IplÉ l i S i i l »
t E G A L NOTICE
low
This document was prepared under the sponsorship o£ the Commissionof the European Communities.
«SPIJK
XT .t .1 _ r _ : „ . . : „£ +U„ E „mt , » i n f n r n m i i n i t i p s its c o n t r a c t o r s 1«l»(l
Neither the Commission of the European Communities, its contractors
^íiéí
'HB
nor any person acting on their behalf:
make any warranty or representation, express or implied, with respect to the accuracy, completeness, or usefulness of the information contained in this document, or that the use of any information, apparatus, method or process disclosed in this document may not ;
rights; or
assume any liability with respect to the use of,
from the use of any information, apparatus, method or process disclosed in this document.
mñm
mm
is report is on sale at the addresses listed on cover page <■
at the price of B. Fr. 60.
m
i
lí'!.;«ili^tíki"'rn, ·*► •■»iîîtX¡Uf-lii
RM '< 5, ;¡ i
SfcvML
This document was
3nP
Commission of the European Communities
G. XIII C.I.D.
29, rue Aldringen L u x e m b o u r g
WaÊSmvSam
Apnl 1973mm
Í
;
«3»%fe*W li Slö
EUR 4940 e
C A D I — A COMPUTER CODE FOR SYSTEM AVAILABILITY AND RELIABILITY EVALUATION by A.G. COLOMBO
Commission of the European Communities
Joint Nuclear Research Centre - Ispra Establishment (Italy) Scientific Data Processing Centre - CETIS
Luxembourg, April 1973 - 44 Pages - 19 Figures - B. Fr. 60.—
This report describes a code for evaluating the system availability, and
therefore as a particular case, for evaluating the system reliability, of systems having elements for which a binary state is assumed : functioning or not-func-tioning.
The code is oriented towards a fault-tree representation. First of all it finds deterministically the minimal cut sets, then calculates analytically the lity of each primary event. Finally, it evaluates the system lity as a function of the most significant minimal cut sets and of the availabi-lity of the primary events appearing in these critical sets. It also supplies a
EUR 4940 e
C A D I — A COMPUTER CODE FOR SYSTEM AVAILABILITY AND RELIABILITY EVALUATION by A.G. COLOMBO
Commission of the European Communities
Joint Nuclear Research Centre - Ispra Establishment (Italy) Scientific Data Processing Centre - CETIS
Luxembourg, April 1973 - 44 Pages - 19 Figures - B. Fr. 60.—
This report describes a code for evaluating the system availability, and therefore as a particular case, for evaluating the system reliability, of systems having elements for which a binary state is assumed : functioning or not-func-tioning.
The code is oriented towards a fault-tree representation. First of all it finds deterministically the minimal cut sets, then calculates analytically the lity of each primary event. Finally, it evaluates the system lity aá a function of the most significant minimal cut sets and of the availabi-lity of the primary events appearing in these critical sets. It also supplies a
EUR 4940 e
C A D I — A COMPUTER CODE FOR SYSTEM AVAILABILITY AND RELIABILITY EVALUATION by A.G. COLOMBO
Commission of the European Communities
Joint Nuclear Research Centre - Ispra Establishment (Italy) Scientific Data Processing Centre - CETIS
Luxembourg, April 1973 - 44 Pages - 19 Figures - B. Fr. 60.—
This report describes a code for evaluating the system availability, and therefore as a particular case, for evaluating the system reliability, of systems having elements for which a binary state is assumed : functioning or not-func-tioning.
table, oriented towards sensitivity analysis, which is of great interest for the design and control of complex systems.
The code is programmed in FORTRAN IV language and has been imple-mented on an IBM 370/165 computer. To find the cut sets of order 1, 2 and 3 of a system composed of 200 primary events required roughly two mi-nutes of computer time. The determination of the unavailability of the same system, at 10 different mission times, requires about half a minute. This last computation concerns 86 independent primary events with constant failure and restoration rates, end 957 minimal cut sets of order 2.
table, oriented towards sensitivity analysis, which is of great interest for the design and control of complex systems.
The code is programmed in FORTRAN IV language and has been imple-mented on an IBM 370/165 computer. To find the cut sets of order 1, 2 and 3. of a system composed of 200 primary events required roughly two mi-nutes of computer time. The determination of the unavailability of the same system, at 10 different mission times, requires1 about half a minute. This last
computation concerns 86 independent primary events with constant failure and restoration rates, and 957 minimal cut sets of order 2.
table, oriented towards sensitivity analysis, which is of great interest for the design and control of complex systems.
EUR 4 9 4 0 e
COMMISSION OF THE EUROPEAN COMMUNITIES
C A D I
A COMPUTER CODE FOR SYSTEM AVAILABILITY
AND RELIABILITY EVALUATION
by
A.G. COLOMBO
1973
ABSTRACT
This report describes a code for evaluating the system availability, and therefore as a particular case, for evaluating the system reliability, of systems having elements for which a binary state is assumed : functioning or not-func-tioning.
The code is oriented towards a fault-tree representation. First of all it finds deterministically the minimal cut sets, then calculates analytically the lity of each primary event. Finally, it evaluates the system lity as a function of the most significant minimal cut sets and of the availabi-lity of the primary events appearing in these critical sets. It also supplies a table, oriented towards sensitivity analysis, which is of great interest for the design and control of complex systems.
The code is programmed in FORTRAN IV language and has been imple-mented on an IBM 370/165 computer. To find the cut sets of order 1, 2 and 3 of a system composed of 200 primary events required roughly two mi-nutes of computer time. The determination of the unavailability of the same system, at 10 different mission times, requires about half a minute. This last computation concerns 86 independent primary events with constant failure and restoration rates, and 957 minimal cut sets of order 2.
KEYWORDS
INDEX page
1. INTRODUCTION 5
2. CALCULATION METHODS FOR SYSTEM AVAILABILITY 6
2. 1 Some definitions 6
2 . 2 R e m a r k s on some codes examined and the methodology of the
CADI code 8
2. 3 Availability of a p r i m a r y event as a function of time 9
2 . 4 System availability and the bounds method 10
3. THE CADI CODE 14
3. 1 The CUTDET p r o g r a m 14 3. 1. 1 Input c a r d s 15 3. 1. 2 Output from CUTDET 16
3. 1. 3 Memory r e q u i r e m e n t s and running time 17
3.2 The AVANA p r o g r a m 17 3 . 2 . 1 Input c a r d s 18
3. 2. 2 Output from AVANA 22
3 . 2 . 3 Memory r e q u i r e m e n t s and running time 22
3. 3 Developments planned 23
4. SAMPLE PROBLEM 23
REFERENCES 26
4
-LIST OF FIGURES
1. F a u l t - t r e e symbology
2. Availability and reliability of a p r i m a r y event ( λ and μconstants)
3. System availability approximations
4. F a u l t - t r e e representation and subroutine TREE of a 7 p r i m a r y event
system
5. F a u l t - t r e e of the sample problem
6. P r i m a r y event c h a r a c t e r i s t i c s of the sample p r o b l e m 7. P r o g r a m CUTDET. Subroutine TREE
8. " " Input cards to find the m i n i m a l cut s e t s of the s y s t e m
9. " " Input information
10. " " Output information. S u m m a r y of the logical ana lysis of the s y s t e m
11. " " Output information. Minimal cut sets
12. P r o g r a m AVANA. Input c a r d s to compute s y s t e m unavailability
13. " " Input information. P a r a m e t e r s
14. " " " " C h a r a c t e r i s t i c s of the p r i m a r y
events
15. " " " " Minimal cut s e t s
16. " " Output information. P r i m a r y events unavailability 17. " " " " Minimal cut s e t s unavailability
18. " " " " System unavailability
19. " " " " System unavailability in the case
5 -1. INTRODUCTION
Several codes have been developed for system availability and reliabi-lity evaluation. In £\J various open literature codes have been examined and the problem of interdependence between representations, calculation methods and codes has been discussed. Among the most significant codes we quote the following: ARMM fzj, fij; SAFTE ¿V/; NOTED ßj; PREP-KIT T fsj, ß>J; BOUNDS (NBB), [l],
This examination has clearly shown the advantages of a faulttree r e -presentation as compared with alternative re-presentations. The symbology of a fault-tree representation is described, for example, in /j>J and / 6 / , and is illustrated in Fig. 1. The advantages of a fault-tree representation can be summed up as follows: the more immediate representation of a real system, the ease with which the desired level of detail can be obtained even in several subsequent analyses, the possibility of taking human factors in-to account, and the ease with which any type of modification can be intro-duced into the system. In addition, and this is perhaps the most important characteristic, the possibility of specifying directly and automatically, by means of a computer, the minimal cut sets of the system.
