Você está na página 1de 13

HAPTER 5

Reliability of Systems

Previous chapters developed several reliability models based on different fail-


ure laws. In analyzing a complex system, a particular failure law may be applied
to the entire system. However, an alternative approach is to determine an appro-
priate reliability or reliability model for each component of the system, and by
applying the rules of probability according to the configuration of the compo-
nents within the system, compute a system reliability. This is the topic of this
ellapter.

S.l
SERIAL CONFIGURATION

Components within a system may be related to one another in two primary


ways: in either a serial or a parallel configuration. In series all components must
function for the system to function. In a parallel, or redundant, configuration, at
least one component must function for the system to function. In the discussion
that follows, all components are considered critical in the sense that their func-
tion must be performed in order for the system to continue to perform. Under
this concept, if either of two serially.related components fails,the system will
fail. The series relationship is represented by the reliability block diagram of
Fig. 5.1.

83
84 PART I: Basic Reliability Models CHAPI'ER 5': Reliability of Systems 85

FIGURE 5.1 TABLE 5.1


Reliability block diagram for components in series. SeriaDy related system reUabllity
,
Number of components
Since reliability is a probability, a system reliability R; may be determined from Component
the component reliabilities in the following way.' reliability 10 100 1000

E, = the event that component I does not fail 0.900 0.3487 0.266 x 10- 4 0.17479 X 10-43
0.950 0.5987 0.00592 0.~2918 x 10-22
E2 = the event that component 2 does not fail 0.990 0.9044 0.3660 0.432 x 10-4
Then P(E,) = R, and P(E2) = R2 0.999 0.9900 0.9048 0.3677

where R, = the reliability of component 1 EXAMPLE 5.1. Consider a four-component system of which the components are inde-
R2 = the reliability of component 2 pendent and identically distributed with CFR. If Rs(lOO) = 0.95 is the specified relia-
Therefore R; = P(E, n E2) = P(E,)P(E2)= R,(R2) assuming that the two com- bility, find the individual component MTtF.
ponents are independent (i.e., the failure or nonfailure of one component does not Solution
change the reliability of the other component). In words, in order for the system to Rs(lOO) = e-1OOA• = e-1OO(4)A = 0.95
function, both component 1 and component 2 must function.
A= -lnO.95 =0000128
Generalizing to n mutually independent components in series, or 400 .
Rs(t) = R, (t) x R2(t) x ... X Rn(t) :$ min{R, (t), R2(t), ... , Rn(t}J (5.1) I
and MTIF = 0.000128 = 7812.5
The inequality results from 0 < Rj(t) < I, i = 1, 2, ... , n, and multiplication. The
system reliability can therefore be no greater than the smallest component reliability. In general, for CFR components
Because of Eq. (5.1), it is important for all components to have a high reliability, 1 1 (5.5)
especially if the system contains a large number of components (see Table 5.1). MTIFs = "n
L..j=, Aj "n
L..j=, IIMTTF
. j
If each component has a constant failure rate of Ai, the system reliability is given where MTTFj = mean time to failure of the ith component.
by
EXAMPLE S.2. A system is comprised offour serially related components each having a

Rs(t) = D e, = D
n (t)
n (n
exp (- Aj t) = exp - B )
Aj t = exp( - Ast) .(5.2)
Weibull time to failure distribution with parameters as shown in the accompanying table.

Scale Shape
where As = L?=,
Ai. From (5.2) it is apparent that the system also has a con- Component parameter parameter
stant failure rate. If component failures are governed by the Weibull failure law, 1.20
I 100
then 150 0.87
2
3 510 1.&0
1.00
Rs(t) = Dexp[-(;jf] = exp[-t.(;jf] (5.3) 4 720

(t )fJi] [n 13. (t 'fi-']/ (t )0.87 (t )1.8 (t )1.0]}


~=~-B~ B~~J~-~~J [
n n 'fi] The system reliability is {there[(fore
g):~enb(Y
and
[ R.(t) = exp - I~' + I~O + 510 + 720
f3i (t 'fi-' (5.4)
-B
_ n and, for example, ROO) = e-o.l72627 = 0.8415.
()j ()i)

The functional form ofEq. (5.4) indicates that the system does not exhibit Weibull-
5.2
type failures although every component has a Weibull failure distribution. PARALLEL CONFIGURATION
1\vo or more components are in parallel, or redundant, configuration if all units must
ITo simplify the notation, the argument of R(t) will occasionally be dropped. When this is the case, itrs fail for the system to fail. If one or more units operate, the system continues to oper-
understood that all reliabilities are to be evaluated for the same poinl in time t. ate. Parallel units are represented by the block diagram of Fig. 5.2.
86 PARl'I: Basic Reliability Models ystems 87

Therefore MTIF = 110.000253 3952 and MITFs = 210.000253


- 11(2[0.000253]) = 5928.9.

