A simple reliability block diagram method for safety integrity verification

Similar documents
Improving the Reliability of a Series-Parallel System Using Modified Weibull Distribution

FOURIER SERIES ON ANY INTERVAL

A Comparison Study of the Test for Right Censored and Grouped Data

In-plane shear stiffness of bare steel deck through shell finite element models. G. Bian, B.W. Schafer. June 2017

(This is a sample cover image for this issue. The actual cover is not yet available at this time.)

A Brief Introduction to Markov Chains and Hidden Markov Models

An Algorithm for Pruning Redundant Modules in Min-Max Modular Network

A Statistical Framework for Real-time Event Detection in Power Systems

Modal analysis of a multi-blade system undergoing rotational motion

Research of Data Fusion Method of Multi-Sensor Based on Correlation Coefficient of Confidence Distance

The influence of temperature of photovoltaic modules on performance of solar power plant

FORECASTING TELECOMMUNICATIONS DATA WITH AUTOREGRESSIVE INTEGRATED MOVING AVERAGE MODELS

T.C. Banwell, S. Galli. {bct, Telcordia Technologies, Inc., 445 South Street, Morristown, NJ 07960, USA

Traffic data collection

FRIEZE GROUPS IN R 2

BP neural network-based sports performance prediction model applied research

Separation of Variables and a Spherical Shell with Surface Charge

Gauss Law. 2. Gauss s Law: connects charge and field 3. Applications of Gauss s Law

Related Topics Maxwell s equations, electrical eddy field, magnetic field of coils, coil, magnetic flux, induced voltage

Distribution Systems Voltage Profile Improvement with Series FACTS Devices Using Line Flow-Based Equations

Limited magnitude error detecting codes over Z q

Data Mining Technology for Failure Prognostic of Avionics

A GENERAL METHOD FOR EVALUATING OUTAGE PROBABILITIES USING PADÉ APPROXIMATIONS

Random vector approach to the calculation of the number of railway vehicles to hold in reserve

Spring Gravity Compensation Using the Noncircular Pulley and Cable For the Less-Spring Design

Two-sample inference for normal mean vectors based on monotone missing data

STA 216 Project: Spline Approach to Discrete Survival Analysis

Interconnect effects on performance of Field Programmable Analog Array

MODELING OF A THREE-PHASE APPLICATION OF A MAGNETIC AMPLIFIER

Construction of Supersaturated Design with Large Number of Factors by the Complementary Design Method

Model Calculation of n + 6 Li Reactions Below 20 MeV

General Certificate of Education Advanced Level Examination June 2010

Converting Z-number to Fuzzy Number using. Fuzzy Expected Value

General Certificate of Education Advanced Level Examination June 2010

Analysis method of feeder partition capacity considering power supply security and distributed generation

First-Order Corrections to Gutzwiller s Trace Formula for Systems with Discrete Symmetries

Turbo Codes. Coding and Communication Laboratory. Dept. of Electrical Engineering, National Chung Hsing University

School of Electrical Engineering, University of Bath, Claverton Down, Bath BA2 7AY

8 Digifl'.11 Cth:uits and devices

Throughput Optimal Scheduling for Wireless Downlinks with Reconfiguration Delay

A proposed nonparametric mixture density estimation using B-spline functions

Statistical Inference, Econometric Analysis and Matrix Algebra

Reliability: Theory & Applications No.3, September 2006

School of Electrical Engineering, University of Bath, Claverton Down, Bath BA2 7AY

Algorithms to solve massively under-defined systems of multivariate quadratic equations

PHYS 110B - HW #1 Fall 2005, Solutions by David Pace Equations referenced as Eq. # are from Griffiths Problem statements are paraphrased

Stochastic Complement Analysis of Multi-Server Threshold Queues. with Hysteresis. Abstract

A Solution to the 4-bit Parity Problem with a Single Quaternary Neuron

Simplified analysis of EXAFS data and determination of bond lengths

Steepest Descent Adaptation of Min-Max Fuzzy If-Then Rules 1

Combining reaction kinetics to the multi-phase Gibbs energy calculation

Multiple Beam Interference

Online Appendices for The Economics of Nationalism (Xiaohuan Lan and Ben Li)

Adjustment of automatic control systems of production facilities at coal processing plants using multivariant physico- mathematical models