Another consideration: none of the codes examined in ¿\J develops
sys-tematically what is certainly one of the most important aspects of an avail-ability analysis, and that is the qualitative aspect characterized by the
cri-tical sets of the
system-The characteristics which differentiate the CADI code from the codes
quoted, and which qualify it, are essentially as follows:
- the accentuation of the qualitative aspect of the availability analysis;
6
-- the evaluation of the s y s t e m unavailability, up to the first t h r e e
bounds, by means of a very efficient algorithm;
- input c a r d s reduced to a minimum and easy to p r e p a r e ;
- extensive output lists which can be understood immediately.
This code makes it possible.to tackle in a satisfactory m a n n e r p r a c t i c a l ly all the problems of evaluating the availability of s y s t e m s that can be r e
p r e s e n t e d by a fault-tree, as for example safety s y s t e m s of r e a c t o r s o r e l e c t r i c a l supply s y s t e m s . However, taking into account the rapid develop
ments in this field, m o r e sophisticated algorithms a r e being elaborated for the analysis of p a r t i c u l a r aspects of availability p r o b l e m s . Some of these a l g o r i t h m s , which will be included p r o g r e s s i v e l y into the code, a r e m e n
tioned in Sec. 3. 3.
2. CALCULATION METHODS FOR SYSTEM AVAILABILITY
2. 1 Some definitions
By a system we m e a n a set of elements the state of which is a s s u m e d to be binary: functioning - not functioning. A fault-tree r e p r e s e n t s the p r i
m a r y events and the final event c h a r a c t e r i z e d by these e l e m e n t s . The state 0 is attributed to a "bad" or "fault" event, and to the "good" event is a t t r i
buted the state 1. The calculation of a s y s t e m availability m e a n s evaluat ing the probability that the final event will be in the d e s i r e d s t a t e : 1, as a function of the states of the p r i m a r y events and of the probability d i s t r i
butions corresponding to these s t a t e s .
Generally, the r e a l s y s t e m s for which an availability analysis is of in t e r e s t a r e coherent, and thus indicating by
n the number of p r i m a r y events in the system
rVi
x. the state of the i p r i m a r y event ( i = 1, 2, . . . , n ) ( x. = 1 if the event is in state 1; ι
x. = 0 if the event is in state 0 )
7
X = (χ., χ , . . . , χ ) the v e c t o r which i n d i c a t e s the s t a t e of the η p r i m a r y
1. Lå XI
events
,S(X) the " s t r u c t u r e function" of the s y s t e m (this function
a s s u m e s the value 1 if the s y s t e m is in s t a t e 1, and
the value 0 if the s y s t e m is in s t a t e 0)
they satisfy the conditions ¿8J'.
S(X) ^ S(Y) for each Χ ^ Y
(where by X ^ Y we m e a n x. ^ y . , i = 1 , 2 , . . . , η)
S(l) = 1 w h e r e 1 = ( l , 1, . . . , 1)
S(0) = 0 w h e r e 0 = (0, 0, . . . , 0)
L e t us i n t r o d u c e s o m e o t h e r definitions.
C r i t i c a l s e t : a s e t of p r i m a r y events which p a r t i c u l a r l y influences
the s y s t e m a v a i l a b i l i t y .
F r o m what h a s b e e n s a i d above, the definitions of two p a r t i c u l a r types
of c r i t i c a l s e t s a r e d e r i v e d .
M i n i m a l cut s e t : m i n i m a l set of p r i m a r y events which, if they a r e all
in the 0 s t a t e , c a u s e the s y s t e m a l s o to be in the 0
s t a t e , i. e. " u n a v a i l a b l e " .
M i n i m a l tie s e t : m i n i m a l s e t of p r i m a r y e v e n t s , which, if they a r e
a l l in the 1 s t a t e , m e a n that the s y s t e m i s a l s o in the
1 s t a t e , i. e. " a v a i l a b l e " .
8
-EVENT
failure (bad event) no failure (good event)
STATE OF EVENT
0 1
PROBABILITY
unavailability availability
2. 2 R e m a r k s on some codes examined and the methodology of the CADI code
Codes for evaluating s y s t e m availability a r e essentially of two t y p e s : simulation codes and analytical codes. The simulation c o d e s , see for ex-ample ¿ 3 / , simulate the operation of the s y s t e m by causing changes of state in the p r i m a r y events with probabilities corresponding to reality. By making use of a logical description of the s y s t e m , they then specify the state of the final event corresponding to each situation c r e a t e d . Finally, on the basis of the r e s u l t s obtained by repeating many " h i s t o r i e s " of this sort, they evaluate the availability of the s y s t e m .
The analytical codes a r e c h a r a c t e r i z e d by t h r e e basic s t e p s :
- specification of critical sets of the s y s t e m ,
- computation of the availability of each p r i m a r y event
- evaluation of the availability of the s y s t e m
The first step r e q u i r e s logical elaborations, the second n u m e r i c a l ela-borations, and the t h i r d both logical and n u m e r i c a l elaborations.
Critical s e t s . Code ¿3/', oriented towards a faulttree r e p r e s e n t a t i o n , e m
ploys as critic al s et s the m i n i m a l cut sets which it finds either by s i m u l a -tion or by deterministic testing. Code /jj, oriented towards a block
9
-c a l s e t s the t i e s e t s whi-ch should be expli-cit in the r e p r e s e n t a t i o n .
CADI finds the m i n i m a l cut s e t s on the b a s i s of the s t r u c t u r e function of
the s y s t e m , which can be d e r i v e d d i r e c t l y from the f a u l t t r e e r e p r e s e n
t a t i o n .
P r i m a r y event a v a i l a b i l i t i e s . The c a l c u l a t i o n of the a v a i l a b i l i t y of each
p r i m a r y event r e q u i r e s r a t h e r l a b o r i o u s n u m e r i c a l e l a b o r a t i o n s . Very few
c o d e s , s e e for example ¿ | 7 , t a c k l e t h i s p r o b l e m .
In S e c . 2. 3 we r e p o r t a m e t h o d d e r i v e d d i r e c t l y from the t r a n s i t i o n m a t r i x
between t h e two s t a t e s (0 and 1) of the event, ¿ 9 / . This method, which does
not a p p e a r to have b e e n applied by o t h e r c o d e s , is employed by CADI.
S y s t e m a v a i l a b i l i t y . In o r d e r to d e t e r m i n e the availability of a s y s t e m , on
the b a s i s of the m i n i m a l cut s e t s , or on the b a s i s of the m i n i m a l tie s e t s ,
the bounds method / l O / can be employed. This method, used by code [lj ,
is a l s o u s e d by CADI and i s d e s c r i b e d in S e c . 2 . 4 .
2 . 3 Availability of a p r i m a r y event as a function of t i m e
The p r o b a b i l i t y t h a t a p r i m a r y event will be in s t a t e 1: availability, d e
pends upon v a r i o u s f a c t o r s . If the following hypotheses a r e a s s u m e d :
the failure d i s t r i b u t i o n i s known;
it i s p o s s i b l e to s u m m a r i z e in a d i s t r i b u t i o n , which we will c a l l " r e s
t o r a t i o n d i s t r i b u t i o n " , the c h a r a c t e r i s t i c s of m a i n t e n a n c e , of r e p a i r ,
and in g e n e r a l of r e s t o r a t i o n to the i n i t i a l conditions;
the failure r a t e \(t) and the r e s t o r a t i o n r a t e μ(ί) a r e time dependent
but not dependent on the previous "history" of the event;
one can consider a markovian p r o c e s s with transition m a t r i x 1 0
1
0
l - \ ( t ) d t \(t)dt
Ι Ο
-F r o m m a t r i x (l), indicating by ρ (t) and ρ (t) respectively the probability
that the p r i m a r y event will be in states 0 and 1 at time t, one obtains
' d p
—Γ= -λ(ί)Ρ ι00 + μ(ΐ)ρο00
dt
( 2 )
o
\
d t = ^ ( t )P l( t ) - μ(ί)ρο(ί)
To which must be added the initial condition
Pj(0) = 1 (3)
In p a r t i c u l a r , in c a s e s where the failure and r e s t o r a t i o n r a t e s a r e not
time-dependent, i. e. , if
λ(ί) = λ ( 4 )
μ(0
= μ
one is reduced to a homogeneous p r o c e s s and obtains
•(λ+μ)η
*oW = ΐάΐΓ
1 - e (5)At the beginning of the m i s s i o n , see (3), the availability of each p r i m a r y event is equal to 1. In the case of an u n r e s t o r a b l e event , the availability is
called reliability and tends towards 0 with t i m e . In the case of a r e s t o r a b l e event the availability initially follows the s a m e t r e n d as the reliability, and then remains at a higher value. In p a r t i c u l a r , if the failure and r e s t o r a t i o n
r a t e s a r e constant, both the reliability and the availability have an exponen tial trend as indicated in F i g . 2. The reliability tends asymptotically to z e r o ,
while the availability tends asymptotically to the value μ/( λ +μ).