5.3
COMBINED SERIES-PARALLEL SYSTEMS
FIGURE 5.2
Reliability block diagram for components in parallel. Systems typically contain components in both serial and parallel relationships. Con-
sider, for example, Fig. 5.3. R, represents the reliability of the ith component. To
System reliability for n parallel and independent components is found by taking
compute the system reliability, the network may be broken into serial or pa~al~el
I minus the probability that all n components fail (i.e., the probability that at least
subsystems. The reliability of each subsystem is found. Then the system reliabil-
one component does not fail). To see this for two components, consider
ity may be obtained on the basis of the relationship among the subsystems. In the
R« = P(EI U E2) = 1 - P(E1 U E2f = 1 - p(Ef n Ef) network of Fig. 5.3, the subsystems have the following reliabilities:
= 1 - p(Ef)p(Ef) = 1 - (1 - RI)(1 - R2) RA = [1 - (1 - R,)(1 - R2)]
Generalizing, RB = RA(R3) Rc = R4(Rs)
n
Rs(t) = 1 - 0[1 - Ri(t)] (5.6) Since RB and Rc are in parallel with one another and in series with R6,
i=1
R; = [1 - (1 - RB)(1 - Rc)](R6)
It is always true that:
If RI = R2 = 0.90, R3 = R6 = 0.98, and R4 = Rs = 0.99, then
n Rs = [1 - (0.10)2](0.98) = 0.9702
since n [1 -- Ri(t)] must be less than the failure probability of the most reliable
i=1 Rc = (0.99)2 = 0.9801
component. For a redundant system consisting of all CFR components,
n artd
Rs(t) = 1 - 0[1 - e-A;t] (5.7)
i=1
Rs = [1 - (1 - 0:9702)(1 - 0.9801)](0.98) = 0.9794
where Ai = the failure rate of the ith component.
EXAMPLE 5.3. For a two-component system in parallel and :.aving CFR, 5.3.1 High-Level versus Low-Level Redundancy
Rs(t) = I - (1 - e-A1/)(l - e- A2/)
System redundancy may be obtained in two ways. Each component compris-
= e-A1/ + e-A2/- e-(A1+A2)/
ing the system may have one or more parallel components, or the entire system
and MTfF = L'" Rs(t)dt = L'" e-A1/dt + fa'" e- A2/ dt - fa'" e-(AIH2)tdt JXlaybe placed in parallel with one or more identical systems. The first case is
referred to as low-level redundancy, and the second is referred to as high-level
I I I
= -+---- redundancy.
AI A2 AI + A2 As an example, consider a simple system comprised of two serial components,
EXAMPLE 5.4. Two parallel, identical, and independent components have CJ'R. If it is A and B. Figure 5.4 shows the system having low-level redundancy, and Fig. 5.5
desired that Rs(lOOO) = 0.95, find the component and system MTfF. depicts high-level redundancy. If it is assumed that both components have the
Solution. We have Rs(lOOO) = 2e-IOOOA
- e-2OOOA = 0.95. Then by trial and error,
--- <,B
.•.,
.\ R.(lOOO) \
I
,/
0.001 0.000 /

0.0001 0.991
0.0005 0.845
0.0002 0.967 FIGURES.3
0.00025 0.951 A system comprised of components in a
0.000253 0.950 '0.
0 ••••• _ ••• 0 ••
.0_
combined series and parallel relationship.
n PARt'I:'IIdsic R-eliahliitiModels CHAPI'BR S: Reliability of Systems 89

5.3.2 k-out-of-n Redundancy

FIGURE 5.4 A generalization of n parallel components occurs when a requirement exists for k
Two components in low-level redundancy. out of n identical and independent components to function for the system to func-
tion. Obviously k :5 n. If k = I, complete redundancy occurs, and if k= n, the n
components are, in effect, in series. The reliability can be obtained from the binomial
probability ('istribution.
If eacl. component is viewed as an independent trial withR(its reliability) as a
constant probability of success, then

P(x) = (:)RX(1 - sr= (5.8)

By comparing the two reliabilities, it can be shown that the reliability of the low- is the probability of exactly x components operating. This is true since
level redundancy is greater than the reliability of the high-level redundancy. That
is, (:) = x!(nn~ x)!
R\ow - Rhigh = (2R,..- R2)2 - (2R2 - Jr) is the number of ways (arrangements) in which x successes (nonfailures) can be
obtained from n components. RX( 1 - R)n- x is the probability of x successes and
= R2(2 - R)2 - R2(2- R2)
n - x failures for a single arrangement of successes and failures. Therefore
= R2(4 - 4R + R2 - 2 + R2) n

s; = LP(x) (5.9)
= 2R2(R2 - 2R + 1) = 2R2(R - 1)2 ~ 0 x=k
is the probability of k or more successes from among the n components.
with the equality obtained when R = 1. In general this equation will be true if the
components' reliabilities are mutually independent and independent of the configu- EXAMPl.E 5.6. A space vehicle requires three out of its four main engines to operate in
ration in which they are placed. Intuitively, this result can also be argued on the basis order to achieve orbit. If each engine has a reliability of 0.97, determine the reliability
of the observation that both the low-level and the high-level redundant system will of achieving orbit.
fail if either both components A fail or both components B fail. However, the high- Solution
level redundant system may also fail if one A fails and one B fails, provided they fail
on separate paths. Therefore, the high-level redundant system has additional failure Rs = ±(~)0.9'ZXO.034-X
paths. x=3
= 4(0.97)3(0.03) + 0.974 = 0.9948
EXAMPLE A radio set consists of three major components: a power supply, a re-
5.5.
ceiver, and an amplifier, having reliabilities of 0.8, 0.9, and 0.85, respectively. Compute Exponential failures
system reliabilities for both high-level and low-level redundancy for systems with two If the failure distribution is exponential,
parallel components ..
Solution Rs(t) = i (:)e-AX1
x=k
[1 - e-At]n-x
'2'
Rhigh. = I - [I - (0.8)(0.9)(0.85)] == 0.849
Jumonville and Lesso [1969] have shown that in this case the MTI'F can be ex-
R10w = [l - (l - 0.8)2][1 - (l - 0.9)2][1 - (l - 0.8W] pressed as
"" 1 1
1 2:-n
= (0.96)(0.99)(0.9775) = 0.929 MTTF = Rs(t) dt = - (S.10)
o A x-k X

