Contribution to availability assessment of complex systems Текст научной статьи по специальности «Компьютерные и информационные науки»

CONTRIBUTION TO AVAILABILITY ASSESSMENT OF COMPLEX SYSTEMS

D. Valis

University of Defence, Brno, Czech Republic

e-mail: david.valis@unob.cz

ABSTRACT

As we use complex systems with one shot items in many technical applications we need to know basic characteristics of such system. Performance, safety and other are as much important as dependability measures. In real applications we have to take into account a related distribution of an observed variable. In terms of complex systems with one shot items it is a discrete random variable related to one shot item. The whole system and its failures (unexpected and inadvertent events) may have two typical types of distributions and their characteristics. We either consider a continuous variable (such as time, mileage, etc.) or a counting variable (such as number of cycles, sequences, etc.) regarding to a failure occurrence. As the one shot items is supposed to back up the main system function the total reliability of the system should be higher than. The main issue regarding the system using one shot items in their construction is to determine the probability of the task (mission) success. The paper presents both theoretical approach and practical example of the solution.

1 INTRODUCTION

This paper is supposed to contribute to a solution of dependability qualities of the complex (in this case) weapon system as an observed object. We would like to show one of the ways how to specify a value of single dependability measures of a set. The aim of our paper is to verify the suggested solution in relation to some functional elements which influence fulfilment of a required function in a very significant manner (Koucky & Valis 2007).

The paper contents deals with a weapon set which is a complex mechatronics system, designed and constructed for military purposes. We are talking about a barrel shooting gun - a fast shooting two-barrel cannon. It is going to be implemented in military air force in particular.

Generally speaking the set consists of mechanical parts, electric, power and manipulation parts, electronic parts and ammunition. For the purpose of use in our paper we are not going to deal with isolated functional blocks and ammunition only. In this case we consider the ammunition as the key element in the whole process as recommended standardised rounds and pyrotechnic cartridges.

Single parts of the set can be described with qualitative and most importantly quantitative indices which present their quality. In this paper we are dealing especially with quality in terms of dependability characteristics. We have been working first and foremost with probability values which characterize single indices, and which describe functional range and required functional abilities of the set. We do not focus only on the part handling rounds and pyrotechnic cartridges which are crucial for this case. In order to continue our work it is necessary to define all terms and specify every function.

The main type of data which can be found in the area of dependability statistical analysis is as follows: simple, censored, cut (reduced) data, or the combination of it.

Simple data: It is a basic category in which the established information t1} t2,..., tn is the random sample of probability distribution of time to failure T.

Censored data: The data is designated (t1} d}), ..., (tn, dn), where t = min (T, C), T is a random value determining time to failure, C is censoring time and di is an indicator defined by the formula di = 1, if t is time to failure and di = 0 in other cases. The basic types include censoring by fixed time (C is fixed time) and random time (C is a random variable with given probability distribution). This type of dependability data is frequently used in practice and it can be found in the situations where the observation is terminated after some time, because the system is put out of operation, etc. Concerning laboratory tests these are the so called tests terminated by time.

Cut (reduced) data: This is the data of the failures registered after some time passes. In practice one can come in contact with this sort of data when the information about failures is not put in the early stages.

Classification of statistical methods used in dependability statistical analysis:

Parametric methods: These methods proceed from the assumption that the observed data represent random sample described by a given probability distribution (e.g. exponential, Weibull's, gama, etc.). The main task then is to determine (estimate) values of unknown parameters based on the observed data.

Non-parametric methods: These methods do not take into account any specific classification of data and they are a "universal" alternative to parametric methods (their main advantage). The main disadvantage is their smaller power (when compared to parametric methods).

Semi-parametric methods: These methods which are a sort of compromise between parametric and non-parametric methods require only a "partial" specification of the distribution. A parametric model is introduced for important variables and a non-parametric one is introduced for these of minor importance.

2 ESENTIAL TERMS, DEFINITIONS AND SIGNS

We are always talking about an object in terms of reliability analyses. The definition for object is the same as the used in IEC 60500-191/1990. Consequently we need to describe the basic object's measures (Koucky & Valis 2007).

Object's function:

The main function: The main function of the object is putting into effect a fire from a gun using standard ammunition.

The step function: Manipulation with ammunition, its charging, initiation, detection and indication of ammunition failure during initiation, initiation of backup system used for re-charging of a failed cartridge.

It is expected that the object will be able to work under different operating conditions especially in different temperature spectra, under the influence of varied static, kinetic and dynamic effects, in various zones of atmospheric and weather conditions.

In this case we will not take into account any of the operating conditions mentioned above. However, their influence might be important while considering successful mission completion.

