Handbook of Reliability, Availability, Maintainability and Safety in Engineering Design - Part 47 pptx

Thus, the marking process of an SPN with only exponentially distributed firing times is not a continuous-time Markov chain CTMC if at least a single non-exclusively enabled transition ex

4.3 Analytic Development of Availability and Maintainability in Engineering Design 443

Transition t g is prd—each time a prd transition is disabled or it fires, its memory variable a g is reset and its indicator re-sampling variable r gis set to 0 (the firing

time must be re-sampled from the same distribution when t gbecomes re-enabled)

Transition t g is prs—when t g is disabled, its associated age variable a gis not reset

but maintains its constant value until t g is re-enabled whereby t g= 1 At each

suc-cessive enabling point, a g restarts from the previously retained value When t gfires,

both a g and r gare reset so that the firing time must be re-sampled at the successive enabling point (γ2) The memory of t gis reset only when the transition fires

Transition t g is pri—under this policy, each time t gis disabled, its age variable

a g is reset but its indicator re-sampling variable r gremains equal to 1, and the firing time valueγ1remains active, so that in the next enabling period an identical firing will result The same value is maintained over different enabling periods up to the

firing of t g Only when t g fires are both a g and r greset, and the firing time is re-sampled (γ2) Hence, also in this case, the memory is lost only upon firing of t g

If the firing time is exponentially distributed, both the prd and prs policies behave

in the same way However, the pri policy does not have the property of no memory Thus, the marking process of an SPN with only exponentially distributed firing times

is not a continuous-time Markov chain (CTMC) if at least a single non-exclusively enabled transition exists with assigned pri policy

If the firing time is deterministic, both the prd and pri policies behave in the same way (that is, re-sampling a deterministic variable always provides an identical value) The memory of the global marking process is considered as the superpo-sition of the individual memories of the transuperpo-sitions In general, the marking pro-cess{M(t)} underlying an SPN is not analytically tractable (i.e easily manageable)

unless some restrictions are imposed (Ciardo et al 1994)

Note that a simulation approach for the prd and the prs cases, based on very similar assumptions, has been adopted in the application simulation modelling of Sect 4.4

d) Definition of Markovian Stochastic Petri Nets (MSPN)

When all the random variablesγk associated with the PN transitions are

exponen-tially distributed, and the execution policy is not pri, the dynamic behaviour of the

PN is mapped into a continuous-time Markov chain (CTMC) with state space

iso-morphic to the reachability graph of the untimed PN This restriction is the most popular, and is usually referred to simply as MSPN or GSPN (Molloy 1982)

In order to completely specify the model, the setΛ = (λ1,λ2, ,λnt) of the

nt firing rates assigned to the nt transitions is included A usual convention in the

graphical representation is to indicate transitions with exponentially distributed fir-ing times by means of empty rectangles, and transitions with non-exponentially dis-tributed firing times by means of filled rectangles, as illustrated in Fig 4.20 Modelling real systems often involves the presence of activities or actions (such

as preventive maintenance activities) of which the duration is short or even negligi-ble, with respect to the timescale of the process (especially continuous engineering

Fig 4.20 Illustrative example

of an MSPN for a

fault-tolerant process system

(Aj-mone Marsan et al 1995)

processes) Hence, it is desirable to associate an exponentially distributed firing time only with those transitions that are believed to have the largest impact on the system operation The starting assumption in the MSPN model is that transitions are

parti-tioned into two different classes, namely immediate transitions and timed transitions

(Ajmone Marsan et al 1995)

Immediate transitions fire in zero time once they are enabled, and have prior-ity over timed transitions Timed transitions fire after an exponentially distributed firing time (these are called EXP transitions) In the graphical representation of MSPN, immediate transitions are drawn as thin bars Markings enabling immediate

transitions are passed through in zero time and are called vanishing states Mark-ings enabling no immediate transitions are called tangible states Since the process

spends zero time in the vanishing states, they do not contribute to the dynamic be-haviour of the system, and a procedure can be developed to eliminate these from the final Markov chain With the partition of PN-transitions into a timed and an im-mediate class, a greater flexibility of modelling is achieved without increasing the dimensions of the final tangible state space from which the process measures are computed An illustrative example of an MSPN is given in Fig 4.20

Dealing with large complex systems MSPNs can provide a compact

representa-tion of very large systems This is reflected in an exponential growth of the reachable markings as a function of the primitive elements in the MSPN (places and transi-tions), and as a function of the number of tokens in the initial marking

This exponential growth of the state space has often been recognised as a severe limitation in the use of the PN methodology to deal with real-life applications, and

4.3 Analytic Development of Availability and Maintainability in Engineering Design 445

a significant effort has been devoted to overcome or to alleviate this problem (Mol-loy 1982) Since Markovian-SPNs are based on the solution of a CTMC, all the techniques that have been explored to handle very large Markov chains can prof-itably be utilised in connection with MSPNs When dealing with large models, not only does the solution of the system become difficult but also the model description and the computer representation become complex, which has resulted in an

increas-ing application of reachability graphs.

e) Generating Reachability Graphs

The generation of a PN reachability graph (an extended and a reduced) is best

ex-plained with the aid of an example Consider a process system based on a queuing client-server paradigm (typically in discrete event, single item and batch processing

systems), the PN model being shown in Fig 4.21 Transitions labelled t ek or s tkare timed transitions that fire after an exponentially distributed firing time EXP

(rep-resented by empty rectangles), and transitions labelled t ikare immediate transitions that fire in zero time once they are enabled (represented by thin single-line bars) The system is made up of process units (clients) waiting in a controlled queue, requiring

processing (transition t e1) that can be supplied with probability (1−c) (transition ti3)

by two servers (processing assemblies) working in parallel, and with probability c (transition t i1 ) by accessing a resource (place p12) shared by the two servers (in this case, the resource can be envisaged as some or other utility controlling the client queue and the servers, such as a distributed control system DCS) In the case of

firing of t i3, a message forwarded by the client is split into two sub-messages each

addressed to a different server (places p5and p6) The two servers are characterised

by an exponentially distributed service time modelled by transitions s t1 and s t2 re-spectively

It is assumed, in the definition of the process model, that a processing transac-tion is concluded when all the servers have served the sub-messages they have been assigned When a server has processed its sub-message, it accesses the shared

re-source (DCS) to record its processing results (transitions t e2 and t e3) After both

servers have accessed the shared resource, a join operation is performed and the processed result is returned to control the client queue (i.e transition t i6)

Conversely, with probability c, the message of a client in the queue is already

available in the shared resource, so that the service requirement is met by the server accessing the resource, retrieving the message and returning it to control the client

queue (transitions t i2 and t e4) The reachability graph illustrated in Fig 4.22 can now

be generated from the initial token distribution depicted in the PN model shown in Fig 4.21 and the markings of Table 4.3

The extended reachability graph of an MSPN comprises both tangible and van-ishing states Elimination of the vanvan-ishing states results in a reduced reachability graph that is isomorphic to the CTMC Given a vanishing marking denoted by m b (which is directly reachable from a tangible marking m a), and the set of tangible

markings S, reached from m passing through a sequence of vanishing markings

Fig 4.21 MSPN for a process

system based an a queuing

client-server paradigm

(Aj-mone Marson et al 1995)

Fig 4.22 Extended

reacha-bility graph generated from

the MSPN model (Ajmone

Marsan et al 1995)

m18

m5

m9

m15 m10

ti2 st1

te3

te2

te2

te3

ti4 ti5

st1 st2

st2

st2 st1

te3

te1 ti2

te4

te2

ti5 ti4

m6

m7

m13

4.3 Analytic Development of Availability and Maintainability in Engineering Design 447

only, it is possible to evaluate the probability of the next tangible marking after m b over S Furthermore, m a may belong to S The vanishing marking m band the ones

reachable from m bby the firing of immediate transitions can be eliminated only by

introducing arcs directly connecting m a to m c ∈ S , mc = ma, and by modifying the

firing rate associated with the generic transition t k enabled in m a(Ajmone Marsan

et al 1995)

Table 4.3 gives the distribution of the tokens in the reachable markings It is quite

evident that the markings m2,m3,m6,m7,m11,m13and m16are vanishing (shadowed

markings in Fig 4.22) and can be eliminated The reduced reachability graph,

defined over the tangible markings only, can then be generated as illustrated in Fig 4.23

Once the reduced reachability graph is obtained, the matrix for the underlying

continuous-time Markov chain (CTMC) can be constructed Let R0be the reduced

reachability graph of a Markovian SPN, and N its cardinality The infinitesimal gen-erator of the underlying CTMC is then a N × N matrix Q, where Q = [Qi j] LetΠ(t) be the N-dimensional state probability vector, of which the generic

en-tryπi (t) is the probability of being in state i(i = 1,2, ,N) at time t in the associated