International Journal of Mass Spectrometry

DISTRIBUTION OF TEMPERATURE IN A SPATIALLY ONE- DIMENSIONAL OBJECT AS A RESULT OF THE ACTIVE POINT SOURCE

A Simple and Efficient Algorithm of 3-D Single-Source Localization with Uniform Cross Array Bing Xue 1 2 a) * Guangyou Fang 1 2 b and Yicai Ji 1 2 c)

A Novel Learning Method for Elman Neural Network Using Local Search

Mathematical Model for Potassium Release from Polymer-coated Fertiliser

Chemical Kinetics Part 2

High-order approximations to the Mie series for electromagnetic scattering in three dimensions

Reliability Improvement with Optimal Placement of Distributed Generation in Distribution System

Asynchronous Control for Coupled Markov Decision Systems

SEA Subsystem Attribute Correction Based on Stiffness Multipliers

RELUCTANCE The resistance of a material to the flow of charge (current) is determined for electric circuits by the equation

ACB REVETMENT DESIGN FACTOR OF SAFETY METHOD TEK 11-12A

Approach to Identifying Raindrop Vibration Signal Detected by Optical Fiber

AQA GCSE. Higher tier Suitable for GCSE Biology and GCSE Combined Science Trilogy Answers online. Biology. James Napier

Minimizing Total Weighted Completion Time on Uniform Machines with Unbounded Batch

Maintenance activities planning and grouping for complex structure systems

arxiv:hep-ph/ v1 15 Jan 2001

ESCI 340 Physical Meteorology Radiation Lesson 5 Terrestrial Radiation and Radiation Balance Dr. DeCaria

Uniprocessor Feasibility of Sporadic Tasks with Constrained Deadlines is Strongly conp-complete

Efficiently Generating Random Bits from Finite State Markov Chains

XSAT of linear CNF formulas

On the Performance of Wireless Energy Harvesting Networks in a Boolean-Poisson Model

MULTI-PERIOD MODEL FOR PART FAMILY/MACHINE CELL FORMATION. Objectives included in the multi-period formulation

/epjconf/

Nonlinear Analysis of Spatial Trusses

Unit 48: Structural Behaviour and Detailing for Construction. Deflection of Beams

Introduction. Figure 1 W8LC Line Array, box and horn element. Highlighted section modelled.

Lecture 6 Povh Krane Enge Williams Properties of 2-nucleon potential

Testing for the Existence of Clusters

Consistent linguistic fuzzy preference relation with multi-granular uncertain linguistic information for solving decision making problems

<C 2 2. λ 2 l. λ 1 l 1 < C 1

EXPERIMENT 5 MOLAR CONDUCTIVITIES OF AQUEOUS ELECTROLYTES

Final Marking Guidelines 2011 examination June series. Biology Unit 6T A2 Investigative Skills Assignment. General Certificate of Education

Chapter 4. Moving Observer Method. 4.1 Overview. 4.2 Theory

A. Distribution of the test statistic

Iterative Decoding Performance Bounds for LDPC Codes on Noisy Channels

Available online at ScienceDirect. IFAC PapersOnLine 50-1 (2017)

Supplementary Material: An energy-speed-accuracy relation in complex networks for biological discrimination

Approximated MLC shape matrix decomposition with interleaf collision constraint

A Systematic Approach to Modeling and Analysis of Transient Faults in Logic Circuits

Compression Ratio Expansion for Complementary Code Set Compressing a Signal to a Width of Several Sub-pulses

Sequential Decoding of Polar Codes with Arbitrary Binary Kernel

Formulas for Angular-Momentum Barrier Factors Version II

Two Kinds of Parabolic Equation algorithms in the Computational Electromagnetics

PHYSICAL REVIEW B 74,

Acoustic Nondestructive Testing and Measurement of Tension for Steel Reinforcing Members

Transcription:

