4.

NETWORK MODELING AND EVALUATION OF SYSTEM

RELIABILITY
A practical system is frequently represented as a network of serially or parallel connected
components. It is important to understand that the actual system and the network used to
model the system may not necessarily have the same structure. On the other hand, reliability is
a time dependent quantity which can be calculated by using probability distributions.
However, it is vital that the relationship between the system and its network model be
understood before the use of time dependent functions. Therefore, here the reliability of the
components is assumed to be constant for the sake of simplicity.

4.1 Serially connected units (Serial systems, Non-Redundant Systems)

The components are said to be in series from a reliability point of view if they must all operate
for system success or only one component failure is sufficient for system failure. A series
system is therefore represents a non-redundant system.

The reliability of the system comprising two serially connected units A and B (Fig. 4.1)

RA RB
IN OUT
A B

Figure 4.1 serially connected two units

R S  (R S R B )R B (R S QB )QB  R A R B  0  R A R B  R A , R B
QS  1  R S  1  R A R B

assuming that the units are operating independently. Similarly, the reliability of n-serially
connected units (Figure 4.2) A1, A2,...,An can be derived as

IN OUT
A1 A2 A3 An
RA1= R1 RA2= R2 RA3= R3 RAn= Rn

Figure 4.2 Serially connected n units.

n
R S  R1.(R 2 R1).(R 3 R1, R 2 )....(Rn R1, R 2 ,...,R n 1) R1R 2R 3...Rn   R i
i 1
n n n n n
Qs  1  R S  1   (1  Qi )   Qi   QiQ j   QiQ jQk   QiQ jQk Ql  ...
i 1 i 1 i 1 i 1 i 1
ji 1 ji 1 ji 1
k  j1 k  j1
l  k 1
 2

Since Ri < 1, system reliability is less than the individual reliabilities of serially connected
units. System reliability decreases as the number if components increase. On the other hand,
since the reliabilities of practical units are close to unity ( Ri = 1-ε , ε «1, Qi = ε « 1 ) higher
order products of component failures can be ignored and the resulting system reliability can be
approximated as,

n n n n n
Qs  Qi  QiQ j  QiQ jQk  QiQ jQkQl ....  Qi
i 1 i 1 i 1 i 1 i 1
j i 1 j i 1 j i 1
k  j1 k  j1
l  k 1

4.1 Parallel Connected Units (Parallel Systems, Redundant Systems)

The components are said to be connected in parallel from a reliability point of view if they
must all fail for system failure or only one component operation is sufficient for system
success. They are called fully redundant systems. Partially redundant systems (k out of n
systems) require the operation of at least k units out of n components. It is obvious that
parallel connection does not necessarily need the components to be connected in parallel.

Failure probability of a system comprising two serially connected units A and B (Fig. 4.3)

A
IN OUT
B

Figure 4.3 Parallel connected two units

QP  (QP R B )R B (QP QB )QB  0 QAQB  QAQB

R P  1  QP  1  (1  R A )(1  R B )  R A  R B  R A R B  R A , R B
Similarly, failure probability of n-parallel connected units (Figure 4.4) A1, A2,...,An can be
derived as

A1 RA1= R1
A2 RA2= R2
IN RA3= R3
A3 OUT
..
RAn= Rn
An

Figure 4.4 Parallel connected n units

 3

n
Q P  Q1.(Q 2 Q1 ).(Q3 Q1, Q 2 )....(Q n Q1, Q 2 ,..., Q n 1 )  Q1Q 2Q3...Q n  Qi
i 1
n n n n n
R P  1  QP  1  (1  R i )   R i   R i R j   R i R jR k   R i R jR k R l ...
i 1 i 1 i 1 i 1 i 1
j i 1 j i 1 j i 1
k  j1 k  j1
l  k 1

Since Qi « 1 , failure probability of parallel connected units is less than the individual failure
probabilities of components. Therefore, reliability of a parallel system increases as the number
of parallel connected components increases. However, it is impossible to make any
approximation neither for system reliability nor system failure probability.

Assume an n-component system where at least k components are required to operate for
system success ( k out of n system or partial redundant system). The reliability of this system
comprising identical components having and individual reliabilities of RB,

n k 1
Rk n   Cin (R B )i (Q B )n i  1  Cin (R B )i (QB )n i
i k i 0
n k 1
Qk n  1  R k n   Cin (R B )n i (Q B )i   Cin (R B )i (QB )n i
i k i 0

Each term of the summation is required to be calculated separately in case of non-identical

components.

4.3 Series-Parallel Systems

Series and parallel systems together form the series-parallel systems. The principle used for
these systems is to reduce the complicated configuration by representing the series and
parallel systems with their equivalents.

Example: Drive the reliability expression of the following model.

1 2 3 4 OUT
IN

5 6 7 8

Serial branches can be represented by their equivalents.

 4

S1 Rs1 = R1R2R3R4
IN OUT
Rs2 = R5R6R7R8
S2

Qs = Qs1Qs2 = (1- Rs1)(1-Rs2)

IN OUT
S = (1- R1R2R3R4)(1- R5R6R7R8)
Rs =1- Qs = R1R2R3R4+ R5R6R7R8 - R1R2R3R4R5R6R7R8

Example: Derive the reliability expression for the following model where units 4, 5 and 6
comprise a 2/3 (two out of 3) sub-system.

4
2
1 5
I 3 O
6
2/3 system
7

Reduction of the model and associated expressions are below.

1 8 9 10
= = 11
7 7
Q8  Q 2 Q3  R 8  1  Q 2 Q3
R 9  R 4 R 5 R 6  R 4 R 5Q 6  R 4 Q 5 R 6  Q 4 R 5 R 6  Q 9  1  R 9
R10  R1R 8 R 9  Q10  1  R10
Q11  Q10Q7  R11  RS  1  Q11

Homework: Components 3,4 and 5 operate as full-redundant sub-system and components 8,9
and 10 operates as 2/3 partial redundant sub-system. Derive the system reliability
expression and calculate it if all component reliabilities are 0.8.

3
2 4 8
1 5 9
6 7 10
 5

4.4 Standby Redundant Systems

In some systems redundancy is provided by one or more branches those are not continuously
operating but remain in a standby mode in normal operating circumstances. They are only
switched into an operating mode when a normally operating component fails,

Parallel Redundant System Standby Redundant System

A A S
I O I O

B B
Figure 4.5 Parallel redundant System and Standby Redundant system

If the switching is perfect, failure probability of standby system will be equal to the failure
probability of parallel redundant system.

Q  (Q R A )R A  (Q Q A )Q A  Q A Q B

  
 
0 QB

This is mainly because of using constant component reliabilities. The difference between the
failure probabilities of a parallel redundant system and a standby redundant system will later
be derived for time dependent reliability evaluations.

