An advanced reliability model for automated “safety systemprotected object” complex with time redundancy Текст научной статьи по специальности «Электротехника, электронная техника, информационные технологии»

AN ADVANCED RELIABILITY MODEL FOR AUTOMATED "SAFETY SYSTEM-PROTECTED OBJECT" COMPLEX WITH TIME REDUNDANCY

A. I. Pereguda, D. A. Timashov

Obninsk Institute for Nuclear Power Engineering, Obninsk, Russia e-mail: [email protected]

ABSTRACT

The paper presents a new reliability model for an automated "safety system-protected object" complex with time redundancy. It is supposed that the time redundancy is caused by a protected object inertia. Scheduled periodic inspections of the safety system are also taken into account. Two-sided estimates of the mean time to accident are proposed.

1 INTRODUCTION

Redundancy is a widely used and widely referenced concept. Time redundancy means that some excess time is available after the system fault. It is possible to prevent an accident during this period. Such kind of redundancy may arise by design or as a natural byproduct of design. There are some methods available for the estimation of reliability indices of systems with time redundancy (Gnedenko & Ushakov 1995). But there is a lack of reliability models for automated "safety system-protected object" complex with the time redundancy caused by a protected object inertia. Systems of such kind are quite common in the nuclear power engineering due to an inertia of physical processes in the reactor core. This natural redundancy is seldom acknowledged and exploited. In the present study we set out to analyze the reliability of such system. We follow Pereguda (Pereguda 2001) in assuming that the operation of the complex can be described using a superposition of alternating renewal processes. Our objective is to provide an asymptotic estimation for the mean time to accident.

2 MODEL DESCRIPTION

Let us consider an automated complex of a safety system and a protected object. The safety system and the protected object are repairable. They are restored to an as-good-as-new state. It is assumed that safety system failures can be detected only during periodic inspections of the safety system. All failures are supposed to be independent. Safety system consists of two subsystems: the temperature subsystem and the power subsystem. If the power subsystem fails then the temperature subsystem is still able to prevent an accident. By x, i = 1,2,... denote the time to the i-th protected object failure due to the increased power level. Let x, i = 1,2,. be independent and identically distributed (i.i.d) random variables with CDF FX(t). By yi, i = 1,2,. denote the time to the protected object repair after it's i-th failure due to the increased power level. Let y, i = 1,2,. be i.i.d. random variables with CDF Fy(t). Suppose that moments of the protected object repair after it's failure due to the increased power level are renewal points of the operation process of the complex. By Si denote the time between i-th protected object failure due to the increased power level and the subsequent failure due to the increased temperature. Let Si, i = 1,2,. be i.i.d. random variables with CDF FS(t). Thus the power safety subsystem may prevent an accident during the \Xi, Xi + Si) interval. Alternatively the temperature safety subsystem may prevent an accident atx + Si. By a, i = 1,2,.

denote the time to the protected object repair after such an event. Let ai, i = 1,2,... be i.i.d. random variables with CDF Fa(t). Suppose that moments of the protected object repair after it's failure due to the increased power level and subsequent increased temperature are renewal points of the operation process of the complex. By i = 1,2,. denote the time to the i-th protected object failure due to the increased temperature. Let i = 1,2,. be independent and identically distributed (i.i.d) random variables with CDF Ff(f). By i = 1,2,. denote the time to the protected object repair after it's i-th failure due to the increased power level. Let i = 1,2,. be i.i.d. random variables with CDF Fv(t). Suppose that moments of the protected object repair after it's failure due to the increased temperature are renewal points of the operation process of the complex. By ¿.p, i =

1,2,. denote the time to the i-th failure of the power safety subsystem. Let , i = 1,2,. be i.i.d.

random variables with CDF F^p (t). By fP, i = 1,2,. denote the time to the power safety

subsystem repair after it's i-th failure. Let fp, i = 1,2,. be i.i.d. random variables with CDF

F (t). Suppose that moments of the power safety subsystem repair after it's failure are renewal

points of the operation process of the power safety subsystem. By T denote the period of scheduled inspections of the power safety subsystem. By 0p denote the duration of scheduled inspections of the power safety subsystem. By ¿¡'., i = 1,2,. denote the time to the i-th failure of the temperature

safety subsystem. Let , i = 1,2,. be i.i.d. random variables with CDF F^t(t). By f, i = 1,2,.