Reiabiity Engineering and System Safety 92 (2007) 1267 1273 www.esevier.com/ocate/ress A simpe reiabiity bock diagram method for safety integrity verification Haitao Guo, Xianhui Yang epartment of Automation, Tsinghua University, Beijing 100084, China Received 27 June 2006; received in revised form 31 Juy 2006; accepted 8 August 2006 Avaiabe onine 2 October 2006 Abstract IEC 61508 requires safety integrity verification for safety reated systems to be a necessary procedure in safety ife cyce. PF avg must be cacuated to verify the safety integrity eve (SIL). Since IEC 61508-6 does not give detaied expanations of the definitions and PF avg cacuations for its exampes, it is difficut for common reiabiity or safety engineers to understand when they use the standard as guidance in practice. A method using reiabiity bock diagram is investigated in this study in order to provide a cear and feasibe way of PF avg cacuation and hep those who take IEC 61508-6 as their guidance. The method finds mean down times (MTs) of both channe and voted group first and then PF avg. The cacuated resuts of various voted groups are compared with those in IEC61508 part 6 and Ref. [Zhang T, Long W, Sato Y. Avaiabiity of systems with sef-diagnostic components-appying Markov mode to IEC 61508-6. Reiab Eng System Saf 2003;80(2):133 41]. An interesting outcome can be reaized from the comparison. Furthermore, athough differences in MT of voted groups exist between IEC 61508-6 and this paper, PF avg of voted groups are comparativey cose. With detaied description, the method of RB presented can be appied to the quantitative SIL verification, showing a simiarity of the method in IEC 61508-6. r 2006 Esevier Ltd. A rights reserved. Keywords: Safety reated system; Reiabiity bock diagram; Safety integrity eve; Probabiity of faiure on demand; IEC 61508 1. Introduction IEC 61508 [1] pubished in 2000 has been adopted by many countries as their nationa standard and is being updated. Two significant concepts, safety ife cyce and safety integrity eve (SIL) [1 3], appeared in IEC 61508. A necessary procedure of safety ife cyce is SIL verification, which verifies whether the average probabiity of faiure on demand (PF avg ) of designed safety reated systems (SRS) meets the required faiure measure. If not, retrofit or modification must be taken to reduce the PF avg of safety reated system ti safety goa is satisfied. Besides PF avg verification, architectura constraints defined in IEC 61508 must be aso considered during SIL verification process [17]. This study focuses on PF avg cacuation. Corresponding author. Te.: +86 10 6278 5845x231; fax: +86 10 6279 0497. E-mai address: guoht03@mais.tsinghua.edu.cn (H. Guo). Since IEC 61508 is a performance based standard, the verification can be done through a number of probabiistic anaysis techniques. There are many techniques in pubished iterature, such as faut tree anaysis (FTA) [4,5], reiabiity bock diagram (RB) [6], Markov Anaysis (MA) [5,7,8,13], simpified equations [9,10] and hybrid method [11]. Rouvroye and Brombacher [12] compared those techniques and outined their advantages and disadvantages. Bukowski [13] compared MA and simpified equations and provided an overview of their advantages and disadvantages. Andrews and Ericson II [14] anayzed various design compexities using FTA and MA respectivey and they concuded that both FTA and MA can provide satisfactory accuracy of cacuation, but FTA mode is more intuitive and easier to create for arge and compex systems. What can aso be seen is that the outcomes of FTA and MA are consideraby cose in Ref. [5]. Hauge et a. [15] introduced a method caed PS to quantify the safety unavaiabiity and oss of production 0951-8320/$ - see front matter r 2006 Esevier Ltd. A rights reserved. doi:10.1016/j.ress.2006.08.002