fl-0l_ UAMPLE 5.' (CONTINUED). 1be main engines in Example 5.6 require ••• B-miIIutc
bum time. Assume a constant failure rate of 0.0038074 fer each eap.e. 1'hal R(8) =
-~ FIGURE 5.5 e-G.OO38074(I) = 0.97, and a single-engine MTI'F is 262.65 minutes. TbeaelOie
Two components in high-level redundancy. MTI'F. = 26265(1 + 1) = 153.21
-------~-.~--
90 PART I:
... -.--
Basic Reliability Models
..

CHAPTER 5: Reliability of Systems 91

If k = 1, then the MITF computed by Eq. (5.10) is the mean time to failure of TABLE 5.2
a redundant system consisting of n identical and constant failure rate components. Enumeration for system in Fig. 5.6(a)
4~,;(;'~

A B C D E System Probability

5.3.3 Complex Configurations S S S S S S 0.584820


F S S S S S 0.064980
S F S S S S 0.064980
For certain systems, the component configuration is such that the system reliability S S F S S S 0.030780
cannot be simply decomposed into series and parallel relationships. For example, S S S F S S 0.030780
the system shown in Fig. 5.6(a) cannot be analyzed by the previous approach. The S S S S F S 0.146205
problem with this network is that the linkages with component E will not permit F F S S S F
S F F S S S 0.003420
definition of a subset of components that are strictly in parallel or in series. However,
S S F F S F
this network can be analyzed by using either decomposition or enumeration. S S S F F S 0.007695
F S F S S S 0.003420
Decomposition F S S F S S 0.003420
Two subnetworks are created: one, shown in Figure 5.6(b), in which component F S S S F S 0.016245
S F S F S S 0.003420
B is assumed to be functioning (with probability RE), and one, in Figure 5.6(c), in
S F S S F S 0.016245
which component E has failed (with probability 1 - RE). The reliability of each S S F S F S 0.007695
network is determined separately. Then the system reliability is given by F F F S S F
S F F F S F
R; = RER(b) + (1 - RE)R(c) S S F F F F
where R(b) = [l - (1 .: RA)(1 - RB)][I - (l - Rc)(1 - Ro)] F S F F S F
F S S F F F
R(c) = 1 - (1 - RARB)(1 - RcRo) S F S F F S 0.000855
F F S F S F
If RA = RB = 0.9, Rc = Ro = 0.95, and RE = 0.80, then
F F S S F F
R(b) = [1 - (1 - 0.9f][1 - (1 - 0.95)2] = 0.99 X 0.9975 = 0.9875 S F F S F F
F S F S F S 0.000855
R(c) = 1 - [1 - (0.9)(0.95)f = 0.978975 F F F F S F
S F F F F F
and R; = 0.8(0.9875) + 0.2(0.978975) = 0.9858 F S F F F F
F F S F F F
Enumeration F F F S F F
F F F F F F
For small networks, enumeration may be used to determine the system reliabil-
ity. The method of enumeration consists in identifying all possible combinations of Total 0.985800
success (S) or failure (F) of each component and the resulting success or failure of
the system. For each possible combination of component successes or failures, the sum of the failure probabilities is the system reliability. For the linked system in
probability of the intersection of these events is computed. The events are assumed Figure 5.6(a), there are 25 = 32 possible combinations, as shown in Table 5.2.
to be mutually independent. The sum of the success probabilities or one minus the The method of decomposition is illustrated again in the following, more complex
problem.

EXAMPLE 5.7. An automobile braking system consists of a fluid braking subsystem and
a mechanical braking subsystem (parking brake). Both subsystems must fail in order for
the system to fail The fluid braking subsystem will fail if the master cylinder fails (event
M) (which includes the hydraulic lines) or all four wheel braking units fail. A wheel
braking unit will fail if either the wheel cylinder fails (events WC., WC2, WC3, WC4)
(a) (b) (c)
or the brake pad assembly fails (events BPI. BP2, BP3, BP4). The mechanical braking
FIGURES.6 system will fail if the cable system fails (event C) or both rear brake pad assemblies fail
Decomposition of a linked network: (a) a linked network; (b) component E does not fail; (events BP3• BP4). The reliability block diagram has a linked path to the two rear brake
(c) component E fails. pad assemblies, as shown in Fig. 5.7.
92 PARr I: Basic Reliability Models CHAPTER 5: Reliability of Systems 93