Consider the case in which the switch has a probability of failing while switching action. Let
the probability of perfect switching is Ps.

Q  (Q R A )R A  (Q QA )QA  QB  (1  PS )  QB (1  PS )QA  QA  QAPS (1  QB )

  
0 Q B PS

Standby redundant system can be represented with the following equivalent.

S PS
I
A = I
A
I O
S
B B
Figure 4.6 Standby redundant system and its equivalent.

In addition, if the switch has also the probability of failure for its idle phase, the equivalent
network will be as follows.
 6

PS RS
A
I
S S
O  
R  1   Q A  Q A PS (1  Q B ) RS
B For switching For continous
time operation

Figure 4.7 More detailed representation of a standby redundant system.

Example: Evaluate the reliability of the following system.

PS RS
A
S S RA= 0.9 RB = 0.96
B R = 0.99 RD= 0.8
C C
PS = 0.92 R S = 0.98
D

Reductions and evaluations are as follows

E
C = C F = G
D

R E  RS 1   Q A  Q A PS (1  Q B )  0.969  Q E  1  R E  0.031

R F  1  Q EQ D  0.9938  Q F  1  R F  0.0062
R G  R C R F  0.984

4.5 Complex (connected) systems

Many systems either do not have a simple series-parallel type of structure or have complex
operational logic. Additional modeling and evaluation techniques are necessary for the
reliability evaluation of these systems. A typical system of not having series-parallel structure
is the bridge type network given in Figure 4.8.

A C
I O
E

B D
Figure 4.8 Bridge-type network
 7

There are several methods to evaluate the reliability of bridge network. Almost all of those
methods transform the logical operation of the system or the topology of the system into a
series-parallel structure. Only the most popular ones will be introduced here.

4.5.1 Conditional Probability Approach to Evaluate the reliability of

complex connected systems.
This method utilizes the reduction of the system by imposing conditions upon the branch(s)
those destroying the series-parallel structure. At the end of sequential reductions, complex
connected system will be decomposed into several series-parallel connected subsystems.

Example: Bridge network. If a condition is applied to unit E, bridge network can be

subdivided into two subsystems, one with E is considered to be reliable (short
circuit) and the other with E is failed (open circuit). Subdivision and associated
equations are as follows:
I II
A C A C A C
E = +
B D B D B D

Figure 4.9 Subdivision of bridge network

R S  (R S R E )R E  (R S Q E )Q E  R I R E  R II Q E

R I  (1 - QAQB )(1 - QCQD ) , R II  1 - (1 - R A R C )(1 - R BR D )

R S  (1  QAQB )(1  QCQD )R E  1 - (1 - R A R C )(1 - R BR D )QE

This method is a useful tool for reliability evaluation and is frequently used in many
applications. However, it is difficult to program the process and is therefore not adequate for
computer aided reliability evaluation of large scale complex systems.

4.5.2 Cut Set Method

The cut set method is a powerful method for evaluating the reliability of a complex connected
system. Before giving the details of the method we will define several terms.
A cut set is a set of system components which, when failed, causes failure of the system. A
minimal cut set (MCS) is a set of system components which, when failed, causes failure of
the system but when any one component of the set has not failed, does not cause system
failure. We can derive the following conclusions from the definition of a MCS.
Since all components of a MCS are required to fail for system failure, MCS components
can be considered to be connected parallel among themselves.
There are several minimal cut sets of a complex network. Since the failure of one MCS is
sufficient for system failure, MCSs of the system are serially connected among themselves.
 8

According to these two conclusions, a complex network can be represented by the serially
connected MCSs of the network as in Figure 4.10. Aij denotes the jth element of ith Ci.

C1 C2 C3 Cn
A11 A21 A31 An1
A12 A22 A32 An2
A13 A23 A33 An3

A1k1 A2k2 A3k3 Ankn

Figure 4.10 Representation of a complex network with MCSs

The resulting equivalent comprising serially connected MCSs is a series-parallel structure.

However, there is an important difference from the previous series- parallel structure. Several
components may appear two or more times in the structure since they may be included by two
or more MCSs. Therefore, failure probabilities of MCSs comprising common elements are not
independent than each other. This brings the usage of `union` concept in reliability evaluation.

System reliability can be expressed in terms of MCS reliabilities as,

R S  R(C1 ).R(C2 ) R(C1 ).R(C3 ) R(C1 ), R(C2 )....R(Cn ) R(C1 ), R(C2 ),.., R(Cn 1 )

This expression requires so many calculations. Instead, expression of failure probability is

preferred,

QS  Q C1  C2  C3 ...  C n 
n n-1 n n-2 n-1 n
  Q(Ci )    Q(Ci  C j )     Q(Ci  C j  Ck )....
i1 i1 j i1 i1 j i1 k  j1

The failure probability of a MCS is the product of component failure probabilities,

Q(Ci )  Q(A i1 )Q(A i2 )...Q(A ik i ) , i  1,2,.., n

Failure probabilities of MCS intersections can be determined by using conditional

probabilities,

kj ki
Q(Ci  C j )
Q(C j Q(Ci )) 
Q(Ci )
 Q(Ci  C j )  Q(C j Q(Ci )).Q(Ci )   Q(A jm ).  Q(Aim )
m 1 m 1
A jmCi
 9

The last expression states that the failure probability of an intersection of two MCSs is the
product of the failure probabilities of the components included by those MCSs.

Q(Ci  C j )  Q(A k ) ; A k  (Ci  C j )

k
Three and higher order intersections of MCSs can similarly be determined. However, failure
probabilities of MCS intersections decrease as the order of intersection increases. Therefore,
approximations (neglect ions) are preferred for the sake of fast computation. Generally, the
lowest order failure products and one higher order products are assumed to be enough for a
reasonable accuracy.

Example: Derive the reliability of the bridge network.

MCSs of the bridge network are AB, CD, AED and BEC. Series-parallel equivalent
structure of the bridge network is given in Figure 4.11.
C1 C2 C3 C4
A B
A C
E E
B D
D C
Figure 4.11 Bridge network equivalent in terms of MCSs.