1268 ARTICLE IN PRESS H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 for safety instrumented systems. PS accounts for a types of faiure categories: technica, software, human, etc. RB, which has equivaent mathematica characteristic to FTA, has been widey used in reiabiity engineering for many years. By the RB technique, IEC 61508-6 shows the verification of SIL through cacuating average probabiity of faiure on demand (PF avg ). Whie IEC 61508 has been adopted as nationa standard of many countries, its demonstration can aso be regarded as a guide to do PF avg cacuations. A RB mode reveas the ogica reiabiity structure of the invoved SRS and can easiy be created even for a compex arge SRS. However, IEC 61508-6 does not give detaied description of RB it uses and its resuts are different from those of Markov mode by Zhang et a. [8]. Consequenty, the technique used in IEC 61508-6 gets questioned. Besides, no other papers deaing with SIL verification by RB technique can be found yet, and so RB needs more supports in the fied of functiona safety. Because IEC 61508-6 does not give expanations of the definitions and PF avg cacuations for its exampes in detai, it is difficut to use the standard as guidance in practice. In order to provide a cear and feasibe way of SIL verification, a method of RB for PF avg cacuation is presented in this paper with detaied expanation incuding the definitions, assumptions and parameters reguated in IEC 61508-6 [6] based on specific system architectures and associated conditions. The method finds mean down time (MTs) of both channe and voted group first and then PF avg. The resuts achieved in this study are compared with those of IEC 61508-6 demonstration and Ref. [8]. Through the comparison, an interesting outcome can be reaized. The method of RB in this study can be appied to the quantitative SIL verification and heps those who take IEC 61508-6 as their guidance. 2. Reiabiity bock diagram Reiabiity bock diagram (RB) is a graphica anaysis technique, which expresses the concerned system as connections of a number of components in accordance with their ogica reation of reiabiity. Series connections represent ogic and of components, and parae connections represent ogic or, whie combinations of series and parae connections represent voting ogic. From eftmost node to rightmost node, there are severa paths that are the conditions for successfu operation of system. If a component fais, the corresponding connection wi be cut off. As faiures of components occur, System keeps operating successfuy unti no vaid path from eftmost node to rightmost node can be made up of avaiabe connections. Then, probabiity of the faiure of system can be cacuated according to probabiistic principes. RB mode is intuitive and easy to estabish. For instance, 1oo2 voted group consists of two voted channes, each of which has their own component(s). Common cause faiure can take pace upon the two channes. 1oo2 voted group with one sensor for each channe can be represented by the RB shown in Fig. 1. 3. efinitions and assumptions 3.1. Equivaent MT In IEC 61508-6, one system architecture (group) consists of one or redundant channes and there is a voting ogic for the architecture, such as 1oo1, 1oo2. In steady state, the norma operation and faiure states of the channe(s) and the group appear by turns because of faiure detection and reparation. The voting ogic determines that how many faiures of channes wi cause the group to fai. Equivaent MT of a component is defined as the average of the period of time when the component is in dangerous faiure state at the steady state. angerous faiure state refers to the state that the component cannot take the proper response to dangerous process demands, which may ead to unexpected accidents, whie the process is sti operating. The PF avg cacuations in this study depend on equivaent MTs, group equivaent MT and channe equivaent MT. 3.2. Average probabiity of faiure on demand Probabiity of faiure on demand is defined as the probabiity of faiing to take correct action when a process demand arises. Since the steady state is under consideration, PF is averaged for infinite. 3.3. Assumptions Fig. 1. A RB exampe. The technique and resuts deveoped in this paper are based on the assumptions foowing: (i) The resuting average probabiity of faiure on demand for the subsystem is ess than 10 1, or the resutant probabiity of faiure per hour for the subsystem is ess than 10 5. (ii) Component faiure and repair rates are constant over the ife of the system. (iii) The hardware faiure rates used as inputs to the cacuations and tabes are for a singe channe of the subsystem.

H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 1269 (iv) A channes in a voted group have the same faiure rate and diagnostic coverage rate. (v) The overa hardware faiure rate of a channe in a subsystem is the sum of the faiure rates: dangerous and safe-faiures for that channe. These vaues are assumed to be equa. (vi) For each safety function, there is a perfect proof testing and repairing. Namey, a faiures that remain undetected are assumed to be detected by the proof test. (vii) The proof test interva is at east one order of magnitude greater than the diagnostic test interva. (viii) The demand rate and expected interva between demands are not considered in this study. (ix) For each subsystem, there is a singe proof test interva and mean time to restoration. (x) Mutipe repair teams (each of them is assumed to have the same repair rate) are avaiabe to work on a known fauts in a system. (xi) The expected interva between demands is at east an order of magnitude greater than the mean time to restoration. Other assumptions can be referred to the Annex B of IEC 61508-6 [6]. 4. Sef-diagnostic Nowadays, a ot of equipment can detect the faiures of them by themseves, but diagnostic coverage (C), the percentage of the faiures detected, is sedom 100%. The tota dangerous faiure is divided into detected faiure and undetected faiure with faiure rate and U, respectivey. That is ¼ þ U. (1) Repair rates of the two types of faiure are aso separated, m for dangerous detected faiure and m U for dangerous undetected faiure, as beow: m ¼ 1 (2) m U ¼ T 1 I 2 þ, (3) and denote proof test interva and mean time to restoration. Actuay, some faiures of equipment can cause safety reated systems to fai safey, which may ead to spurious process shutdown. This kind of faiures is defined as safe faiure. Safe faiures is aso divided into detected faiure and undetected faiure with faiure rate S and SU, respectivey. Moreover, no-effect faiures are the equipment faiures that take no effect on SRS. Accordingy, noeffect faiures contribute neither to PF nor to probabiity of faiing safey. 5. RB for cacuating PF avg 5.1. 1oo1 architecture This architecture consists of a singe channe, where any dangerous faiure eads to a faiure of the safety function when a demand arises. Fig. 2 shows the RB of 1oo1 architecture. Q i represents a faiure and its faiure rate is ocated at top right corner of the same rectange. Channe equivaent MT is represented by t CE. Probabiity of dangerous faiure is FðtÞ ¼F 1 ðtþþf 2 ðtþ and for steady state F ¼ F 1 þ F 2. (4) By using o 1 and o 2 as denotations of steady faiure frequency of Q 1 and Q 2, respectivey, the foowing equations come into existence. 8 U F 1 ¼ ; U þ m U >< F 2 ¼ ; þ m o 1 ¼ Um U ; U þ m U o 2 ¼ m >: : þ m Channe faiure frequency o C can be cacuated as [16] o C ¼ X qf o i. (6) qf i Channe equivaent MT equas steady faiure probabiity divided by steady faiure frequency, that is t CE ¼ F o C. (7) From Eqs. (1) (7) and the condition 5m, t CE can be derived approximatey as U m t CE þ m U U m U m þ m U m ¼ U 2 þ þ : Since 1oo1 architecture has ony one channe, voted group equivaent MT is equa to channe equivaent MT, viz., t GE ¼ t CE. Then, average probabiity of faiure on demand Fig. 2. RB for 1oo1 architecture. (5) ð8þ