5.4
SYSTEM STRUCTURE FUNCTION, MINIMAL CUTS,
AND MINIMAL PATHS (OPTIONAL)

A very general alternative approach for analyzing the reliability of complex systems
is through the use of the system structure function. To define the system structure
function, let
X.
/
= f 0I if component i operates
if component i has failed
FIGURE 5.7
A reliability block diagram for au . Then the system structure function is defined by
automotive braking system.
I if system operates
'I'(Xt, X2 •... , Xn) = {0 if system has failed (5.1l)

Solution. Assume that the reliabilities of each wheel cylinder subsystem and brake pad Therefore. for a series system.
assembly are identical and are represented by R(WC) and R(BP). respectively. To de-
compose this network. four cases are necessary since there are two linked components. 'I'(Xt, X2 •... , Xn) = XtX2 ... Xn = min[Xt, ... , Xn] (5.12)

Case I. Assume for Case I that BP3 fails and BP 4 is operational.This probability is given and for a parallel system,
by PI = [I - R(BP)]R(BP). The reliability for the fluid braking system in Case I is •
'l'{Xt, X2, ... , Xn) = 1 - (l - Xt)(l - X2)' .. (l - XIt) = max[Xt, X2, ...• Xn]
Rr = R(M){I - [I - R(WC)R(BP)]2[1 - R(WC)]}.
(5.13)
The reliability for the mechanical (cable) subsystem is R(C) since BP4 is operational.
These two subsystems operate in parallel; therefore. the system reliability for Case Iis For a k-out-"f-n system, the system structure function is given by
RI = 1 - [l - RrHI - R(C)] .T.'1'"(X J, X2,···, X ) _
n -
{I0 if L7= t X-
'f "'?
1 L../=t
x, <~ kk
/
(5.14)
Case II. Assume for Case II that BP3 is operational and BP4 fails. Because each wheel
cylinder and brake pad have the same reliability. Case IIis identical to Case I and Our interest is in finding R; = Pr{'I'(XJ, Xi, ... , Xn) I} = E['I'(Xt,
X2, ... , Xn)). Th= second equality is a result of the binary form of the structure
and
function since
Case III. Assume BP3 and BP4 have failed. This probability is Pili = [1- R(BP)j2. The E['I'(Xt• X2 •.. , Xn)] = 0 . Pr{'I'(XI. X2, , Xn) = O}
cable system will not function. and therefore
+ 1Pr{'I'(X1, X2, , Xn) = I}
Rm = R(M){l - [1 - R(WC)R(BP)]2}
Assuming independence. for a series system,
Case IV. Both BP3 and BP4 are operational. This probability is PlY = [R(BP)]2 and the Pr{'I'(X••X2, ... , Xn) = I} = Pr{Xt = 1.X2 = 1, ...• X; = I}
reliability of the fluid system is
= Pr{XI = I}Pr{X2 = I}'" Pr{Xn = I}
Rr = R(M){I - [I - R(WC)R(BP)]2[1 - R(WC)]2}
== RtR2'" Rn (5.15)
Since the cable system will function as long as C functions.
and for a parallel system.
Rlv = I - [1 - Rr][1 - R(C)]
Pr{'I'(Xt. X2, ... , Xn) = l] = Pr{max(Xt, X2, ... , Xn) = I}
The overall system reliability can now be found from
= 1 - Pr{all Xi = O}
R. = PIRI + PnRn + PIIIRIII + PlvRlv = 1 - Pr{Xt = 0, X2 = 0, ... , Xn = O}
Observe that PI + Pn + Pili + PIV = 1. = 1- (1- Rt)(1- R2)' .. (1- "'(n) (5.16)
94 PARr I: Basic Reliability Models CHAPTBR5: Reliability of ystems 95

,::{unction for the system to function. A cut is a set of components whose failure will
. result in a system failure. A minimal cut is one in which all the components must
FIGURE 5.8 fail in order for the system to fail.
A four-component reliability block diagram.
EXAMPLE 5.8 (CONTINUEO). For the network in Example 5.8, the minimal path and
cut sets are as given here:
To compute the reliability of the k-out-of-n system, we use
Minimal paths Minimal cuts
Pr{cJ>(XI,X2"~,,XII) = 1} = Pr{tXi ~ kj (5.17)
1=1 A,B A,C
C,D A,D
When RI = R2 = ... = RII in Eq. (5.17), the reliability can be determined using B,C
the binomial probability distribution and Eq. (5.8) and (5.9). B,D