One of the main terms we are going to develop is:

Mission: It is an ability to complete a regarded mission by an object in specified time, under given conditions and in a required quality.

In our contribution it is a case of cannon ability to put into effect a fire in a required amount -in a number of shot ammunition at a target in required time, and under given operating and environmental conditions.

As it follows from the definition of a mission it is a case of a set of various conditions which have to be fulfilled all at once in a way to satisfy us completely. Our object is supposed to be able to shoot a required amount of ammunition which has to hit the target with required accuracy (probability). We will not take into consideration circumstances relating to evaluation of shooting results, weapon aiming, internal and external ballistics, weather conditions and others. We will focus only on an ability of the object to shoot (Koucky & Valis 2007).

As we have stated above we will not deal with isolated function blocks only. We are presuming that these blocks act according to required and determined boundary conditions. In order to understand functional links fully we introduce our way of dividing the object although we will understand the object as a complex system in the paper. We speak about the following blocks:

Manipulation with ammunition, its charging, initiation, failure detection and indication during initiation, initiation of a backup system in order to recharge a failed cartridge, all mechanical parts, all electric and electronic parts, interface elements with a carrying device - Block A; Ammunition - Block B; Pyrotechnic cartridges - Block C.

Symbols used in the text:

/random value expressing time to failure,

tj,t2,...,tn measured times to failure (that is a random selection of T), or data on

possible censoring, t(j) ,t(2),. ,t(n) arranged values tj ,t2,... ,tn (including data on censoring),

t[1],t[2],K arranged random selection of times to failure , that is, without data on censoring,

A T ((), A*T (() cumulative failure rate or its point estimation, RT (() Rj (() probability of reliable operation or its point estimation, E[] E * [•] mean value of the variable or its point estimation, var [•],var * [•] dispersion variance, or its point estimation •.

3 DESCRIPTION OF THE PROCESS

The process as a whole can be described this way:

From a mathematical and technical point of view it is a fulfilling of requirements' queue which gradually comes into the service place of a chamber. The requirements' queue is a countable rounds' chain where the rounds wait for their turn and are transported from the line where they wait in to a service place (fulfilment of a requirement) of a chamber and there they are initiated. After the initiation the requirement is fulfilled. An empty shell (one of the essential parts of a round) leaves a chamber taking a different way than a complete round. When the requirement is fulfilled, another system which is an integral part of a set detects process of fulfilling the requirement. The process is detected and indicated on the basis of interconnected reaction processes. In this case fulfilling the requirement is understood as a movement of a barrel breech going backwards. Both fulfilling the requirement and its detection are functionally connected with transport of another round waiting in a line to go into a chamber.

Let's presume that rounds are placed in an ammunition feed belt of an exactly defined length. A maximum number of rounds which could be placed in a belt is limited by the length then. The length is given either by construction limitations or by tactical and technical requirements for a weapon set. Let's presume that despite different lengths of an ammunition belt, this will be always

filled with rounds from the beginning to the end. Let's also assume that the rounds are not nonstandard and are designed for the set.

The process of fulfilling the requirement is monitored all the time by another system which is able to differentiate if it is fulfilled or not. The fulfilment itself means that a round is transported into a chamber, it is initiated, shot, and finally an empty shell leaves a chamber according to a required principle. If the process is completed in a required sequence, the system detects it as a right one.

Because of unreliability of rounds the whole system is designed in the way to be able to detect situations in which the requirement is not fulfilled in a demanded sequence and that is why it is detected as faulty.

Although a round is transported into a chamber and is initiated, it is not fired. A function which is essential for a round to leave a chamber is not provided either, and therefore another round waiting in line cannot be transported into a chamber. That is the reason why fulfilling of the requirement is not detected.

The system is designed and constructed in such a way that it is able to detect an event like this and takes appropriate countermeasures. A redundant system which has been partly described above is initiated. After a round is initiated and the other steps don't carry out (non-fire, non-movement of a barrel breech backwards, non-detection of fulfilling the requirement, non-leaving of a chamber by an empty shell, and non-transport of another round into a chamber) a system of pyrotechnic cartridges is initiated. It is functionally connected with all the system providing mission completion. A pyrotechnic cartridge is initiated and owing to this a failed round is supposed to leave a chamber. A failed functional link is established and another round waiting in line is transported into a chamber.

In order to restore the main function we use a certain number of backup pyrotechnic cartridges. Our task is to find out a minimum number which is essential for completing the mission successfully. Next issue we are supposed to solve is to find out the availability function of the system. We would like to know if the system is capable to carry out next mission with its technical/mission "history". If the operational unit left are much enough to complete the task successfully from the technical point of view without any impact on terms of repair/replacement, etc. As based onto the collected data observed from previous deployment and initial operation period of the system we might use standard mathematical tools for their assessment. Due to specific system construction and specific process procedure it seems to us that another than common methods are to be applied. Following section is the example of our effort (Koucky & Valis 2007).