1270 ARTICLE IN PRESS H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 for system architecture, PF G is PF G ¼ 1 e t CE t CE. (9) The resut above is identica with that in IEC 61508-6 Annex B. 5.2. 1oo2 architecture This architecture consists of two channes connected in parae, so that either channe can process the safety function. Thus there woud have to be a dangerous faiure in both channes before a safety function faied on demand. It is assumed that any diagnostic test woud ony report the fauts found and woud not change any output states or change the output voting. Fig. 3 contains the reevant bock diagram. Note that common cause faiure has to be considered because there are two identica channes. b denotes the fraction of undetected faiures that have a common cause, whie b is of those faiures that are detected by the diagnostic tests, the fraction that have a common cause. Approximate probabiity of faiure of 1oo2 architecture is FðtÞ ¼½Q 1 ðtþþq 2 ðtþš½q 3 ðtþþq 4 ðtþš With the same procedures introduced in Section 5.1, voted group equivaent MT, t GE, can be gained as foows: t GE ¼ 1 U =ð U þ m U Þþ =ð þ m Þ 2 U m U =ð U þ m U Þþ m U =ð þ m Þ 1 U 2 2 þ þ 1 ¼ 1 2 2 t CE. ð10þ Channe equivaent MT, t CE, is just the same as Eq. (8) in Section 5.1. It can be seen that voted group equivaent MT is the very haf of channe equivaent MT. That answers for intuition. When one channe fais, the group is in degraded operation state that can sti perform intended function to process demand. The equivaent MT of the first faied channe is t CE. Then, when the second channe faiure occurs, the group fais. Therefore, the equivaent MT of the second faied channe is equa to the group equivaent MT. One channe PF avg depends on t CE and the other depends on t GE, thus PF G ¼ 2ð1 e t CEÞð1 e t CEÞ 2 2 t CEt GE and by considering the effects of common causes PF G ¼ 2½ð1 bþ U þð1 b Þ Š 2 t CE t GE þ b U 2 þ þ b : ð11þ The PF G derived is identica with that in IEC 61508-6 Annex B, whie t GE differs. However, the numeric resuts of PF G are much cosed to that of IEC 61508-6, as shown in the foowing comparison section of this paper. 5.3. 2oo2 architecture This architecture consists of two channes connected in parae so that both channes need to demand the safety function before it can take pace. Fig. 4 shows the RB of 2oo2 architecture. Since two 1oo1 bocks are connected in series, refer to Section 5.1, PF G is PF G ¼ 2 t CE, (12) where t CE is given in Eq. (8). 5.4. 2oo3 architecture This architecture consists of three channes connected in parae with a majority voting arrangement for the output signas, so that the output state is not changed if ony one channe gives a different resut, which disagrees with the other two channes. Fig. 5 shows the RB of 2oo3 architecture. Its equivaent transformation is given in Fig. 6. Refer to Section 5.1 and by considering the effects Fig. 4. RB for 2oo2 architecture. Fig. 3. RB for 1oo2 architecture. Fig. 5. RB for 2oo3 architecture.