EXAMPLE 5.8. For the simple system consisting of series components A and B in paral-
lel with series components Cand D as shown in Fig. 5.8, the reliability computed using For the system to function, at least one of the minimal paths must function. Therefore
the approach discussed in Section 5.3 is R. = I - [I - (0.9)(0.6)][1 - (0.8)(0.7)] =
0.7976. 'I'(XA• XB• Xc. Xo) = [l - (I - XAXB)(l - XcXo)] = XAXB + XcXo - XAXBXCXO
The system structure function is
R. = E['I'(XA• Xp. Xc. Xo)] = E(XAXB) + E(XcXo) - E(XAXBXCXO)
'I'(XA• Xo. Xc. Xo) = 1 - (l - XAXB)(l - XcXo)
which gives the same result as above.
= XAXB + XcXo - XAXBXCXO
Using minimal cut sets, at least one component in each cut must function for the
In general, E(X •• X2 ••.•• Xt) = R.R2••• Rk since X;is binary with Pr{X; = l} = R;. system to function. Therefore the structure function may be written as
Therefore,
'l'(XA• XB. Xc. Xo)
Rs = E['I'(XA• XB• Xc, Xo)]
= [I - (l - XA)(l - Xc)] X [l - (1 - XA)(l - Xo)]
= E(XAXB) + E(XcXo) - E(XAXBXCXO)
X [1 - (1 - XB)(1 - Xc)] X [I - (1 - XB)(1 - Xo)]
= RARB + RcRo - RARBRCRo
= (XA + Xc - XAXc)(XA + Xo - XAXO)(XB + Xc - XBXc)(XB + Xo - XBXO)
= 0.9(0.6) + 0.8(0.7) - 0.9(0.6)(0.B)(0.7) = 0.7976
Then using the fact that Xt = X;,

'l'(XA• XB. Xc. Xo) = (XA + XcXo - XAXCXO)(XB + XcXo - XBXCX'o)


5.4.1 Coherent Systems
= XAXB + XcXo - XAXBXCXO
A system is coherent when a component reliability improvement does not degrade Setting R, = E['I'(XAXBXCXO)] provides the same result as before.
the system reliability. A coherent system has a structure function that is monoton-
ically increasing. That is, if Yi ~ Xi, then '\{1(YJ, Y2, •.. , YII) ~ 'l'{Xl, X2, ... , XII)'
If the inequality is strict for a given component i, then that component is said to be 5.4.3 System Bounds
relevant. Obviously, if '1'(1, 1, 1, 1) = 'l'{1, 1, 1, 0), then component 4 is not relevant
to the operation of the system. In general it is possible to construct a very crude lower bound on the system reliability
by considering all the components in series. Likewise an upper bound on the system
reliability is obtained by considering all the components in parallel. Unfortunately,
5.4.2 Minimal Path and Cut Sets in most cases the difference between these two bounds is quite large and, as a result,
they are not very useful. However, using minimal sets, one can construct upper and
The system reliability may also be determined using minimal path sets or minimal lower bounds that are much closer to one another. An upper-bound network is deter-
cut sets. A path is a set of components whose functioning ensures that the system mined by placing all the minimal path sets in parallel, and a lower-bound network
functions. A minimal path is one in which all the components within the set must is obtained by placing each of the minimal cut sets in series. If two or more paths
"'" PAiti'1:BlGicRbliabiRtyModels

Minimal cuts Probability = [1(1- Rt)

A,B O.1(0.1) = om
C,D 0.05(t>.05) = 0.0025
A,E,D 0.1(0.2)(0.05) = 0.001
B,E,C 0.1(0.2)(0.05) = 0.001

Cull CuI 2 Cule By configuri~g the set of miniml~Ibc.uI~tys


i~::~~S~ ~e:~r::~.: ~: s~~:~:I~i:!!i?t
is obtained since the system re ia I I 8
(a)
(b)
least one component in each cut set operates. Therefore, from Eq. (5.1 ),
FIGURE 5.9 R\ = (1 - 0.01)(1 - 0.0025)(1 - 0.001)2 = 0.98555
Alternative networks formed from cut sets and path sets: (a) lower-bound network
formed from minimal cuts in series; (b) upper-bound network formed by minimal paths The minimal path sets and their reliabilities are as given here:
in parallel.

Minimal paths Reliability = Il(Rt)


share common components, the' paths are not independent. As a result, if a common
component fails, each path containing that component will fail as well. Therefore, a A,C 0.9(0.95) =0.855
B,D 0.9(0.95) = 0.855
network formed by minimal path sets in parallel will overestimate the system relia-
A,E,D 0.9(0.8)(0.95) = 0.684
bility when the paths are assumed to be independent. A similar argument holds for 0.9(0.8)(0.95) = 0.684
B,E,C
cut sets in series. If two or more cut sets contain a common component, the cut sets
are no longer independent. Therefore, if a common component operates, every cut
set containing that component will operate as well. Therefore, series cut sets wiII un- . . . II I upper bound on the system is
derestimate the system reliability when the cut sets are assumed to be independent. By configuring the set of mlmmal bepa:~:: !:b~ '~n the union of all of its paths.
obtained SInce the system canno t
The upper (lower) bound will be attained if the minimal path sets (minimal cut sets)
Therefore, from Bq. (5.19),
share no common components' (i.e., they are independent).
The lower-bound reliability RI, is found from Ru = 1- (1 - 0.855)2(1 - 0.684)2 = 0.9979

(5.18)