denote the time to the temperature safety subsystem repair after it's i-th failure. Let f, i = 1,2,. be

i.i.d. random variables with CDF F t (t). Suppose that moments of the temperature safety subsystem

repair after it's failure are renewal points of the operation process of the temperature safety subsystem. By T denote the period of scheduled inspections of the power safety subsystem. By 0 denote the duration of scheduled inspections of the power safety subsystem. The safety system is inactive during the inspection. By < denote the time to accident. Our aim is to estimate the mean time to accident E[<].

2 MAIN RESULTS

Since the operation process of the complex is a superposition of alternating renewal processes, it follows that

v — 1

i=1

where

= min(x) + ((( + y )JBt + + a )JBt J +

and

a\ = min( + S,Jx <Vi •

By p i we denote the interval between the protected object failure due to the increased power level and the activation of the power safety subsystem. Note that 0 < (3i < Si. By Bi we denote the event

that the power safety subsystem was activated in the X, Xi + interval. By Bt we denote the event

that the power safety subsystem was not activated in the X, Xi + interval. JB is an indicator function of the event B.

We obviously have

Fa{t) = Pr(^< t) = Prfga, + a'< t .

v,=i J

Applying the Laplace-Stieltjes transform to Fm(t), we obtain

Fa(s) = E[e-s"]=f^E[t| v = n]Pr(v = n)

n=1

where Fw(s) = Je-stdFa(t) = E[sw],Pr(v = n) = q(1 - q)n - 1 and q is the probability of an accident

( ^ ) = J e

0

during a renewal interval. We see that

E [e

' (v-1 , \

1 -s\ Y^i+^v I

v = nj = E e U j v = n

(((s) ) F& (s).

Therefore

Since e[c] =

Fw(s) = YE^s)) Fa,(s)q(1 - q)n-1 = -

n=1 1

qFa'(s)

- (1 - q)Fa(s)

dFm(s)

ds

it follows that

E[c] = E[v'] + ^ e[<J]

q

Variable ( has an unknown distribution. Therefore variable o also has an unknown distribution. Using stochastic ordering (Stoyan, 1983), we get the following estimation

E[<?']+ — E[min(x,p)] + ((](B) + (([] + E[a])Pr(B))) < p)) + E[[]Pr(p < x) < E[co]

<

q

1 - q,

< E[a']+ (E[min(x,p)] + ((] + E[r])Pr(B) + (e[ô] + E[a)(B))Pr(x < p)) + E[]Pr(p< x), q

where

E[a'] = E[min( x,p)]+ E[¿]Pr(x < P) • By Un denote the moment of the n-th failure of the power safety subsystem. By Vn denote the moment of the n-th repair of the power safety subsystem. Then the corresponding accident takes place when

Un < X < Vn - S, s < Vn - Un

or when

Vn-1 + F < X < Vn-1 + (F + 6p) - S; Vn-- + (V + 6p) + F < x < Vn-- + 2(Tp + 6p) - S;

Vn-1 +

\

Tp +ep

-1

(Tp +dp ) + Tp <x< Vn-1 + {

tn

(Tp +ep )

Tp +0pi S < GP

where <x> is an integer part of x.

Since the operation process of the safety system is an alternating renewal process, it follows

that

n-1 i f ir p 1 A n-1

Un = + Y

i=1

i=1

(Tp +ep )-J—tiP— l(Tp +ep ) |Tp +ep I

+

Yn

i=1

s=0

n n

+

i= 1 i= 1

V + Y

(Tp +0p ) -J —p— 1(TP +0p )