4 MATHEMATICAL MODEL

Since the data on system operation and process behaviour is available we use two methods while analyzing this. The first one is the Nelson - Altsschuler estimation (Akersten 1987, Crowder & Kimber 1991, Nelson 1990). It is a case of one of the basic non-parametric methods which are used for statistical dependability analysis, especially while estimating instantaneous cumulative failure rate AT (t). It is expressed by the equation:

(1)

0

where AT (t) is failure rate at the time t, thus

ÀT (t )= lim

P(t < T < t + h\t < T )

(2)

h

Let us assume that the obtained dependability data tx,t2,...,tn are the information on time to failure or time information about censoring. In this case the Nelson- Altschul er's (N-A) point estimation A*T (t) of the cumulative failure rate is expressed by

a; (t )=£ (3)

t[i p

where t[] is the i-th element of the arranged random selection of times to failure (that is we do not include censoring times in the selection), is frequency of the value t[ ], is number of objects in operation to the time t[ ].

If the failure occurs together with the censoring, we assume that the censoring occurs straight after the failure. In order to estimate the dispersion variance A*T (t) we use the asymptomatic formula

*

var

k (')]=! ^ (4)

A] t<2

w*

through which we determine even relevant interval estimation. For (l -a)% dependability interval of the value A*T (() we get

(a; (t)-«i^Vvar- [a; (t)], AT (t) + u^vaf [A (t)]) (5)

where ua is a% a quantile of standard normal distribution.

Of course there is large variety of other non-parametric methods which are suitable for dependability assessment based on operational data. These are for example non-parametric renewal density estimations, renewal functions and non-parametric trend tests.

Another method used for the system assessment is determining the distribution of time to failure and its properties. This is the statistical test TTT (Total Time on Test-plot) which allows us to decide whether distribution of time to failure is of increasing (IFR - Increasing Failure Rate), or decreasing (DFR - Decreasing Failure Rate) failure rate. If t ^, t(2),..., t (n) is an arranged selection of

times to failure, then the test statistic u () is defined as follows:

T

u ()= (6)

n,n

where Ti,n = t(1) + t(2) + K + t(-1) + (n - i + l))()

The testing itself is based on putting the values ) and j/n in the graph. In case of the IFR distribution the graph u/.) is convex , concerning the DFR distribution the graph is concave.

5 EXAMPLE OF THE APPLICATION

The assessed failures were as follow:

- only mechanical, software and process ones;

- the failures resulting from shortage of redundant cycles (pyrotechnical cartridges)

The source of the data is operating data - number of cycles (shots) to failure (mechanical, software, process cause not at all due to shortage of redundant cycles that is pyrotechnical cartridge) regarding sixteen observed systems.

Ad - only mechanical, software and process failures:

The data used for the analysis are put in Table 1, the data in red (last column) stand for censoring by time and not the failure. Complete enumeration consists of a number of shots to failure regarding sixteen renewed systems of the same type (cannon). In the paper there is presented only one system how to carry out the method. The data is arranged according to its real occurrence and is essential for quite a few of non-parametric tests. The values are modified owing to industrial protection. The thick blue line (between column 6 and 7) separates the years 2005, 2006.

Table 1. Data from system operation

Canon ti - time to failure

1 201 339 660 512 156 | 1293 2 798

Table 2 shows the calculation of the Nelson-Altschuler estimation of cumulative failure rate.

a; (t ).

Table 2. Table of Nelson-Altschuler Estimation calculation

Event Nelson-Altschuler Data

(0 D_R H_R u(i)

1-2 0,033 0,968 0,925 1,000 0,003

3 0,050 0,951 0,899 1,000 0,007

Description of the table:

Event (i) - serial number of an event (failures including possible censoring by time).

Values in the column A(fy]) are calculated according to the formula (3) and they are point estimation of cumulative failure rate in the interval -1],t[i] .

The values D_R, H_R are relevant lower and upper limits of 95% of the dependability interval.

The column u(i) - the values of test statistic for TTT are counted using the equation (6). Figure 1 and 2 show the course (typically step-wise) of the estimations A*T (t) and RT(t), including relevant 95% of dependability intervals. The course of the estimation of reliable operation probability R1(t) and its 95% of the dependability interval (D(t) - the course of the lower limit H(t) - the course of the upper limit) is put in Figure 1.

Estimator of the reliability R1(t) with 95% confidence limits

Time (in cycles) —♦— R1 (t) D(t) -a- H(l)

Figure 1. Reliability of the system and its 95% confidence intervals.