5.s .
where c is the number of minimal cut sets and S, is the set of indices of those compo- COMMON-MODE FAILURES
nents composing the ith minimal cut set. The expression in brackets is the probability
that at least one component in cut set i is operating. See Fig. 5.9(a) .: The assumption of independence of failures among n components within a system
The upper-bound reliability Ru is given by be easil violated For example, several components may share the. sam~ power
may iernal environmental conditions such as excessive heat.or vibration may

s; = 1-n[1 - n Rk]
1= I kES;
(5.19) :~t
source~~~;;al com nents in the same manner. Operations or ~aIntenance errors,
ft
ign .aws,
and ~bstandard material or parts may also contr:bute. to a common-
common-mode failure can be depicted in senes WIth those ~om-
where pis the number of minimal path sets and S;
is the set of indices of those
components composing the ith minimal path set. The expression in brackets is the
probability that the ith minimal path has failed. See Fig. 5.9(b).
". mode fallure: A
pone~ts Shar::a ~:!~:. d F 5 10 illustrates a common-mode failure
m~e:~ re~~U:~an~system. The system reliability Isgiven
_ (1 _ R )(1 -~2)(1 - R3)]R'. In order to represent the system In thdIS
asbSORCla~ed[lw
Y s - 1 f '1 f th common-mo e
way, it must be possible to separate independent at ures ~om the ommon-mode
EXAMPLE 5.9. For the linked network in Fig. 5.6(a), the minimal cut sets and their failures. In order for the redundancy network to have an e eet, e c
probabilities are as given here: failure must have a high reliabilitj
CHAFI1lR 5: Reliability of Systems 99

Two primary assumptions are made in analyz~ng these types of syst~ms. First, it
is assumed the failure modes are mutually exclusive (only one of the failure modes
can occur), and second, all the components composing the system are independent.

FIGURE 5.10
A reliability block diagram showing the effect of a common
failure mode on redundant components. 5.6.1 Series Structure

To illustrate the methodology for computing system reliability, a si~ple network


EXAMPLE 5.10. For the system of two CFR components discussed in Example 5.4, consisting of two switches in series is considered. ~or the system to fad s~ort, both
assume a common-mode CFR of 0.00001 in addition to the components' independent
failure rates. Then of the switches must fail short. For the system to fad open, at least one SWitch must
fail open. Therefore, we can define the following two failure events:

E, = the event that both switches fail short


and Rs(lOOO) = 0.95e-o.oooolxlooo = 0.94
E2 = the event that at least one switch fails open
To find the MITF,
Let Q = 1 - R equal the probability of a system failure. Then
MITF = 1"" [2e-O.OOO2631
-. e-O.OOO516t] dt = 2 _ 1 = 56666
.0 0.000263 0.000516 . Q = peEl U E2) = peEl) + P(E2)
EXAMPLE Consider the same two components in series; the individual failure
.5.11. since the events are mutually exclusive. Let
rates are composed of both the independent and common-mode components. That is,
qoi = the probability that component i fails open
A = 0.000253 + 0.00001 = 0.000263
qsi = the probability that component i fails short
Then the system failure rate is given by
Then Q = (qslqs2) + (qol + qo2 - qolqd
As = 2 X 0.000253 + 0.00001 = 0.000516,
and R = I - [(qslqs2) + (qol + qo2 - qo)qo2)]
since the common-mode failure rate is shared by both components. Therefore
Rs(t) = (e-O.OO2531)2e-'O.OOOOIt
= e-O.OOO516t = 0- qot>O - qo2) - qs) qs2

The common-mode system failure rate is less than what would be observed if both com- In words, the system reliability is the probability that neither component fails ?pen
ponents had independent failure rates given by A. minus the probability that both components fail short. This result can be generahzed.
For n components in series,

5.6
THREE-STATE DEVICES
R = nO -
n

;=)
qo;) - nn

;=1
q« (5.20)

System reliability is the probability that there are no opens minus the probability that
.Three-state devices are components that have both an open and short failure mode all components short .
~nd an operating state. Examples are diodes, electrical circuits, and flow valves. The
10teresting problem with respect to systems comprising these components is that re-
d~ndancy ma~ either increase or decrease system reliability. For example, if the short
5.6.2 Parallel Structure
failure mode IS present, then adding additional parallel units will increase the likeli-
hood of the .system .experiencing a short. The system reliability in this case depends
Two parallel switches are now considered. For the system to fail short, one or bot?
on the dominant failure mode, the system configuration, and the number of redun-
of the switches must fail short. For the system to fail open, both switches must fad
dant c~mponents. Another example of a three-state device is an alarm system that
open. Therefore, we can define the following two failure events:
may fad safe ~fals~ alarm) or may fail to danger (failure to function when needed).
Redundancy, 10 this case, will increase the likelihood of false alarms and decrease E) = the event that both switches fail open
the likelihood of a fail-to-danger event.
E2 = the event that at least one switch fails short.
4MJliWft:"''BiSit'Retiab1litY MOdels

Then

and R
=
=
(qol qo2)

1 - [(qoIQo2)
+ (qsl + «a -
+ (qsl + qs2
qsl qs2)

- qslqs2)]
I
n
FIGURE S.12
= (1 - qsl)(1 - qs2) - qolqo2 Block diagram of m three-state devices in a
In.words, the sys!e.mreliability is the probability that neither component fails short
1 high-level redundant configuration.