H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 1271 Fig. 6. Equivaent RB for 2oo3 architecture. PF G ¼ 2ð1 bþ U ½ð1 bþ U þð1 b Þ Št CE t GE þ b U 2 þ þ b : ð16þ Common cause faiures are considered in PF G cacuation. The PF G derived is identica with that in IEC 61508-6 Annex B, whie t GE differs. of common causes, PF G is PF G ¼ 6½ð1 bþ U þð1 b Þ Š 2 t CE t GE þ b U 2 þ þ b ; ð13þ where t CE is given in Eq. (8) and t GE in Eq. (10). The PF G derived is identica with that in IEC 61508-6 Annex B, whie t GE differs. 5.5. 1oo2 architecture Two channes in this architecture are connected in parae. uring norma operation, both channes need to demand the safety function before it can take pace. In addition, if the diagnostic tests detect a faut in either channe, the output voting is adapted so that the overa output state then foows that given by the other channe. If the diagnostic tests find fauts in both of channes or a discrepancy that cannot be aocated to either channe, the output goes to the safe state. In order to detect a discrepancy between the channes, either channe can determine the state of the other via a means independent of the other channe. Fig. 7 shows the RB of 1oo2 architecture. S is the faiure rate of safe detected faiure. Refer to the procedures in Sections 5.1 and 5.2, t CE, t GE and PF G for 1oo2 architecture are: t CE ¼ U þ S U t GE ¼ 1 2 þ S Fig. 7. Equivaent RB for 1oo2 architecture. 2 þ 2 þ þ þ S þ S ; (14) þ 1 þ S ; 2 þ S (15) 6. Resuts comparison IEC 61508-6, Ref. [8] and this paper have obtained identica average probabiity of faiure on demand for the group of voted channes, but voted group and channe equivaent MT are different, as shown in Tabe 1. In Tabe 1, it can be seen that the ony differences between the resuts of IEC 61508-6 and this paper are t GE for some architectures. IEC 61508-6 cacuates t GE by adding the individua down times from both dangerous detected faiure and undetected faiure in direct proportion to the contribution of each faiure to the probabiity of faiure of the group. In Ref. [8], channe equivaent MTs are different with those in IEC 61508-6 and this paper. However, it is very interesting to note that the resuts of t CE in Ref. [8] have the same expressions with the resuts of t GE in IEC 61508-6, whie the resuts of t GE in Ref. [8] are identica with the resuts of t GE derived in this paper. Based on these differences, Zhang et a. think that a discrepancy exists. Athough IEC 61508-6 and this paper have different t GE, numeric resuts of PF G of the both are comparativey cosed. The cacuated PF G are amost identica. Tabe 2 iustrates the nearness. SILs are distinguished by their ranges of PF avg magnitudes according to the definition [3]. Therefore, such tiny difference found in Tabe 2 can reasonaby be negected in SIL verification. The technique presented is quite feasibe in practica appication. 7. Concusion IEC 61508 requires safety integrity verification for SRS to be a necessary procedure in safety ife cyce. RB anaysis is carried out to compute the PF avg of voted group and the resuts show the accordance with those in IEC 61508-6. The method of RB in this study can be appied to the quantitative SIL verification. Moreover, the method heps those who take IEC 61508-6 as their