Ad - the failures resulting from shortage of redundant cycles (pyrotechnical cartridges:

This time the data in table 3 contains number of cycles to failure owing to shortage of redundant cycles, the data in red (last column) shows the information on censoring by time. By way of demonstration there is also one system only which is supposed to demonstrate how to carry out the method. The values are again modified due to industrial protection.

Table 3. Data from system operation censored by lack of cycles

System I Number of main cycles to failure J_1200_668 2299

Even in this case the NA non-parametric estimation of cumulative failure rate A 2 (t )was used in order to estimate reliable operation probability . The example of calculation results is put in table 4.

Table 4. Table of Nelson-AItschuler Estimation calculation

ht] A2(f[/]) D_A2(iw) H_A2(iw) ^(fa) D_R2(tw) H_R2(tw)

76 0,0385 0,0000 0,1138 0,9623 0,8924 1,0000

149 0,0785 0,0000 0,1872 0,9245 0,8293 1,0000

236 0,1201 0,0000 0,2561 0,8868 0,7740 1,0000

The course of the estimation of reliable operation probability R2(t) and its 95% dependability interval (D(t) - lower and H(t) - upper limits) is put in Figure 2.

Estimator of the reliability R2(t) with 95%% confidence limits

Time (in cycles) | -»-R2(t) -a—D(t) -a-H(t)

Figure 2. Reliability of the system and its 95% confidence intervals.

Last but not least, it is necessary to carry out the test which shows us whether the courses of Ri(t) and R2(t).are identical/similar. From the operational point of view it is important to assess the impact of both types of failures (mechanical-software-process, or shortage of redundant cycles) they made on the reliability of the analysed system. The courses of both reliability functions R}(t) and R2(t) are put in Figure 3. Mathematically this issue is supposed to result in a statistical test.

H0 . Ri (() = R2 (() x H1 . Ri (() R2 (t)

With the respect to the nature of the data the non-parametric Mantel's test (N. Mantel: Evaluation of survival data and two new rank order statistics arising from its consideration. Cancer Chemother. Rep., 50, 163-170) was selected. When we apply the test to the data described above, we come to the conclusion that the impact of mechanical-software-process failures on system reliability is statistically a lot higher than the impact of the failures due to shortage of redundant cycles (pyrotechnical cartridges). This is also the case of the modified data.

Figure 3. Reliability comparison of the R} (t) and R2(t) functions.

The calculated parameters from NA test could be also displayed in the following graphical form. We speak about the u^ value of test statistic for "Total Time on Test-plot" and the i/n value which represent the intensity of the event in number of sequences. The Figure 4 represents this dependence.

Total time on test-plot

Figure 4. Total Time on Test-plot.

From this diagram it is remarkable that due to its form we can not confirm both the "IFR" (Increasing Failure Rate) and "DFR" (Decreasing Failure Rate) of the system.

6 CONCLUSION

In the paper we wanted to shed light on evaluating quite specific technical systems which, by all means, are present in different processes. The new contribution is in the application itself regarding the system assessed. Since they are specific both by their construction and the way they work, then the analysis of their properties might not be standard either. So far some ways of finding optimum construction arrangements in order to obtain a required level of dependability and function have been shown. The method we chose is aimed at verifiable evaluation of the real data obtained from operation by using appropriate methods. Both the mathematical model and the example of a practical application together with operational data reflect the behaviour of the real system. The graphs covering the courses help us to catch the behaviour of the system even more precisely. On the basis of this information it is quite easy to get reliability measures as well as readiness measures of the system where the parameter is discreet there and it is given by a number of cycles the system performs during its function.

ACKNOWLEDGEMENTS

This paper has been prepared with support of the Grant Agency of the Czech Republic project No. 101/08/P020 - "Contribution to risk assessment of technical systems" and with support of the Ministry of Education, Youth and Sports of the Czech Republic, project No. 1M06059 - Advanced Technologies and systems for Power Engineering.

REFERENCES

1. AKERSTEN,P. A. "The Double TTT-Plot - a Tool for the Study of Nonconstant Failure Intensities,", In: Proceedings of the 6th National Reliability Conference in Birmingham. Warrington: National Centre of System Reliability UKAEA 2B/3/1-8, 1987.

2. CROWDER, M. J., KIMBER, A. C. Statistical Analysis of Reliability Data, London: Chapman & Hall, 1991.

3. NELSON, W. Hazard Plotting of Left Trucated Life Data, Journal of Quality Technology Nr. 20, 1990, pp. 230 -238.

4. KOUCKY, M., VALIS, D. Reliability of Sequential System with Restricted Number of Renewals. In: Risk, Reliability and Social Safety. London: Taylor & Francis, 2007. pp. 1845 - 1849.