulation correlation with the analytical algorithm, firstly, the distribution function of FMs should be modified to the distribution form which can be convoluted by (15)and (16), and the PDF of component is solved by (17).Finally, the CDF of component after convolution can be obtained by integrating PDF on time axis by (18)and (19).

4.The proposed reliability evaluation method

When considering PDEP, the system reliability evaluation process is illustrated in Fig.8, which mainly includes system analysis, modeling process and analytical algorithm.

Fig.8 Flow chart of system reliability evaluation method considering physical dependency

As shown in Fig.8, the system can be analyzed from the perspectives of the system level and the component level respectively.The analysis of system structure, functional logic relationship and the establishment of functional logic block diagram is the main content of system level analysis.Component level analysis includes identifying the main FMs of components, clarifying the types and obtaining the life distribution types and parameters of FMs.To establish BDD considering PDEP, firstly, component level BDD should be constructed withiteoperators considering FM correlations.Secondly,iteoperators considering logical relationships between components are used to construct system level BDD.Finally, replace the non-sink nodes in system level BDD with component level BDD.Traversing the established BDD to get all the event sequences that cause system failure is an important step of analytical solution.Then the CDF of components and system can be obtained according to the analytical solution algorithm proposed in Section 3.

5.Case study

5.1 System analysis

The electronic controller drive unit is composed of integrated circuit (IC)and drive circuit.In the drive circuit, the driver (DR)and oscillator (LC)are used to reduce the influence of signal frequency variation on the system.Meanwhile, the voltage regulator (VR)can reduce the sensitivity of the circuit to voltage variation.

Fig.9 Functional diagram of the drive unit

Combined with the knowledge of PoF, the main FMs of components can be determined, relevant information is shown in Table 1, where TF represents thermal fatigue,VF represents vibration fatigue, TDDB represents timedependent breakdown, NTBI represents negative bias temperature instability, and EM represents electric migration.

Table 1 FMs of the drive unit

5.2 Constructing BDD considering physical dependency

Step 1Useiteoperator to build the BDD of component level according to the FM correlations.Theiteexpression of each component in the system is shown in the following:

The BDD of components built according toiteis shown in Fig.10.

Fig.10 BDD of each component of the drive unit

Step 2Useiteoperator to build the BDD of the system level according to the logical relationships between components.

According to the logical relationship between components, construct theiteexpression, which is shown in(29).And the BDD of the system level is shown in Fig.11.

Fig.11 BDD model of system layer

Step 3Replace the non-sink nodes in the BDD of the system level with the BDD of the component level.

The complete BDD of the drive unit is shown in Fig.12.

Fig.12 BDD model of the drive unit

5.3 Analytical solution of BDD model

Traversing BDD of the drive unit to find all event sequences that cause system failure is the first thing.It should be specially noted that if the event contains the FMs of accumulation correlation, the event sequence is represented by convolution symbol “*”.If there are FMs with acceleration/inhibition/trigger correlations, the symbol “|” is used to represent that only one path exists.

The sequence of all events causing the driver unit failure is obtained as follows:

The solution process can be divided into the correlation solution of component level and the logical solution of system level.Refer to Fig.8 for specific solving steps.

The CDF curves of VR, DR, LC, and IC, in the drive unit can be obtained by solving the problem with the analytical algorithm, as shown in Fig.13.

Fig.13 Cumulative failure probability of each component of the drive unit

The CDF of the system can be obtained by combining the logical relationships of components.In our previous study, the Monte Carlo simulation method is used to solve FMT [19-24].Fig 14 is the CDF of drive circuit unit solved by the analytical method proposed in this paper and the Monte Carlo simulation method proposed in[19-24].The dotted line represents the result simulated by Monte Carlo, and the solid line represents the result obtained by the analytical algorithm.

When the sampling times are small, the error of the Monte Carlo method is large and the curve is discontinuous.The proposed analytical algorithm is theoretically derived from the PDF and CDF of the FMs, which is decoupled by repeatedly calling the embedded function to solve in the case of FMs with coupling.Finally, the continuous and accurate curve is obtained.Compared with the results obtained by Monte Carlo simulation, the system curve obtained by the analytical method is smoother.If Monte Carlo simulation times are higher than 1 000, the two results are nearly the same, but the time cost of solution will also increase accordingly.

From Fig.14, the CDF obtained by the analytical method is smoother than that obtained by simulation, that is to say, the result obtained by the analytical method is more accurate and conservative.

Fig.14 Cumulative failure probability of drive circuit unit

6.Conclusions

This paper proposes a system reliability evaluation method with FMT considering PDEP such as competition,trigger, acceleration, inhibition, damage accumulation,and parameter combination.The method includes three parts, which are system analysis, modeling process and analytical algorithm.The BDD can be constructed from the component level and the system level by combining theiteoperation rules for FM correlations and the analytical algorithm is developed to solve the system reliability model.

As a case, the failure behavior of an electronic controller drive unit considering PDEP is studied and the CDF of components and systems is obtained.The results of the analytical solution and the Monte Carlo simulation method are compared.It shows that the analytical method is more accurate and conservative than the simulation method, and the evaluation method is proved to be useful when modeling system reliability with FMs.