2. 4 System availability and the bounds method
- l i
the probability that the s y s t e m is in state 1, by T. (i = 1 , 2 , . . , r) the event
" m i n i m a l tie set index i is good", we have
A = ΡΓ(Τχυ T2u . . . Tr) (6)
(Probability that at least one minimal tie set is good, and therefore that t h e r e exists at least one tie between any p r i m a r y event and the final event).
Similarly, indicating by C. (j = 1, 2„ „ „ , s) the event "minimal cut set in dex j of the system is good", we have
A = P r ^ n C2n . . . C ) (7)
(Probability that all the m i n i m a l cut sets of the s y s t e m a r e good, and therefore that there exists at least one good p r i m a r y event for each cut set).
Taking into account the relations between unions of a set of events, we obtain from (6)
A = P r ( T1u T2u . . . T r ) ^ \ P r ( T . )
i
Σ
pr(T
i» - E
pr(T
i" ν
κ J? 2 ^ Pr(T.) - 2_^ Pr(T. η T.) +
(8)κ J
+ Σ
Pr(Ti
n Tj
nv
-12· w h e r e
) P r ( T ) denotes the s u m of p r o b a b i l i t i e s t h a t e a c h t i e s e t i is good
E
P r ( T η T.) denotes the s u m of the p r o b a b i l i t i e s t h a t the t i e s e t s i Ji < j t a k e n two at a t i m e jointly a r e good
the indexing i < j , i < j < k, . . . g u a r a n t e e s that a given s e t i s not counted m o r e than once.
F u r t h e r m o r e , b e c a u s e
P r ( C n C n . . . C ) = 1 - P r ( C υ C υ . . . C )
X Là S X iL s
we obtain from (7)
A = 1 - P r f C j u C2 υ . . . Cg) > 1 - Y ^ P r ( C . )
i
ι Λ ρ
Γ(ο.)+Υ^ρ
Γ(ο^ C.;
E
p r ( c
i
n
V"
c
J
(9)
1 i < j
^ 1 - \ P r ( C . ) + \ P r ( C η C.) + (10) i i < j
1 3
-Equations (8) and (10) make it possible for us to calculate the availability of a s y s t e m , however complex it may be, even with connected p r i -m a r y events. But practically, for s y s t e -m s which include -many c r i t i c a l s e t s (of the o r d e r of hundreds) and with c r i t i c a l sets consisting of s e v e r a l p r i m a r y events (even if only 3 or 4), the calculation time becomes p r o h i -bitive. Among other things, even to find the c r i t i c a l s e t s , u n d e r these con-ditions, would take too long. T h e r e f o r e , the introduction of approxima-tions becomes unavoidable. These approximaapproxima-tions a r e essentially of three kinds
- To a s s u m e that the p r i m a r y events a r e unconnected. This condition
is generally satisfied, but m u s t be verified at the representation l e -vel.
- To consider only the most significant c r i t i c a l s e t s , for example the
m i n i m a l cut sets of a lower o r d e r of the s y s t e m , and those of an i m -mediately higher o r d e r . It will be noted that the relative e r r o r made in such a case in evaluating the s y s t e m unavailability is of the o r d e r of
2
p . , if p. is the a v e r a g e value of the unavailability of each p r i m a r y e-vent, and if these unavailabilities do not differ very much from each other. A s i m i l a r reasoning can be made for a case in which the m i -nimal tie sets of a s y s t e m a r e being considered.
- To limit oneself to considering the first t e r m s of the development of expressions (6) and (7). F o r example, by considering only the first
summation of expressions (8) and (10), which is equal to assuming the critical sets to be unconnected, approximations of the s a m e type
1 4 -s m a l l e r and of alternate -sign.
Fig. 3 shows that the tie set bounds (8) a r e most useful in the low a v a i l -ability region, while the cut set bounds (10) a r e most useful in the high
a-vailability region.
3. THE CADI CODE
CADI is a code for evaluating the unavailability of s y s t e m s having high
availability, is written in FORTRAN IV language and has been implemented on an IBM 370/165 computer. It consists of two p r o g r a m s : the CUTDET p r o
-g r a m and the AVANA p r o -g r a m .
3. 1 The CUTDET P r o g r a m
Given the s t r u c t u r e function of a s y s t e m , the CUTDET p r o g r a m finds the minimal cut s e t s . This s t r u c t u r e function m u s t be d e s c r i b e d in FORTRAN language by m e a n s of a subroutine called T R E E . This subroutine is written directly on the basis of a fault-tree r e p r e s e n t a t i o n . An example of how such a subroutine can be written is shown in F i g . 4.
The p r i m a r y events a r e indicated by E(l), I = 1 , 2 , . . . NE (where NE is the highest index of che p r i m a r y events). The derived events (gates) a r e i n -dicated by G(I), I = 1 , 2 , . . . NG (where NG is the highest index of the gates). The final event is indicated conventionally by T O P .
Two important r e m a r k s :
Not all the p r i m a r y events E(l) and not all the gates G(l) need n e c e s sarily appear in the f a u l t t r e e . Some can be left out. This c h a r a c t e r i s -tic of the p r o g r a m is very useful during design because it allows the
1 5
-some of them a r e substituted or eliminated.
- If one gate employs other gates as input, these (last-mentioned) gates m u s t be defined f i r s t .
The p r o g r a m subsequently finds the m i n i m a l cut sets of o r d e r 1,2, . . . 5. The m a x i m u m o r d e r of the m i n i m a l cut sets to be found m u s t be chosen by the u s e r .
The m i n i m a l cut s e t s , in addition to being printed, can also be punched on c a r d s . These c a r d s a r e then used as input for the AVANA p r o g r a m
which calculates the s y s t e m availability.
3. 1. 1 Input c a r d s
In addition to the subroutine TREE, only two c a r d s a r e n e c e s s a r y .
A. TITLE CARD ( F o r m a t : 20A4)
This c a r d is used to identify the s y s t e m being studied.
F r o m column 2 to column 80, any alphanumeric al c h a r a c t e r can be
pun-ched.
B. PARAMETERS CARD ( F o r m a t : 416)
The following p a r a m e t e r s should be punched:
NE - Highest index of the p r i m a r y events of the system; (NE 4NEMAX = 500).
According to what has been said in Sec. 3. 1, the number of p r i -m a r y events considered in the fault-tree can be l e s s than NE.
NG - Highest index of the s y s t e m gates; (NG £ NGMAX = 500).
As with the p r i m a r y events, the number of gates r e p r e s e n t e d in
1 6
-MAX - Maximum o r d e r of the m i n i m a l cut sets of i n t e r e s t ; (1 ^ -MAX <C 5).
I P P - P a r a m e t e r which determines if the m i n i m a l cut sets should only
be printed or punched as well.
If I P P = 1 the m i n i m a l cut sets a r e only p r i n t e d .
If I P P = 2 the minimal cut sets a r e both printed and punched.
3 . 1 . 2 Output from CUTDET
F i r s t of all the p r o g r a m prints all the input information. This print a l -lows easy control of the input p a r a m e t e r s and shows up any possible e r r o r
in the definitions of the p a r a m e t e r s t h e m s e l v e s .
The output information is collected in two t a b l e s . In the first table a r e reported all the minimal cut sets found listed according to t h e i r o r d e r . The second table, oriented towards a system sensitivity a n a l y s i s ,
consti-tutes one of the c h a r a c t e r i s t i c s peculiar to the CADI code. In it a r e indi-cated, for each o r d e r of minimal cut s e t s :
- the number of minimal cut sets;
- the total number of different p r i m a r y events appearing in these cut sets;
- the complete list of indexes of these events.