Itp + ep I

+

Ynp,

i =1

where (x) is a fractional part of x. Taking into account the condition of accident, we obtain:

m w

Pr( B ) =yJ

n=1 0

E

tp+e

JU„<x <Vn -SJA n >0 + Y JVn1 i=1

(i-i)(Tp +ep )+Tp < x <vn-1 +i (Tp +ep )-s JZ >0

dF( x)

where

an = nn + - ô,

e_ = Tp +ep -

-In

jp + ep Z = gp - ô

(Tp + ep ),

It now follows that

co c c c

Pr(5) = 2 JPr(min(U„,(U„ + A„)) < x)(x) - £ JPr(( + A„ < x))(x)

n=1 0

n=1 0

+

m ^

YJ E

n=1 0

pp V n

Tp +ep,

y Pr(min((Vn-1 + i(Tp + ep ) - ep ), (Vn-1 + i(Tp +ep ) - ep +z)) < x)

dF„( x) -

iaJ

Y J E

n=1 0

^n

tp +ep

Y Pr ((-1 + i(Tp + ep ) -ep + z< x)

i=1

dFr(x) = 91 +

Note that

Fpp * (Fpp * FvP * )*( n-1))( x ) - (FpP * (FpP * FvP * FJ*(n-1))(x - y) ) (y^F^

n = 1 0 0

t

where F * F' (t) = J F (t - z)dF (z) and F*(2)(t)=F*F(t). Equivalently

0

m m

91 = JJ( H 0( x) - H 0( x - y))dFA ( y)dFz( x)

0 0

where H0(x) = £ F * (F * F p * Fs)*(n-1)(x). Furthermore

92 =

m w w

Y JJe

n=1 0 0

tp +ep

Y(pr((n-1 + i(TP+ep )-ep < x)-Pr(n-1 + i(Tp+ep )-ep < x - y ))

dFç( y)dFx (x).

In other notation,

92 =JJE

0 0

Y (H0,. (x) - H0,. (x - y))

dFz( y)dFx( x),

n

i=1

n=1

i=1

p

p

T

i=1

where H0i (x) = ^ F2in (x) and F2i,n(x)=Pr(Vn-1 + i(Tp + 6p) - 0p < x). The application of renewal

n=1

limit theorems (Rausand & Hoyland 2004) yields

1

e[p ]+ (Tp + ep ) + (Tp + ep )e

Tp + ep

J ydF^( y),

E k çp w

\ Tp +ep /

e \ip ]+ (Tp +ep )+(Tp+ep ) e 1 ip \

\ tp+ep 1

J ydFz( y).

Finally, Pr( B )

E[np ] + (Tp + 0p ) + (Tp + ep ) E

I ç '

Tp + ep

J ydFä ( y) + E

Tp + ep

J ydFZ( y)

The Monte-Carlo method can be used to estimate JydFA(y) and JydF((y):

0 0

1

Pr( B )■.

e \ip ]+(Tp+ep )+(Tp + ep ) e

Tp +ep,

(

E

f

max

np + tp +ep —

Tp + ep

,0

+ E K çp yi

\ tp+ep/

E[max(ep -£,0)]

Note that

We obviously have

Pr( B) = 1 - Pr( B ). q = qpt Pr(x < p) + q Pr(x > p),

where qpt is the probability of failure of both safety subsystems and q' is the probability of failure of the temperature safety subsystem. Furthermore

qpt = Pr(B)q'.

Using the same technique as earlier we obtain the following estimation of q'

e[ç ]-efE \(c W \ f +e/

e [n ]+T +e )+t+e ) e ! ç \ \ F+e 1

qt « 1 -

Therefore we managed to estimate all variables necessary to evaluate mean time to accident. Though some of them should be evaluated numerically the required techniques are pretty much straightforward. 3 CONCLUSIONS

The proposed model permits to assess the reliability of one specific class of technological systems with time redundancy. In particular the suggested approach allows to evaluate the mean time to accident for the "safety system-protected object" complex. The proposed approach allows to

1

x

not underestimate the reliability of the complex with time redundancy. The solution obtained is useful for the reliability assessment of nuclear power plants and similar dangerous technological objects.

REFERENCES

Gnedenko, B.V., Ushakov, I.A. 1995. Probabilistic Reliability Engineering. John Wiley & Sons, Inc.

Pereguda, A.I. 2001. Calculation of the Reliability Indicators of the System Protected Object-Control and Protection

System. Atomic Energy 90: 460-468. Rausand, M., Heyland, A. 2004 System Reliability Theory: Models, Statistical Methods and Applications. John Wiley & Sons, Inc.

Stoyan, D. 1983 Comparison Methods for Queues and Other Stochastic Models. Wiley-Interscience.