nunus the probability that both components fail open. This result can be generalized.
For n redundant components,
5.6.4 High-Level Redundancy
R = nm

i=1
(1 - qsi) - n
i=1
m
qoi (5.21)
Figure 5.12 represents a high-level redundant configuration having n redundant sys-
tems each with m serial components. The system reliability is a generalization of the
Reliability is the probability that there are no shorts minus the probability that all
components are open. parallel configuration (Eq. 5.21) and is found by computing the probability that no
path is completely shorted minus the probability that there is at least one open on
E~AMPLE s.u: A mechanical value fails to close (fails open) 5 percent of the time and each path. Mathematically,
fads to open (fads short) 10 percent ofthe time. Compute the system reliability for three
valves (I) in series and (2)in parallel.
Solution. For the three valves in series,
RH ~ ~ - D q,;) - [I - DO - q,;)r (5.23)

R = (I - 0.05)3 - O.lW = 0.856375 EXAMPLE 5.13. With three-state devices, it is not necessarily true that low-level re-
dundancy provides a greater reliability than high-level redundancy. Consider a system
For the parallel configuration:
composed of the following three components with two redundant units available: m = 3
R = (l - 0.10)3 - 0.053 = 0.728875 and n = 2.
Si~ce .t~e dominant failure mode is to fail short, the series configuration has the greater
reliability. . Component q, q"
1 0.15 0.05
2 0.\0 0.06
5.6.3 Low-Level Redundancy 3 0.20 0.01

Figure 5.11 is ~n example of a lo~-level redundant system having m serial compo- Then
nents each having n redundant Units.The system reliability is a generalization of the
series configuration (Eq. 5.20) and is found by computing the probability of at least RL = (1-0.052)(\ -0.062)(1-0.012)
?ne unopen path in each redundant string minus the probability of at least one short - [1 - (1 - 0.15)2][1 - (I - 0.10)2(1 - (I - 0.20)2)
in each path. Mathematically, this reliability can be written as
= 0.9748
m m
RH = [1 - (0.15)(0.10)(0.20»)2 - [I - (I '-- 0.05)(\ - 0.06)(1 - o.ol)f = 0.9806
RL = n(l - q~i) - n[l - (l - qsi)n] (5.22)
i= I i= I The reliability of the above networks could have been determined from an op-
posite viewpoint. For example, the low-level redundant network could have been
analyzed by finding the system reliability with respect to a short minus the system
probability of failing open. This approach is equivalent to Eq. (5.22) since

n
1 R{short}- Pr{failing open} = I- Pr{failing short} - [I - R{failing open}]
= R{failing open} - Pr{failing short}
j FIGURE S.11
Block diagram of m three-state devices in a
low-level redundant configuration.
Because the events "failing open" and "failing short" are mutually exclusive, this
.approach works.
102 PART I: Basic Reliability Models CHAPTER

EXERCISES (b)

5.1 The time to failure (in years) of a Cyclone 365 computer has the probability density
function f{t) = I/(t + 1)2, t 2: O.
(a) If three of these computers are placed in parallel aboard the proposed space station,
what is the system reliability for the first 6 months of operation?
(b) What is the system design life in days if reliability of a 0.999 is required?
(c) What is the system reliability for 6 months if two out of the three computers must
(b)
function?

5.2 Find the minimum number of redundant components, each having a reliability of 0.4, For R, = 0.99, find R in (c). (Hint: Find R; in the simplest terms of R and use trial and
necessary to achieve a system reliability of 0.95. There is a common-mode failure prob-
error).
ability of 0.03.

5.3 Which system, (i) or (ii), has the higher reliability at the end of 100 operating hours?
(i) Two CPR components in parallel each having an MTTF of 1000 hr.
(ii) A Weibull component with a shape parameter of 2 and a characteristic life of 10,000
hr in series with a CPR component with a failure rate of 0.00005.

5.4 (a) For the following network, derive an expression for the system reliability in terms
(c)
of the component reliabilities, Assume that each component has a reliability of R.
(b) Compute the system reliability if R = 0.9.
5.8 Find the system reliability of the following series-parallel configurations. Component
reliabilities are given.

5.5 Three communications channels in parallel have independent failure modes of 0.1 failure
per hour. These components must share a common transceiver. Determine the MTTF of
the transceiver in order that the system has a reliability of 0.85 to support a 5-hr mission.
Assume constant failure rates. (a)

5.6 Ten Weibull components, each having a shape parameter of 0.80, must operate in series.
Determine a common characteristic life in order that they have a design life of I yr with
a reliability of 0.99.

5.7 Find the system reliability of the configurations in (a) and (b).
(a)

(b)

5.9 For each of the following redundant systems, determine the component MTTF necessary
to provide a system reliability of 0.90 after 100 hr of operation. The components have
(a) the same constant failure rate.
104 PARr I: Basic Reliability Models CHAPJ"ER 5: Reliability of Systems 105

5.15 Determine the reliability of the following series-parallel configura??n, in whic~ ~he
ith component has a probability qo; of failing open and a probability qsi of failing
short.