In this way the p r i m a r y events a r e automatically classified in o r d e r of i m portance with r e s p e c t to the availability of the s y s t e m . This information a l lows specification of alternative solutions to the same p r o b l e m without c a r -rying out n u m e r i c a l calculations but on the basis of qualitative considerations
alone. These solutions can be oriented, for example, to contain the cost or to achieve a certain level of availability.
1 7
-m o r e t h a n NCTMAX = 4000, the p r o g r a -m does not print the two tables d e s c r i b e d h e r e , but prints only the NCTMAX minimal cut sets of the s y s t e m which have been found first. This is due to the need to dimension the p r o g r a m a r r a y s . The NCTMAX p a r a m e t e r , as also the NEMAX and NGMAX p a r a m e t e r s , can easily be modified. This, of c o u r s e , implies a variation in the m e m o r y r e q u i r e m e n t s of the p r o g r a m ; see the next s e c tion. F o r the printouts r e f e r to the sample problem in Sec. 4 (a 22 p r i m a r y
event s y s t e m is considered).
3. 1. 3 Memory r e q u i r e m e n t s and running time
The m a x i m u m values of the NE, NG and NCTMAX p a r a m e t e r s
(NEMAX = 500, NGMAX = 500, NCTMAX = 4000) have been chosen so as to make complete use of the s m a l l e s t m e m o r y partition of the p r e s e n t c o m puting installation, which is of 132K bytes. These values can easily be changed by substituting five c a r d s of the p r o g r a m . The m e m o r y r e q u i r e ments M can be estimated by m e a n s of the relation
Cu TDET
M (bytes) ^ 32, 000 + 28»NEMAX + 4·NGMAX + 20·NCTMAX
The running t i m e Τ depends essentially upon NG and on the num-ber of combinations of NE objects taken MAX at a t i m e , which is the num
b e r of states of the s y s t e m that the p r o g r a m has to examine.
To find the cut sets of o r d e r 1, 2 and 3 of a system composed of 200 p r i m a r y events and 50 gates required roughly two m i n u t e s .
3.2 The AVANA p r o g r a m
The AVANA p r o g r a m evaluates the unavailability of a system as a
function of the m o s t significant minimal cut sets and of the c h a r a c t e r i s t i c s
1 8
-The subroutine A VAC OM computes the unavailability of each p r i m a r y event which appearîin the minimal cut sets as a function of: the type of failure distribution, the type of r e s t o r a t i o n distribution, the p a r a m e t e r s of these distributions t h e m s e l v e s .
At p r e s e n t the subroutine only handles the failure and r e s t o r a t i o n d i s t r i -butions at a constant r a t e and the constant availability distribution (fail-ure distribution with a constant cumulative probability during the m i s s i o n time considered, no r e s t o r a t i o n ) . Other distributions will be introduced shortly.
The method of computation is based upon the transition m a t r i x (1). In g e -n e r a l , it r e q u i r e s a -n u m e r i c a l i-ntegratio-n to determi-ne the u-navailability of a p r i m a r y event. In p a r t i c u l a r , if the failure and r e s t o r a t i o n r a t e s a r e constant, the computation is reduced to an analytical integration, see (5); this d e c r e a s e s the calculation time quite considerably.
The subroutine CHASYS computes the upper bound of the s y s t e m unavailability, and the successive two bounds, as a function of the m o r e s i g -nificant minimal cut sets and of the unavailability of each p r i m a r y event which appear in these critical s e t s .
The evaluation of the concept "most significant cut s e t s " is left to the u s e r . It will be noted that, for high availability s y s t e m s , if the unavailabi-lities of the p r i m a r y events do not differ very much from each other, we can consider only the minimal cut sets of lowest o r d e r in the s y s t e m , and eventually also those of the immediately higher o r d e r .
3. 2. 1 ^nput_ca_rds_
The AVANA p r o g r a m r e q u i r e s the following input c a r d s .
A. TITLE CARD ( F o r m a t : 20A4)
1 9
-B . PARAMETERS CARD ( F o r m a t : 616)
The following p a r a m e t e r s should be punched:
NE Highest index of the p r i m a r y events of the s y s t e m ; (NE ^ NEMAX = 500).
NECHR N u m b e r of different p r i m a r y events a p p e a r i n g in the cut s e t s
u n d e r c o n s i d e r a t i o n , and for which the failure and r e s t o r a
tion c h a r a c t e r i s t i c s a r e given; NECHR ^ NE.
NCT Number of cut s e t s under c o n s i d e r a t i o n ; (NCT $ NCTMAX = 1000).
IA ■» P a r a m e t e r which d e t e r m i n e s whether it is the unavailability
o r the u n r e l i a b i l i t y of the s y s t e m which has to be computed.
If IA = 1 the p r o g r a m will compute the s y s t e m unavailability.
If IA = 2 the input information on the r e s t o r a t i o n of the p r i m a
ry events will be ignored, and the p r o g r a m will compute the
s y s t e m u n r e l i a b i l i t y .
IB « P a r a m e t e r which d e t e r m i n e s whether only the f i r s t bound of
the s y s t e m unavailability m u s t be computed o r whether the
s u c c e s s i v e two bounds should also be computed.
If IB = 1 only the f i r s t bound is computed.
If IB = 2 the s u c c e s s i v e two bounds a r e also computed.
IT ■ P a r a m e t e r which s e l e c t s the type of time points of i n t e r e s t .
If IT = 1 the t i m e points a r e at a constant i n t e r v a l .
If IT = 2 the t i m e points can be spaced out a r b i t r a r i l y (see the
following i t e m ) .
C. NUMBER OF DATA POINTS AND MISSION TIME CARDS
T h e s e c a r d s differ a c c o r d i n g to the value of the p a r a m e t e r IT.
2 0
N P Number of t i m e points of inte r e s t , at constant i n t e r v a l ;
(1^< N P ^ 10).
T M A X Maximum m i s s i o n t i m e ; should be TMAX > 0 .
( T i m e i n t e r v a l = TMAX/NP )
C a s e IT = 2 In this second c a s e two or t h r e e c a r d s should be punched.
N P Number of t i m e points of i n t e r e s t ; (1 ■$ N P ^ 10). ( F o r m a t : 16)
TM Vector of length NP containing the m i s s i o n t i m e s of i n t e r e s t .
( F o r m a t : 6E12. 5).
The t i m e s should be in ascending o r d e r , and should be T M ( l ) > 0.
One o r two c a r d s a r e n e c e s s a r y to punch t h i s v e c t o r , a c c o r d
ing to the value of N P .
D. PRIMARY EVENTS CHARACTERISTICS CARDS ( F o r m a t : 216, 2E12. 5,
16, 2 E 1 2 . 5 )
One c a r d i s r e q u i r e d for each p r i m a r y event which a p p e a r s in the cut s e t s
u n d e r c o n s i d e r a t i o n . In each of t h e s e c a r d s should be punched:
I ■ Index of the p r i m a r y event.
I F AIL ■ Type of failure d i s t r i b u t i o n of the p r i m a r y event.
P F A I L " Vector of length 2 containing the f a i l u r e r a t e p a r a m e t e r s .
I R E P Type of r e s t o r a t i o n d i s t r i b u t i o n of the p r i m a r y event.
P R E R ■ Vector of length 2 containing the r e s t o r a t i o n d i s t r i b u t i o n p a r a
m e t e r s .
The p a i r s of d i s t r i b u t i o n types which the code can handle at p r e s e n t a r e a s
2 1
I F AIL
1
2 2
IRE Ρ
0
0 2
NOTE
constant cumulative probability of f a i l u r e ,
no r e s t o r a t i o n ; i. e. constant availability for
the m i s s i o n t i m e of i n t e r e s t
constant failure r a t e , no r e s t o r a t i o n
constant failure r a t e , constant r e s t o r a t i o n
r a t e
As f a r as the p a r a m e t e r s a r e c o n c e r n e d , s e e the following t a b l e :
■ » — — I F AIL
o r IRE Ρ
0
1
2
P F A I L ( l ) o r P R E P ( l )
-F
*\ o r μ
PFAIL(2) o r P R E P ( 2 )
-NOTE
the p a r a m e t e r s have no s i g n i
ficance
F = constant cumulative p r o b a
bility of failure of the p r i m a r y
event
A = constant failure r a t e of the
p r i m a r y event
/ * = constant r e s t o r a t i o n r a t e of
the p r i m a r y event
The second p a r a m e t e r will be u s e d for the two p a r a m e t e r d i s t r i b u t i o n s
which will be i n t r o d u c e d s h o r t l y into the code.
