Fault Tree Analysis

Part 12 – Redundant Structure and Standby Units

Active Redundancy

The redundancy obtained by replacing the important unit with two or more units operating in parallel.

Passive Redundancy

The reserve units can also be kept in standby in such a way that the first of them is activated when the original unit fails, the second is activated when the first reserve unit fails, and so on. If the reserve units carry no load in the waiting period before activation, the redundancy is called passive. In the waiting period, such a unit is said to be in cold standby.

Partly-Loaded Redundancy

The standby units carry a weak load.

Cold Standby, Perfect Switching, No Repairs

Life Time of Standby System

The mean time to system failure

n

iiTT

1

n

iis MTTFMTTF

1

Exact Distribution of Lifetime

If the lifetimes of the n components are independent and exponentially distributed with the same failure rate λ. It can be shown that T is gamma distributed with parameters n and λ. The survivor function is

tn

k

k

s ek

ttR

1

0 !

)()(

Approximate Distribution of Lifetime

Assume that the lifetimes are independent and identically distributed with mean time to failure μ and standard deviation σ. According to Lindeberg-Levy’s central limit theorem, T will be asymptotically normally distributed with mean nμ and variance nσ^2.

Cold Standby, Imperfect Switching, No Repairs

2-Unit System

• A standby system with an active unit (unit 1) and a unit in cold standby. The active unit is under surveillance by a switch, which activates the standby unit when the active unit fails.

• Let be the failure rate of unit 1 and unit 2 respectively; Let (1-p) be the probability that the switching is successful.

21,

Two Disjoint Ways of Survival

1. Unit 1 does not fail in (0, t], i.e.

2. Unit 1 fails in the time interval (τ, τ+dτ], where 0<τ<t. The switch is able to activate unit 2. Unit 2 is activated at time τ and does not fail in the time interval (τ,t].

tT 1

Probabilities of Two Disjoint Events

• Event 1:

• Event 2:

tetT 11Pr

depetTt t 12

10

)(2 )1(Pr

Unit 1 failsSwitching successful

Unit 2 working afterwards

System Reliability

)()1(

)( 121

21

1

21

ttts ee

petR

ts etptR

)1(1)(

21

Mean Time to Failure

210

1)1(

1)(

pdttRMTTF ss

Partly-Loaded Redundancy, Imperfect Switching, No

Repairs

Two-Unit System

Same as before except unit 2 carries a certain load before it is activated. Let denote the failure rate of unit 2 while in partly-loaded standby.

0

Two Disjoint Ways of Survival

1. Unit 1 does not fail in (0, t], i.e.

2. Unit 1 fails in the time interval (τ, τ+dτ], where 0<τ<t. The switch is able to activate unit 2. Unit 2 does not fail in (0, τ], is activated at time τ and does not fail in the time interval (τ,t].

tT 1

Probabilities of Two Disjoint Events

• Event 1:

• Event 2:

tetT 11Pr

deepetTt t 102

10

)(2 )1(Pr

Unit 1 failsat τSwitching

successful

Unit 2 still working after τ Unit 2 working

in (0, τ]

System Reliability

][)1(

)(

0

)(

210

1

210

1021 ttts ee

petR

tts tepetR 21

1

021

)1()(

0

Mean Time to Failure

)()1(

1

)(

012

1

1

0

p

dttRMTTF ss

Cold Standby, Perfect Switching, With Repairs

Possible States of a 2-Unit System with Cold Standby and

Perfect SwitchingSystem Unit A Unit B

4 O S

3 F O

2 S O

1 O F

0 F F

State Space Diagram

0

1

2

34A

A

B

B

A

B

State Equations

)(

)(

)(

)(

)(

00

)(000

000

00)(0

00

)(

)(

)(

)(

)(

4

3

2

1

0

4

3

2

1

0

tP

tP

tP

tP

tP

tP

tP

tP

tP

tP

AB

AAB

AB

BBA

BA

Eliminating the Failed State

)(

)(

)(

)(

)(

00

)(000

000

00)(0

00

)(

)(

)(

)(

)(

4

3

2

1

0

4

3

2

1

0

tP

tP

tP

tP

tP

tP

tP

tP

tP

tP

AB

AAB

AB

BBA

BA

Laplace Transform

• Substitute s=0

• Note that

1

0

0

0

)0(P

)0(P

)0(P

)0(P

00

)(00

00

00)(

4

3

2

1

AB

AAB

AB

BBA

)()(Pi tPs iL

Solution

BBAABA

A

A

B

A

BA

A

AB

A

AB

A

BA

A

B

B

BA

P

PP

PPP

PPP

PP

)0(

)0(1)0(

)0()0()0(

)0()0()0(

)0()0(

1

14

134

123

12

Mean Time to Failure

0

00

00

)(

)()(

)()(

dttR

dttRttR

dttRtdtttfMTTF

Mean Time to Failure

• Take Laplace transform of R(t)

