Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Fault Trees!Fault Trees–dual of Reliability Block Diagram–logic failure diagram–think in terms of logic where»0 = operating, 1 = failed!AND Gate–all inputs must fail for the gate to fail!OR Gate–any input failure causes the gate to fail!k-of-n Gate–k or more input failures cause gate to fail1Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems !Active mode–M1 and M2 and M3 fail =>–AND Gate !Passive Mode–“cutoff” with any single unit failure =>–OR Gatee.g. Triplex Bus GuardianFA1FA2FA3FAFP1FP2FP3FP2Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems !Total Failure–caused by either active or passive mode e.g. Triplex Bus GuardianFAi FAFPi FPF3Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems !How can one use the fault tree effectively to isolate those parts of the system that need reliability considerations?e.g. Triplex Bus Guardian4Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems !Combined fault model e.g. Triplex Bus GuardianFAi FAFPi FPF! Q(1000h) = 0.9851243"10#6! Q(1000h) = 0.295545 "10#15Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Examples!Simple Passive TMR (no diagnosis)–RBD = (2 of 3): 2 operable => System operable–F-Tree = (2 of 3): 2 failed => System failed!Simple TMR with Benign failures–RBD = (1 of 3): 1 operable => System operable–F-Tree = (3 of 3): 3 failed => System failed!Summary–Parallel => AND–Series => OR–K-of-N => (n-k+1 of n)6Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems SHARPE!SYMBOLIC HIERARCHICAL AUTOMATED RELIABILITY AND PERFORMANCE EVALUATOR!SHARPE provides a specification language and analysis algorithms for the following model types:– reliability block diagrams– fault trees– reliability graphs– series-parallel acyclic directed graphs– product-form queuing networks– Markov and semi-Markov chains– generalized stochastic Petri nets7Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Analysis using SHARPE–we will be using Mobius this year, but here is a glimpse into what SHARPE looks like.–SHARPE and SPNP are available to us with a license from Duke University, if anybody is interested.–Below are three different SHARPE programs and output. The first two examples don’t show all the details of the programs.8Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Bus Guardian (Active)* SYSTEM: TRIPLEX BUS GUARDIAN -- ACTIVE FAILURE MODE* MODEL: RELIABILITY BLOCK DIAGRAM* -- Model Definition: block name, components, connectivity --*block bus_gd_actcomp z exp(lamact)parallel z3 z z zend* Bind Values to Variable Names *bindlamact 1.0*10^-5end* -- Calculate CDF for System Failure *cdf(bus_gd_act)* -- Evaluate CDF at Specified Points *eval(bus_gd_act) 9 11 1eval(bus_gd_act) 90 110 10eval(bus_gd_act) 900 1100 100end9Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Bus Guardian (Active)CDF for system bus_gd_act: 1.0000e+00 t( 0) exp( 0.0000e+00 t) + -3.0000e+00 t( 0) exp(-1.0000e-05 t) + 3.0000e+00 t( 0) exp(-2.0000e-05 t) + -1.0000e+00 t( 0) exp(-3.0000e-05 t)mean: 1.8333e+05variance: 1.3611e+10------------------------------------------- system bus_gd_act t F(t) 9.0000 e+00 0.0000 e+00 1.0000 e+01 0.0000 e+00 1.1000 e+01 0.0000 e+00 system bus_gd_act t F(t) 9.0000 e+01 0.0000 e+00 1.0000 e+02 0.0000 e+00 1.1000 e+02 1.3288 e-09------------------------------------------- system bus_gd_act t F(t) 9.0000 e+02 7.1923 e-07 1.0000 e+03 9.8512 e-07 1.1000 e+03 1.3092 e-0610Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Bus Guardian (Passive)* SYSTEM: TRIPLEX BUS GUARDIAN -- PASSIVE FAILURE MODE* MODEL: RELIABILITY BLOCK DIAGRAM* -- Model Definition: block name, components, connectivity --*block bus_gd_pascomp z exp(lampas)series z3 z z zend* -- Bind Values to Variable Names --*bindlampas 1.0*10^-5end* -- Calculate CDF for System Failure --*cdf(bus_gd_pas)* -- Evaluate CDF at Specified Points --*eval(bus_gd_pas) 1 5 2eval(bus_gd_pas) 10 50 20eval(bus_gd_pas) 100 500 200end11Page: © 2009 A.W. Krings CS449/549 Fault-Tolerant Systems Bus Guardian (Passive)CDF for system bus_gd_pas: 1.0000e+00 t( 0) exp( 0.0000e+00 t) + -1.0000e+00 t( 0) exp(-3.0000e-05 t)mean: 3.3333e+04variance: 1.1111e+09------------------------------------------- system bus_gd_pas t F(t) 1.0000 e+00 3.0000 e-05 3.0000 e+00 8.9996 e-05 5.0000 e+00 1.4999 e-04 system bus_gd_pas t F(t) 1.0000 e+01 2.9996 e-04 3.0000 e+01 8.9960 e-04 5.0000 e+01 1.4989 e-03------------------------------------------- system bus_gd_pas t F(t) 1.0000 e+02 2.9955 e-03 3.0000 e+02 8.9596 e-03 5.0000 e+02 1.4888 e-0212Page: © 2007 A.W. Krings CS449/549 Fault-Tolerant Systems Sequence 7block bus_gd_actcomp z exp(lamact)parallel z3 z z zendblock bus_gd_act3comp z exp(lamact3)endbindlamact 1.0*10^-5lamact3 1/(1.8333*10^5)endcdf(bus_gd_act)cdf(bus_gd_act3)eval(bus_gd_act) 900 1100 100eval(bus_gd_act3) 900 1100 100endThis is the RBD defined as 3 parallel modulesNow I pretend this is the same as using1/MTTF (calculated for a parallel system) in a simple 1 module expression.Bind Values to Variable NamesCalculate CDF for System FailureEvaluate CDF at Specified Points.Even though the MTTF are the same, the CDFs are different.SYSTEM: TRIPLEX BUS GUARDIAN -- ACTIVE FAILURE MODEMODEL: RELIABILITY BLOCK DIAGRAM13Page: © 2007 A.W. Krings CS449/549 Fault-Tolerant Systems Sequence 7CDF for system bus_gd_act: 1.0000e+00 t( 0) exp( 0.0000e+00 t) + -3.0000e+00 t( 0) exp(-1.0000e-05 t) + 3.0000e+00 t( 0) exp(-2.0000e-05 t) + -1.0000e+00 t( 0) exp(-3.0000e-05 t)mean: 1.8333e+05variance: 1.3611e+10-------------------------------------------CDF for system bus_gd_act3: 1.0000e+00 t( 0) exp( 0.0000e+00 t) + -1.0000e+00 t( 0) exp(-5.4546e-06 t)mean: 1.8333e+05variance: 3.3610e+10 system bus_gd_act t F(t) 9.0000 e+02 7.1923 e-07 1.0000 e+03 9.8512 e-07 1.1000 e+03 1.3092 e-06-------------------------------- system bus_gd_act3 t