Handbook of Reliability, Availability, Maintainability and Safety in Engineering Design - Part 46 ppsx

4.3.2 Analytic Development of Availability and Maintainability Assessment in Preliminary Design Techniques selected for further development of availability and maintainability as-sessmen

Fig 4.16 Flowchart of the

Monte Carlo simulation

pro-cedure (Law et al 1991)

H times a) Generate samples of

x1and x2

N times

M times

b) Generate samples of ε1 (x1)

d) Generate samples of ε2 (x2,y)

f) Obtain c.d.f or p.d.f

of z

c) Calculate output of simulation model I y=F1(x1)+ ε1 (x1)

c) Calculate output of simulation model II z=F2(x2,y)+ε2 (x2,y)

The Monte Carlo simulation approach generates statistical estimates of the sys-tem output based on the given distributions of the inputs and error models This gives more information than does the extreme condition approach, by which only the best and worst performance are estimated Because the statistical approach is based on Monte Carlo simulation, it often requires a large number of simulations More effective sampling techniques such as the Latin hypercube and fractional fac-torial design can be used to reduce the amount of simulations (Hicks 1993) The Monte Carlo simulation procedure is as follows (Law et al 1991):

i) Generate H samples of x1 and x2as simulation inputs based on distribution functions

ii) For the given x1, calculate the distribution parameters of the internal uncer-taintyε1(x1) for simulation model I, and generate N samples of the internal

uncertaintyε1for simulation model I based on the distribution function iii) Evaluate the corresponding output y = F1(x1)+ε1(x1) for simulation model I iv) For each y, calculate the distribution parameters of the internal uncertainty

ε2(x2y ) of simulation model II, and generate M samples of the internal

uncer-taintyε2based on the distribution function

v) Evaluate the corresponding output z = F2(x2)+ε2(x2) for simulation model II vi) Calculate the mean valueμz , the standard deviationσzor the c.d.f and p.d.f

of z based on H × M × N samples of z.

d) Mitigating the Effect of Uncertainty

To assist designers to make reliable design decisions under uncertainties, the pro-posed techniques of propagating the effect of uncertainties is integrated with the

multidisciplinary optimisation approach based on the principles of robust design,

i.e by extending the quality engineering concept to the mitigation of the effects of both external and internal uncertainties From the viewpoint of robust design, the goal is to make the system (or product) least sensitive to the potential variations without eliminating the sources of uncertainty (Taguchi 1993)

The same concept is used here to reduce the impact of both external and internal uncertainties associated with the simulation programs The robust optimisation ob-jectives are achieved by simultaneously optimising mean performance and reducing performance variation, subject to the constraints brought about by their deviations Taguchi’s robust design has been used in the past for mitigating the effect of param-eter uncertainty, which is similar to the external uncertainty considered here This concept is extended to mitigate the effect of model structure uncertainty

(internal uncertainty) For the extreme condition approach, the robust design model

can be formulated as:

Parameter and model uncertainties (ranges)

Find:

Robust design decisions(x)

Subject to:

System constraints: gworst(x) ≤ 0

Objectives:

i) Optimise the mean of system attributes: a (x)

ii) Minimise the deviation of system attributes:Δa (x)

In the above model, gworst(x) is the maximum constraint function estimated by the worst case of constraint function g (x), and a is the objective vector Both g(x) and a (x) are the subsets of system output vector z The mean and deviation of the

system outputs can be obtained by the extreme condition approach as introduced earlier This constitutes the necessary multiple objectives in robust design (i.e both the mean and the deviation of the system are expected to be minimised with the as-sumption that optimising the mean of a system attribute can always be transformed into a minimisation problem) The general form of the objective can be expressed as:

Many existing approaches can be used to solve this multi-objective robust optimi-sation problem In the above model, the worst-case analysis is used to formulate the constraints The worst-case analysis assumes that all fluctuations may occur simul-taneously in the worst possible combination (Parkinson et al 1993) The effect of

variations on a function is estimated using a first-order Taylor’s series as follows:

Δg (x) =∑

f



∂g (x)∂xΔ1(x) (4.157) whereΔg (x) represents the variation transmitted to constraint g(x) for a worst-case

analysis

The design feasibility expressed in Eq (4.155) can be formulated by increasing

the value of the mean g (x) by the functional variationΔg (x):

gworst(x) =Δg (x) +∑

f



∂g (x)Δx

∂x1



For the statistical approach to estimate the performance distribution, the robust

model can be formulated as:

Parameter and model uncertainties (distributions)

Find:

Robust design decisions x

Subject to:

System constraints: P [g(x) ≤ 0] ≥ P limit

Objectives:

i) Optimise the mean of system attributes a (x):μa(x)

ii) Minimise the standard deviation of system attributes a (x): σa(x)

μa(x) andσa(x) are the estimates of the mean and variance of the system outputs

respectively The constraints in the above model are expressed by the probabilistic

formulation P [g(x) ≤ 0] is the probability of constraint satisfaction, and it should

be greater than or equal to the defined probability limit Plimit

Because it is computationally expensive to evaluate the probability of constraint

satisfaction, alternative formulations—for example, the moment matching method—

are used in practice to evaluate the constraints With the moment matching method,

g (x) is assumed to follow a normal distribution (Parkinson et al 1993).

The constraint in Eq (4.159) is (Parkinson et al 1993):

where k is the constant for the probability of constraint satisfaction.

For example, k = 1 stands for the probability ≈0.8413 and k = 2 stands for

prob-ability≈0.9772.

Based on the previous considerations, the strategy that integrates the propagation and mitigation of the effect of uncertainties is summarised in Fig 4.17 Module A is the uncertainty quantification module that represents the first stage in the integrated methodology Module B is the propagation module In this module, either the ex-treme condition approach or the statistical approach is used to identify the range or

to estimate the population parameters of system performance under the influence of

Uncertainty

quantification

module

B.

Propagation module

Range [x1min, x1max] [x2min, x2max]

[z min , z max ] or ( μz , σz )

External uncertainties

range Δx1 and Δx2

or c.d.f of x1 and x2

Internal uncertainties

ε1 (x1) and ε2 (x2,y)

[x1min, x1max] [x2min, x2max]

ε1(x1), ε2(x2,y)

or c.d.f of x1 and x2 ε1(x1), ε2(x2,y)

optimization

simulation

[z min , z max ]

( μz , σz )

Fig 4.17 Propagation and mitigation strategy of the effect of uncertainties (Parkinson et al 1993)

both internal and external uncertainties The performance ranges or estimated pop-ulation parameters are then used to mitigate the effect of uncertainties The basis

for controlling the effect of uncertainties is the robust design approach formulated

in Eqs (4.155) and (4.159) The process to manage the effect of uncertainty is it-erative and involves repeated uncertainty analysis until a robust optimal solution is obtained

4.3.2 Analytic Development of Availability and Maintainability Assessment in Preliminary Design

Techniques selected for further development of availability and maintainability as-sessment to determine the integrity of engineering design in the preliminary or schematic design phase of the engineering design process include the application of Petri nets (PN) The techniques selected are considered under the following topics:

i Maximising design availability using Petri net models

ii Designing for availability using Petri net modelling.

Designing for availability with preventive maintenance Analytic assessment of

large complex process systems has increasingly become an integral part of the en-gineering design process, particularly in designing for availability and maintain-ability—and even more so with the inclusion of complex interactions, such as pre-ventive maintenance on system availability Prepre-ventive maintenance is considered as one of the key factors to increasing system reliability, availability and productivity,

and to reducing production costs The importance of the inclusion of maintenance

in engineering design has led to an increased sophistication in mathematical models required to analyse its impact on complex system behaviour (Lam et al 1994)

A quantitative example of designing for availability with the inclusion of preven-tive maintenance is developed The designed system starts in a working state, but ages with time and eventually fails if no preventive maintenance action is carried out Preventive maintenance is performed at fixed intervals from the start-up of the system in the operational state The preventive maintenance activity takes an expo-nentially distributed amount of time and is in the form of component renewal that

is assumed will allow for full system performance The preventive maintenance in-terval is thus a critical design parameter If the inin-terval approaches zero, the system

is always under maintenance and availability drops to zero Conversely, if the in-terval becomes too large, the beneficial effect of the preventive maintenance action becomes negligible The goal of the example is to develop an analytic expression for

the steady-state behaviour of a complex system using Petri net (PN) methodology,

and to determine the optimal design maintenance interval that will maximise system availability

4.3.2.1 Maximising Design Availability Using Petri Net Models

Petri net models have only recently gained widespread acceptance—they provide

a graphical language ideally suited to modern CAD environments that can be con-cise in their specification; they provide a natural way to present complex logical in-teractions among integrated systems, or process activities within a system; and they are closer to a designer’s intuition about what a complex systems model should look like (Peterson 1981; Murata 1989) Many structural and stochastic extensions have been proposed in the application of Petri nets to increase their modelling power and their capability to represent large, complex integrated systems The most up-to-date and valuable source of references for the theoretical development and application of Petri net models is the series of international workshops known as Petri Nets and Performance Models (PNPM), initiated in Italy in 1985, and which moved to the USA, Japan, Australia and France in the following decades

a) Petri Net Theory

Petri nets have been used as mathematical, graphical tools for modelling and analysing systems showing dynamic behaviours characterised by synchronous and distributed operation, as well as non-determinism (Peterson 1981) A basic Petri net

structure consists of places and transitions interconnected by directed arcs Places are denoted by circles and represent conditions, while transitions are denoted by bars and represent events The directed arcs in a Petri net represent flow of control

where the occurrence of events is controlled by a set of conditions

In addition to its graphical structure, a Petri net is effectively used to simulate the dynamic behaviour of a modelled system in terms of states, or markings, and their

changes during model execution A marking is an assignment of tokens to the places,

where a token denotes that the corresponding condition is true Thus, the marking

of places describes the current state of the Petri net in terms of the conditions that are true and those that are false

The translation of a flowchart to a Petri net is illustrated in Fig 4.18 where the nodes of the flowchart are replaced by transitions in the Petri net, and the arcs are replaced by places

The Petri net execution changes the number and location of tokens according to

a rule of transition enabling and firing (Murata 1989) where:

• a transition t is enabled if each input place p is marked with the tokens w(p,t), where w (p,t) is the weight of the arc from p to t;

• an enabled transition may or may not fire depending on whether or not the event

actually takes place;

• an enabled transition t is fired by removing w(p,t) tokens from each input place p and adding w (t, p) tokens to each output place p.

Petri nets represent a powerful paradigm, useful for modelling complex systems in the context of systems performance, in designing for availability subject to preven-tive maintenance strategies that include complex interactions such as component renewal Such interactions are time-related and dependent upon component age and estimated residual life However, original Petri nets did not carry any notion of time Thus, in order to make the technique useful for quantitative systems analysis in en-gineering design, a variety of time extensions have been proposed in the literature The distinguishing features of these time extensions are whether the duration of the events should be modelled by deterministic or random variables, and whether the time is associated with process functions, or transitional events Petri nets in which

the timing is stochastic are referred to as stochastic Petri nets (SPN), and the most

common assumption is that time is assigned to the duration of transitional events The time evolution of an SPN is expressed as a stochastic process, and referred to

A Read a, b, c

a > 0

a = a–1

c = b.a

Write c B

C

D

A

D

p1

p2

F T

Fig 4.18 Translation of a flowchart to a Petri net (Peterson 1981)

as its marking process SPN can be used to automatically generate the underlying

marking process, which can then be analysed to yield results in terms of the original Petri net model

This is a case where a user-level representation of complex systems, typically

in the form of simulation models (such as the process equipment models (PEMs)

developed in Sect 4.4), is translated into an analytic representation that is processed and the results referred back to the user-level representation

The most common assumption in the literature is to assign to the PN transitions

an exponentially distributed firing time (i.e start to completion time of an activity),

so that the resulting marking process is a continuous-time Markov chain (CTMC;

Molloy 1982) Almost all the PN-based tools are based on this assumption In prin-ciple, simple equations can be derived for both transient and steady-state analysis

of CTMCs However, practical limitations arise from the fact that the state space (i.e the composition of different states of a system and its transition interaction of

moving from state i to state j, including the probability of such a transition) grows

much faster than the number of components in the system being modelled The use of an exponentially distributed firing time has been regarded as a restriction in the application of PN models, as there are many engineering processes with times

to occurrence that are not exponentially distributed The hypothesis of exponen-tial distributions in these cases results in the construction of models that give only

a qualitative, rather than quantitative analysis of real systems The existence of de-terministic or other non-exponentially distributed events in engineering processes, such as start-up delays and pre-planned downtimes in real-time systems, gives rise

to stochastic models that are non-Markovian in nature In recent years, a consid-erable effort has been devoted to improving the PN methodology in order to deal with generally distributed events in real-time systems However, the inclusion of non-exponential distributions affects the associated marking process (in that some

or other retained memory of past events would then be required), and further specifi-cation is needed at the PN level in order to uniquely define how the marking process

is conditioned on past history (Ciardo et al 1994)

b) Definition of the Basic Petri Net Model

A marked PN is a tuple PN= (P,T,I,O,M) (Peterson 1981), where:

• P = {p1, p2, , p n } is the set of places (drawn as circles);

• T = {t1,t2, ,t n } is the set of transitions (drawn as bars);

• I and O are the input and the output functions respectively;

• M = {m1,m2, ,m n } is the marking of the PN.

The generic entry m i is the number of tokens (drawn as black dots) in place p i, in

marking M The initial marking is M0 The input function I provides the multiplic-ities of the input arcs from functions to transitions; the output function O provides the multiplicities of the output arcs from transitions to functions Input and output

arcs have an arrowhead on their destination A transition is enabled in a marking if

Fig 4.19 Typical graphical representation of a Petri net (Lindemann et al 1999)

each of its input places contains at least as many tokens as the multiplicity of the

input function I An enabled transition fires by removing as many tokens as the mul-tiplicity of the input function f from each input place, and adding as many tokens

as the multiplicity of the output function O to each output place A marking M  is said to be directly reachable from M when it is generated from M by firing a single enabled transition t k The reachability set R (M0) is the set of all the markings that

can be generated from an initial marking M0by repeated application of the above rule The enabling of a transition corresponds to the starting of an activity, while the firing corresponds to the completion of an activity Thus, the firing of a transi-tion causes a previously enabled transitransi-tion to become disabled PNs can be used to capture the behaviour of many real-world situations, such as the typical PN given in Fig 4.19 below (Lindemann et al 1999):

Structural extensions Various structural extensions have been proposed in the

lit-erature to increase either the class of problems that can be represented, or the ability and the ease with which real systems can be modelled The modelling power of a PN

is the ability of the PN formalism to represent classes of problems Modelling con-venience is defined as the practical ability to represent a given behaviour in a sim-pler, more compact or more natural way Decision power is defined to be the set

of properties that can be analysed Increasing the modelling convenience decreases the decision power Thus, each possible extension to the basic formalism requires

an in-depth evaluation of its effect upon modelling convenience and decision power (Peterson 1981)

Some extensions have proven so effective that they are now considered part of the standard PN definition They are:

• Inhibitor arcs

• Transition priorities

• Marking-dependent arc multiplicity.

Inhibitor arcs connect a place to a transition and are drawn with a small circle on their destination An inhibitor arc from a place p i to a transition t k disables t kwhen

p i is not empty It is possible to use an arc multiplicity extension together with

inhibitor arcs In this case, a transition t k is disabled whenever place p icontains at least as many tokens as the multiplicity of the inhibitor arc The number of tokens

in an inhibitor input is not affected by a firing operation

Transition priorities are integer numbers assigned to the transitions A transition

is enabled in a marking if and only if no higher priority transitions are enabled If this extension is introduced, some markings of the original PN may no longer be reachable

Marking-dependent arc multiplicity was introduced with the intent to model

sit-uations in which the number of tokens to be transferred along the arcs (or to enable

a transition) depends upon the system state Arcs with marking-dependent

multi-plicity are indicated by a Z on the arc, and allow simpler and more compact PNs

than would otherwise be possible In many practical problems, their use can reduce the complexity of the PN model (Ciardo 1994)

c) Definition of Stochastic Petri Nets

The most common way to include time into a PN is to associate the time duration with the activities that induce state changes (i.e transitions) The duration of each activity is represented by a non-negative random variable with a known cumulative distribution function (c.d.f.)

LetΓ = (γ1,γ2, ,γnt ) be the set of the nt random variables associated with the

nt transitions, then the set of their c.d.f is:

G = [G1(t),G2(t), ,Gnt (t)] (4.161) When a waiting timeγk is associated with a transition t k, the transition becomes enabled according to the rules of the untimed PN, but it can fire only after a time equal toγkhas elapsed This time between the enabling and the firing is referred to

as the firing time.

Let{M(t),t ≥ 0} be the marking process, M(t) representing the marking reached

by the PN at time t The following analysis is restricted to SPNs in which the

random firing times have continuous c.d.f with infinite support, i.e.(0,∞) With

this assumption, the marking process M (t) is a continuous-time, discrete-state,

stochastic process with a state space that is isomorphic to the reachability graph

of the untimed PN (i.e the one looks exactly the same as the other)

Given a marking in which more than one transition with the same priority level

(if priority is used) is enabled, the firing policy determines the transition that will

fire next There are thus two possible alternatives (Ajmone Marsan et al 1995):

• Race policy: the transition of which the firing time elapses first is assumed to be

the one that will fire next

• Pre-selection policy: the next transition to fire is chosen according to an

exter-nally specified probability mass function independent of their firing times

By far the most common firing policy for timed transitions is the race policy i) The pre-selection policy ii) is commonly used for immediate transitions, which are introduced for the first time into Markovian SPN (Ajmone Marsan et al 1995)

Once the firing policy is defined, the execution policy must be specified The

ex-ecution policy consists of a set of specifications for uniquely defining the stochastic process,{M(t)}, under1ying an SPN There are two elements that characterise the

execution policy: a criterion to keep memory of the past history of the process (the memory policy), and an indicator of the re-sampling status of the firing time The memory policy defines how the process is conditioned upon the past An age

vari-able a g associated with the timed transition t gkeeps track of the time for which the transition has been enabled A timed transition fires as soon as the memory variable

a greaches the value of the firing timeγg In the activity period of a transition, the

age variable is not 0.

The random firing timeγg of a transition t gcan be sampled at a time instant prior

to the beginning of an activity period To keep track of the re-sampling condition

of the random firing time associated with a timed transition, a binary indicator

vari-able r g that is equal to 1 is assigned to each timed transition t gwhen the firing time

is to be sampled, and equal to 0 when the firing time is not to be sampled Reference

is made to r g as the re-sampling indicator variable Hence, in general, the (continu-ous) memory of a transition t g is captured by the tuple (a g , r g ) At any time period t, transition t g has memory (its firing process depends on the past) if either a g or r gis different from zero

At the entrance to a marking, the remaining firing time (rft) has the value rft=

γg − a g, and is computed for each enabled transition given its currently sampled firing timeγg and the age variable a g According to the race policy, the next marking

is determined by the minimal of the rfts The following execution policies can now

be defined

• Pre-emptive repeat different (prd): if both the age variable a gand the re-sampling

indicator r g are reset each time t gis disabled or it fires

• Pre-emptive resume (prs): if both the age variable a gand the re-sampling

indica-tor r g are reset only when t gfires

• Pre-emptive repeat identical (pri): if the age variable a g is reset each time t gis

disabled or fires but the re-sampling indicator r g is reset only when t gfires