• Substitute s=0

dtetRs st

0)()(R

MTTFdttR

0)()0(R

Mean Time to Failure

BA

BAB

B

SMTTF

1111

)0(P)0(P)0(P)0(P

)0(sR

B

A

BA

4321

Cold Standby, Perfect Switching, With Repairs,A Main Operating Unit

Possible States

System Unit A

(Main Unit)

Unit B

4 O S

3 F O

2 S O

1 O F

0 F F

State Space Diagram

0

34A

BA

State Equations

)(

)(

)(

)(0

0

)(

)(

)(

4

3

0

4

3

0

tP

tP

tP

tP

tP

tP

AA

AAB

B

Where

1)()()( 430 tPtPtP

Steady State Probabilities

4

3

0

)(0

0

0

0

0

P

P

P

AA

AAB

B

Availability and Unavailability

43

4

3

0

PPA

P

P

PQ

ABABA

AB

ABABA

A

ABABA

BA

Eliminate Failed State from State Equations

)(

)(

)(

)(0

0

)(

)(

)(

4

3

0

4

3

0

tP

tP

tP

tP

tP

tP

AA

AAB

B

Where

1)()()( 430 tPtPtP

Treating State 0 as An Absorbing State

• Take Laplace transform and let s=0

• Solution

1

0

)0(P

)0(P)(

4

3

AA

AAB

BA

A

A

B

1)0(P

1)0(P

4

3

Mean Times to Failure and to Repair

• Mean time to failure

• Mean time to repairBA

A

BA

SMTTF

11

)0(P)0(P)0(R 43

1

SMTTR

Cold Standby, Imperfect Switching, With Repairs,A Main Operating Unit

State Space Diagram

0

34Ap )1(

B

A

Ap

Steady State Probabilities

4

3

0

)1()(0

0

0

0

P

P

P

p

p

AA

AAB

AB

Availability and Unavailability

43

4

3

0

)1(

)1(

)1(

)1(

PPA

ppP

pp

pP

pp

pPQ

ABAAABA

AB

ABAAABA

A

ABAAABA

AABA

Mean Time to Failure

)(

)1(

)0(P)0(P)0(R 43

ABA

ABA

S

p

p

MTTF

Partly-Loaded Standby, Perfect Switching, With

Repairs,A Main Operating Unit

Possible States of a 2-Unit System with Partly-Loaded

Standby and Perfect SwitchingSystem Unit A Unit B

4 O S

3 F O

2 S O

1 O F

0 F F

State Space Diagram

0

1

34A

A

B

SB

A

Steady State Probabilities

1

0

0

0

0

)(0

)(00

00

0

4310

4

3

1

0

PPPP

P

P

P

P

SBAA

AAB

SBA

BA

L Spares, With Replacements and Repairs

State Space Diagram

0

1

2 2j

12 j

22 j 2L

12 L 12 L

Notation

• State 2j (j = 0, 1, …,L): A total of j spare units are in a repair queue, and (L-j) spares are normal. A failed unit in the system is being replaced by a normal spared unit, the system is working.

• State 2j+1 (j = 0, 1, …, L-1): A total of j spare units are in a repair queue, and (L-j) spares are normal. A failed unit in the system is being replaced by a normal spared unit, the system does not work.

• State 2L+1: All spares are in a repair queue. A failed unit in the system is under priority repair. This is a type of quasi-replacement.

Notation

• λ:

Constant failure rate

• μ:

Constant repair rate

• ε:

Constant replacement rate

Steady-State State Equations

1

0

),2,1(0)(

)1,,1,0(0

0

12

0

122

22212

122

20

L

jj

LL

jjj

jj

P

PP

LjPPP

LjPP

PP

Steady-State Availability

1

0

2

02

11L

k

Lk

j

j

L

jj

P

PA