QS  QC1  C 2  C3  C 4 
 Q(C1 )  Q(C2 )  Q(C3 )  Q(C4 )  Q(C1  C 2 )  Q(C1  C3 )  ...  Q(C3  C 4 ) 
Q(C1  C2  C3 )  ...  Q(C2  C3  C4 )  Q(C1  C2  C3  C4 )
Q(C1 )  QA QB , Q(C2 )  QC QD , Q(C3 )  QA QE QD , Q(C4 )  QBQE QC

Q(C1  C2 )  Q(C2 C1 ).Q(C1 )  QC QD QA QB  QA QBQC QD

 
QC Q D

Q(C1  C3 )  Q(C3 C1 ).Q(C1 )  QD QE QA QB  QA QBQD QE

 
QD QE

Q(C1  C4 )  Q(C4 C1 ).Q(C1 )  QC QE QA QB  QA QBQC QE

 
QC Q E

Q(C2  C3 )  Q(C3 C2 ).Q(C2 )  QA QE QC QD  QA QC QD QE

 
QA QE

Q(C2  C4 )  Q(C4 C2 ).Q(C2 )  QBQE QC QD  QBQC QD QE

 
Q BQ E

Q(C3  C4 )  Q(C4 C3 ).Q(C3 )  QBQC QA QE QD  QA QBQC QD QE

 
Q BQC
 10

Q(C1  C2  C3 ) ... Q(C2  C3  C4 )  Q(C1  C2  C3  C4 )  QA QBQC QD QE

QS  QA QB  QC QD  QA QE QD  QBQE QC   QA QBQC QD  QA QBQD QE 

Q A Q B QC Q E  Q A QC Q D Q E  Q B QC Q D Q E  Q A Q B QC Q D Q E  
3.QA QBQC QD QE  QA QBQC QD QE
 Q A Q B  Q C Q D  Q A Q E Q D  Q B Q E QC   Q A Q B Q C Q D  Q A Q B Q D Q E 
QA QBQC QE  QA QC QD QE  QBQC QD QE   3.QA QBQC QD QE

The lowest order failure product is two. Therefore, failure products up to third order are
enough for a reasonable accuracy.

QS  QA QB  QCQD  QA QEQD  QBQEQC

We can make a further approximation by neglecting the third order failure products.

QS  Q(C1 )  Q(C2 )  QA QB  QCQD

If the failure probability of all units in the bridge network is Q  0. 01. Then,

QS  0.00020195  R S  0.99979805
QS  0.000202  R S  0.999798 approximated
QS  0.0002  R S  0.9998 more approximated

There are several methods for determination of MCSs. Most of these methods make use of
minimal paths. Set of operating components providing input-output connection is called a
path. That is, a path is a set of system components which, when operate, provides system
success. A minimal path (MP) is a set of system components which, when operate, provides
system success but when any one component of the set fails, system failure occurs. A path is
minimal, if in that path, no node or intersection between branches is traversed more than once.
Since, each node or branch intersection is allowed to be traversed once; the maximum number
of components included in a MP an n-node system is (n-1). For multi input/multi output
systems or for the systems where the unit capacities are important, a minimal path is defined
is defined as the number of minimum components for the system perform its duty adequately.
From these definitions:
Since a MP provides the input-output connection (system success) when all the units in the
path operate, components included in a MP are serially connected.

Since there are several different MPs (different set of components) providing the input
output connection, MPs are connected in parallel among themselves.

After having given the definition of MPs, we will concentrate ourselves on the determination
of MPs. MPs are generally determined by using connection matrix techniques.
 11

4.5.2.1 Minimal Path determination by Connection Matrix Techniques

Connection matrix is constructed from the system network or reliability diagram and defines
which components are connected between the nodes. It can be constructed by logical
operations in a similar manner of construction incidence matrixes in electric networks. For an
n-node system, connection matrix is defined as follows:

 m11 m12 ... m1n 

m m 22 ... m 2n 
M =  21 ,
 ... ... ... ... 
 
m n1 m n2 ... m nn 

A If A is connected between the nodes i and j and provides the flow throgh i  j

mij  1 If i = j

0 If there is not a component providing a flow through i  j direction

Generally input and output nodes are enumerated as 1 and n, respectively. Determination of
MPs can be done either by node removal or by matrix multiplication.

Node Removal: In this method, all nodes of the network besides the input node and output
node are removed by sequential reduction of the basic connection matrix until it is reduced to
a 2x2 matrix. To remove node k from the matrix, each entry mij (i,j≠k) must be replaced
according to

Mij'  mij'  mij  mik .mkj , k  2,.., n - 1 , k  i , k  j

At each stage, single terms of mij show the direct paths between nodes i and j, couple terms in
mij show the indirect paths between i and j through another node, and so.

Example: Determine the MPs of the bridge network by using node removal technique.

2 1 2 3 4
A C
1 4 1 1 A B 0
0 C
E
M2  1 E 
B D 3 0 E 1 D
3  
4 0 0 0 1

Removal of node-2 m11 = m11 + m12 .m21 = 1 + A.0 = 1

m13 = m13 + m12 .m23 = B + A.E = B + AE
m14 = m14 + m12 .m24 = 0 + A.C = AC
 12

m31  m31 + m32 .m 21 = 0 + E.0 = 0

m33  m33 + m32 .m 23 = 1 + E.E = 1
m34  m34 + m32 .m 24 = D + E.C = D + EC
m 41 = m 41 + m 42 .m 21 = 0 + 0.0 = 0
m 43 = m 43 + m 42 .m 23 = 0 + 0.E = 0

1 3 4
1 1 B + AE AC 

The reduced connection matrix: M  3 0 1 D + EC
 
4 0 0 1 

Removal of node-3: m11 = m11 + m13.m 31 = 1+ (B + AE).0 = 1

m14 = m14 + m13.m 34
= AC + (B + AE).(D + EC)
= AC + BD + BEC + AED + AEC
= AC + BD + BEC + AED
m 41 = m 41 + m 43.m 31 = 0 + 0.0 = 0
m 44 = m 44 + m 43.m 34 = 1 + 0.(D + EC) = 1

1 4
The reduced connection matrix: M  1 1 AC  BD  BCE  ADE
4 0 1 

m14 of the resulting reduced connection matrix will give the MPs of the system.

MPs: AC , BD , BCE , ADE

Matrix Multiplication: In this method, the basic connection matrix is logically multiplied
by itself a number of times until the resulting matrix remain unchanged. For an n-node
system, it can be proved that not additional multiplication is required after Mn-1. Therefore,
maximum number of components in a MP will be (n-1). This method, not only determines the
MPs of input-output connection but also all MPs between any arbitrary nodes in the system.

For the bridge network:

1 A  A  BE B  AE  B AC  BD  1 A  BE B  AE AC  BD
0 1 E E E C  DE  C  0 1 E C  DE 
M2    
0 E E E 1 CE  D  D 0 E 1 CE  D 
0 0 0 1  0 0 0 1 
 13

1 A  BE B  AE AC  BD  BEC  ADE
0 1 E C  DE 
M3    , M 4  M 5 ...  M 3
 0 E 1 D  CE 
0 0 0 1 

M  : Minimal paths between the input and the output

3

M  : Minimal paths between nodes i and j.