E . MINIMAL CUT SETS CARDS ( F o r m a t : 516)
One c a r d should be punched for each m i n i m a l cut s e t . T h e s e c a r d s a r e
2 2
-3 . 2 . 2 Output from AVANA
As with the CUTDET p r o g r a m , the AVANA p r o g r a m also first p r i n t s
all the input information.
The output information is collected in t h r e e t a b l e s .
F o r each m i s s i o n time of i n t e r e s t :
- the first table shows the unavailability of each p r i m a r y event,
- the second table shows the unavailability of the m i n i m a l cut s e t s ,
the third table shows the upper bound, and if r e q u i r e d the two s u c c e s -sive bounds, of the system unavailability.
F o r the printouts refer to the sample problem in Sec. 4 .
3 . 2 . 3 Memory requirements and running time
The c r i t e r i o n adopted for the choice of m a x i m u m values of p a r a m e t e r s NE and NCT (NEMAX = 500, NCTMAX = 1000), also for this p r o g r a m , is the complete utilization of the smallest m e m o r y partition of the computing installation. These values can easily be changed by substituting five c a r d s of the p r o g r a m .
A r e m a r k : In the CUTDET p r o g r a m NCTMAX = 4000 has been a s s u m e d , while in the AVANA p r o g r a m we have a s s u m e d NCTMAX = 1000. This is due to the fact that for a qualitative analysis of a s y s t e m it may be useful to know the cut sets of a higher o r d e r as well. But, for the analytical c a l -culation of the system availability, it is sufficient to take only the m o s t significant cut sets into consideration.
The m e m o r y requirements M A V A N A can be estimated by m e a n s of the
relation
2 3
-The running time depends essentially upon NEC HR, on the failure and r e s t o r a t i o n distribution of the p r i m a r y events, on the number and o r d e r
of the cut sets under consideration, on NP and on the p a r a m e t e r IB.
F o r s y s t e m s with some hundreds of p r i m a r y events having a constant r a t e of failure and r e s t o r a t i o n , and with about a thousand cut sets of o r d e r 2. the calculation of the upper bound of the unavailability of the system at
10 different t i m e s needs only a few tens of seconds.
3. 3 Developments planned
T h e r e a r e various improvements planned for p r o g r e s s i v e introduction into the code. The most important a r e :
- The possibility of handling failure and restoration distributions having r a t e s variable in t i m e ; for example lognormal, n o r m a l , gamma, or
Weibull distributions.
- The possibility of dealing with connected events, for example
sequen-tial e v e n t s .
- R e s e a r c h into the m o s t significant minimal cut sets of the system taking into account the availabilities of the p r i m a r y events. This for-mulation will save a great amount of computer time in cases of large
s y s t e m s with p r i m a r y events which have very different availabilities, and can be considered equivalent to a sensitivity analysis c a r r i e d out
in a c l a s s i c a l m a n n e r .
4. SAMPLE PROBLEM
In o r d e r to d e s c r i b e the details of the code, we will consider the s y s
-t e m p r e s e n -t e d in F i g . 5. The failure and res-tora-tion c h a r a c -t e r i s -t i c s of
the p r i m a r y events a r e reported in Fig. 6. We will determine the
unavail-ability and unreliunavail-ability of the s y s t e m for mission times of between 1 and
2 4
-CUTDET p r o g r a m
The subroutine TREE, shown in Fig. 7, is derived directly from the fault-tree in F i g . 5; Fig. 8 shows the two input c a r d s .
F i g s . 9, 10 and 11 show the p r o g r a m p r i n t s . F i g . 9 gives the input
infor-mation. Fig. 10 shows a s u m m a r y of the logical analysis of the s y s t e m . This last figure i l l u s t r a t e s that the s y s t e m does not have cut sets of o r d e r 1, or cut sets of o r d e r 4, and that, of the 22 p r i m a r y events of which the
s y s t e m is composed, only 13 influence the s y s t e m availability in a signi-ficant m a n n e r . These 13 p r i m a r y events a r e those which appear in the cut
sets of o r d e r s 2 and 3. F o r a n u m e r i c a l calculation of the s y s t e m a v a i l -ability it is sufficient to consider these 13 p r i m a r y events, the 7 m i n i m a l cut sets of o r d e r 2 (the m o r e important), and the 3 m i n i m a l cut sets of
o r d e r 3. In F i g . 1 1 a complete list of the minimal cut sets of the s y s t e m is given.
AVANA p r o g r a m
The input c a r d s for the calculation of the s y s t e m unavailability a r e given in Fig. 12. In F i g s . 13, 14 and 15 a r e shown the input information p r i n t s . Fig. 13 shows the p a r a m e t e r s of the problem, in Fig. 14 a r e shown the c h a r a c t e r i s t i c s of the p r i m a r y events, and F i g . 15 groups the m i n i m a l cut s e t s .
In F i g s . 16, 17 and 18 a r e shown the output information p r i n t s , F i g . 16 shows the unavailability of the p r i m a r y events, F i g . 17 indicates the
un-availability of the m i n i m a l cut s e t s . F r o m Fig. 18 we can see that the s y s t e m availability stabilizes after about 1, 000 h o u r s ; it will be noticed, m o r e o v e r , that the first and third bound of the s y s t e m unavailability practically coincide, which is due to the high availability of the p r i m a r y events.
The input cards of Fig. 11, with one modification only on the second c a r d ,
2 5
-under consideration. F o r very brief times the unavailability and unrelia-bility practically coincide. Then, while the unavailaunrelia-bility stabilizes at a
-4
value of 0. 133*10 , the unreliability continues to i n c r e a s e quite notice-ably, and tends to 1 with t i m e . Finally, it will be noted that for these high-er m i s s i o n t i m e s , F i g . 19 r e v e a l s an appreciable diffhigh-erence between the first and third bound of the system unreliability. This is due to the fact that the s y s t e m reliability is small.
ACKNOWLEDGEMENTS
P a r t of this work has been c a r r i e d out in the frame of the contract EURATOM-CNEN 027-71-PIPGI (RVC-71-064-PEC). Thanks a r e due to M r . R. Di Sapia of CNEN and to M r . G. Volta of EURATOM, who a r e responsible for the contract, for support and discussions.
Acknowledgements a r e also due to M r . L. F a r e s e for critical reading of the m a n u s c r i p t and subsequent helpful suggestions and M e s s r s .
2 6
R E F E R E N C E S
[ \ ] Colombo Α. G . , R i c c h e n a R. , Volta G. , "Survey and C r i t i c a l
A n a l y s i s of P r o g r a m s for S y s t e m R e l i a b i l i t y C o m p u t a t i o n " ,
CREST S p e c i a l i s t Meeting on R e l i a b i l i t y , Munich, May 1971,
MRR 90 (1971)
[Z] McKnight C. W. , Modiest L . J. , Schmidt N . E . , "An A u t o m a t i c
Reliability M a t h e m a t i c a l Model", P r o c . 1965 Ann. Symp.
on R e l i a b i l i t y , Miami Beach, F l o r i d a , 1965, pp. 518531
/ ~ 3 _ / G a r r i c k B . J . , G e k l e r W . C . , Goldfisher L. , S h i m i z n B . , Wilson
J. Η. , "Reliability A n a l y s i s of N u c l e a r P o w e r P l a n t P r o t e c t i v e
S y s t e m s " , HN190, AEC R & D R e p o r t , H o l m e s & N a r v e r ,
Inc. , Nuclear Division, Los Angeles (1967)
¿ 4 J Woodcock E . R . , "The Calculation of Reliability of S y s t e m s . The
P r o g r a m NOTED", UKAEA AHSB(5), R117 (1968)
f i j Vesely W . E . , "A T i m e d e p e n d e n t Methodology for F a u l t t r e e
E v a l u a t i o n " , Nuclear Engineering and Design, 13 (1970),
pp. 337360
fej Vesely W . E . , N a r u m R . E . , " P r e p and Kitt: C o m p u t e r Codes for
the Automatic Evaluation of a F a u l t t r e e " , IN 1349, Idaho
Nuclear C o r p o r a t i o n , Idaho (1970)
[l] Nelson A. C . J r . , B a t t s J . R . , B e a d l e s R. L. , "A C o m p u t e r P r o g r a m
for Approximating S y s t e m R e l i a b i l i t y " , I E E E T r a n s a c t i o n on
R e l i a b i l i t y , V o l . R 1 9 , No. 2, May 1970, p p . 6165
/~8_7 E s s a r y J. D. , P r o s c h a n F . , " C o h e r e n t S t r u c t u r e s of N o n I d e n t i c a l
C o m p o n e n t s " , T e c h n o m e t r i c s , V o l . 5 , No. 2, 1963a, p p . 191
2 7
-/*9_/ Shooman M. L. , "Probabilistic Reliability - An Engineering Approach", McGraw Hill Book Co. , New York, 1967
2 8
P r i m a r y event, c h a r a c t e r i z e d by a failure d i s t r i
-bution and a r e s t o r a t i o n distri-bution
Event which is not developed further due to lack of
information. This event must be c h a r a c t e r i z e d as a
p r i m a r y event
OUT
OR gate. The output event occurs only if at least one of the input events occurs
AND gate. The output event occurs if, and only if, all the input events occur
Event d e s c r i p t o r . This symbol is used to d e s c r i b e the event r e p r e s e n t e d by a gate
OUT
T r a n s f e r symbols. These symbols a r e used to t r a n s -fer an entire part of the t r e e to other locations on the t r e e
[image:32.595.72.549.45.734.2]availability
time
Fig. 2-Availability and reliability of a primary event (λ and μ costants)
first bound given by (10)
exact value
first bound given by(8)
.8 -6 A .2 0
primary event availability
Fia.3-System availability approximations
TOP
Maximum index for primary events,NE=7
Maximum index for gates, NG=4
Note: primary events A and 6 and gate 2 are not considered
ÍF
5J
Θ © Θ
Θ ®
SUBROUTINE TREE (E.G.TOP)
LOGICAL E(1),G(1).TOP
G ( 1 ) = E(1).OR.E(2).OR.E(7)
G(3) = E(1).AND.E(3)
G(A) = G(1). AND. G(3). AND . E(5)
TOP = G (4)
RETURN
END
Fig. k- Fault-tree representation and subroutine TREE of a 7 primary event system
r>l
çs r-ÉfrL· Ç5 (^
(^
0 @ ®
Θ© ¿@®^) © © © © ¿ Θ
31
P R I M A R Y E V E N T
I N D E X
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
E x p m e a n s <
r a t e . C o n s t
m i s s i o n t i m
F A I L U R E
C H ARAC Τ Ε RIS Τ IC S*
D i s t r i b u t i o n
E x p
E x p
C o n s t
E x p
E x p
E x p
E x p
E x p
C o n s t
E x p
C o n s t
E x p
E x p
E x p
E x p
E x p
C o n s t
E x p
E x p
E x p
E x p
E x p
P a r a m e t e r
λ= . 50. I O "5
λ= . 3 0 . I O "4
F = . 5. I O "4
λ= . 8 0 . I O "5
λ= . 3 5 . 1 0 *5
- 4 λ = . 4 0 . 10
λ = . 4 0 . I O "5
λ = . 2 0 . I O "5
F = . 1. I O "3
λ = . 1 5 . 1 0 "4
F = . 10. I O "3
F = . 10. I O "3
λ = . 3 0 . I O "5
- 5 λ - . 3 0 . 10
λ = . 3 0 . 1 0 ~5
λ= . 6 0 . i o "4 F = . 5. I O "4
λ = . 1 5 . 1 0 "
λ = . 5 0 . I O "4
λ = . 7 5 . 1 0 "
λ = . 2 5 . IO"
λ = . 5 0 . 1 0 "
s x p o n e n t i a l d i s t r i b u t i o n (conste
m e a n s c o n s t a n t c u m u l a t i v e pr<
e of i n t e r e s t ; F = v a l u e of the
R E S T O R A T I O N C H A R A C T E R I S T I C S *
D i s t r i b u t i o n
E x p
E x p
_
E x p
E x p
E x p
E x p
E x p
-E x p
-E x p
E x p
E x p
E x p
-E x p
E x p
E x p
-P a r a m e t e r
μ = . 3 0 . 10"
μ = . 4 0 . I O "1
_
μ = . 5 0 . I O "2
μ = . 4 5 . I O "2
μ = . 2 5 . I O "1
μ = . 2 5 . I O- 2
μ = . 8 0 . I O "2
-μ = . 7 5 . I O "1
--2 μ = . 2 0 . 2 0
-2 μ = . 2 0 . 10
-2 μ = . 2 0 . 10
μ = . 2 0 . 10"
~
-μ = . 4 0 . 1 0 "1
μ = . 3 0 . 10~
μ = . 1 5 . 1 0 "
-mt r a t e ) ; λ» μ = v a l u e of t h e Dbability d i s t r i b u t i o n for the
c o n s t a n t p r o b a b i l i t y .
3 2
-SUBROUTINE TREC(E,G,TGP) LGCICAL C 11 ) , G ( 1 ) ,7GF G ( l ) = E ( l ) . O R . E ( S ) . J R . E ( 1 0 ) 0 12) -E Cf) . MO.£lò)
G ( 3 ) « E ii).AND.E(13).ANO.E(15).AMD.EÍ13) G ( 4 ) = E ( 1 1 ) . A N U . E ( 1 2 )
G ( i > ) = L ( 1 6 ) . U R . E ( 2 1 ) G ( 6 ) = E U ) . U R . L ( 7 ) G ( 7 ) = E 1 3 ) . U R . C ( 3 ) 0 ( 8 ) = E ( 2 C ) . A N D . G ( l ) G ( y ) = L ( 7 ) . A l i J . E Í 1 9 )
G ( 1 Ü ) = E ( 2 ) . U R . E K ) . G R . G ( 3 >
G ( 1 1 ) = G ( 4 ) . 0 R . G Í 5 )
G ( 1 2 ) = 0 ( 7 ) . A N D . E ( 2 ) . A N O . E ( l ó ) G ( 1 3 ) =G(8) . U R . G Í 9 ) . CP.G12) G ( 1 4 ) = E ( 7 ) .AND. E (2 0 ) . ANO. G( 10) G ( 1 5 J = E (2) . A N D . G ( 1 1 )
G ( l ó ) = E H 6 ) .AND. E ( 1 7 ) . ANU. E( 21) . A N D . G ( 6 ) . AN D.E( 2 2 ) 0 ( 1 3 ) = G ( 1 ¿ ) . Ü R . G ( 1 3 ) . Ü R . G l 1 4 ) . U R . G t 1 5 ) . J R . G ( 1 6 )
TUP=G(1C) RE TURN [NU
Fig. 7 - P r o g r a m CUTDET. Subroutine T R E E .
SAMPLE PROBLEM
22 18
CUTDET PROGRAM INPUT INFORMATION
PRÜbLEM TI TLE
NUMUER OP PRIMARY EVENTS, NE
NUMBER OF DERIVED EVENTS ( G A T E S ) , NG
UPPER ORDER OF THE MINIMAL CUT SETS TO BE CHECKED, MAX
PRINT-PUNCH PARAMETER, I P P
I F I P P = 1 THE MINIMAL CUT SETS ARE PRINTED ONLY
I F I P P = 2 THE MINIMAL CUT SETS ARE BOTH PRINTEO AND PUNCHED
SAMPLE PROBLEM
22
18
5
2
w
I
CUTDET PROGRAM - OUTPUT INFORMATION
GkOER OF THE MINIMAL CUT SETS
1
2
3
4
5
FROM 1 TO 5
NUMBER OF MINIMAL CUT SETS
O
7
3
O
2
TOTAL NUMBER OF DIFFERENT PRIMARY EVENTS
O
11
6
O
9
IS
INDEX OF EACH PRIMARY EVENT
1 2 4 6 7 8 10 16 19 20 21
2 4 7 11 12 20
0
7 13 15 16 17 18 20 21 22
1 2 4 6 7 8 10 11 12 13 15 16 17 18 19 20 21 22
ι w
if*
I
F ig . 10 - P r o g r a m CUTDET. Output Information.
MINIMAL CUT SETS
SET ORDER SET INDEX PRIMARY EVENTS INDEXES
2 2 2 2
1
2
ι
4
7
S
0
2
4
7
7 20
16
¿1
6
19
20
20
7
11
7
13
16 20
12
20
15
17 18
21 20
22
ι
tu tn I
F i g . 11 P r o g r a m C U T D E T . Output Information (cont. )
[image:39.842.73.500.118.475.2]36· 22 9 1. 1. 1 2 4 6 7 8 10 11 12 16 19 20 21 1 2 2 4 7 8 10 2 2 4 13 E+CO E + C2
2 2 2 2 2 2 2 1 1 2 2 2 2 2C 16 21 6 19 20 20 7 11 7 10 3. 3. .5 .3 .8 .4 .4 .2 .15 .1 .1 .6 .5 .75 .25 20 12 20 i ;
E + 0 0 1. E + 0 3 1.
E-05 E-04 E-05 E-04 E-05 E-05 E-04 E-03 E-03 E-04 E-04 E-04 E-04
Ζ 2
E + Cl 3. E + C4
2 2 2 2 2 2 2 2 2 2 2
E + 0 1
.3 .4 .5 .25 .25 .8 .75 .2 .4 .3 .15
1. E + 0 2 3
E-02 E-Ol E-02 E-Ol E-02 E-02 E-Ol E-Ol E-Ol E-Ol E-Ol SAMPLE PROBLEM ε+02
[image:40.595.83.524.81.638.2]AVANA PROGRAM - INPUT INFORMATION
PROBLEM TITLE
NUMBER OF PRIMARY EVENTS, NE
NUM3ER OF PRIMARY EVENTS OF WHICH THE CHARACTERISTICS ARE GIVEN, NECHR
NUMBER OF MINIMAL CLT SETS, NCT
RESTORATION PARAMETER, IA
IF IA=1 THE INPUT INFORMATION ON RESTORATION IS CONSIDERED
IF IA=2 SUCH INFORMATION IS IGNOREC, (UNAVAILABILITY=UNRELIABILITY)
BOUNDS PARAMETER, IB
IF 18=1 ONLY THE UPPER BOUND OF ThE SYSTEM UNAVAILABILITY IS COMPUTED IF 13=2 ALSO THE TWO SUCCESSIVE BOLNOS ARE COMPUTED
TIKE POINTS PARAMETER, IT
IF IT=1 THE TIME POINTS ARE EVENLY SPACED, AT INTERVAL TMAX/NP IF IT=2 THE TIME POINTS ARE ARBITRARILY SPACED, EXPLICITLY INPUT
TOTAL NUMBER OF TIME POINTS, NP TIME POINTS (HOURS)
O.IOOOOE 0 1 0 . 3 0 C 0 0 E 0 1 0 . 1 0 0 0 0 E 02 0 . 3 0 0 0 0 E 02 0 . 1 0 0 0 0 E 0 3
0.30COOE 0 3 0.1CC0CE 04 0 . 3 0 0 0 0 E 04 O.1C0C0E 05
SAMPLE PROBLEM
2 2
13
10
1
ι
I
PRIMARY EVENTS DATA PRIMARY EVENT INDEX TYPE OF FAILURE
DISTRIB F A I L U R E P A R A M E T E R S
TYPE OF
RESTOR
C I S T R I 8 R E S T O R A T I O N P A R A M E T E R S
1 2 4 6 7 8 10 11 12 16 19 20 21 2 2 2 2 2 2 2 1 1 2 2 2 2 0.50000E-05 0.30000E-04 0.8000CE-05 0.4C000E-04 0.40000G-05 0.20000E-05 0.15000E-04 0.10000E-03 0.1CC00E-03 0.6C000E-04 0.5CO0OE-04 0.75000E-04 0.2 5000E-04 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 2 2 2 2 2 2 2 0 0 2 2 2 2 0.30000E-02 0.40000E-01 0.50000E-02 0.25000E-01 0.25000E-02 0.80000E-02 0.75000E-01 0.0 0.0 0.20000E-01 0.40000E-01 0.30000E-01 0.15000E-01 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 I ω oo I
MINIMAL CUT SETS
CUT SET INDEX PRIMARY EVENTS INDEXES
1 2 3 4 5 6 7 8 9 10
1 2 2 4 7 8 LO 2 2 4
20 16 21 6 19 20 20 7 11 7
20 12 20
ι ω νο
ι
AVANA PROGRAM - OUTPUT INFORMATION
PRIMARY EVENTS UNAVAILABILITY PRIMARY EVENT INDEX 1 2 4 6 7 8 10 11 12 16 19 20 21
MISSICN TIME (HOURS) 0.1C0E 01 C.499E-C5 0.294E-04 0.798E-05 0.395E-04 C. 399E-05 0.199E-05 0.145E-04 C.100E-03 0.1C0E-03 0. 594E-04 C.490E-C4 0.739E-04 0.248E-04 0.300E 01 0.149E-04 0.848E-04 0.238E-04 0.116E-03 0. 120E-04 0.593E-05 0.403E-04 0.100E-03 0.100E-03 0. 175E-03 0.141E-03 0.215E-03 0.733E-04 0.100E 02 0.493E-04 0.247E-03 0.780E-C4 0.354E-03 0.395E-04 0.192E-04 0.106E-03 0.100E-03 0.100E-03 0.544E-03 0.412E-03 0.648E-03 0.232E-03 0.300E C2 0.143E-C3 0.524E-03 0.223E-03 0.844E-03 0.116E-C3 0.533E-04 0.179E-03 0.100E-03 0.100E-03 0.135E-02 0.873E-C3 0.148E-02 0.604E-03
0. 1C0E 03
0.432E-03 0.736E-C3 0.629E-03 0.147E-C2 0.354E-03 0.138E-03 O.2C0E-03 0.10CE-03 0.100E-03 0.259E-02 0.123E-02 0.237E-02 0.129E-02 0.300E 03 0.988E-03 0.749E-03 0.124E-02 0.160E-02 0.844E-03 0.227E-03 0.200E-03 0.100E-03 0.100E-03 0.298E-02 0.125E-02 0.249E-02 0.165E-02 0.100E 04 0.158E-02 0.749E-03 0.159E-02 0.160E-02 0.147E-02 0.250E-03 0.200E-03 0. 100E-03 0. 100E-03 0.299E-02 0. 125E-02 0.249E-02 0.166E-02 0.300E 04 0.166E-02 0.749E-03 0. 160E-02 0.160E-02 0.160E-02 0.250E-03 0.200E-03 0.100E-03 0. 100E-03 0.299E-02 0.125E-02 0.249E-02 0.166E-02 0.100E 05 0.166E-02 0.749E-03 0. 160E-02 0.16GE-02 0.160E-02 *> O 0.250E-03 ι 0.200E-03 0. 100E-03 0.100E-03 0.299E-02 0.125E-02 0.249E-02 0.166E-02
MINIMAL CUT SETS UNAVAILABILITY
CUT SET
INDEX 1 2 3 4 5 6 7 8 9 10
M I S S I O N TIME
ÌHOURS)-0 . 1 ÌHOURS)-0 ÌHOURS)-0 E ÌHOURS)-0 1
C . 3 6 9 E - 0 9
0 . 1 7 5 E - 0 8
0 . 7 3 0 E - 0 9
0 . 3 1 5 E - 0 9
0 . 1 9 6 E - 0 9
0 . 1 4 7 E - 0 9
0 . 1 0 7 E - 0 8
0 . 8 6 8 E - 1 4
0 . 2 9 4 E - 1 2
0 . 2 3 6 E - 1 4
0 . 3 0 0 E 0 1
0 . 3 2 1 E - C 8
0 . 1 4 8 E - 0 7
0 . 6 2 2 E - 0 8
0 . 2 7 5 E - 0 8
0 . 1 6 9 E - 0 8
0 . 1 2 8 E - 0 8
0 . 8 6 7 E - 0 8
0 . 2 1 8 E - 1 2
0 . 8 4 8 E - 1 2
0 . 6 1 3 E - 1 3
0 . 100E 0 2
0 . 3 1 9 E - 0 7
0 . 1 3 4 E - 0 6
0 . 5 7 4 E - C 7
0 . 2 7 6 E - 0 7
0 . 1 6 3 E - 0 7
0 . 1 2 4 E - 0 7
0 . 6 8 3 E - 0 7
0 . 6 3 3 E - 1 1
0 . 2 4 7 E - 1 1
0 . 2 0 0 E - 1 1
0 . 3 0 0 E 02
0 . 2 1 3 E - 0 6
0 . 7 0 9 E - 0 6
0 . 3 1 6 E - C 6
0 . 1 8 8 E - 0 6
0 . 1 0 1 E - 0 6
0 . 7 9 1 E - 0 7
0 . 26 5 E - 0 6
0 . 8 9 8 E - 1 0
0 . 5 2 4 E - 1 1
0 . 3 8 2 E - 1 0
0 . 100E C3
0 . 1 0 2 E - 0 5
0 . 1 9 0 E - 0 5
0 . 9 5 2 E - 0 6
0 . 9 2 3 E - 0 6
0 . 4 3 4 E - 0 6
0 . 3 2 6 E - G 6
0 . 4 7 4 E - 0 6
0 . 6 1 7 E - 0 9
0 . 7 3 6 E - 1 1
0 . 5 2 ε Ε - 0 9
C . 3 0 0 E 0 3
0 . 2 4 6 E - 0 5
0 . 2 2 4 E - 0 5
0 . 1 2 3 E - 0 5
0 . 1 9 8 E - 0 5
0 . 1 0 5 5 - 0 5
0 . 5 6 7 E - 0 6
0 . 4 9 9 E - 0 6
0 . 1 5 8 E - 0 8
0 . 7 4 9 E - 1 1
0 . 2 6 1 E - 0 8
0 . 1 0 0 E 0 4
0 . 3 9 4 E - 0 5
0 . 2 2 4 E - 0 5
0 . 1 2 5 E - 0 5
0 . 2 5 3 E - 0 5
0 . 1 8 3 E - 0 5
0 . 6 2 3 E - 0 6
0 . 4 9 9 E - 0 6
0 . 2 7 4 E - 0 8
0 . 7 4 9 E - 1 1
0 . 5 8 0 E - 0 8
0 . 3 0 0 E 0 4
0 . 4 1 5 E - 0 5
0 . 2 2 4 E - 0 5
0 . 1 2 5 E - 0 5
0 . 2 5 5 E - 0 5
0 . 1 9 9 E - 0 5
0 . 6 2 3 E - 0 6
0 . 4 9 9 E - 0 6
0 . 2 9 8 E - 0 8
0 . 7 4 9 E - 1 1
0 . 6 3 6 E - 0 8
0 . 1 0 0 E 0 5
0 . 4 1 5 E - 0 5
0 . 2 2 4 E - 0 5
0 . 1 2 5 E - 0 5
0 . 2 5 5 E - 0 5
0 . 1 9 9 E - 0 5
0 . 6 2 3 E - 0 6 ι
0 . 4 9 9 E - 0 6 Η»
0 . 2 9 9 E - 0 8
0 . 7 4 9 E - 1 1
0 . 6 3 6 E - 0 8
F i g . 17 P r o g r a m AVANA. Output Information (cont. )
SYSTEM UNAVAILABILITY
MISSION TIME
(HOURS) O.IOOE 01 0.300E 01 O.IOOE 02 0.300E 02 O.IOOE 03 C.300E 03 O.IOOE 04 0.30CE 04 O.IOOE 05
UNAV. (UPPER BOUND)
0.457E-C3 0.386E-07 0.348E-06 0.187E-05 0.604E-05 0.100E-04 0. 129E-04 O.133E-04 O.133E-04
UNAV. (SECOND 3CUN0)
0.457E-C8 0.386E-07 0.348E-06 0.187E-C5 0.6C4E-C5 0.100E-04 0.129E-04 0.133E-C4 0.133E-C4
UNAV. (THIRD BOUND)
0.457E-08 0.386E-07 0.348E-06 0.187E-05 0.604E-05 0.100E-04 0.129E-04 0.133E-04 0.133E-04
ι
SYSTEM U N A V A I L A B I L I T Y
MISSION TIME
(HUURS)
0 . 1 OCE 01
0. 3 00E 01
O.IOOE 02
0. 30ÙE 02
O.IOOE 03
0.3C0E 03
O.IOOE 04
0. 30CE 0 4
O.IOOE 05
UNAV. (Ut'PSR BOUND)
Û . 4 7 2 E - 0 Û 0 . 4 2 5 E - 0 7 0 . 4 7 2 E - 0 6 0 . 4 2 4 E - 0 5 0 . 4 7 0 E - 0 4 0 . 4 2 G E - 0 3 0 . < t 5 5 E - ú 2 0 . 3 8 1 E - 0 1 0 . 3 3 2 E 00
UM A V . (SECOND BOUND)
0.472E-C3
0.425E-07
0.472E-06
0.424E-05
0.47GE-Û4
0.419E-C3
0.449 E-02
G.363E-C1
U.26ÛÉ 00
UNAV. ( T H I R D ÖUUND)
C . 4 7 2 E - 0 8 0 . 4 2 5 E - 0 7 0 . 4 7 2 E - 0 6 0 . 4 2 4 E - 0 5 0 . 4 7 0 E - 0 4 0 . 4 1 9 E - 0 3 Û . 4 4 9 E - 0 2 0 . 3 6 4 E - 0 1 0 . 2 7 1 E 0 0
ι Φ-OJ I
F i g . 19 S y s t e m unavailability in the c a s e of no r e s t o r a t i o n
«ΙίαίΠΒϊΚ.·· 1;;'
"WM
„.«Kt..
warn
^ÊÈmam
íaiÍt.M>!.Ki)tiÍ: )''»f··
WM tö»'J . Ali•Mäi?*cn2W
All scientific and technical reports published by the Commission of the
, F : . U » Ì .
l||jí¡'· Office for Official Publications
t 'JH<kh> «Mijl,
!
t-<:>¡-of the European Communities Case postale 1003
Luxembourg 1
<!», : rt
>'«*
iv. 'wfimWWiï
* TSÜI Tl .inUViWit'fiwiWÎBlniRHiy \mW hl: Λ , IPJni
a«
SALES OFFICES
The Office for Official Publications sells all documents published by the Commission of
* ■ " κ ·<ίΓΐτί·»ΓΛ^ΐΊ-tffrirfi'Çf?*«'^■¡';M¿ιniTOi'nu»ÆHMaiti■
ΡΙ Sill w
! !
^^eiilliiS íPIPPi
U N I T E D K I N G D O M I T A L Y
HM. Stationery OWcXtfM ïg$ oreria delio StaU
■ —■ -69
. 1 - Tel. 01-928 69 77, ext. 365
P.O. Box 569 London S.E.
OijKKI*
Piazza G. Verdi 10 00198 Roma — Te!. (6) 85 ( CCP 1/2640
NETHERLANDS
Staatsdrukkerij- en uitgeve
JtìiW
■jinn·**
l i t U it» :'.M i i » l i f t
Moniteur belge — Belgisch Staatsblad
Rue de Louvain, 40-42 — Leuvenseweg 40-42 1000 Bruxelles — 1000 Brussel. — Tel. 12 00 26 CCP 50-80 — Postgiro 50-80
Agency ;
Librairie européenne — Europese Boekhandel Rue de la Lol 244 — Wetstraat 244
1040 Bruxelles — 1040 Brussel
FRANCE
DENMARK
wm
J.H. Schultz — Boghandel
Møntergade 19
DK 1116 København K — Tel. 141195
Service de vente en France des publications des Communautés européennes — Journal ottlciel
26, rue Desaix — 75 732 Paris - Cedex 15e Tel. (1) 306 51 00 — CCP Paris 2 3 " "
rgever/ybedri/r stoffel Plantijnstraat
■s-Gravenhage — Tel. (070) 81 4511 Postgiro 42 53 00
UNITED STATES OF AMERICA
European Community Inlormatlon Service
2100 M Street, N.W. Suite 707
Washington, D.C. 20 037 — Tel. 296 51 31
li
Tel. (1) 306 51 00 — CCP Paris 23-96
GERMANY (FR) S W E D E N
Verlag Bundesanzeiger
5 Köln 1 — Postfach 108 006 Tel. (0221) 21 03 48
Telex: Anzeiger Bonn 08 882 595 Postscheckkonto 834 00 Köln
TT. tLij^'Mlri ,.,ϊ,ί! .nhlHfe:tu'.".ΜΙ*.
3RAND DUCHY OF LUXEMBOURG
Oflice lor Ollicial Publications ol the European Communities Case postale 1003 — Luxembourg Tel. 4 79 41 — CCP 191-90
Compte courant bancaire : BIL 8-109/6003/200
¿1 »ir »•fir* »i?f|f
ia«
Post Giro 193. Bank Giro 73/4015
I
!
Libreria Mundl-Prensa
Castello 37
Madrid 1 — Tel. 275 51 31
¡na
JSMÌ
mr
OTHER COUNTRIES0///CS tor Ollicial Publications
o/ the European Communities
Case postale 1003 — Luxembourg Tel. 4 79 41 — CCP 191-90
Compte courant bancaire : BIL 8-109/6003/:
Γ » wiflSvUAB-νΐ^ΙΙπΙ.'Η ¡«Π»**«'·«'';' m lîmr · *m
1
wMIJffiP'™
OFFICE FOR OFFICIAL PUBLICATIONS OF THE EUROPEAN COMMUNITIES
r · . . « n n ^ i o i . -inn» — ι „ » » » ^ „ „ , 60'