CTMC Then,Π(t) is the solution of the standard linear differential equation:

d

with initial condition:

Π(0) = [1,0,0, ,0]

Table 4.3 Distribution of the tokens in the reachable markings

p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12

m5 m4

m8 te3

te3 te3

te2 te2

te2

te4 te1

st2

st2

st1

st1 m14

m17

m18 m15

m9 m10

m12

Fig 4.23 Reduced reachability graph generated from the MSPN model

If the steady-state probability vectorΠ = limt →∞Π(t) of the CTMC exists, it

can be calculated that:

ΠQ= 0 with:

N

∑

i=1πi= 1 Since some of the output measures depend on the integrals of the probabilities, rather than on the probabilities per se, it is necessary to provide the appropriate computation of the integrals of the state probabilities:

L i (t) =

 t

where L i (t) is the expected time that the CTMC stays in state i during the

inter-val(0,t).

Let L(t) denote the N-dimensional row vector consisting of the elements L i (t).

Integrating both sides of Eq (4.162), the following relation is obtained:

d

dtL(t) = L(t) · Q +Π(0) (4.164)

L(t) = N-dimensional row vector

Q = N × N matrix of the CTMC

Π(0) = initial condition of the N-dimensional state probability vector.

4.3 Analytic Development of Availability and Maintainability in Engineering Design 449 f) Measures of Markovian Stochastic Petri Nets (MSPN)

A fundamental property of the time-dependent representation of system behaviour through SPNs is that they enable the user to define, in a simple and natural way,

a large number of different measures related to the performance and reliability of the system

The stochastic behaviour of a Markovian-SPN is determined by calculating theΠ(t),Π(0) and L(t) vectors over the reduced reachability set of R0 However, the final output measures should be defined at the Petri net level as a function of its primitive elements (i.e places and transitions) The following mathematical models provide a practical outline as how to relate the probabilities at the CTMC level with useful measures at the PN level

The probability of a given condition on the SPN By means of logical or algebraic

functions of the number of tokens in the PN places, a particular condition C (e g.

no tokens in a given place) can be specified, and the subset of states S ∈ R0can be identified for which the condition is true The output measure:

C s (t) = Prob {condition C is true at time t}

given by:

C s=∑

whereπs (t) is the probability of being in state s at time t.

Note: if S is the set of operational states, C s (t) is the usual definition of system availability.

A very useful case arises when the measure is the transient probability that the condition is satisfied for the first time By using such an approach in the analysis of

stochastic processes, the states s ∈ S can be made absorbing (i.e assimilated), and the quantity evaluated from Eq (4.165) as the value of the process when entering S.

In this way, the above equation can be used to calculate system reliability:

C s (t) =∑

s ∈Sπs (t)

System availability:

where S= set of operational states

System reliability:

C s (t) =∑

s ∈Sπs (t) where s ∈ S and process entering S.

The time spent in a marking Let S ∈ R0be the subset of markings in which a par-ticular condition is fulfilled The expected time,ψs (t), spent in the markings s ∈ S

during the interval(0,t) is given by:

ψs (t) =∑

s ∈S

 t

=∑

s ∈S

L s (t)

Moreover, from the theory of irreducible Markov chains, as t approaches infinity, the proportion of the time spent in states s ∈ S equals the asymptotic probability

(Choi et al 1994):

ψs (t) =∑

= lim

t →∞

ψs (t) t

ψs (t)/t represents the utilisation factor in the interval (0,1), andψs the expected

steady-state utilisation factor For example, if S is the set of states in which a

pro-cess is idle,ψs (t)/t is the fraction of idle time in (0,1) andψsis the expected idle time

The mean first passage time Given that C s (t), as calculated in Eq (4.165), is the probability of having entered subset S before t for the first time, the mean first

passage timeμscan be calculated as:

μs= ∞

This formula requires the transient analysis to be extended over long intervals There are other direct techniques for calculating mean first passage times in a CTMC but these are not relevant to this research (Ciardo et al 1994)

The distribution of tokens in a place The cumulative distribution function (c.d.f.)

of the number of tokens in place p i of the SPN at time t is a step function in which the amplitude of the kth step is obtained by summing up the probabilities of all the states in the set R0containing k tokens (k = 0,l,2, ,K) in p i at time t The probability function f i (k,t) is the amplitude of the kth step The expected value of the number of tokens in place p i at time t is:

ET [m i (t)] =∑∞

k=0

As an example, if place p i represents identical units in a queue for a common re-source, the above quantity gives the expected value of the number of units in the

queue at time t In reliability analysis, the tokens in place p irepresent the number

of failed components

4.3 Analytic Development of Availability and Maintainability in Engineering Design 451

The expected number of firings of a PN transition Given an interval(0,t), the

expected number of firings would indicate how many times, on average, an event

modelled by a PN transition has occurred in that interval Let t k be a generic PN

transition, and let S be the subset of R0 that includes all the markings s ∈ S en-abling t k The expected number of firings of t kin(0,t) is given by:

ηk (t) =∑

s ∈S

λk (s)

 t

=∑

s ∈Sλk (s) · L s (t)

whereλk (s) is the firing rate of t k in marking s In steady state, the expected number

of firings per unit of time becomes:

ηk (t) =∑

This quantity represents the throughput associated with the given transition If tran-sition t k represents the completion of a service in a queuing system, ηk (t) is the

expected number of services completed in time(0,t) andηk is the expected steady-state throughput.

g) Definition of Stochastic Reward Nets

Stochastic reward nets (SRN) introduce a new extension into Markovian-SPNs,

al-lowing for the possibility of associating reward rates to the markings The reward rates are specified at the PN level as a function of its primitives (i.e the number of tokens in a place, or the rate of a transition) The underlying CTMC is then

trans-formed into a Markov reward model, thus permitting the eva1uation of performance

measures Implementation of this extension allows the reward structure superim-posed on the reachability graph to be generated automatically, and easily provides performance measures (Ciardo et al 1991)

The reward definition is called rate-based, to indicate that the system produces reward at rate r (i) for all the time it remains in state i ∈ R0 Furthermore, impulse-based reward models can be implemented where a reward function r i jis associated

with each transition from the state i ∈ R0 to j ∈ R0 Each time a transition from i

to j occurs, the cumulative reward of the system instantaneously increases by r i j In general, several combinations of the different reward functions can be specified in the same model

h) Definition of Non-Markovian Stochastic Petri Nets

As indicated previously, in order to define a PN with generally distributed

tran-sitions, the following entities must be specified for each transition: t ∈ T: the

c.d.f G g (t) of the random firing timesγg, and the execution policy for determin-ing(a g,rg)

Several classes of SPN models have been developed that incorporate some non-exponential characteristics in their definition, and that adhere to the individual mem-ory requirements indicated previously

With the aim of specifying non-Markovian SPN models that are analytically tractable, three approaches can be considered, specifically (Bobbio et al 1997):

• An approach based on Markovian regenerative theory

• An approach based on the use of supplementary variables

• An approach based on state space expansion.

The first approach originates from a particular definition of a non-Markovian SPN where, in each marking, a single transition is allowed to have associated with it

a deterministic firing time with prd execution policy (i.e a deterministic SPN, or

DSPN) The marking process underlying a DSPN is a Markov regenerative process (MRGP) in which equations can be derived for the transition probability matrix in

transient and in steady-state conditions (Choi et al 1994)

Generalisation of the previous formulation is proposed by including the possi-bility of modelling prs transitions and also by including pri transitions The most general framework under which the Markov regenerative theory has been applied

is where any regeneration time period is dominated by a single transition (non-overlapping dominant transitions)

The second approach resorts to the use of supplementary variables This method

has been applied to prd execution policies only, and with mutually exclusive gen-eral transitions A steady-state solution has been proposed, while the possibility

of applying the methodology to transient analysis has also been explored (German

et al 1994)

The third approach is based on the expansion of the reachability graph of the basic PN In this approach, the original non-Markovian marking process is approxi-mated by means of a continuous-time Markov chain (CTMC), defined over an aug-mented state space According to the definitions given previously, the reachability graph expansion technique can be realised by assigning a continuous distributed random variable to each transition (Neuts 1981)

Basically, the merit of this approach is the flexibility in modelling any combi-nation of prd and prs memory policies, and any number of concurrent or conflict-ing transitions with generally distributed firconflict-ing times Furthermore, the reachability graph expansion technique can be implemented using a computer program Starting from the basic specification at the PN level, all the solution steps can be hidden from the modeller in an OOP environment The drawback of this approach is, of course, the explosion of the state space