14
3
ij

4.5.2.2 Determination of Minimal Cut Sets.

After having deduced the MPs, we are at the stage of MCS determination. Two methods will
be introduced.
Method-1: Component(s) existing in all MPs are identified as first order MCSs. Then, pairs
those are not including first order MCSs are formed and checked if they are
existed in all MPs or not. Pairs existing in all MPs are identified as second order
MCSs. The process continues by forming triples, quadruples and higher order
groups those not including lower order MCSs and by checking if they are existed
in all MPs. The procedure can be summarized as forming single, couple, triple and
higher order component groups and checking the groups those included in all
MPs. Formal steps of the method are as follows;
i) Deduce all MPs;
ii) Construct an incidence matrix that identifies all components in each path;
iii) If all entries of any column of the incidence matrix are 1, the components
associated with that column will be a first order MCS.
iv) Combine (logical addition) two columns, which are not associated with the first
order MCSs, of the incidence matrix at a time. If all entries of the combined
columns are 1, the components associated with those columns are identified as
second order MCSs.
v) Repeat the previous step with three columns at a time to deduce the third order
MCSs.
vi) Continue up to maximum order of cut has been reached.

Let's apply the method to the bridge network. Minimal paths were: AC, BD, AED and BEC.
MP-component incidence matrix will be as follows,

Component
MP A B C D E
All columns include zero entries and
AC 1 0 1 0 0
M MP - C  BD 0 1 0 1 0 therefore there is no any first order
  MCSs for the bridge network.
AED 1 0 0 1 1
 
BEC 0 1 1 0 1
 14

Couples of components and corresponding entries are as follows,

Component Couples
MP AB AC AD AE BC BD BE CD CE DE
AC 1 1 1 1 1 0 0 1 1 0
M MP-C  BD  1
1 0 1 0 1 1 1 1 0
AED 1 1 1 1 0 1 1 1 1 1
 
BEC 1 1 0 1 1 1 1 1 1 1

All entries corresponding to the couples AB and CD are 1. Therefore they are second order
MCSs of the system. Triples of components those not including second order MSCs are as
follows,
Component Couples
MP ACE ADE BCE BDE
AC 1 1 1 0
M MP - C  BD 0  1 1 1 
All entries of ADE and BCE triples are one.
Therefore they are third order MCSs.
AED 1 1 1 1
 
BEC 1 1 1 1

The process terminates since there are no foursome groups, those not including second and
third order MCSs. MCSs of the bridge network are therefore, AB, CD, ADE and BCE.

Method-2: This method is based on the construction of MCSs by picking up a component

from each MP, if required. The steps are as follows;
i) Deduce all MPs;
ii) Deduce all first order cuts of MP1; those being the components of MP1.
iii) Combine all first order cuts of MP1 with the components of MP2 and eliminate
non-minimal ones. The resulting groups will be MCSs of MP1 and MP2.
iv) Combine all MCSs of the previous step with the components of MP3 and
eliminate non-minimal ones. The resulting groups will be MCSs of MP1, MP2 and
MP3.
v) Repeat the previous step until all MPs have been considered.

Let’s apply the method to the bridge network.

i) MPs of the bridge network are AC, BD, AED and BEC.
ii) MCSs of MP1 are A,C
iii) MP1* MP2 = AB, AD, BC, CD
Note that all those groups cut both the first and the second MP.
iv) MP1* MP2* MP3 =
 15

ABA,ABE,ABD,ADA,ADE,ADD, BCA, BCE , BCD ,CDA,CDE ,CDD 

AB(1  E  D  C), AD(1  E  1  C), CD(B  E  1) , BCE 
AB, AD, CD, BCE
Note that the resulting cuts AB, AD, CD and BCE includes at least one component
from each MP and therefore cuts all MPs.

v) MP1* MP2* MP3* MP4 =

ABB, ABE, ABC, ADB, ADE, ADC, CDB, CDE, CDC, BCEB, BCEE, BCEC
AB(1  E  C  D) , CD(A  B  E  1) , ADE , BCE(1  1  1) 
AB, CD, ADE , BCE

AB, CD, ADE and BCE are the resulting MCSs of the system since they cut all the four MPs.

Example: Determine the expression of the reliability of

the given system in terms of component
A B reliabilities. Evaluate the reliability, if all
component reliabilities are given to be 0.99.

F D
C
E

a) With conditional probability approach:

RS  ( RS R F ) R F  ( RS Q F ) Q F
 ( RS R A ) R A  ( RS QA ) QA R F  ( RS Q F ) Q F
 (1  QCQ E ) R A  R B R D R E QA R F  1  (1  R A R C )(1  R B R D R E ) Q F

F has failed (QF) F Reliable (RF)

A Reliable (RA)
A B A B C E

D D
B
C E C E
A has failed (QA) D
E

R A  R B  R C  R D  R E  R F  0.99  R S  0.999602 ,QS  0.000398

 16

b) Cut set method:

Minimal Paths : AC
,BDE
,AFE

T1 T2 T3

If Method-2 is applied for MCS

T1 * T2 AB, AD , AE , BC , CD , CE
(T1 * T2 ) * T3 ABA , ABE , ABF , ADA , ADE , ADF , AEA , AEE , AEF ,
BCA , BCE , BCF , CDA , CDE , CDF , CEA , CEE , CEF
 AB
 , AD
 , AE
 , CE
 , BCF
 , CDF

C1 C 2 C3 C 4 C5 C 6

QS  Q(C1  C 2  C3  C 4  C5  C6 )
 Q(C1 )  Q(C2 )  Q(C3 )  Q(C4 )  Q(C5 )  Q(C6 ) -
Q(C1  C2 )  Q(C1  C3 )  Q(C2  C3 )  Q(C3  C4 )
QS  Q A Q B  Q A Q D  Q A Q E  Q C Q E  Q B Q C Q F  Q C Q D Q F  Q A Q B Q D  Q A Q B Q E 
Q A Q D Q E  Q A QC Q E
 0.000398
R S  1  QS  0.999602

Example: 2 Express the reliability of the system in

A B
terms of component reliabilities.
3 2 Evaluate the system reliability, if all
1 5
C component reliabilities are 0.98.
3
4
D 4 E

Minimal paths can be deduced by using one of the two methods as, AB , DE , ACE and BCD.

Component There is not a column with all ones.

MP A B C D E Therefore, there is not any first order
AB 1 1 0 0 0 MCSs for this system.
M MP - C  DE 0 0 0 1 1

ACE 1 0 1 0 1
 
BCD 0 1 1 1 0
 17

MP Components 
 AB AC AD AE BC BD BE CD CE DE
AB 1 1 1 1 1 1 1 0 0 0 All the entries of the columns
DE 0 0 1 1 0 1 1 1 1 1  corresponding to AD and BE are
M MP -C  1. Therefore they are second
ACE 1 1 1 1 1 0 1 1 1 1 order MCSs.
 
BCD 1 1 1 0 1 1 1 1 1 1
 
Triples not including AD and BE and corresponding entries given below.

ABC ACE BCD CDE

AC 1 1 1 0 Columns corresponding to ACE and
M MP - C  BD 0 1 1 1 
BCD triples are full of ones. Therefore
 they are the third order MCSs of the
AED 1 1 1 1 system.
 
BEC  1 1 1 1 
 

There are no quadruples not including the MCSs. Therefore MCSs of the system are: AD, BE,
ACE and BCD.

C1 C2 C3 C4
A B
A B
C C
D E
E D
QS  Q(C1  C 2  C3  C 4 )
 Q(C1 )  Q(C2 )  Q(C3 )  Q(C4 )
 Q A Q D  Q BQ E  Q A Q C Q E  Q BQ C Q D
 0.000816
R S  1  QS  0.999184

4.5.3. Tie Set Method

Tie set method is actually the complement of the cut set method. Tie sets give an idea about
the operation mode of the system instead an idea of failure modes of the system. It has certain
and limited applications.

Tie sets are actually minimal paths of the system and a single failure of a component of a tie
set is sufficient for a system failure. Therefore components of a tie set are serially connected
among themselves. Since a single tie set is enough for system operation, tie sets are connected
in parallel among themselves. As a consequence of these definitions, tie sets form a series-
parallel equivalent of a complex connected system. The following figure is such an equivalent
of a system.
 18

T1 A1k1
A11 A12 A13

A21 A22 A23

T2 A1k2

A32 A32 A33

T3 A1k3

An1 An2 An3

Tn A1kn

Figure 4.13 Tie-set equivalent of a complex connected system

System reliability can be expressed in terms of MP reliabilities,

R S  RT1  MT2  T3  ...  Tn 

n n -1 n n - 2 n -1 n
  R(Ti )    R(Ti  Tj )     R(Ti  Tj  Tk )  ....
i 1 i 1 j  i 1 i 1 j i 1 k  j 1

MP (Tie set) reliability is the product of serially connected component reliabilities.

R(Ti )  R(Ai1 )R(Ai2 )...R(Aik i ) , Aik Ti , i  1,2,.., n

reliabilities of MP intersections can be written in a similar manner of a failure probability of

the intersection of MCSs.

kj ki
R(Ti  Tj )
R(Tj Ti ) 
R(Ti )
 R(Ti  Tj )  R(Tj Ti ).R(Ti )   R(A jm ).  R(Aim )
m 1 m 1
A jm Ti
Reliability of an intersection of two minimal paths is the product of the reliabilities of the
components which are included in the union of those two minimal paths.

R(Ti  Tj )   R(Ak ) ; A k (Ti Tj )

k

Higher order intersection reliabilities can similarly be evaluated in terms of component

reliabilities. Note that the evaluations are the similar ones those applied in Minimal Cut set
method. However, here is an important difficulty. Since the reliabilities of higher order
intersections are not small enough to be neglected, all higher order intersection reliabilities
need to be calculated. This computational inefficiency together with the lack of information
about failure modes of the system are the most important two drawbacks of the method.

Let’s apply the method to the bridge network. Minimal paths of the bridge network were AC,
BD, AED and BEC. Tie-set equivalent of the system is given in Figure 4.14.
 19

T1
A C
T2
B D
T3
A E D
T4
B E C
Figure 4.14 Tie-set equivalent of the bridge network

RS  R T1  T2  T3  T4 
 R(T1 )  R(T2 )  R(T3 )  R(T4 )   R(T1  T2 )  R(T1  T3 )...R(T2  T4 )  R(T3  T4 ) 
 R(T1  T2  T3 )  R(T1  T2  T4 )  R(T1  T3  T4 )  R(T2  T3  T4 )  R(T1  T2  T3  T4 )

R(T1 )  R A R C , R(T2 )  R B R D , R(T3 )  R A R E R D , R(T4 )  R B R E R C

R(T1  T2 )  R(T2 T1 ).R(T1 )  R B R D .R(T1 )  R B R D R A R C

R(T1  T3 )  R(T3 T1 ).R(T1 )  R E R D .R(T1 )  R E R D R A R C
R(T1  T4 )  R(T4 T1 ).R(T1 )  R B R E .R(T1 )  R B R E R A R C
R(T2  T3 )  R(T3 T2 ).R(T2 )  R A R E .R(T2 )  R A R E R B R D
R(T2  T4 )  R(T4 T2 ).R(T2 )  R E R C .R(T2 )  R E R C R B R D
R(T3  T4 )  R(T4 T3 ). R(T3 )  R B R C .R(T3 )  R B R C R A R E R D

R(T1  T2  T3 )  R(T1  T2  T4 )  R(T1  T3  T4 )  R(T2  T3  T4 )  RA RBRCRD RE

If they are plugged in the system reliability equation,

RS  R A R C  R B R D  R A R E R D  R B R E R C 
 R A R BR C R D  R A R C R D R E  R A R BR C R E  R A R BR D R E  R BR C R D R E  
2.R A R BR C R D R E

If the reliabilities of all components are 0.99, then

R S  0.99979805  QS  0.00020195

4.6 Event Trees

An event tree is a graphical representation of the logic model that identifies and quantifies
the possible outcomes following an initiating event. Event tree analysis provides an inductive
approach to reliability assessment as they are constructed using forward logic. Event tree can
either be used for the systems including continuously operating components or for the systems
in which there are some components in a standby redundant mode that involve sequential
 20

operating logic and switching. The second group is generally associated with safety oriented
systems and nuclear power plants are the well known examples to them. In fact, cut set
analysis is more effective for the first type of systems and event tree representation is therefore
preferred for safety oriented systems.
There are two basic differences between the two representations. The first one is that the
sequence of the events is not important for the first group but the sequence of events must be
represented in a chronological order in which they occur. The second important difference is
about the starting event of the tree. Event tree may be initiated by an arbitrary event for the
first group. However, initial event for the second group is the starting event.

4.6.1 Systems comprising continuously operating components.

Let’s think a system comprising two continuously operating components whose success
probability/failure probability is given as R1/Q1 and R2/Q2, respectively. Probable states
(paths) and their probabilities are as follows:

R2
R1 Y1, PY1 = R1.R2
Q2
Y2, PY2 = R1.Q2
R2
Q1 Y3, PY3 = Q1.R2
Q2
Y4, PY4 = Q1.Q2
Figure 4.15 Event tree for a system comprising two units
The number of branches increases as the number of components increases. For a system
comprising n 2-state (success/failure) components, the event tree representation will be as in
Figure 4.16, where Rj and Qj denote the success and failure probabilities of jth unit,
respectively.

R j+1
Rj
Qj+1
R j-1
Rj+1
Qj
Qj+1
Rj+1
Rj
Q j+1
Qj-1
R j+1
Qj
Q j+1

Figure 4.16 Event tree for 2-state components

Event tree for the bridge network is given in Figure 4.17. The sequence of the units is
assumed to occur in A, B, C, D and E without loss of generality. There are 25=32 individual
paths for this bridge network comprising 5 2-state components. Each path corresponds to a
specific event which represents either to system success (reliability) or the failure. The
probability of each path (event) can be evaluated by multiplying the individual probabilities of
component failures and successes. For example path-8 corresponds the operation of
 21

components A and B and failure of the components C, D and E. Therefore the probability of
the path-8 will be the product of RARBQCQDQE, System reliability/failure probability can be
found as the sum of the path probabilities corresponding to system operating states/system
failure states.

System
A B C D E Path # state
RD RE
1 Success
QE
RC 2 S
QD RE
3 S
QE
RB 4 S
RD RE
5 S
QE
QC 6 S
QD RE
7 Failure
QE
RA 8 F
RD RE S
9
QE
RC 10 S
QD RE
11 S
QE
QB 12 S
RE
RD 13 S
QE
QC 14 F
QD RE
15 F
QE
16 F
RE S
RD 17
QE
RC 18 S
QD RE
19 S
QE
RB 20 F
RD RE
21 S
QE
QC 22 S
QD RE
23 F
QE
QA 24 F
RD RE F
QE 25
RC 26 F
QD RE F
27
QE
QB 28 F
RD RE 29 F
QE
QC 30 F
QD RE F
31
QE
32 F

Figure 4.17 Event tree of the bridge network

 22

P(1)  R A R BR C R D R E
P(2)  R A R BR C R D Q E
P(3)  R A R BR CQ D R E
.....
P(31)  Q A Q BQ CQ D R E
P(32)  Q A Q BQ CQ D Q E

System operation/failure status can be determined from the topology of the network and from
the status of the components.

States corresponding to system success: 1,2,3,4,5,6,9,10,11,12,13,17,18,19,21,22

RS  P(1)  P(2)  P(3)  P(4)  P(5)  P(6)  P(9)  P(10)  P(11)  P(12) 
P(13)  P(17)  P(18)  P(19)  P(21)  P(22)

States corresponding to system failure :7,8,14,15,16,20,23,24,25,26,27,28,29,30,31,32

QS  P(7)  P(8)  P(14)  P(15)  P(16)  P(20)  P(23)  P(24)  P(25) 

P(26)  P(27)  P(28)  P(29)  P(30)  P(31)  P(32)

Cut sets and minimal cut sets can be derived from the paths corresponding to system
failures. Paths, minimal paths and tie sets can be deduced from the paths corresponding to
system successes.
The set of failed components in the paths corresponding to system failure will give us the
cut sets. If we eliminate the non minimal ones by applying the logical operations we can
determine the minimal cut sets.

CD  CDE  BCE  BCD  BCDE  ADE  ACD  ACDE  AB

Cut Sets
 ABE  ABD  ABDE  ABC  ABCE  ABCD  ABCDE 
 AB  CD  ADE  BCEMinimal Cut Sets

The set of successful components in the paths corresponding to system success will give
us the paths. If we eliminate the non minimal ones by applying the logical operations we can
determine the minimal paths (tie sets).

ABCDE  ABCD  ABCE  ABC  ABDE  ABD  ACDE  

 Paths
ACD  ACE  AC  ADE  BCDE  BCD  BCE  BDE  BD
 AC  BD  ADE  BCE Minimal Paths

A system comprising 5 2-state components can be represented by an event tree where

there are 25=32 discrete states. The number of the states will be k1.k2....kn for a system
comprising n components of k1,k2....kn states. Event tree r representation becomes difficult
as the number of the paths increases. Therefore reduced event trees are preferred.
While constructing a reduced event tree, the basic idea is to check whether the system
status is dependent on the status of the remaining components or not. If the system status is
 23

not dependent on the status of the remaining components then it is obvious that the
construction has reached either a cut set or a path. Therefore, without going to further
branches we assigned that path either a system success or a system failure. For our bridge
network, it can easily be concluded that the system will fail whenever components A and B
are failed. Therefore, without going further development of the tree we assign that branch as a
system failure branch. Similarly, there is no need for further development of the tree when
components A and C are operating. That branch can be assigned as system success branch.
A reduced event tree of the bridge network is given in Figure 4.18.

A B C D E path # System state

RC
RB 1 S
RD
QC 2 S
QD
3 F
RA
RC
QB 4 S
RD RE
5 S
QC QE
6 F
QD
7 F
RD
RC 8 S
QD RE
9 S
RB QE
10 F
RD
QA QC 11 S
QD 12 F
QB
13 F

Figure 4.18 reduced event tree for the bridge network

States corresponding to system success: 1,2,4,5,8,9,11

RS  P(1)  P(2)  P(4)  P(5)  P(8)  P(9)  P(11)

 R A R B R C  R A R B Q C R D  R A Q B R C  R A Q BQ C R D R E  Q A R B R C R D 
Q A R B R C Q D R E  Q A R BQ C R D

States corresponding to system failure: 3,6,7,10,12,13

QS  P(3)  P(6)  P(7)  P(10)  P(12)  P(13)

 R A R BQ C Q D  R A Q B Q C R D Q E  R A Q B Q C Q D  Q A R B R C Q D Q E 
Q A R BQ C Q D  Q A Q B
 24

The set of failed components in the paths corresponding to system failure will give us
the cut sets. If we eliminate the non minimal ones by applying the logical operations we can
determine the minimal cut sets.
CD  BCE  BCD  ADE  ACD  AB  
AB
CD 
ADE BCE


Cut Sets Minimal Cut Sets

The set of successful components in the paths corresponding to system success will give
us the paths. If we eliminate the non minimal ones by applying the logical operations we can
determine the minimal paths (tie sets).
ABC  ABD  AC  ADE  BCD  BCE  BD  
ACBD
 BCE
ADE 
 
Paths Minimal Paths

Reduction process is not required to be performed both for the system success and for
system failure. Instead either system success or system failure based event tree construction is
fine. In fact, or system failure based event tree construction is preferred since it gives an idea
about system failure modes. Figure 4.19 shows a system failure based reduced event tree for
the bridge network.

A B C D E Path # System state

RB 
QC 

RA QD
1 F

QB RD 
QC QE
QD 2 F
3 F
RC 
QD 
RB QE
4 F
QC 
QA
QD
5 F
QB
6 F

Figure 4.19 System failure based reduced event tree for the bridge network

The set of failed components in the paths corresponding to system failure will give us
the cut sets. If we eliminate the non minimal ones by applying the logical operations we can
determine the minimal cut sets.
CD  BCE  BCD  ADE  ACD  AB  
AB
CD 
ADE BCE


Cut Sets Minimal Cut Sets
 25

Briefly:
* Cut set method and failure based reduced event tree method look like each other since
they both give and idea about failure modes of the system.
* It is more convenient to construct a failure-based or success-based reduced event tree for
the sake of less computational effort.
* All the methods described so far are valid for the systems comprising three or more state
components.

Example: 2 a) Deduce the minimal paths and the

A B minimal cut sets of the system.
b) Construct the reduced event tree.
3
1 5 6 c) Evaluate system reliability if all
C D E component reliabilities are 0.9.

F G
4
a) If minimal paths are determined by using connection matrix techniques,

AB
 , ADE
 , ADG
  , CDB
 , CDE
 , CDG
 , FG
 , FDB
 , FDE

T1 T2 T3 T4 T5 T6 T7 T8 T9
Minimal Cut Sets can be determined by Method 2:

T1.T2 A , BD , BE
(T1.T2 ).T3  A, BD, BED, BEGA, BD, BEG
((T1.T2 ).T3 ).T4  AB, AC, AD, BD, BEG
((T1...).T4 ).T5 ABC,ABD,ABE,AC,AD,BD,BEG  AC,AD,BD,ABE,BEG
((((T1....).T5 ).T6  AC, AD , BD , ABEC , ABED , ABEG , BEG  AC, AD, BD , BEG

((((T1...).T6 ).T7  ACF, ACG, ADF, ADG , BDF , BDG , BEG

ACF, ACGF, ACGD, ACGB,   ACF, ACGB, ADF ,

((((T1...T7 ).T8  
ADF , ADG , BDF , BDG  BEG 
 ADG , BDF,BDG,BEG
ACF, ACGBF, ACGBD, ACGBE, ACF, ADF , ADG,

((T1...T8 ).T9  
ADF , ADG , BDF , BDG , BEG  BDF , BDG , BEG

  ADF
Minimal Paths: ACF   ADG
  BDF
  BDG
  BEG

C1 C2 C3 C4 C5 C6

QS  Q(C1 )  Q(C2 )  Q(C3 )  Q(C4 )  Q(C5 )  Q(C6 )  0.00075

b) There are 27=128 branches in the event tree. Failure based reduced event tree for the
component ordering of D, A, F, B, G, C, E is given below.
 26

RF 
QB  RC 
QE 3 4
QG 1 Q R
RA QC 
QE 4 3
2 Q R
QF 
QB  RC 
QE 4 3
QG 3 Q R
QC 
RD QE 5 2
4 Q R

RF
QB  RC 
QE
QG 5 Q R
4 3
QC 
QA QE 5 2
6 Q R
RG 
QC 3 3
RB 7 Q R
QG 
QC 4 2
8 Q R
QF
RG 
QC 4 2
9 Q R
QB
RC 
QE 5 2
QG 10 Q R
QC 5
11 Q R
RF 
QB 
RA QG 3 2
12 Q R
QF 

QB 3
QD 13 Q R
RB 
QG 3 2
RF 14 Q R
QB 
QA
QG 4
15 Q R
QF 3
16 Q
16
c) Q   Q(i)  0.0007128
i 1
 27

4.62 Standby or Sequential Logic Systems)

Event tree starts with an initiating event and continues in a special sequential order.
Ordering of the events is important since some events can only occur for some conditions. Let
us try to explain the behavior of this type of systems with the following nuclear power plant
cooling example.

EP : Eleectric power

P1 P D Normal coolin
Stand-by W
coolin Dedector
P2

Figure 4.20 Example cooling system

Under normal operating conditions cooling is provided by pump P. Whenever pump P

fails, detector D perceives the failure and cooling is provided by redundant pumps P1 and P2
whose capacities are half of the main pump. Event tree of redundant cooling process starts
with the failure of pump P and will be as in Figure 4.21.
System
EP D P1 P2 Path # state
R P2
R P1 1 Operation
Q P2
RD 2 Failure (50% O)
R P2
Q P1 3 Failure (50% O)
Q P2
REP 4 F
R P2
R P1 5 F
Q P2
QD 6 F
R P2
Q P1 7 F
Q P2
P has failed 8 F
R P2
R P1 9 F
Q P2
RD 10 F
R P2
Q P1 11 F
Q P2
Q EP 12 F
R P2
R P1 13 F
Q P2
QD 14 F
R P2
Q P1 15 F
Q P2
16 F

Figure 4.21 Event tree of standby cooling process

Since cooling fails for electric power (EP) failure or detector (D) failure, then the event tree
can be reduced as in Figure 4.22.
 28

system
EP D P1 P2 Path # state
R P2 1 Operation
R P1
Q P2 2 Failure (50%
RD
R P2
Q P1 3 Failure (50%
REP Q P2 F
4
P Pompası Arızalı QD 5 F

Q EP F
6

Figure 4.22 Reduced event tree for standby cooling system

The probability of being in several states

R s (%100)  P(1)  R EP R D R P1 R P2


R s (%50)  P(1)  P(2)  R EP R D R P1 Q P2  Q P1 R P2 
QS  P(4)  P(5)  P(6)  R EP R D Q P1 Q P2  R EP Q D  Q EP

For Total cooling For partial cooling

Cut sets: P2, P1, P1P2, D, EP P2 P1, D, EP;
Minimal Cut Sets : P1,P2, D, EP P1P2, D, EP

We assumed that the water flow was monitored with a single monitor. However, it is obvious
that such an application requires more reliable sensing by using more than one sensor. Such
an application improves the system reliability without bringing a significant cost. Individual
representation of the sensor in an event tree increases the number of components so thus the
number of branches. Instead, an equivalent detector is generally used for the total detectors.
Similar conditions can also be thought for electric power of for the remaining components.

Example: Assume that the water flow in the previous cooling system example is monitored
by three detectors D1, D2 and D3. Calculate the system reliability if the failure
probability of all components is 0.01 and detection success requires
a) Detection of all detectors,
b) Detection of at least two detectors and
c) Detection of a single detector.

First, let us obtain the equivalent of the detectors.

 29

DETECTOR

RD2
RD3 a ) R D  P (1)  0. 970299
1
QD3 Q D  1  R D  0. 029701
RD 1 2
RD3
QD 2
QD3 3 b ) R D  P (1)  P ( 2 )  P ( 3)  P (5)
4
RD 2
RD3  0. 999702
5
QD3 Q D  1  R D  0. 000298
QD 1 6
RD3
QD 2
QD3
7 c) Q D  P (8)  0. 000001
8
R D  1  Q D  0. 999999

We can use the equivalent detector in the cooling system.

 R s (%100)  R EP R D R P1 R P2  0.94148

 
a)  R s (%50)  R EP R D R P1 Q P2  Q P1 R P2  0.019019801

 QS  R EP R D Q P1 Q P2  R EP Q D  Q EP  0.0395
 R s (%100)  0.97001

b)  R s (%50)  0.019596
 Q  0.010394
 S
 R s (%100)  0.970298

c)  R s (%50)  0.019602
 Q  0.0101
 S

Homework: Obtain the reduced event tree for the following system. Calculate the system
reliability if all component failure probabilities are 0.05.

A B
G
C F
E
D E
 30

4.7 Failure Trees

Fault trees method uses a logic that is the reverse of the one used in event trees. In this
method, a particular failure, known as the top event, is considered to be the consequence of
some lower event events. It was first used in communication systems in 1960s and followed
by other applications as space technologies, nuclear industry and chemical industry. The
method has a great importance for system design since it gives an idea about the consequence
of minor failures.
Failure trees can also be defined as the sequential chain of failures which are the logical
expression of lower level of failures. They start with a top event and branches to the lower
level events which are the causes of upper level failures. For example, a failure in lighting in
Fig. 4.23 can be thought as the consequence of:
- switch failure,
- Electric power failure,
- fuse failure,
- conductor failure (break off),
- lamp failure
Therefore, lighting failure can be thought as the logical “OR” combination of those events as
in Fig. 4.24.

Electric Power Switch

X Lamp

Conductor
Fus

Figure 4.23 Failure Trees Example

Lighting

Failed switch Power failure Fuse Conductor break of Lamp failure

of
Figure 4.24 Failure Tree of the system given in Figure 4.23
 31

AND, OR, CONDITION, CONDITIONAL AND, CONDITIONAL OR, k OUT OF n

are used in logical expressions. In addition, DELAY, SUMMATION, COMPARISION and
EXCLUSIVE OR functions are used when required. Failures are thought to be the result of
the following events and can be represented as in Figure 4.25.

Basic Event: Failure of a basic system component at the lowest level of the failure tree.
Incomplete event: Failure event which needs further downward development in order
to reach the basic system components.
Intermediate Event: Combination of failure events created by the output of a logical
gate.
Transfers: They are used in order to subdivide or split a complete fault tree into sub
fault trees.

Unit failure

Intermediate e. Incomplete e. Basi

event

Figure 4.25 Event types

Example: Construct the fault tree of a remote controlled (manually) DC motor system
given in Figure 4.26. Assume that the motor starts up and stops whenever the
operator presses or depresses the button, respectively. Motor is protected by a
fuse against overcurrents and the conductors of the protection system passes
through an explosive place where overheating is not allowed. In addition, it
is known that the motor operates for short times and longer operation periods
results in a overheating in AB wire. Construct the fault tree of overheating of
wire AB,
 32

Butto Power supply Fus

Röle M Motor
A B
Wire
Figure 4.26 Fault tree example

AB

Motor Short circuit Long

Relay contacts closed Motor Relay contacts Fuse cannot

Failur closed

Button closed Relay Motor Button Contact Motor

Short circuit Closed Incorrect
Failure Failure Fuse selection Failure

Motor
Failure
Operator Button
Failure Operator Button
failure Failure
Failure

Figure 4.27 Failure tree of motor example

Minimal cut sets can be identified following the construction of the failure tree.

4.8 Multi failure modes

We have dealt two-state (operation-failure) components so far. However, there are some
components where the failure modes may be more than one. A diode is a typical example. It
can be short circuit or open circuit. Similarly a transmission line can be open circuit or a short
circuit. It is clear that the consequences of different failures may be different. The following
example can be used to illustrate multi failure modes.
 33

Example: D1 Determine the reliability of the system comprising two

parallel diodes.

D2
Pn1  Pn2  Pn : Probabilty of normal operation  0.98
P01  P0 2  P0 : Probabilty of open open circuit failure  0.01
Ps1  Ps 2  Ps : Pobabilty of open short circuit failure  0.01

a) Solution with state enumeration (Binomial distribution simulation)

States and state probabilities for a single 3 - state component : Pn , P0 , Ps

States and state probabilit ies for two 3 - state component : (Pn1, P01, Ps1) * (Pn2 , P02, Ps2 )

n
States and state probabilit ies for n 3 - state component :  (Pni , P0i , Psi )
i 1

There are two identical diodes in this example.,

R  Pn2  2 Pn P0  0.98
Pn2  
( Pn  P0  Ps )2   P02  
Ps 2  2 Pn P0  2 Pn Ps  2 P0 Ps  s
   Qs  1  Rs  0.02
S F F S F F

b) Solution with conditional probability

     
R s  R s Pn1 Pn1  R s P01 P01  R s Ps1 Ps1  (Pn 2  P02 )Pn1  Pn 2 P01  0 

 (Pn  P0 )Pn  Pn P0  Pn 2  2Pn P0  0.98

c) Solution with event trees

Pn2
1 S
Pn1 P02
2 S
Ps2
3 F
Pn2
4 S R s  P(1)  P(2)  P(4)
P01 P02
5 F R s  Pn1 Pn 2  Pn1 P0 2  P01 Pn 2
Ps2
6 F
Pn2 R s  Pn 2  2Pn P0
Ps1 P02
7 F R s  0.98
8 F
Ps2
9 F
 34

The result shows that the reliability of two-parallel identical diodes is the same of a
single diod. However, this is because of the given open circuit and short-circuits failure
probabilities. It is obvious that the reliability of parallel redundant systems is higher.
In order to clarify it, several different failure probabilities and the corresponding
reliabilities of two-parallel diodes are given below.

Pn  0.98 , P0  0 , Ps  0.02  Rs  0.9604  Pn

Pn  0.98, P0  0.02 , Ps  0  Rs  0.9996 Pn

Example: D1 D2 a ) Pn  0. 98 , P0  0. 01 , Ps  0. 01
b ) Pn  0. 98 , P0  0 , Ps  0. 02
c) Pn  0. 98 , P0  0. 02 , Ps  0
D3
Determine the reliability of the system for the
given state probabilities.

   
Rs  Rs Pn3 Pn3  Rs P03 P03  Rs Ps3 Ps3  

R s Pn 3  1  Ps1 Ps 2


R s P03  Pn (1s2)  Pn1 Pn 2  Ps1 Pn 2  Pn1 Ps 2  

R s Ps3  0 


  
R s  1  Ps1 Ps 2 Pn 3  Pn1 Pn 2  Ps1 Pn 2  Pn1 Ps 2 P03 
 Pn  Pn Ps2  Pn 2 P0  2.Pn P0 Ps

a) R s  0.989702  Pn
b) R s  0.979608  Pn
a) R s  0.999208  Pn

The results show that the reliability of the system is maximum if all the failures are
open circuit failures (P0=0.02 , Ps=0) and it is minimum if all the failures are short
circuit failures (P0=0 , Ps=0.02)

This example shows that the reliability of a system cannot be improved by

additional redundant branches in case of multi-failure modes. That is, failure modes
and corresponding probabilities are important for overall system reliability.