(a) High-level redundancy

5.16 A system is designed to operate for 100 days. The system consists of three components
(b) Low-level redundancy
in series. Their failure distributions are (1) Weibull with shape parameter 1.2 and scale
parameter 840 days; (2) lognormal with shape parameter (s) 0.7 and median 435 days;
5.10 Itsa Failing, a reliability engineer, has determined that the reliability function for a crit- (3) constant failure rate of 0.0001.
ical solid-state power unit for use in a communications satellite is R(t) = 10/(10 + r), (a) Compute the system reliability. . .,
t ~ 0 and t measured in years. (b) If two units of components I and 2 are available, determine the high-level redun-
(a) How many units must be placed in parallel in order to achieve a reliability of 0.98 dancy reliability. Assume that components 1 and 2 can be configured as a sub-
for 5 yr of operation? assembly.
(b) If there is an additional common mode, constant failure rate of 0.002 as a result of (c) If two units of components 1 and 2 are available, determine the low-level redun-
environmental factors, how many units should be placed in parallel? Compute the dancy reliability.
achieved system reliability.
5.17 Determine the reliability of the following linked system using the decomposition
S.ll Derive the reliability function and MTIF for three CFR components in parallel. If three . method.
components, each with CFR, are placed in parallel, determine the system reliability
for 0.1 yr and the MTTF. Their failure rates are 5 per year, 10 per year, and 15 per
year.

5.12 A signal processor has a reliability 0(0.90. Because of the low reliability a redundant
signal processor is to be added. However, a signal splitter must be added before the
signal processors, and a comparator must be added after the signal processors. Each of
these new components has a reliability of 0.95. Does adding a redundant signal proces-
-c ~1==SQ.9
. --
.
R3 = 0.95
-I ",0' ~
1----..
, -
rR4-0.99~

sor increase the system reliability? 5.18 For k-out-of-n systems there may be a crossover point, where the single-component
reliability is greater than the k-out-of-n system reliability. If R is the single-component
5.13 The following natural gas distribution network contains five shut-off valves configured reliability, then the crossover point is found from solving
as shown. Valves 1-4 have a probability of 0.02 of failing open and a probability of
0.15 offailing short. Valve 5 has a probability of 0.05 offailing open and a probability
of 0.20 of failing short. Find the system reliability.

(a) Find the crossover point for a 2-out-of-3 redundant system.


(b) Repeat for a 3-out-of-4 system.

5.19 An alternative approach for analyzing reliability networks is to identi~ ~l possible


. combinations of failure events of the components; compute the probabilities of those
outcomesjesuhing either in system fai~ure or in a sys~em success. (~onfailu~e),.~d
sum the individual probabilities to obtain the system failure probability or reliability.
5.14 Compare the reliability between a high-level redundant network and a low-level re- Since each component has two states, success (S) or failure (F), there are 2n mutually
dundant network comprised of two serially related components with three redundant exclusive combinations to be considered, where n is the number of components c0.m-
units of each available. The probability of any component failing open is 0.05. and the posing the network. For the system of Exercise 5.17, the analysis will take the following
probability of any component failing short is 0.1. form:
--~~~ .. -.~-.--.-----------
i06 PARTI: Basic Reliability Models

System Probability
s s s S S (0.9)2(0.95)(0.99) = 0.761805
s s S F F
s s F S S (0.9)2(0.05)(0.99) = 0.040095

Complete this problem by identifying all possible combinations and summing the prob-
abilities of those resulting in a system success. Compare your result with that obtained
5.24 Show that the MTfF for n serially related and independent components each having a
from the decomposition approach used in Exercise 5.17.
linear hazard rate function is
fl
5.20 In the design of computer systems, increased reliability maybe achieved through the
(22:;=1" a; j
17"
use of triple modular redundancy. This consists of three identical units (logic or binary MTfF =
variables) feeding into a common voting system, as shown in the figure. The value of
the output variable is determined by majority voting. If the single-unit reliability is R
and the reliability of the voting system is Ry, show that the system reliability is given
by R2(3 ~ 2R)Ry• If the reliability of the voting system is 0.95, what is the crossover where A;(t) = ajt and a; > O.
reliability (see Exercise 5.18) of a single unit?
Hint:

5.25 Structure function (optional). Consider the network shown below.


Input --+-+i Output
'---_ .....

5.21 Show that

MITF = .!. i(~)(~I?;~1 (a)


(b)
Write the structure function. .
Find the system reliability using the ~u:ucture function,
A ;=1 I I
(c) Identify the minimal path sets and ~m~~1 cut ~ts. _ ., .
for n redundant and independent components each with A(t) = A. Hint: From the bino- (d) Find the lower- and upper-bound reliabilities usmg tb minimal sets 10 (c).
mial theorem,
S.26 Structure function (optional). Consider the network shown below.

5.22 (a) For three-state devices, write an expression for the reliability of a low-level re-
dundant system as the system reliability with respect to a short minus the system
probability of an open. Show that this is equivalent to Eq. (5.22).
(b) Repeat for a high-level redundant system by writing an expression for the system
reliability with respect toan open minus the system probability of a short. Show
that this expression is equivalent to Eq. (5.23).
(a) Write the structure function. .
5.23 Write an expression for the system reliability of the following series-parallel network, (b) Find the system reliability using the structure function.
where qoi is the probability that the ith component fails open and qsi is the probability (c) Identify the minimal path sets and minimal cut ~ts. .. .
that the ith component fails short. (d) Find the lower- and upper-bound reliabilities using the minimal sets 10 (c).