1272 ARTICLE IN PRESS H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 Tabe 1 Comparison of channe equivaent MT and voted group MT Sys. MT This paper IEC61508-6 Ref. [7] 1oo1 t CE U 2 þ þ U 2 þ þ U 2 þ 2oo2 t GE U 2 þ þ U 2 þ þ U 2 þ 1oo2 t CE U 2 þ þ U 2 þ þ U 3 þ t 1 GE 2 t CE U 3 þ þ 1 2 t CE 2oo3 t CE U 2 þ þ U 2 þ þ U 3 þ t 1 GE 2 t CE U 3 þ þ 1 2 t CE 1oo2 t CE U þ S 2 þ þ þ S þ U S 2 þ þ U 2 þ t 1 GE 2 t CE U 3 þ þ 1 2 t CE þ þ þ þ þ þ S þ S Tabe 2 Numeric comparison of t GE and PF G Sys. Index ¼ 8h, b ¼ 10%, b ¼ 5%, S ¼,C¼ 90%, ¼ C ¼ 5 10 7 h 1, ¼ 4380 h ¼ 5 10 7 h 1, ¼ 8760 h ¼ 2.5 10 6 h 1, ¼ 8760 h This paper IEC61508 This paper IEC61508 This paper IEC61508 1oo2 t GE (h) 113.5 154 223 300 223 300 PF G 1.1182 10 5 1.1183 10 5 2.2164 10 5 2.2180 10 5 1.1171 10 4 1.1209 10 4 2oo3 t GE (h) 113.5 154 223 300 223 300 PF G 1.1205 10 5 1.1217 10 5 2.2253 10 5 2.2299 10 5 1.1393 10 4 1.1508 10 4 1oo2 t GE (h) 61 84.8421 119.2632 161.6842 119.2632 161.6842 PF G 1.117 10 5 1.117 10 5 2.2121 10 5 2.2122 10 5 1.1063 10 4 1.1064 10 4 guidance the method. The technique presented has the foowing characteristics: RB modes can refect the reiabiity structure of concerned system. RB modes are intuitive and easy to create. Numeric accuracy of average probabiity of faiure on demand is satisfactory. Simiar to the method demonstrated by IEC 61508-6, this method has more detaied expanations. Through the comparison in Section 6, it can be found that the resuts of channe equivaent MT in Ref. [8] have the same expressions with the resuts of voted group equivaent MT in IEC 61508-6, whie the resuts of voted group equivaent MT in Ref. [8] are identica with the resuts of those derived in this paper. Efforts are sti needed in the future to study the discrepancy of voted group and channe equivaent MTs in Ref. [8]. Acknowedgements The paper is a resut of a work financiay supported by Nationa Natura Science Foundation of China. References [1] Brown S. Overview of IEC 61508: functiona safety of eectrica/ eectronic/programmabe eectronic safety-reated systems. Comput Contro Eng J 2000;11(1):6 12. [2] Stavrianidis P, Bhimavarapu K. Performance-based standards: safety instrumented functions and safety integrity eves. J Hazard Mater 2000;71(1):449 65. [3] IEC 61508, Functiona safety of eectrica/eectronic/programmabe eectronic safety-reated systems. Internationa Eectrotechnica Commission. [4] Beckman L. Easiy assess compex safety oops. Chem Eng Progr 2001;97(3):57 9. [5] Gobe W, Cheddie H. Contro system safety evauation and reiabiity. US: ISA; 1998. [6] IEC 61508-6, Functiona safety of eectrica/eectronic/programmabe eectronic safety-reated systems. Part 6. Guideines on the appication of IEC 61508-2 and IEC 61508-3. [7] Bukowski J, Gobe W. Using Markov modes for safety anaysis of programmabe eectronic systems. ISA Trans 1995; 34(2):193 8. [8] Zhang T, Long W, Sato Y. Avaiabiity of systems with sefdiagnostic components-appying Markov mode to IEC 61508-6. Reiab Eng System Saf 2003;80(2):133 41. [9] ISA-S84.01.1996. Appication of safety instrumented systems for process industries. [10] Summers A. Viewpoint on ISA TR84.0.02 simpified methods and faut tree anaysis. ISA Trans 2000;39(2):125 31.

H. Guo, X. Yang / Reiabiity Engineering and System Safety 92 (2007) 1267 1273 1273 [11] Knegtering B, Brombacher A. Appication of micro Markov modes for quantitative safety assessment to determine safety integrity eves as defined by the IEC 61508 standard for functiona safety. Reiab Eng System Saf 1999;66(2): 171 5. [12] Rouvroye J, Brombacher A. New quantitative safety standards: different techniques, different resuts? Reiab Eng System Saf 1999;66(2):121 5. [13] Bukowski J. A comparison of techniques for computing PF average. In: Proceedings of the annua reiabiity and maintainabiity symposium, 2005. p. 590 5. [14] Andrew J, Ericson II C. Faut tree and Markov anaysis appied to various design compexities. In: Proceedings of the 18th internationa system safety conference, 2000. [15] Hauge S, Hokstad P, Langseth H, et a. Reiabiity prediction method for safety instrumented systems, PS method handbook, 2006 edition. Norway:SINTEF, 2006. [16] Mei QZ, Liao JS, Sun HZ. Basis of system reiabiity engineering. Beijing: Pubication of Science; 1987. pp. 235 245, [in Chinese]. [17] Van Beurden I, Amkreutz R[J]. Safety integrity eve verification A PF average cacuation is not enough. Hydrocarbon Process 2001;80(10):47 50.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback